Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workflows/ipsec: Add missing --flush-ct for key rotation #27883

Merged
merged 1 commit into from
Sep 1, 2023
Merged

workflows/ipsec: Add missing --flush-ct for key rotation #27883

merged 1 commit into from
Sep 1, 2023

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Sep 1, 2023

Now that we cover the key rotations in the IPsec e2e tests, we are running the connectivity test suite twice. That means we can run in the usual bug where an existing CT entry is reused and leads to us sending traffic to the proxy when we shouldn't (cf. #17459).

Thus, we need to flush the CT entries at the end of the first test run, with --flush-ct.

Fixes: de192de ("ci-ipsec-e2e: Add IPsec key rotation test")

@pchaigno pchaigno added kind/bug/CI This is a bug in the testing code. area/CI Continuous Integration testing issue or flake area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. release-note/ci This PR makes changes to the CI. labels Sep 1, 2023
@pchaigno pchaigno requested review from a team as code owners September 1, 2023 09:53
@pchaigno pchaigno force-pushed the pr/pchaigno/fix-missing-flush-ct branch from a832ed2 to d56c972 Compare September 1, 2023 09:54
@pchaigno pchaigno mentioned this pull request Sep 1, 2023
Open
@pchaigno
workflows/ipsec: Add missing --flush-ct for key rotation
8f39d08 
Now that we cover the key rotations in the IPsec e2e tests, we are
running the connectivity test suite twice. That means we can run in the
usual bug where an existing CT entry is reused and leads to us sending
traffic to the proxy when we shouldn't.

Thus, we need to flush the CT entries at the end of the first test run,
with --flush-ct.

Fixes: de192de ("ci-ipsec-e2e: Add IPsec key rotation test")
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
@pchaigno pchaigno force-pushed the pr/pchaigno/fix-missing-flush-ct branch from d56c972 to 8f39d08 Compare September 1, 2023 18:17
@pchaigno
Copy link
Member Author

pchaigno commented Sep 1, 2023

/test

@pchaigno pchaigno merged commit 751c17c into main Sep 1, 2023
200 checks passed
@pchaigno pchaigno deleted the pr/pchaigno/fix-missing-flush-ct branch September 1, 2023 23:13
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Sep 1, 2023
This was referenced Sep 12, 2023
Merged
Merged
Merged
@jschwinger233 jschwinger233 added needs-backport/1.12 needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Sep 15, 2023
@julianwiedmann julianwiedmann added backport-pending/1.12 backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Sep 15, 2023
@github-actions github-actions bot added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Oct 4, 2023
@julianwiedmann julianwiedmann added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Oct 5, 2023
This was referenced Oct 17, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viktor-kurchenko viktor-kurchenko viktor-kurchenko approved these changes

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. kind/bug/CI This is a bug in the testing code. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pchaigno @viktor-kurchenko @jschwinger233 @julianwiedmann