check

package
v0.15.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 17, 2023 License: Apache-2.0 Imports: 67 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FlowValidationModeDisabled = "disabled"
	FlowValidationModeWarning  = "warning"
	FlowValidationModeStrict   = "strict"
)
View Source 
const (
	DNSTestServerContainerName = "dns-test-server"

	KindTestConnDisrupt = "test-conn-disrupt"

	EchoServerHostPort = 40000

	IngressServiceName = "ingress-service"
)
View Source 
const (
	NoExcludedCIDRs = iota
	ExternalNodeExcludedCIDRs
)
View Source 
const (
	LongTimeout  = 5 * time.Minute
	ShortTimeout = 30 * time.Second

	PollInterval = 1 * time.Second
)

Variables

View Source 
var (
	// ResultNone expects a successful command, don't match any packets.
	ResultNone = Result{
		None: true,
	}

	// ResultOK expects a successful command and a matching flow.
	ResultOK = Result{}

	// ResultDNSOK expects a successful command, only generating DNS traffic.
	ResultDNSOK = Result{
		DNSProxy: true,
	}

	// ResultDNSOKDropCurlTimeout expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlTimeout = Result{
		DNSProxy:       true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlTimeout,
	}

	// ResultDNSOKDropCurlHTTPError expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlHTTPError = Result{
		DNSProxy:       true,
		L7Proxy:        true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultCurlHTTPError expects a failed command, but no dropped flow or DNS proxy.
	ResultCurlHTTPError = Result{
		L7Proxy:        true,
		Drop:           false,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultDrop expects a dropped flow and a failed command.
	ResultDrop = Result{
		Drop:           true,
		ExitCode:       ExitAnyError,
		DropReasonFunc: defaultDropReason,
	}

	// ResultDropAuthRequired expects a dropped flow with auth required as reason.
	ResultDropAuthRequired = Result{
		Drop:           true,
		DropReasonFunc: authRequiredDropReason,
	}

	// ResultAnyReasonEgressDrop expects a dropped flow at Egress and a failed command.
	ResultAnyReasonEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyEgressDrop expects a dropped flow at Egress due to policy deny and a failed command.
	ResultPolicyDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: policyDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyEgressDrop expects a dropped flow at Egress due to default deny and a failed command.
	ResultDefaultDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultIngressAnyReasonDrop expects a dropped flow at Ingress and a failed command.
	ResultIngressAnyReasonDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyIngressDrop expects a dropped flow at Ingress due to policy deny reason and a failed command.
	ResultPolicyDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: policyDenyReason,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyIngressDrop expects a dropped flow at Ingress due to default deny reason and a failed command.
	ResultDefaultDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDenyReason,
		ExitCode:       ExitAnyError,
	}

	// ResultDropCurlTimeout expects a dropped flow and a failed command.
	ResultDropCurlTimeout = Result{
		Drop:     true,
		ExitCode: ExitCurlTimeout,
	}

	// ResultDropCurlHTTPError expects a dropped flow and a failed command.
	ResultDropCurlHTTPError = Result{
		L7Proxy:  true,
		Drop:     true,
		ExitCode: ExitCurlHTTPError,
	}
)

Functions

func WaitForCiliumEndpoint added in v0.15.0 

func WaitForCiliumEndpoint(ctx context.Context, log Logger, client *k8s.Client, namespace, name string) error

WaitForCiliumEndpoint waits until the specified cilium endpoint gets created.

func WaitForCoreDNS added in v0.15.0 

func WaitForCoreDNS(ctx context.Context, log Logger, client Pod) error

WaitForCoreDNS waits until the client pod can reach coredns.

func WaitForDeployment added in v0.15.0 

func WaitForDeployment(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) error

WaitForDeployment waits until the specified deployment becomes ready.

func WaitForIPCache added in v0.15.0 

func WaitForIPCache(ctx context.Context, log Logger, agent Pod, pods []Pod) error

WaitForIPCache waits until all the specified pods are present in the IPCache of the given agent.

func WaitForNodePorts added in v0.15.0 

func WaitForNodePorts(ctx context.Context, log Logger, client Pod, nodeIP string, service Service) error

WaitForNodePorts waits until all the nodeports in a service are available on a given node.

func WaitForPodDNS added in v0.15.0 

func WaitForPodDNS(ctx context.Context, log Logger, src, dst Pod) error

WaitForPodDNS waits until src can query the DNS server on dst successfully.

func WaitForService added in v0.15.0 

func WaitForService(ctx context.Context, log Logger, client Pod, service Service) error

WaitForService waits until the given service is synchronized in CoreDNS.

func WaitForServiceEndpoints added in v0.15.0 

func WaitForServiceEndpoints(ctx context.Context, log Logger, agent Pod, service Service, backends uint, families []IPFamily) error

WaitForServiceEndpoints waits until the expected number of service backends are reported by the given agent.

Types

type Action 

type Action struct {

	// Should the action attempt to collect the flows with hubble
	CollectFlows bool
	// contains filtered or unexported fields
}

Action represents an individual action (e.g. a curl call) in a Scenario between a source and a destination peer.

func (*Action) CmdOutput added in v0.10.5 

func (a *Action) CmdOutput() string

func (*Action) Debug 

func (a *Action) Debug(s ...interface{})

Debug logs a debug message.

func (*Action) Debugf 

func (a *Action) Debugf(format string, s ...interface{})

Debugf logs a formatted debug message.

func (*Action) Destination 

func (a *Action) Destination() TestPeer

func (*Action) ExecInPod 

func (a *Action) ExecInPod(ctx context.Context, cmd []string)

func (*Action) Fail 

func (a *Action) Fail(s ...interface{})

Fail must be called when the Action is unsuccessful.

func (*Action) Failf 

func (a *Action) Failf(format string, s ...interface{})

Failf must be called when the Action is unsuccessful.

func (*Action) Fatal 

func (a *Action) Fatal(s ...interface{})

Fatal must be called when an irrecoverable error was encountered during the Action.

func (*Action) Fatalf 

func (a *Action) Fatalf(format string, s ...interface{})

Fatalf must be called when an irrecoverable error was encountered during the Action.

func (*Action) GetEgressMetricsRequirements added in v0.14.4 

func (a *Action) GetEgressMetricsRequirements() []MetricsResult

func (*Action) GetEgressRequirements 

func (a *Action) GetEgressRequirements(p FlowParameters) (reqs []filters.FlowSetRequirement)

func (*Action) GetIngressMetricsRequirements added in v0.14.4 

func (a *Action) GetIngressMetricsRequirements() []MetricsResult

func (*Action) GetIngressRequirements 

func (a *Action) GetIngressRequirements(p FlowParameters) []filters.FlowSetRequirement

func (*Action) Info 

func (a *Action) Info(s ...interface{})

Info logs a debug message.

func (*Action) Infof 

func (a *Action) Infof(format string, s ...interface{})

Infof logs a formatted debug message.

func (*Action) Log 

func (a *Action) Log(s ...interface{})

Log logs a message.

func (*Action) Logf 

func (a *Action) Logf(format string, s ...interface{})

Logf logs a formatted message.

func (*Action) Peers 

func (a *Action) Peers() string

Peers returns the name and addr:port of the peers involved in the Action. If source or destination peers are missing, returns an empty string.

func (*Action) Run 

func (a *Action) Run(f func(*Action))

Run executes function f.

This method is to be called from a Scenario implementation.

func (*Action) Source 

func (a *Action) Source() TestPeer

func (*Action) String 

func (a *Action) String() string

func (*Action) ValidateFlows 

func (a *Action) ValidateFlows(ctx context.Context, peer TestPeer, reqs []filters.FlowSetRequirement)

ValidateFlows retrieves the flow pods of the specified pod and validates that all filters find a match. On failure, t.Fail() is called.

func (*Action) ValidateMetrics added in v0.14.4 

func (a *Action) ValidateMetrics(ctx context.Context, pod Pod, results []MetricsResult)

ValidateMetrics confronts the expected metrics against the last ones retrieves.

func (*Action) WriteDataToPod added in v0.13.2 

func (a *Action) WriteDataToPod(ctx context.Context, filePath string, data []byte)

WriteDataToPod writes data to a file in the source pod It does this by using a shell command, writing huge files should be avoided

type CiliumEgressGatewayPolicyParams added in v0.14.6 

type CiliumEgressGatewayPolicyParams struct {
	// ExcludedCIDRs controls how the ExcludedCIDRs property should be configured
	ExcludedCIDRs int
}

CiliumEgressGatewayPolicyParams is used to configure how a CiliumEgressGatewayPolicy template should be configured before being applied.

type ConditionalScenario added in v0.12.2 

type ConditionalScenario interface {
	Scenario
	Requirements() []FeatureRequirement
}

ConditionalScenario is a test scenario which requires certain feature requirements to be enabled. If the requirements are not met, the test scenario is skipped

type ConnectivityTest 

type ConnectivityTest struct {

	// CiliumVersion is the detected or assumed version of the Cilium agent
	CiliumVersion semver.Version

	Features FeatureSet

	PerfResults map[PerfTests]PerfResult
	// contains filtered or unexported fields
}

ConnectivityTest is the root context of the connectivity test suite and holds all resources belonging to it. It implements interface ConnectivityTest and is instantiated once at the start of the program,

func NewConnectivityTest 

func NewConnectivityTest(client *k8s.Client, p Parameters, version string) (*ConnectivityTest, error)

NewConnectivityTest returns a new ConnectivityTest.

func (*ConnectivityTest) AllFlows 

func (ct *ConnectivityTest) AllFlows() bool

func (*ConnectivityTest) CiliumAgentMetrics added in v0.14.4 

func (ct *ConnectivityTest) CiliumAgentMetrics() MetricsSource

CiliumAgentMetrics returns the MetricsSource for the cilium-agent component.

func (*ConnectivityTest) CiliumPods 

func (ct *ConnectivityTest) CiliumPods() map[string]Pod

func (*ConnectivityTest) ClientPods 

func (ct *ConnectivityTest) ClientPods() map[string]Pod

func (*ConnectivityTest) Clients added in v0.14.4 

func (ct *ConnectivityTest) Clients() []*k8s.Client

func (*ConnectivityTest) CurlClientIPCommand added in v0.14.2 

func (ct *ConnectivityTest) CurlClientIPCommand(peer TestPeer, ipFam IPFamily, opts ...string) []string

func (*ConnectivityTest) CurlCommand added in v0.12.12 

func (ct *ConnectivityTest) CurlCommand(peer TestPeer, ipFam IPFamily, opts ...string) []string

func (*ConnectivityTest) Debug 

func (ct *ConnectivityTest) Debug(a ...interface{})

Debug logs a debug message.

func (*ConnectivityTest) Debugf 

func (ct *ConnectivityTest) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*ConnectivityTest) DetectMinimumCiliumVersion added in v0.12.1 

func (ct *ConnectivityTest) DetectMinimumCiliumVersion(ctx context.Context) (*semver.Version, error)

DetectMinimumCiliumVersion returns the smallest Cilium version running in the cluster(s)

func (*ConnectivityTest) DigCommand added in v0.14.6 

func (ct *ConnectivityTest) DigCommand(peer TestPeer, ipFam IPFamily) []string

func (*ConnectivityTest) EchoPods 

func (ct *ConnectivityTest) EchoPods() map[string]Pod

func (*ConnectivityTest) EchoServices 

func (ct *ConnectivityTest) EchoServices() map[string]Service

func (*ConnectivityTest) ExternalEchoPods added in v0.14.2 

func (ct *ConnectivityTest) ExternalEchoPods() map[string]Pod

func (*ConnectivityTest) ExternalWorkloads 

func (ct *ConnectivityTest) ExternalWorkloads() map[string]ExternalWorkload

func (*ConnectivityTest) Fail 

func (ct *ConnectivityTest) Fail(a ...interface{})

Fail logs a failure message.

func (*ConnectivityTest) Failf 

func (ct *ConnectivityTest) Failf(format string, a ...interface{})

Failf logs a formatted failure message.

func (*ConnectivityTest) Fatal 

func (ct *ConnectivityTest) Fatal(a ...interface{})

Fatal logs an error.

func (*ConnectivityTest) Fatalf 

func (ct *ConnectivityTest) Fatalf(format string, a ...interface{})

Fatalf logs a formatted error.

func (*ConnectivityTest) Feature added in v0.12.12 

func (ct *ConnectivityTest) Feature(f Feature) (FeatureStatus, bool)

func (*ConnectivityTest) FlowAggregation 

func (ct *ConnectivityTest) FlowAggregation() bool

func (*ConnectivityTest) ForceDisableFeature added in v0.12.8 

func (ct *ConnectivityTest) ForceDisableFeature(feature Feature)

func (*ConnectivityTest) GetTest added in v0.14.4 

func (ct *ConnectivityTest) GetTest(name string) (*Test, error)

GetTest returns the test scope for test named "name" if found, a non-nil error otherwise.

func (*ConnectivityTest) Header 

func (ct *ConnectivityTest) Header(a ...interface{})

Header prints a newline followed by a formatted message.

func (*ConnectivityTest) Headerf 

func (ct *ConnectivityTest) Headerf(format string, a ...interface{})

Headerf prints a newline followed by a formatted message.

func (*ConnectivityTest) HostNetNSPodsByNode added in v0.12.2 

func (ct *ConnectivityTest) HostNetNSPodsByNode() map[string]Pod

func (*ConnectivityTest) HubbleClient 

func (ct *ConnectivityTest) HubbleClient() observer.ObserverClient

func (*ConnectivityTest) Info 

func (ct *ConnectivityTest) Info(a ...interface{})

Info logs an informational message.

func (*ConnectivityTest) Infof 

func (ct *ConnectivityTest) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*ConnectivityTest) IngressService added in v0.14.1 

func (ct *ConnectivityTest) IngressService() map[string]Service

func (*ConnectivityTest) K8sClient added in v0.11.8 

func (ct *ConnectivityTest) K8sClient() *k8s.Client

func (*ConnectivityTest) Log 

func (ct *ConnectivityTest) Log(a ...interface{})

Log logs a message.

func (*ConnectivityTest) Logf 

func (ct *ConnectivityTest) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*ConnectivityTest) NewTest 

func (ct *ConnectivityTest) NewTest(name string) *Test

NewTest creates a new test scope within the ConnectivityTest and returns a new Test. This object can be used to set up the environment to execute different Scenarios within.

func (*ConnectivityTest) Nodes added in v0.13.0 

func (ct *ConnectivityTest) Nodes() map[string]*corev1.Node

func (*ConnectivityTest) NodesWithoutCilium added in v0.12.2 

func (ct *ConnectivityTest) NodesWithoutCilium() []string

func (*ConnectivityTest) Params added in v0.10.5 

func (ct *ConnectivityTest) Params() Parameters

func (*ConnectivityTest) PerfClientPods added in v0.10.5 

func (ct *ConnectivityTest) PerfClientPods() map[string]Pod

func (*ConnectivityTest) PerfServerPod added in v0.10.5 

func (ct *ConnectivityTest) PerfServerPod() map[string]Pod

func (*ConnectivityTest) PingCommand added in v0.12.12 

func (ct *ConnectivityTest) PingCommand(peer TestPeer, ipFam IPFamily) []string

func (*ConnectivityTest) PostTestSleepDuration 

func (ct *ConnectivityTest) PostTestSleepDuration() time.Duration

func (*ConnectivityTest) PrintFlows 

func (ct *ConnectivityTest) PrintFlows() bool

func (*ConnectivityTest) RandomClientPod 

func (ct *ConnectivityTest) RandomClientPod() *Pod

func (*ConnectivityTest) Run 

func (ct *ConnectivityTest) Run(ctx context.Context) error

Run kicks off execution of all Tests registered to the ConnectivityTest. Each Test's Run() method is called within its own goroutine.

func (*ConnectivityTest) SetupAndValidate added in v0.10.4 

func (ct *ConnectivityTest) SetupAndValidate(ctx context.Context, setupAndValidateExtras func(ctx context.Context, ct *ConnectivityTest) error) error

SetupAndValidate sets up and validates the connectivity test infrastructure such as the client pods and validates the deployment of them along with Cilium. This must be run before Run() is called.

func (*ConnectivityTest) Timestamp added in v0.12.10 

func (ct *ConnectivityTest) Timestamp()

Timestamps logs the current timestamp.

func (*ConnectivityTest) UninstallResources added in v0.12.10 

func (ct *ConnectivityTest) UninstallResources(ctx context.Context, wait bool)

UninstallResources deletes all k8s resources created by the connectivity tests.

func (*ConnectivityTest) UpdateFeaturesFromNodes added in v0.12.8 

func (ct *ConnectivityTest) UpdateFeaturesFromNodes(ctx context.Context) error

func (*ConnectivityTest) Warn 

func (ct *ConnectivityTest) Warn(a ...interface{})

Warn logs a warning message.

func (*ConnectivityTest) Warnf 

func (ct *ConnectivityTest) Warnf(format string, a ...interface{})

Warnf logs a formatted warning message.

type ExitCode added in v0.9.0 

type ExitCode int16
const (
	ExitAnyError    ExitCode = -1
	ExitInvalidCode ExitCode = -2

	ExitCurlHTTPError ExitCode = 22
	ExitCurlTimeout   ExitCode = 28
)

func (ExitCode) Check added in v0.9.0 

func (e ExitCode) Check(code uint8) bool

func (ExitCode) String added in v0.9.0 

func (e ExitCode) String() string

type ExpectationsFunc 

type ExpectationsFunc func(a *Action) (egress, ingress Result)

type ExternalWorkload 

type ExternalWorkload struct {
	// contains filtered or unexported fields
}

ExternalWorkload is an external workload acting as a peer in a connectivity test. It implements interface TestPeer.

func (ExternalWorkload) Address 

func (e ExternalWorkload) Address(IPFamily) string

Address returns the network address of the ExternalWorkload.

func (ExternalWorkload) FlowFilters added in v0.14.4 

func (e ExternalWorkload) FlowFilters() []*flow.FlowFilter

func (ExternalWorkload) HasLabel 

func (e ExternalWorkload) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (ExternalWorkload) Labels added in v0.12.4 

func (e ExternalWorkload) Labels() map[string]string

Labels returns the copy of labels

func (ExternalWorkload) Name 

func (e ExternalWorkload) Name() string

Name returns the name of the ExternalWorkload.

func (ExternalWorkload) Path added in v0.9.0 

func (e ExternalWorkload) Path() string

Path returns an empty string.

func (ExternalWorkload) Port 

func (e ExternalWorkload) Port() uint32

Port returns 0.

func (ExternalWorkload) Scheme 

func (e ExternalWorkload) Scheme() string

Scheme returns an empty string.

type Feature added in v0.12.1 

type Feature string

Feature is the name of a Cilium feature (e.g. l7-proxy, cni chaining mode etc) 

const (
	FeatureCNIChaining        Feature = "cni-chaining"
	FeatureMonitorAggregation Feature = "monitor-aggregation"
	FeatureL7Proxy            Feature = "l7-proxy"
	FeatureHostFirewall       Feature = "host-firewall"
	FeatureICMPPolicy         Feature = "icmp-policy"
	FeatureTunnel             Feature = "tunnel"
	FeatureEndpointRoutes     Feature = "endpoint-routes"

	FeatureKPRMode                Feature = "kpr-mode"
	FeatureKPRExternalIPs         Feature = "kpr-external-ips"
	FeatureKPRGracefulTermination Feature = "kpr-graceful-termination"
	FeatureKPRHostPort            Feature = "kpr-hostport"
	FeatureKPRSocketLB            Feature = "kpr-socket-lb"
	FeatureKPRNodePort            Feature = "kpr-nodeport"
	FeatureKPRSessionAffinity     Feature = "kpr-session-affinity"

	FeatureHostPort Feature = "host-port"

	FeatureNodeWithoutCilium Feature = "node-without-cilium"

	FeatureHealthChecking Feature = "health-checking"

	FeatureEncryptionPod  Feature = "encryption-pod"
	FeatureEncryptionNode Feature = "encryption-node"

	FeatureIPv4 Feature = "ipv4"
	FeatureIPv6 Feature = "ipv6"

	FeatureFlavor Feature = "flavor"

	FeatureSecretBackendK8s Feature = "secret-backend-k8s"

	FeatureCNP Feature = "cilium-network-policy"
	FeatureKNP Feature = "k8s-network-policy"

	FeatureAuthSpiffe Feature = "mutual-auth-spiffe"

	FeatureIngressController Feature = "ingress-controller"

	FeatureEgressGateway Feature = "enable-ipv4-egress-gateway"
)

type FeatureRequirement added in v0.12.1 

type FeatureRequirement struct {
	// contains filtered or unexported fields
}

FeatureRequirement defines a test requirement. A given FeatureSet may or may not satisfy this requirement

func RequireFeatureDisabled added in v0.14.2 

func RequireFeatureDisabled(feature Feature) FeatureRequirement

RequireFeatureDisabled constructs a FeatureRequirement which expects the feature to be disabled

func RequireFeatureEnabled added in v0.12.1 

func RequireFeatureEnabled(feature Feature) FeatureRequirement

RequireFeatureEnabled constructs a FeatureRequirement which expects the feature to be enabled

func RequireFeatureMode added in v0.12.1 

func RequireFeatureMode(feature Feature, mode string) FeatureRequirement

RequireFeatureMode constructs a FeatureRequirement which expects the feature to be in the given mode

type FeatureSet added in v0.12.1 

type FeatureSet map[Feature]FeatureStatus

FeatureSet contains the status

func (FeatureSet) IPFamilies added in v0.15.1 

func (fs FeatureSet) IPFamilies() []IPFamily

IPFamilies returns the list of enabled IP families.

func (FeatureSet) MatchRequirements added in v0.12.1 

func (fs FeatureSet) MatchRequirements(reqs ...FeatureRequirement) bool

MatchRequirements returns true if the FeatureSet fs satisfies all the requirements in reqs. Returns true for empty requirements list.

type FeatureStatus added in v0.12.1 

type FeatureStatus struct {
	Enabled bool
	Mode    string
}

FeatureStatus describes the status of a feature. Some features are either turned on or off (c.f. Enabled), while others additionally might include a Mode string which provides more information about in what mode a particular feature is running ((e.g. when running with CNI chaining, Enabled will be true, and the Mode string will additionally contain the name of the chained CNI).

func (FeatureStatus) String added in v0.12.1 

func (s FeatureStatus) String() string

type FlowParameters 

type FlowParameters struct {
	// Protocol is the network protocol being tested
	Protocol L4Protocol

	// DNSRequired is true if DNS flows must be seen before the test protocol
	DNSRequired bool

	// RSTAllowed is true if TCP connection may end with either RST or FIN
	RSTAllowed bool

	// AltDstIP, if non-empty, indicates an alternative destination address
	// for the DstAddr to be matched. This is useful if the destination address
	// is NATed before Hubble can observe the packet, which for example is the
	// case with HostReachableServices
	AltDstIP string

	// AltDstPort, if non-zero, indicates an alternative port number for the
	// DstPort to be matched. This is useful if the destination port is NATed,
	// which is for example the case for service ports, NodePort or HostPort
	AltDstPort uint32
}

FlowParameters defines parameters for test result flow matching

type FlowRequirementResults 

type FlowRequirementResults struct {
	FirstMatch         int
	LastMatch          int
	Matched            MatchMap
	Failures           int
	NeedMoreFlows      bool
	LastMatchTimestamp time.Time
}

func (*FlowRequirementResults) Merge 

func (r *FlowRequirementResults) Merge(from *FlowRequirementResults)

type HTTP 

type HTTP struct {
	Status string
	Method string
	URL    string
}

type IPFamily added in v0.13.0 

type IPFamily int
const (
	// IPFamilyAny is used for non-IP based endpoints (e.g., HTTP URL),
	// and when any IP family could be used.
	IPFamilyAny IPFamily = iota
	IPFamilyV4
	IPFamilyV6
)

func GetIPFamily added in v0.13.0 

func GetIPFamily(addr string) IPFamily

func (IPFamily) String added in v0.13.0 

func (f IPFamily) String() string

type L4Protocol 

type L4Protocol int

L4Protocol identifies the network protocol being tested 

const (
	TCP L4Protocol = iota
	UDP
	ICMP
)

type Logger added in v0.15.0 

type Logger interface {
	// Log logs a message.
	Log(a ...interface{})
	// Logf logs a formatted message.
	Logf(format string, a ...interface{})

	// Debug logs a debug message.
	Debug(a ...interface{})
	// Debugf logs a formatted debug message.
	Debugf(format string, a ...interface{})

	// Info logs an informational message.
	Info(a ...interface{})
	// Infof logs a formatted informational message.
	Infof(format string, a ...interface{})
}

Logger abstracts the logging functionalities implemented by the test suite, individual tests and actions.

type MatchMap 

type MatchMap map[int]bool

type MetricsResult added in v0.14.4 

type MetricsResult struct {
	Source MetricsSource
	Assert assertMetricsFunc
}

MetricsResult holds the source of metrics we want to assert and its assertion method.

func (MetricsResult) IsEmpty added in v0.14.4 

func (m MetricsResult) IsEmpty() bool

IsEmpty returns true if MetricsResult does not have any source. Assuming it corresponds to its zero value.

type MetricsSource added in v0.14.4 

type MetricsSource struct {
	Name string // the name of the source, e.g.: cilium-agent
	Pods []Pod  // the list of pods for the given source
	Port string // the container port value for prometheus
}

MetricsSource defines the info for a source to be used in metrics collection.

func (MetricsSource) IsEmpty added in v0.14.4 

func (m MetricsSource) IsEmpty() bool

IsEmpty returns if the metrics source name is empty, assuming it MetricsSource is set to its zero value.

type NodeportService added in v0.14.6 

type NodeportService struct {
	Service Service
	Node    *v1.Node
}

NodeportService wraps a Service and exposes it through its nodeport, acting as a peer in a connectivity test. It implements interface TestPeer.

func (NodeportService) Address added in v0.14.6 

func (s NodeportService) Address(family IPFamily) string

Address returns the node IP of the wrapped Service.

func (NodeportService) FlowFilters added in v0.14.6 

func (s NodeportService) FlowFilters() []*flow.FlowFilter

func (NodeportService) HasLabel added in v0.14.6 

func (s NodeportService) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (NodeportService) Labels added in v0.14.6 

func (s NodeportService) Labels() map[string]string

Labels returns the copy of service labels

func (NodeportService) Name added in v0.14.6 

func (s NodeportService) Name() string

Name returns name of the wrapped service.

func (NodeportService) Path added in v0.14.6 

func (s NodeportService) Path() string

Path returns the path of the wrapped service.

func (NodeportService) Port added in v0.14.6 

func (s NodeportService) Port() uint32

Port returns the first nodeport of the wrapped Service.

func (NodeportService) Scheme added in v0.14.6 

func (s NodeportService) Scheme() string

Scheme returns the scheme of the wrapped service.

type Parameters 

type Parameters struct {
	AssumeCiliumVersion   string
	CiliumNamespace       string
	TestNamespace         string
	SingleNode            bool
	PrintFlows            bool
	ForceDeploy           bool
	Hubble                bool
	HubbleServer          string
	MultiCluster          string
	RunTests              []*regexp.Regexp
	SkipTests             []*regexp.Regexp
	PostTestSleepDuration time.Duration
	FlowValidation        string
	AllFlows              bool
	Writer                io.ReadWriter
	Verbose               bool
	Debug                 bool
	Timestamp             bool
	PauseOnFail           bool
	SkipIPCacheCheck      bool
	Perf                  bool
	PerfDuration          time.Duration
	PerfCRR               bool
	PerfHostNet           bool
	PerfSamples           int
	CurlImage             string
	PerformanceImage      string
	JSONMockImage         string
	AgentDaemonSetName    string
	DNSTestServerImage    string
	IncludeUnsafeTests    bool
	AgentPodSelector      string
	NodeSelector          map[string]string
	DeploymentAnnotations annotationsMap
	NamespaceAnnotations  annotations
	ExternalTarget        string
	ExternalCIDR          string
	ExternalIP            string
	ExternalOtherIP       string
	PodCIDRs              []podCIDRs
	NodesWithoutCiliumIPs []nodesWithoutCiliumIP
	JunitFile             string
	JunitProperties       map[string]string

	IncludeUpgradeTest    bool
	UpgradeTestSetup      bool
	UpgradeTestResultPath string
	FlushCT               bool

	K8sVersion           string
	HelmChartDirectory   string
	HelmValuesSecretName string

	DeleteCiliumOnNodes []string

	Retry      uint
	RetryDelay time.Duration

	ConnectTimeout time.Duration
	RequestTimeout time.Duration
	CurlInsecure   bool

	CollectSysdumpOnFailure bool
	SysdumpOptions          sysdump.Options
}

type PerfResult added in v0.10.5 

type PerfResult struct {
	Metric   string
	Scenario string
	Duration time.Duration
	Samples  int
	Values   []float64
	Avg      float64
}

type PerfTests added in v0.10.5 

type PerfTests struct {
	Pod  string
	Test string
}

type Pod 

type Pod struct {
	// Kubernetes client of the cluster this pod is running in.
	K8sClient *k8s.Client

	// Pod is the Kubernetes Pod resource.
	Pod *corev1.Pod

	// The pod is running on a node which doesn't run Cilium
	Outside bool
	// contains filtered or unexported fields
}

Pod is a Kubernetes Pod acting as a peer in a connectivity test.

func (Pod) Address 

func (p Pod) Address(family IPFamily) string

Address returns the network address of the Pod.

func (Pod) FlowFilters added in v0.14.4 

func (p Pod) FlowFilters() []*flow.FlowFilter

func (Pod) HasLabel 

func (p Pod) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Pod) Labels added in v0.12.4 

func (p Pod) Labels() map[string]string

func (Pod) Name 

func (p Pod) Name() string

Name returns the absolute name of the Pod.

func (Pod) NameWithoutNamespace added in v0.14.4 

func (p Pod) NameWithoutNamespace() string

NameWithoutNamespace returns only the name of the Pod.

func (Pod) Namespace added in v0.14.4 

func (p Pod) Namespace() string

Namespace returns the namespace the pod belongs to.

func (Pod) NodeName added in v0.14.4 

func (p Pod) NodeName() string

NodeName returns the node name a pod belongs to.

func (Pod) Path added in v0.9.0 

func (p Pod) Path() string

func (Pod) Port 

func (p Pod) Port() uint32

Port returns the port the Pod is listening on.

func (Pod) Scheme 

func (p Pod) Scheme() string

func (Pod) String 

func (p Pod) String() string

type Result 

type Result struct {
	// Request is dropped
	Drop bool

	// Request is dropped at Egress
	EgressDrop bool

	// Request is dropped at Ingress
	IngressDrop bool

	// DropReasonFunc
	DropReasonFunc func(flow *flowpb.Flow) bool

	// Metrics holds the function to compare/check metrics.
	Metrics []MetricsResult

	// No flows are to be expected. Used for ingress when egress drops
	None bool

	// DNSProxy is true when DNS Proxy is to be expected, only valid for egress
	DNSProxy bool

	// L7Proxy is true when L7 proxy (e.g., Envoy) is to be expected
	L7Proxy bool

	// HTTPStatus is non-zero when a HTTP status code in response is to be expected
	HTTP HTTP

	// ExitCode is the expected shell exit code
	ExitCode ExitCode
}

func (Result) ExpectMetricsIncrease added in v0.14.4 

func (r Result) ExpectMetricsIncrease(source MetricsSource, metrics ...string) Result

ExpectMetricsIncrease compares metrics retrieved before any action were run and after; may return an error if metrics did not increase.

func (Result) String 

func (r Result) String() string

type Scenario 

type Scenario interface {
	// Name returns the name of the Scenario.
	Name() string

	// Run is invoked by the testing framework to execute the Scenario.
	Run(ctx context.Context, t *Test)
}

Scenario is implemented by all test scenarios like pod-to-pod, pod-to-world, etc.

type Service 

type Service struct {
	// Service  is the Kubernetes service resource
	Service *corev1.Service
}

Service is a service acting as a peer in a connectivity test. It implements interface TestPeer.

func (Service) Address 

func (s Service) Address(family IPFamily) string

Address returns the network address of the Service.

func (Service) FlowFilters added in v0.14.4 

func (s Service) FlowFilters() []*flow.FlowFilter

func (Service) HasLabel 

func (s Service) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Service) Labels added in v0.12.4 

func (s Service) Labels() map[string]string

Labels returns the copy of service labels

func (Service) Name 

func (s Service) Name() string

Name returns the absolute name of the service.

func (Service) NameWithoutNamespace added in v0.15.2 

func (s Service) NameWithoutNamespace() string

NameWithoutNamespace returns the name of the service without the namespace.

func (Service) Path added in v0.9.0 

func (s Service) Path() string

Path returns the string '/'.

func (Service) Port 

func (s Service) Port() uint32

Port returns the first port of the Service.

func (Service) Scheme 

func (s Service) Scheme() string

Scheme returns the string 'http'.

func (Service) ToNodeportService added in v0.14.6 

func (s Service) ToNodeportService(node *v1.Node) NodeportService

type SetupFunc added in v0.14.4 

type SetupFunc func(ctx context.Context, t *Test, testCtx *ConnectivityTest) error

SetupFunc is a callback meant to be called before running the test. It performs additional setup needed to run tests.

type Test 

type Test struct {
	// contains filtered or unexported fields
}

func (*Test) CertificateCAs added in v0.13.2 

func (t *Test) CertificateCAs() map[string][]byte

CertificateCAs returns the CAs used to sign the certificates within the test.

func (*Test) CiliumNetworkPolicies added in v0.14.4 

func (t *Test) CiliumNetworkPolicies() map[string]*ciliumv2.CiliumNetworkPolicy

func (*Test) Context 

func (t *Test) Context() *ConnectivityTest

Context returns the enclosing context of the Test.

func (*Test) Debug 

func (t *Test) Debug(a ...interface{})

Debug logs a debug message.

func (*Test) Debugf 

func (t *Test) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*Test) EgressGatewayNode added in v0.14.2 

func (t *Test) EgressGatewayNode() string

EgressGatewayNode returns the name of the node that is supposed to act as egress gateway in the egress gateway tests.

Currently the designated node is the one running the other=client client pod.

func (*Test) Fail 

func (t *Test) Fail(a ...interface{})

Fail marks the Test as failed and logs a failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Failf 

func (t *Test) Failf(format string, a ...interface{})

Failf marks the Test as failed and logs a formatted failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Fatal 

func (t *Test) Fatal(a ...interface{})

Fatal marks the test as failed, logs an error and exits the calling goroutine.

func (*Test) Fatalf 

func (t *Test) Fatalf(format string, a ...interface{})

Fatalf marks the test as failed, logs a formatted error and exits the calling goroutine.

func (*Test) ForEachIPFamily added in v0.13.0 

func (t *Test) ForEachIPFamily(do func(IPFamily))

func (*Test) Headerf 

func (t *Test) Headerf(format string, a ...interface{})

Headerf prints a formatted, indented header inside the test log scope. Headers are not internally buffered.

func (*Test) Info 

func (t *Test) Info(a ...interface{})

Info logs an informational message.

func (*Test) Infof 

func (t *Test) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*Test) KubernetesNetworkPolicies added in v0.14.4 

func (t *Test) KubernetesNetworkPolicies() map[string]*networkingv1.NetworkPolicy

func (*Test) Log 

func (t *Test) Log(a ...interface{})

Log logs a message.

func (*Test) Logf 

func (t *Test) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*Test) Name 

func (t *Test) Name() string

Name returns the name of the test.

func (*Test) NewAction 

func (t *Test) NewAction(s Scenario, name string, src *Pod, dst TestPeer, ipFam IPFamily) *Action

NewAction creates a new Action. s must be the Scenario the Action is created for, name should be a visually-distinguishable name, src is the execution Pod of the action, and dst is the network target the Action will connect to.

func (*Test) NodesWithoutCilium added in v0.12.2 

func (t *Test) NodesWithoutCilium() []string

func (*Test) Run 

func (t *Test) Run(ctx context.Context) error

Run executes all Scenarios registered to the Test.

func (*Test) String 

func (t *Test) String() string

func (*Test) WithCABundleSecret added in v0.13.2 

func (t *Test) WithCABundleSecret() *Test

WithCABundleSecret makes the secret `cabundle` with a CA bundle and adds it to the cluster

func (*Test) WithCertificate added in v0.13.2 

func (t *Test) WithCertificate(name, hostname string) *Test

WithCertificate makes a secret with a certificate and adds it to the cluster

func (*Test) WithCiliumEgressGatewayPolicy added in v0.14.2 

func (t *Test) WithCiliumEgressGatewayPolicy(policy string, params CiliumEgressGatewayPolicyParams) *Test

WithCiliumEgressGatewayPolicy takes a string containing a YAML policy document and adds the cilium egress gateway polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the egress gateway enabled feature requirement is applied directly here.

func (*Test) WithCiliumPolicy added in v0.14.0 

func (t *Test) WithCiliumPolicy(policy string) *Test

WithCiliumPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the CNP enabled feature // requirement is applied directly here.

func (*Test) WithCiliumVersion added in v0.14.4 

func (t *Test) WithCiliumVersion(vsn string) *Test

WithCiliumVersion adds a requirement for a Cilium vsn in order for the test to run.

func (*Test) WithExpectations 

func (t *Test) WithExpectations(f ExpectationsFunc) *Test

WithExpectations sets the getExpectations test result function to use during tests

func (*Test) WithFeatureRequirements added in v0.12.1 

func (t *Test) WithFeatureRequirements(reqs ...FeatureRequirement) *Test

WithFeatureRequirements adds FeatureRequirements to Test, all of which must be satisfied in order for the test to be run. It adds only features that are not already present in the requirements.

func (*Test) WithFinalizer added in v0.14.4 

func (t *Test) WithFinalizer(f func() error) *Test

WithFinalizer registers a finalizer to be executed when Run() returns.

func (*Test) WithIPRoutesFromOutsideToPodCIDRs added in v0.14.4 

func (t *Test) WithIPRoutesFromOutsideToPodCIDRs() *Test

WithIPRoutesFromOutsideToPodCIDRs instructs the test runner that podCIDR => nodeIP routes needs to be installed on a node which doesn't run Cilium before running the test (and removed after the test completion).

func (*Test) WithK8SPolicy added in v0.14.0 

func (t *Test) WithK8SPolicy(policy string) *Test

WithK8SPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the KNP enabled feature requirement is applied directly here.

func (*Test) WithScenarios 

func (t *Test) WithScenarios(sl ...Scenario) *Test

WithScenarios adds Scenarios to Test in the given order.

func (*Test) WithSecret added in v0.13.2 

func (t *Test) WithSecret(secret *corev1.Secret) *Test

WithSecret takes a Secret and adds it to the cluster during the test

func (*Test) WithSetupFunc added in v0.14.4 

func (t *Test) WithSetupFunc(f SetupFunc) *Test

WithSetupFunc registers a SetupFunc callback to be executed just before the test runs.

type TestPeer 

type TestPeer interface {
	// Name must return the absolute name of the peer.
	Name() string

	// Scheme must return the scheme to be used in a connection string
	// to connect to this peer, e.g. 'http' or 'https'. Can be an empty string.
	Scheme() string

	// Path must return the path in the URL used, if any. Can be an empty
	// string. Must include the leading '/' when not empty.
	Path() string

	// Address must return the network address of the peer. This can be a
	// DNS name or an IP address.
	Address(IPFamily) string

	// Port must return the destination port number used by the test traffic to the peer.
	Port() uint32

	// HasLabel checks if given label with the given name and value exists.
	HasLabel(name, value string) bool

	// Labels returns copy of peer labels
	Labels() map[string]string

	FlowFilters() []*flow.FlowFilter
}

TestPeer is the abstraction used for all peer types (pods, services, IPs, DNS names) used for connectivity testing

func HTTPEndpoint 

func HTTPEndpoint(name, rawurl string) TestPeer

HTTPEndpoint returns a new endpoint with the given name and raw URL. Panics if rawurl cannot be parsed.

func HTTPEndpointWithLabels added in v0.12.0 

func HTTPEndpointWithLabels(name, rawurl string, labels map[string]string) TestPeer

func ICMPEndpoint 

func ICMPEndpoint(name, host string) TestPeer

ICMPEndpoint returns a new ICMP endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.