check

package
v0.15.23 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: Apache-2.0 Imports: 75 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FlowValidationModeDisabled = "disabled"
	FlowValidationModeWarning  = "warning"
	FlowValidationModeStrict   = "strict"
)
View Source 
const (
	PerfHostName  = "-host-net"
	PerfOtherNode = "-other-node"

	DNSTestServerContainerName = "dns-test-server"

	KindTestConnDisrupt = "test-conn-disrupt"

	EchoServerHostPort = 4000

	IngressServiceName = "ingress-service"
)
View Source 
const (
	// KubernetesSourcedLabelPrefix is the optional prefix used in labels to
	// indicate they are sourced from Kubernetes.
	// NOTE: For some reason, ':' gets replaced by '.' in keys so we use that instead.
	KubernetesSourcedLabelPrefix = "k8s."

	// AnySourceLabelPrefix is the optional prefix used in labels to
	// indicate they could be from anywhere.
	// NOTE: For some reason, ':' gets replaced by '.' in keys so we use that instead.
	AnySourceLabelPrefix = "any."
)
View Source 
const (
	LongTimeout  = 5 * time.Minute
	ShortTimeout = 30 * time.Second

	PollInterval = 1 * time.Second
)

Variables

View Source 
var (
	// ResultNone expects a successful command, don't match any packets.
	ResultNone = Result{
		None: true,
	}

	// ResultOK expects a successful command and a matching flow.
	ResultOK = Result{}

	// ResultDNSOK expects a successful command, only generating DNS traffic.
	ResultDNSOK = Result{
		DNSProxy: true,
	}

	// ResultDNSOKDropCurlTimeout expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlTimeout = Result{
		DNSProxy:       true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlTimeout,
	}

	// ResultDNSOKDropCurlHTTPError expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlHTTPError = Result{
		DNSProxy:       true,
		L7Proxy:        true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultCurlHTTPError expects a failed command, but no dropped flow or DNS proxy.
	ResultCurlHTTPError = Result{
		L7Proxy:        true,
		Drop:           false,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultDrop expects a dropped flow and a failed command.
	ResultDrop = Result{
		Drop:           true,
		ExitCode:       ExitAnyError,
		DropReasonFunc: defaultDropReason,
	}

	// ResultDropAuthRequired expects a dropped flow with auth required as reason.
	ResultDropAuthRequired = Result{
		Drop:           true,
		DropReasonFunc: authRequiredDropReason,
	}

	// ResultAnyReasonEgressDrop expects a dropped flow at Egress and a failed command.
	ResultAnyReasonEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyEgressDrop expects a dropped flow at Egress due to policy deny and a failed command.
	ResultPolicyDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: policyDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyEgressDrop expects a dropped flow at Egress due to default deny and a failed command.
	ResultDefaultDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultIngressAnyReasonDrop expects a dropped flow at Ingress and a failed command.
	ResultIngressAnyReasonDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyIngressDrop expects a dropped flow at Ingress due to policy deny reason and a failed command.
	ResultPolicyDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: policyDenyReason,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyIngressDrop expects a dropped flow at Ingress due to default deny reason and a failed command.
	ResultDefaultDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDenyReason,
		ExitCode:       ExitAnyError,
	}

	// ResultDropCurlTimeout expects a dropped flow and a failed command.
	ResultDropCurlTimeout = Result{
		Drop:     true,
		ExitCode: ExitCurlTimeout,
	}

	// ResultDropCurlHTTPError expects a dropped flow and a failed command.
	ResultDropCurlHTTPError = Result{
		L7Proxy:  true,
		Drop:     true,
		ExitCode: ExitCurlHTTPError,
	}
)

Functions

func WaitForCoreDNS added in v0.15.0 

func WaitForCoreDNS(ctx context.Context, log Logger, client Pod) error

WaitForCoreDNS waits until the client pod can reach coredns.

func WaitForDaemonSet added in v0.15.20 

func WaitForDaemonSet(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) error

WaitForDaemonSet waits until the specified daemonset becomes ready.

func WaitForDeployment added in v0.15.0 

func WaitForDeployment(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) error

WaitForDeployment waits until the specified deployment becomes ready.

func WaitForIPCache added in v0.15.0 

func WaitForIPCache(ctx context.Context, log Logger, agent Pod, pods []Pod) error

WaitForIPCache waits until all the specified pods are present in the IPCache of the given agent.

func WaitForNodePorts added in v0.15.0 

func WaitForNodePorts(ctx context.Context, log Logger, client Pod, nodeIP string, service Service) error

WaitForNodePorts waits until all the nodeports in a service are available on a given node.

func WaitForPodDNS added in v0.15.0 

func WaitForPodDNS(ctx context.Context, log Logger, src, dst Pod) error

WaitForPodDNS waits until src can query the DNS server on dst successfully.

func WaitForService added in v0.15.0 

func WaitForService(ctx context.Context, log Logger, client Pod, service Service) error

WaitForService waits until the given service is synchronized in CoreDNS.

func WaitForServiceEndpoints added in v0.15.0 

func WaitForServiceEndpoints(ctx context.Context, log Logger, agent Pod, service Service, backends uint, families []features.IPFamily) error

WaitForServiceEndpoints waits until the expected number of service backends are reported by the given agent.

Types

type Action 

type Action struct {

	// Should the action attempt to collect the flows with hubble
	CollectFlows bool
	// contains filtered or unexported fields
}

Action represents an individual action (e.g. a curl call) in a Scenario between a source and a destination peer.

func (*Action) CmdOutput added in v0.10.5 

func (a *Action) CmdOutput() string

func (*Action) Debug 

func (a *Action) Debug(s ...interface{})

Debug logs a debug message.

func (*Action) DebugEnabled added in v0.15.21 

func (a *Action) DebugEnabled() bool

DebugEnabled returns whether debug logging is enabled.

func (*Action) Debugf 

func (a *Action) Debugf(format string, s ...interface{})

Debugf logs a formatted debug message.

func (*Action) Destination 

func (a *Action) Destination() TestPeer

func (*Action) ExecInPod 

func (a *Action) ExecInPod(ctx context.Context, cmd []string)

func (*Action) Fail 

func (a *Action) Fail(s ...interface{})

Fail must be called when the Action is unsuccessful.

func (*Action) Failf 

func (a *Action) Failf(format string, s ...interface{})

Failf must be called when the Action is unsuccessful.

func (*Action) Fatal 

func (a *Action) Fatal(s ...interface{})

Fatal must be called when an irrecoverable error was encountered during the Action.

func (*Action) Fatalf 

func (a *Action) Fatalf(format string, s ...interface{})

Fatalf must be called when an irrecoverable error was encountered during the Action.

func (*Action) GetEgressMetricsRequirements added in v0.14.4 

func (a *Action) GetEgressMetricsRequirements() []MetricsResult

func (*Action) GetEgressRequirements 

func (a *Action) GetEgressRequirements(p FlowParameters) (reqs []filters.FlowSetRequirement)

func (*Action) GetIngressMetricsRequirements added in v0.14.4 

func (a *Action) GetIngressMetricsRequirements() []MetricsResult

func (*Action) GetIngressRequirements 

func (a *Action) GetIngressRequirements(p FlowParameters) []filters.FlowSetRequirement

func (*Action) IPFamily added in v0.15.14 

func (a *Action) IPFamily() features.IPFamily

IPFamily returns the IPFamily used for this test action.

func (*Action) Info 

func (a *Action) Info(s ...interface{})

Info logs a debug message.

func (*Action) Infof 

func (a *Action) Infof(format string, s ...interface{})

Infof logs a formatted debug message.

func (*Action) Log 

func (a *Action) Log(s ...interface{})

Log logs a message.

func (*Action) Logf 

func (a *Action) Logf(format string, s ...interface{})

Logf logs a formatted message.

func (*Action) Peers 

func (a *Action) Peers() string

Peers returns the name and addr:port of the peers involved in the Action. If source or destination peers are missing, returns an empty string.

func (*Action) Run 

func (a *Action) Run(f func(*Action))

Run executes function f.

This method is to be called from a Scenario implementation.

func (*Action) Source 

func (a *Action) Source() TestPeer

func (*Action) String 

func (a *Action) String() string

func (*Action) ValidateFlows 

func (a *Action) ValidateFlows(ctx context.Context, peer TestPeer, reqs []filters.FlowSetRequirement)

ValidateFlows retrieves the flow pods of the specified pod and validates that all filters find a match. On failure, t.Fail() is called.

func (*Action) ValidateMetrics added in v0.14.4 

func (a *Action) ValidateMetrics(ctx context.Context, pod Pod, results []MetricsResult)

ValidateMetrics confronts the expected metrics against the last ones retrieves.

func (*Action) WriteDataToPod added in v0.13.2 

func (a *Action) WriteDataToPod(ctx context.Context, filePath string, data []byte)

WriteDataToPod writes data to a file in the source pod It does this by using a shell command, writing huge files should be avoided

type CiliumEgressGatewayPolicyParams added in v0.14.6 

type CiliumEgressGatewayPolicyParams struct {
	// Name controls the name of the policy
	Name string

	// PodSelectorKind is used to select the client pods. The parameter is used to select pods with a matching "kind" label
	PodSelectorKind string

	// ExcludedCIDRsConf controls how the ExcludedCIDRsConf property should be configured
	ExcludedCIDRsConf ExcludedCIDRsKind
}

CiliumEgressGatewayPolicyParams is used to configure how a CiliumEgressGatewayPolicy template should be configured before being applied.

type ConditionalScenario added in v0.12.2 

type ConditionalScenario interface {
	Scenario
	Requirements() []features.Requirement
}

ConditionalScenario is a test scenario which requires certain feature requirements to be enabled. If the requirements are not met, the test scenario is skipped

type ConnectivityTest 

type ConnectivityTest struct {

	// CiliumVersion is the detected or assumed version of the Cilium agent
	CiliumVersion semver.Version

	// Features contains the features enabled on the running Cilium cluster
	Features features.Set

	PerfResults []common.PerfSummary
	// contains filtered or unexported fields
}

ConnectivityTest is the root context of the connectivity test suite and holds all resources belonging to it. It implements interface ConnectivityTest and is instantiated once at the start of the program,

func NewConnectivityTest 

func NewConnectivityTest(client *k8s.Client, p Parameters, version string) (*ConnectivityTest, error)

NewConnectivityTest returns a new ConnectivityTest.

func (*ConnectivityTest) AllFlows 

func (ct *ConnectivityTest) AllFlows() bool

func (*ConnectivityTest) CiliumAgentMetrics added in v0.14.4 

func (ct *ConnectivityTest) CiliumAgentMetrics() MetricsSource

CiliumAgentMetrics returns the MetricsSource for the cilium-agent component.

func (*ConnectivityTest) CiliumNodes added in v0.15.21 

func (ct *ConnectivityTest) CiliumNodes() map[NodeIdentity]*ciliumv2.CiliumNode

func (*ConnectivityTest) CiliumPods 

func (ct *ConnectivityTest) CiliumPods() map[string]Pod

func (*ConnectivityTest) ClientPods 

func (ct *ConnectivityTest) ClientPods() map[string]Pod

func (*ConnectivityTest) Clients added in v0.14.4 

func (ct *ConnectivityTest) Clients() []*k8s.Client

func (*ConnectivityTest) ControlPlaneClientPods added in v0.15.14 

func (ct *ConnectivityTest) ControlPlaneClientPods() map[string]Pod

func (*ConnectivityTest) ControlPlaneNodes added in v0.15.14 

func (ct *ConnectivityTest) ControlPlaneNodes() map[string]*corev1.Node

func (*ConnectivityTest) CurlCommand added in v0.12.12 

func (ct *ConnectivityTest) CurlCommand(peer TestPeer, ipFam features.IPFamily, opts ...string) []string

func (*ConnectivityTest) CurlCommandParallelWithOutput added in v0.15.12 

func (ct *ConnectivityTest) CurlCommandParallelWithOutput(peer TestPeer, ipFam features.IPFamily, parallel int, opts ...string) []string

func (*ConnectivityTest) CurlCommandWithOutput added in v0.15.12 

func (ct *ConnectivityTest) CurlCommandWithOutput(peer TestPeer, ipFam features.IPFamily, opts ...string) []string

func (*ConnectivityTest) Debug 

func (ct *ConnectivityTest) Debug(a ...interface{})

Debug logs a debug message.

func (*ConnectivityTest) Debugf 

func (ct *ConnectivityTest) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*ConnectivityTest) DeleteConnDisruptTestDeployment added in v0.15.8 

func (ct *ConnectivityTest) DeleteConnDisruptTestDeployment(ctx context.Context, client *k8s.Client) error

func (*ConnectivityTest) DetectMinimumCiliumVersion added in v0.12.1 

func (ct *ConnectivityTest) DetectMinimumCiliumVersion(ctx context.Context) (*semver.Version, error)

DetectMinimumCiliumVersion returns the smallest Cilium version running in the cluster(s)

func (*ConnectivityTest) DigCommand added in v0.14.6 

func (ct *ConnectivityTest) DigCommand(peer TestPeer, ipFam features.IPFamily) []string

func (*ConnectivityTest) EchoPods 

func (ct *ConnectivityTest) EchoPods() map[string]Pod

func (*ConnectivityTest) EchoServices 

func (ct *ConnectivityTest) EchoServices() map[string]Service

func (*ConnectivityTest) ExternalEchoPods added in v0.14.2 

func (ct *ConnectivityTest) ExternalEchoPods() map[string]Pod

func (*ConnectivityTest) ExternalWorkloads 

func (ct *ConnectivityTest) ExternalWorkloads() map[string]ExternalWorkload

func (*ConnectivityTest) Fail 

func (ct *ConnectivityTest) Fail(a ...interface{})

Fail logs a failure message.

func (*ConnectivityTest) Failf 

func (ct *ConnectivityTest) Failf(format string, a ...interface{})

Failf logs a formatted failure message.

func (*ConnectivityTest) Fatal 

func (ct *ConnectivityTest) Fatal(a ...interface{})

Fatal logs an error.

func (*ConnectivityTest) Fatalf 

func (ct *ConnectivityTest) Fatalf(format string, a ...interface{})

Fatalf logs a formatted error.

func (*ConnectivityTest) Feature added in v0.12.12 

func (ct *ConnectivityTest) Feature(f features.Feature) (features.Status, bool)

func (*ConnectivityTest) FlowAggregation 

func (ct *ConnectivityTest) FlowAggregation() bool

func (*ConnectivityTest) ForceDisableFeature added in v0.12.8 

func (ct *ConnectivityTest) ForceDisableFeature(feature features.Feature)

func (*ConnectivityTest) GetTest added in v0.14.4 

func (ct *ConnectivityTest) GetTest(name string) (*Test, error)

GetTest returns the test scope for test named "name" if found, a non-nil error otherwise.

func (*ConnectivityTest) Header 

func (ct *ConnectivityTest) Header(a ...interface{})

Header prints a newline followed by a formatted message.

func (*ConnectivityTest) Headerf 

func (ct *ConnectivityTest) Headerf(format string, a ...interface{})

Headerf prints a newline followed by a formatted message.

func (*ConnectivityTest) HostNetNSPodsByNode added in v0.12.2 

func (ct *ConnectivityTest) HostNetNSPodsByNode() map[string]Pod

func (*ConnectivityTest) HubbleClient 

func (ct *ConnectivityTest) HubbleClient() observer.ObserverClient

func (*ConnectivityTest) Info 

func (ct *ConnectivityTest) Info(a ...interface{})

Info logs an informational message.

func (*ConnectivityTest) Infof 

func (ct *ConnectivityTest) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*ConnectivityTest) IngressService added in v0.14.1 

func (ct *ConnectivityTest) IngressService() map[string]Service

func (*ConnectivityTest) K8sClient added in v0.11.8 

func (ct *ConnectivityTest) K8sClient() *k8s.Client

func (*ConnectivityTest) K8sService added in v0.15.14 

func (ct *ConnectivityTest) K8sService() Service

func (*ConnectivityTest) Log 

func (ct *ConnectivityTest) Log(a ...interface{})

Log logs a message.

func (*ConnectivityTest) Logf 

func (ct *ConnectivityTest) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*ConnectivityTest) MustGetTest added in v0.15.14 

func (ct *ConnectivityTest) MustGetTest(name string) *Test

MustGetTest returns the test scope for test named "name" if found, or panics otherwise.

func (*ConnectivityTest) NewTest 

func (ct *ConnectivityTest) NewTest(name string) *Test

NewTest creates a new test scope within the ConnectivityTest and returns a new Test. This object can be used to set up the environment to execute different Scenarios within.

func (*ConnectivityTest) Nodes added in v0.13.0 

func (ct *ConnectivityTest) Nodes() map[string]*corev1.Node

func (*ConnectivityTest) NodesWithoutCilium added in v0.12.2 

func (ct *ConnectivityTest) NodesWithoutCilium() []string

func (*ConnectivityTest) Params added in v0.10.5 

func (ct *ConnectivityTest) Params() Parameters

func (*ConnectivityTest) PerfClientPods added in v0.10.5 

func (ct *ConnectivityTest) PerfClientPods() []Pod

func (*ConnectivityTest) PerfServerPod added in v0.10.5 

func (ct *ConnectivityTest) PerfServerPod() []Pod

func (*ConnectivityTest) PingCommand added in v0.12.12 

func (ct *ConnectivityTest) PingCommand(peer TestPeer, ipFam features.IPFamily) []string

func (*ConnectivityTest) PostTestSleepDuration 

func (ct *ConnectivityTest) PostTestSleepDuration() time.Duration

func (*ConnectivityTest) PrintFlows 

func (ct *ConnectivityTest) PrintFlows() bool

func (*ConnectivityTest) RandomClientPod 

func (ct *ConnectivityTest) RandomClientPod() *Pod

func (*ConnectivityTest) Run 

func (ct *ConnectivityTest) Run(ctx context.Context) error

Run kicks off execution of all Tests registered to the ConnectivityTest. Each Test's Run() method is called within its own goroutine.

func (*ConnectivityTest) SecondaryNetworkNodeIPv4 added in v0.15.7 

func (ct *ConnectivityTest) SecondaryNetworkNodeIPv4() map[string]string

func (*ConnectivityTest) SecondaryNetworkNodeIPv6 added in v0.15.7 

func (ct *ConnectivityTest) SecondaryNetworkNodeIPv6() map[string]string

func (*ConnectivityTest) SetupAndValidate added in v0.10.4 

func (ct *ConnectivityTest) SetupAndValidate(ctx context.Context, extra SetupHooks) error

SetupAndValidate sets up and validates the connectivity test infrastructure such as the client pods and validates the deployment of them along with Cilium. This must be run before Run() is called.

func (*ConnectivityTest) Timestamp added in v0.12.10 

func (ct *ConnectivityTest) Timestamp()

Timestamps logs the current timestamp.

func (*ConnectivityTest) UninstallResources added in v0.12.10 

func (ct *ConnectivityTest) UninstallResources(ctx context.Context, wait bool)

UninstallResources deletes all k8s resources created by the connectivity tests.

func (*ConnectivityTest) UpdateFeaturesFromNodes added in v0.12.8 

func (ct *ConnectivityTest) UpdateFeaturesFromNodes(ctx context.Context) error

func (*ConnectivityTest) Warn 

func (ct *ConnectivityTest) Warn(a ...interface{})

Warn logs a warning message.

func (*ConnectivityTest) Warnf 

func (ct *ConnectivityTest) Warnf(format string, a ...interface{})

Warnf logs a formatted warning message.

type EchoIPPod added in v0.15.12 

type EchoIPPod struct {
	Pod
}

EchoIPPod is a Kubernetes Pod that prints back the client IP, acting as a peer in a connectivity test.

func (EchoIPPod) Path added in v0.15.12 

func (p EchoIPPod) Path() string

type ExcludedCIDRsKind added in v0.15.20 

type ExcludedCIDRsKind int
const (
	// NoExcludedCIDRs does not configure any excluded CIDRs in the policy
	NoExcludedCIDRs ExcludedCIDRsKind = iota

	// ExternalNodeExcludedCIDRs adds the IPs of the external nodes (i.e the ones with the "cilium.io/no-schedule" label) to the list of excluded CIDRs
	ExternalNodeExcludedCIDRs
)

type ExitCode added in v0.9.0 

type ExitCode int16
const (
	ExitAnyError    ExitCode = -1
	ExitInvalidCode ExitCode = -2

	ExitCurlHTTPError ExitCode = 22
	ExitCurlTimeout   ExitCode = 28
)

func (ExitCode) Check added in v0.9.0 

func (e ExitCode) Check(code uint8) bool

func (ExitCode) String added in v0.9.0 

func (e ExitCode) String() string

type ExpectationsFunc 

type ExpectationsFunc func(a *Action) (egress, ingress Result)

type ExternalWorkload 

type ExternalWorkload struct {
	// contains filtered or unexported fields
}

ExternalWorkload is an external workload acting as a peer in a connectivity test. It implements interface TestPeer.

func (ExternalWorkload) Address 

func (e ExternalWorkload) Address(features.IPFamily) string

Address returns the network address of the ExternalWorkload.

func (ExternalWorkload) FlowFilters added in v0.14.4 

func (e ExternalWorkload) FlowFilters() []*flow.FlowFilter

func (ExternalWorkload) HasLabel 

func (e ExternalWorkload) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (ExternalWorkload) Labels added in v0.12.4 

func (e ExternalWorkload) Labels() map[string]string

Labels returns the copy of labels

func (ExternalWorkload) Name 

func (e ExternalWorkload) Name() string

Name returns the name of the ExternalWorkload.

func (ExternalWorkload) Path added in v0.9.0 

func (e ExternalWorkload) Path() string

Path returns an empty string.

func (ExternalWorkload) Port 

func (e ExternalWorkload) Port() uint32

Port returns 0.

func (ExternalWorkload) Scheme 

func (e ExternalWorkload) Scheme() string

Scheme returns an empty string.

type FlowParameters 

type FlowParameters struct {
	// Protocol is the network protocol being tested
	Protocol L4Protocol

	// DNSRequired is true if DNS flows must be seen before the test protocol
	DNSRequired bool

	// RSTAllowed is true if TCP connection may end with either RST or FIN
	RSTAllowed bool

	// AltDstIP, if non-empty, indicates an alternative destination address
	// for the DstAddr to be matched. This is useful if the destination address
	// is NATed before Hubble can observe the packet, which for example is the
	// case with HostReachableServices
	AltDstIP string

	// AltDstPort, if non-zero, indicates an alternative port number for the
	// DstPort to be matched. This is useful if the destination port is NATed,
	// which is for example the case for service ports, NodePort or HostPort
	AltDstPort uint32
}

FlowParameters defines parameters for test result flow matching

type FlowRequirementResults 

type FlowRequirementResults struct {
	FirstMatch         int
	LastMatch          int
	Matched            MatchMap
	Failures           int
	NeedMoreFlows      bool
	LastMatchTimestamp time.Time
}

func (*FlowRequirementResults) Merge 

func (r *FlowRequirementResults) Merge(from *FlowRequirementResults)

type HTTP 

type HTTP struct {
	Status string
	Method string
	URL    string
}

type L4Protocol 

type L4Protocol int

L4Protocol identifies the network protocol being tested 

const (
	TCP L4Protocol = iota
	UDP
	ICMP
)

type Logger added in v0.15.0 

type Logger interface {
	// Log logs a message.
	Log(a ...interface{})
	// Logf logs a formatted message.
	Logf(format string, a ...interface{})

	// Debug logs a debug message.
	Debug(a ...interface{})
	// Debugf logs a formatted debug message.
	Debugf(format string, a ...interface{})

	// Info logs an informational message.
	Info(a ...interface{})
	// Infof logs a formatted informational message.
	Infof(format string, a ...interface{})
}

Logger abstracts the logging functionalities implemented by the test suite, individual tests and actions.

type MatchMap 

type MatchMap map[int]bool

type MetricsResult added in v0.14.4 

type MetricsResult struct {
	Source MetricsSource
	Assert assertMetricsFunc
}

MetricsResult holds the source of metrics we want to assert and its assertion method.

func (MetricsResult) IsEmpty added in v0.14.4 

func (m MetricsResult) IsEmpty() bool

IsEmpty returns true if MetricsResult does not have any source. Assuming it corresponds to its zero value.

type MetricsSource added in v0.14.4 

type MetricsSource struct {
	Name string // the name of the source, e.g.: cilium-agent
	Pods []Pod  // the list of pods for the given source
	Port string // the container port value for prometheus
}

MetricsSource defines the info for a source to be used in metrics collection.

func (MetricsSource) IsEmpty added in v0.14.4 

func (m MetricsSource) IsEmpty() bool

IsEmpty returns if the metrics source name is empty, assuming it MetricsSource is set to its zero value.

type NodeIdentity added in v0.15.21 

type NodeIdentity struct{ Cluster, Name string }

NodeIdentity uniquely identifies a Node by Cluster and Name.

type NodeportService added in v0.14.6 

type NodeportService struct {
	Service
	Node *v1.Node
}

NodeportService wraps a Service and exposes it through its nodeport, acting as a peer in a connectivity test. It implements interface TestPeer.

func (NodeportService) Address added in v0.14.6 

func (s NodeportService) Address(family features.IPFamily) string

Address returns the node IP of the wrapped Service.

func (NodeportService) Port added in v0.14.6 

func (s NodeportService) Port() uint32

Port returns the first nodeport of the wrapped Service.

type Parameters 

type Parameters struct {
	AssumeCiliumVersion   string
	CiliumNamespace       string
	TestNamespace         string
	SingleNode            bool
	PrintFlows            bool
	ForceDeploy           bool
	Hubble                bool
	HubbleServer          string
	K8sLocalHostTest      bool
	MultiCluster          string
	RunTests              []*regexp.Regexp
	SkipTests             []*regexp.Regexp
	PostTestSleepDuration time.Duration
	FlowValidation        string
	AllFlows              bool
	Writer                io.ReadWriter
	Verbose               bool
	Debug                 bool
	Timestamp             bool
	PauseOnFail           bool
	SkipIPCacheCheck      bool
	// Perf is not user-facing parameter, but it's used to run perf subcommand
	// using connectivity test suite.
	Perf                  bool
	PerfReportDir         string
	PerfDuration          time.Duration
	PerfHostNet           bool
	PerfPodNet            bool
	PerfSamples           int
	CurlImage             string
	PerformanceImage      string
	JSONMockImage         string
	AgentDaemonSetName    string
	DNSTestServerImage    string
	IncludeUnsafeTests    bool
	AgentPodSelector      string
	CiliumPodSelector     string
	NodeSelector          map[string]string
	DeploymentAnnotations annotationsMap
	NamespaceAnnotations  annotations
	ExternalTarget        string
	ExternalCIDR          string
	ExternalIP            string
	ExternalOtherIP       string
	PodCIDRs              []podCIDRs
	NodeCIDRs             []string
	ControlPlaneCIDRs     []string
	K8sCIDR               string
	NodesWithoutCiliumIPs []nodesWithoutCiliumIP
	JunitFile             string
	JunitProperties       map[string]string

	IncludeConnDisruptTest        bool
	ConnDisruptTestSetup          bool
	ConnDisruptTestRestartsPath   string
	ConnDisruptTestXfrmErrorsPath string
	ConnDisruptDispatchInterval   time.Duration

	ExpectedDropReasons []string
	ExpectedXFRMErrors  []string

	FlushCT               bool
	SecondaryNetworkIface string

	K8sVersion           string
	HelmChartDirectory   string
	HelmValuesSecretName string

	DeleteCiliumOnNodes []string

	Retry      uint
	RetryDelay time.Duration

	ConnectTimeout time.Duration
	RequestTimeout time.Duration
	CurlInsecure   bool

	CollectSysdumpOnFailure bool
	SysdumpOptions          sysdump.Options

	ExternalTargetCANamespace string
	ExternalTargetCAName      string

	Timeout time.Duration
}

type Pod 

type Pod struct {
	// Kubernetes client of the cluster this pod is running in.
	K8sClient *k8s.Client

	// Pod is the Kubernetes Pod resource.
	Pod *corev1.Pod

	// The pod is running on a node which doesn't run Cilium
	Outside bool
	// contains filtered or unexported fields
}

Pod is a Kubernetes Pod acting as a peer in a connectivity test.

func (Pod) Address 

func (p Pod) Address(family features.IPFamily) string

Address returns the network address of the Pod.

func (Pod) FlowFilters added in v0.14.4 

func (p Pod) FlowFilters() []*flow.FlowFilter

func (Pod) HasLabel 

func (p Pod) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Pod) Labels added in v0.12.4 

func (p Pod) Labels() map[string]string

func (Pod) Name 

func (p Pod) Name() string

Name returns the absolute name of the Pod.

func (Pod) NameWithoutNamespace added in v0.14.4 

func (p Pod) NameWithoutNamespace() string

NameWithoutNamespace returns only the name of the Pod.

func (Pod) Namespace added in v0.14.4 

func (p Pod) Namespace() string

Namespace returns the namespace the pod belongs to.

func (Pod) NodeName added in v0.14.4 

func (p Pod) NodeName() string

NodeName returns the node name a pod belongs to.

func (Pod) Path added in v0.9.0 

func (p Pod) Path() string

func (Pod) Port 

func (p Pod) Port() uint32

Port returns the port the Pod is listening on.

func (Pod) Scheme 

func (p Pod) Scheme() string

func (Pod) String 

func (p Pod) String() string

func (Pod) ToEchoIPPod added in v0.15.12 

func (p Pod) ToEchoIPPod() EchoIPPod

type Result 

type Result struct {
	// Request is dropped
	Drop bool

	// Request is dropped at Egress
	EgressDrop bool

	// Request is dropped at Ingress
	IngressDrop bool

	// DropReasonFunc
	DropReasonFunc func(flow *flowpb.Flow) bool

	// Metrics holds the function to compare/check metrics.
	Metrics []MetricsResult

	// No flows are to be expected. Used for ingress when egress drops
	None bool

	// DNSProxy is true when DNS Proxy is to be expected, only valid for egress
	DNSProxy bool

	// L7Proxy is true when L7 proxy (e.g., Envoy) is to be expected
	L7Proxy bool

	// HTTPStatus is non-zero when a HTTP status code in response is to be expected
	HTTP HTTP

	// ExitCode is the expected shell exit code
	ExitCode ExitCode
}

func (Result) ExpectMetricsIncrease added in v0.14.4 

func (r Result) ExpectMetricsIncrease(source MetricsSource, metrics ...string) Result

ExpectMetricsIncrease compares metrics retrieved before any action were run and after; may return an error if metrics did not increase.

func (Result) String 

func (r Result) String() string

type Scenario 

type Scenario interface {
	// Name returns the name of the Scenario.
	Name() string

	// Run is invoked by the testing framework to execute the Scenario.
	Run(ctx context.Context, t *Test)
}

Scenario is implemented by all test scenarios like pod-to-pod, pod-to-world, etc.

type Service 

type Service struct {
	// Service  is the Kubernetes service resource
	Service *corev1.Service

	URLPath string
}

Service is a service acting as a peer in a connectivity test. It implements interface TestPeer.

func (Service) Address 

func (s Service) Address(family features.IPFamily) string

Address returns the network address of the Service.

func (Service) FlowFilters added in v0.14.4 

func (s Service) FlowFilters() []*flow.FlowFilter

func (Service) HasLabel 

func (s Service) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Service) Labels added in v0.12.4 

func (s Service) Labels() map[string]string

Labels returns the copy of service labels

func (Service) Name 

func (s Service) Name() string

Name returns the absolute name of the service.

func (Service) NameWithoutNamespace added in v0.15.2 

func (s Service) NameWithoutNamespace() string

NameWithoutNamespace returns the name of the service without the namespace.

func (Service) Path added in v0.9.0 

func (s Service) Path() string

Path returns the string '/'.

func (Service) Port 

func (s Service) Port() uint32

Port returns the first port of the Service.

func (Service) Scheme 

func (s Service) Scheme() string

Scheme returns the string 'https' if the port is 443 or 6443, otherwise it returns 'http'.

func (Service) ToNodeportService added in v0.14.6 

func (s Service) ToNodeportService(node *v1.Node) NodeportService

type SetupFunc added in v0.14.4 

type SetupFunc func(ctx context.Context, t *Test, testCtx *ConnectivityTest) error

SetupFunc is a callback meant to be called before running the test. It performs additional setup needed to run tests.

type SetupHooks added in v0.15.21 

type SetupHooks interface {
	// DetectFeatures is an hook to perform the detection of extra features.
	DetectFeatures(ctx context.Context, ct *ConnectivityTest) error
	// SetupAndValidate is an hook to setup additional connectivity test dependencies.
	SetupAndValidate(ctx context.Context, ct *ConnectivityTest) error
}

SetupHooks defines the extension hooks executed during the setup of the connectivity tests.

type SysdumpPolicy added in v0.15.21 

type SysdumpPolicy int

SysdumpPolicy represents a policy for sysdump collection in case of test failure. 

const (
	// SysdumpPolicyEach enables capturing one sysdump for each failing action.
	// This is the default and applies also when no explicit policy is specified.
	SysdumpPolicyEach SysdumpPolicy = iota
	// SysdumpPolicyOnce enables capturing only one sysdump for the given test,
	// independently of the number of failures.
	SysdumpPolicyOnce
	// SysdumpPolicyNever disables sysdump collection for the given test.
	SysdumpPolicyNever
)

type Test 

type Test struct {
	// contains filtered or unexported fields
}

func (*Test) CertificateCAs added in v0.13.2 

func (t *Test) CertificateCAs() map[string][]byte

CertificateCAs returns the CAs used to sign the certificates within the test.

func (*Test) CiliumLogs added in v0.15.9 

func (t *Test) CiliumLogs(ctx context.Context)

CiliumLogs dumps the logs of all Cilium agents since the start of the Test. filter is applied on each line of output.

func (*Test) CiliumNetworkPolicies added in v0.14.4 

func (t *Test) CiliumNetworkPolicies() map[string]*ciliumv2.CiliumNetworkPolicy

func (*Test) Context 

func (t *Test) Context() *ConnectivityTest

Context returns the enclosing context of the Test.

func (*Test) Debug 

func (t *Test) Debug(a ...interface{})

Debug logs a debug message.

func (*Test) Debugf 

func (t *Test) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*Test) EgressGatewayNode added in v0.14.2 

func (t *Test) EgressGatewayNode() string

EgressGatewayNode returns the name of the node that is supposed to act as egress gateway in the egress gateway tests.

Currently the designated node is the one running the other=client client pod.

func (*Test) Fail 

func (t *Test) Fail(a ...interface{})

Fail marks the Test as failed and logs a failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Failf 

func (t *Test) Failf(format string, a ...interface{})

Failf marks the Test as failed and logs a formatted failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Fatal 

func (t *Test) Fatal(a ...interface{})

Fatal marks the test as failed, logs an error and exits the calling goroutine.

func (*Test) Fatalf 

func (t *Test) Fatalf(format string, a ...interface{})

Fatalf marks the test as failed, logs a formatted error and exits the calling goroutine.

func (*Test) ForEachIPFamily added in v0.13.0 

func (t *Test) ForEachIPFamily(do func(features.IPFamily))

func (*Test) Headerf 

func (t *Test) Headerf(format string, a ...interface{})

Headerf prints a formatted, indented header inside the test log scope. Headers are not internally buffered.

func (*Test) Info 

func (t *Test) Info(a ...interface{})

Info logs an informational message.

func (*Test) Infof 

func (t *Test) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*Test) KubernetesNetworkPolicies added in v0.14.4 

func (t *Test) KubernetesNetworkPolicies() map[string]*networkingv1.NetworkPolicy

func (*Test) Log 

func (t *Test) Log(a ...interface{})

Log logs a message.

func (*Test) Logf 

func (t *Test) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*Test) Name 

func (t *Test) Name() string

Name returns the name of the test.

func (*Test) NewAction 

func (t *Test) NewAction(s Scenario, name string, src *Pod, dst TestPeer, ipFam features.IPFamily) *Action

NewAction creates a new Action. s must be the Scenario the Action is created for, name should be a visually-distinguishable name, src is the execution Pod of the action, and dst is the network target the Action will connect to.

func (*Test) NewGenericAction added in v0.15.21 

func (t *Test) NewGenericAction(s Scenario, name string) *Action

NewGenericAction creates a new Action not associated with any execution pod nor network target, but intended for generic assertions (e.g., checking the absence of log errors over multiple pods). s must be the Scenario the Action is created for, name should be a visually-distinguishable name.

func (*Test) NodesWithoutCilium added in v0.12.2 

func (t *Test) NodesWithoutCilium() []string

func (*Test) Run 

func (t *Test) Run(ctx context.Context, index int) error

Run executes all Scenarios registered to the Test.

func (*Test) String 

func (t *Test) String() string

func (*Test) WithCABundleSecret added in v0.13.2 

func (t *Test) WithCABundleSecret() *Test

WithCABundleSecret makes the secret `cabundle` with a CA bundle and adds it to the cluster

func (*Test) WithCertificate added in v0.13.2 

func (t *Test) WithCertificate(name, hostname string) *Test

WithCertificate makes a secret with a certificate and adds it to the cluster

func (*Test) WithCiliumEgressGatewayPolicy added in v0.14.2 

func (t *Test) WithCiliumEgressGatewayPolicy(params CiliumEgressGatewayPolicyParams) *Test

WithCiliumEgressGatewayPolicy takes a string containing a YAML policy document and adds the cilium egress gateway polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the egress gateway enabled feature requirement is applied directly here.

func (*Test) WithCiliumPolicy added in v0.14.0 

func (t *Test) WithCiliumPolicy(policy string) *Test

WithCiliumPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the CNP enabled feature // requirement is applied directly here.

func (*Test) WithCiliumVersion added in v0.14.4 

func (t *Test) WithCiliumVersion(vr string) *Test

WithCiliumVersion limits test execution to Cilium versions that fall within the given range. The input string is passed to semver.ParseRange, see package semver. Simple examples: ">1.0.0 <2.0.0" or ">=1.14.0".

func (*Test) WithExpectations 

func (t *Test) WithExpectations(f ExpectationsFunc) *Test

WithExpectations sets the getExpectations test result function to use during tests

func (*Test) WithFeatureRequirements added in v0.12.1 

func (t *Test) WithFeatureRequirements(reqs ...features.Requirement) *Test

WithFeatureRequirements adds FeatureRequirements to Test, all of which must be satisfied in order for the test to be run. It adds only features that are not already present in the requirements.

func (*Test) WithFinalizer added in v0.14.4 

func (t *Test) WithFinalizer(f func() error) *Test

WithFinalizer registers a finalizer to be executed when Run() returns.

func (*Test) WithIPRoutesFromOutsideToPodCIDRs added in v0.14.4 

func (t *Test) WithIPRoutesFromOutsideToPodCIDRs() *Test

WithIPRoutesFromOutsideToPodCIDRs instructs the test runner that podCIDR => nodeIP routes needs to be installed on a node which doesn't run Cilium before running the test (and removed after the test completion).

func (*Test) WithK8SPolicy added in v0.14.0 

func (t *Test) WithK8SPolicy(policy string) *Test

WithK8SPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the KNP enabled feature requirement is applied directly here.

func (*Test) WithScenarios 

func (t *Test) WithScenarios(sl ...Scenario) *Test

WithScenarios adds Scenarios to Test in the given order.

func (*Test) WithSecret added in v0.13.2 

func (t *Test) WithSecret(secret *corev1.Secret) *Test

WithSecret takes a Secret and adds it to the cluster during the test

func (*Test) WithSetupFunc added in v0.14.4 

func (t *Test) WithSetupFunc(f SetupFunc) *Test

WithSetupFunc registers a SetupFunc callback to be executed just before the test runs.

func (*Test) WithSysdumpPolicy added in v0.15.21 

func (t *Test) WithSysdumpPolicy(policy SysdumpPolicy) *Test

WithSysdumpPolicy enables tuning the policy for capturing the sysdump in case of test failure, which takes effect only when sysdumps have been requested by the user. It is intended to be used to limit the number of sysdumps generated in case of multiple subsequent failures, if they would not contain additional information (e.g., when asserting the absence of log errors over multiple pods).

type TestPeer 

type TestPeer interface {
	// Name must return the absolute name of the peer.
	Name() string

	// Scheme must return the scheme to be used in a connection string
	// to connect to this peer, e.g. 'http' or 'https'. Can be an empty string.
	Scheme() string

	// Path must return the path in the URL used, if any. Can be an empty
	// string. Must include the leading '/' when not empty.
	Path() string

	// Address must return the network address of the peer. This can be a
	// DNS name or an IP address.
	Address(features.IPFamily) string

	// Port must return the destination port number used by the test traffic to the peer.
	Port() uint32

	// HasLabel checks if given label with the given name and value exists.
	HasLabel(name, value string) bool

	// Labels returns copy of peer labels
	Labels() map[string]string

	FlowFilters() []*flow.FlowFilter
}

TestPeer is the abstraction used for all peer types (pods, services, IPs, DNS names) used for connectivity testing

func HTTPEndpoint 

func HTTPEndpoint(name, rawurl string) TestPeer

HTTPEndpoint returns a new endpoint with the given name and raw URL. Panics if rawurl cannot be parsed.

func HTTPEndpointWithLabels added in v0.12.0 

func HTTPEndpointWithLabels(name, rawurl string, labels map[string]string) TestPeer

func ICMPEndpoint 

func ICMPEndpoint(name, host string) TestPeer

ICMPEndpoint returns a new ICMP endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.