tests

package
v0.15.23 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NACKreceived  = "NACK received for version" // from https://github.com/cilium/cilium/issues/4003
	RunInitFailed = "JoinEP: "                  // from https://github.com/cilium/cilium/pull/5052

	RemovingMapMsg = "Removing map to allow for property upgrade" // from https://github.com/cilium/cilium/pull/10626

	ClangErrorsMsg = " errors generated." // from https://github.com/cilium/cilium/issues/10857
	ClangErrorMsg  = "1 error generated." // from https://github.com/cilium/cilium/issues/10857

)

Variables

This section is empty.

Functions

func CiliumHealth added in v0.12.4 

func CiliumHealth() check.Scenario

func ClientToClient 

func ClientToClient() check.Scenario

ClientToClient sends an ICMP packet from each client Pod to each client Pod in the test context.

func Dummy 

func Dummy(name string) check.Scenario

func EgressGateway added in v0.14.2 

func EgressGateway() check.Scenario

EgressGateway is a test case which, given the cegp-sample-client CiliumEgressGatewayPolicy targeting: - a couple of client pods (kind=client) as source - the 0.0.0.0/0 destination CIDR - kind-worker2 as gateway node

and the cegp-sample-echo CiliumEgressGatewayPolicy targeting: - the echo service pods (kind=echo) as source - the 0.0.0.0/0 destination CIDR - kind-worker2 as gateway node

tests connectivity for: - pod to host traffic - pod to service traffic - pod to external IP traffic - reply traffic for services - reply traffic for pods

func EgressGatewayExcludedCIDRs added in v0.14.6 

func EgressGatewayExcludedCIDRs() check.Scenario

EgressGatewayExcludedCIDRs is a test case which, given the cegp-sample CiliumEgressGatewayPolicy targeting: targeting: - a couple of client pods (kind=client) as source - the 0.0.0.0/0 destination CIDR - the IP of the external node as excluded CIDR - kind-worker2 as gateway node

This suite tests the excludedCIDRs property and ensure traffic matching an excluded CIDR does not get masqueraded with the egress IP

func FromCIDRToPod added in v0.14.0 

func FromCIDRToPod() check.Scenario

FromCIDRToPod generates HTTP request from each node without Cilium to the echo pods within the Cilium / K8s cluster.

func HostToPod added in v0.15.21 

func HostToPod() check.Scenario

HostToPod generates one HTTP request from each node inside the cluster to each echo (server) pod in the test context.

func NoErrorsInLogs added in v0.14.8 

func NoErrorsInLogs(ciliumVersion semver.Version) check.Scenario

NoErrorsInLogs checks whether there are no error messages in cilium-agent logs. The error messages are defined in badLogMsgsWithExceptions, which key is an error message, while values is a list of ignored messages.

func NoIPsecXfrmErrors added in v0.15.4 

func NoIPsecXfrmErrors(expectedErrors []string) check.Scenario

func NoInterruptedConnections added in v0.14.8 

func NoInterruptedConnections() check.Scenario

NoInterruptedConnections checks whether there are no interruptions in long-lived E/W LB connections. The test case is used to validate Cilium upgrades.

The test case consists of three steps:

1. Deploying pods and a service which establish the long-lived connections (done by "--conn-disrupt-test-setup"). The client pods ("test-conn-disrupt-client") establish connections via ClusterIP ("test-conn-disrupt") to server pods ("test-conn-disrupt-server"). As there former pods come first before the latter, the former pods can crash which increases the pod restart counter. The step is responsible for storing the restart counter too. 2. Do Cilium upgrade. 3. Run the test ("--include-conn-disrupt-test"). The test checks the restart counters, and compares them against the previously stored ones. A mismatch indicates that a connection was interrupted.

func NoUnexpectedPacketDrops added in v0.15.18 

func NoUnexpectedPacketDrops(expectedDrops []string) check.Scenario

NoUnexpectedPacketDrops checks whether there were no drops due to expected packet drops.

func NodeToNodeEncryption added in v0.12.12 

func NodeToNodeEncryption(reqs ...features.Requirement) check.Scenario

func OutsideToIngressService added in v0.15.18 

func OutsideToIngressService() check.Scenario

OutsideToIngressService sends an HTTP request from client pod running on a node w/o Cilium to NodePort services.

func OutsideToNodePort added in v0.12.2 

func OutsideToNodePort() check.Scenario

OutsideToNodePort sends an HTTP request from client pod running on a node w/o Cilium to NodePort services.

func PodToCIDR 

func PodToCIDR(opts ...RetryOption) check.Scenario

PodToCIDR sends an HTTPS request from each client Pod to ExternalIP and ExternalOtherIP

func PodToControlPlaneHost added in v0.15.14 

func PodToControlPlaneHost() check.Scenario

PodToControlPlaneHost sends an ICMP ping from the controlPlaneclient Pod to all nodes in the test context.

func PodToExternalWorkload 

func PodToExternalWorkload() check.Scenario

func PodToHost 

func PodToHost() check.Scenario

PodToHost sends an ICMP ping from all client Pods to all nodes in the test context.

func PodToHostPort added in v0.12.2 

func PodToHostPort() check.Scenario

PodToHostPort sends an HTTP request from all client Pods to all echo Services' HostPorts.

func PodToIngress added in v0.14.1 

func PodToIngress(opts ...Option) check.Scenario

PodToIngress sends an HTTP request from all client Pods to all Ingress service in the test context.

func PodToK8sLocal added in v0.15.14 

func PodToK8sLocal() check.Scenario

PodToK8sLocal sends a curl from all control plane client Pods to all control-plane nodes.

func PodToLocalNodePort 

func PodToLocalNodePort() check.Scenario

PodToLocalNodePort sends an HTTP request from all client Pods to all echo Services' NodePorts, but only on the same node as the client Pods.

func PodToPod 

func PodToPod(opts ...Option) check.Scenario

PodToPod generates one HTTP request from each client pod to each echo (server) pod in the test context. The remote Pod is contacted directly, no DNS is involved.

func PodToPodEncryption added in v0.12.12 

func PodToPodEncryption(reqs ...features.Requirement) check.Scenario

PodToPodEncryption is a test case which checks the following:

  • There is a connectivity between pods on different nodes when any encryption mode is on (either WireGuard or IPsec).
  • No unencrypted packet is leaked. As a sanity check, we additionally run the same test also when encryption is disabled, asserting that we effectively observe unencrypted packets.

The checks are implemented by curl'ing a server pod from a client pod, and then inspecting tcpdump captures from the client pod's node.

func PodToPodWithEndpoints added in v0.12.0 

func PodToPodWithEndpoints(opts ...Option) check.Scenario

func PodToRemoteNodePort 

func PodToRemoteNodePort() check.Scenario

PodToRemoteNodePort sends an HTTP request from all client Pods to all echo Services' NodePorts, but only to other nodes.

func PodToService 

func PodToService(opts ...Option) check.Scenario

PodToService sends an HTTP request from all client Pods to all Services in the test context.

func PodToWorld 

func PodToWorld(opts ...RetryOption) check.Scenario

PodToWorld sends multiple HTTP(S) requests to ExternalTarget from each client Pods.

func PodToWorld2 added in v0.12.4 

func PodToWorld2() check.Scenario

PodToWorld2 sends an HTTPS request to cilium.io from from random client Pods.

func PodToWorldWithTLSIntercept added in v0.13.2 

func PodToWorldWithTLSIntercept(curlOpts ...string) check.Scenario

PodToWorldWithTLSIntercept sends an HTTPS request to one.one.one.one (default value of ExternalTarget) from from random client

func WaitForEgressGatewayBpfPolicyEntries added in v0.15.20 

func WaitForEgressGatewayBpfPolicyEntries(ctx context.Context, t *check.Test,
	targetEntriesCallback func(ciliumPod check.Pod) []bpfEgressGatewayPolicyEntry,
)

WaitForEgressGatewayBpfPolicyEntries waits for the egress gateway policy maps on each node to WaitForEgressGatewayBpfPolicyEntries with the entries returned by the targetEntriesCallback

Types

type Option added in v0.12.2 

type Option func(*labelsOption)

func WithDestinationLabelsOption added in v0.12.2 

func WithDestinationLabelsOption(destinationLabels map[string]string) Option

func WithMethod added in v0.12.4 

func WithMethod(method string) Option

func WithPath added in v0.14.0 

func WithPath(path string) Option

func WithSourceLabelsOption added in v0.12.2 

func WithSourceLabelsOption(sourceLabels map[string]string) Option

type RetryOption added in v0.14.1 

type RetryOption func(*retryCondition)

func WithRetryAll added in v0.14.1 

func WithRetryAll() RetryOption

WithRetryAll sets all condition, returns retry options in every case

func WithRetryDestIP added in v0.14.1 

func WithRetryDestIP(ip string) RetryOption

WithRetryDestIP sets ip address condition

func WithRetryDestPort added in v0.14.1 

func WithRetryDestPort(port uint32) RetryOption

WithRetryDestPort sets port condition

func WithRetryPodLabel added in v0.14.1 

func WithRetryPodLabel(name, val string) RetryOption

WithRetryPodLabel sets pod label condition

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.