check

package
v1.18.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2025 License: Apache-2.0 Imports: 82 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FlowValidationModeDisabled = "disabled"
	FlowValidationModeWarning  = "warning"
	FlowValidationModeStrict   = "strict"
)
View Source 
const (
	PerfHostName     = "-host-net"
	PerfOtherNode    = "-other-node"
	PerfLowPriority  = "-low-priority"
	PerfHighPriority = "-high-priority"

	DNSTestServerContainerName = "dns-test-server"

	EchoOtherNodeDeploymentHeadlessServiceName = "echo-other-node-headless"

	KindTestConnDisrupt          = "test-conn-disrupt"
	KindTestConnDisruptNSTraffic = "test-conn-disrupt-ns-traffic"
)
View Source 
const (
	// KubernetesSourcedLabelPrefix is the optional prefix used in labels to
	// indicate they are sourced from Kubernetes.
	// NOTE: For some reason, ':' gets replaced by '.' in keys so we use that instead.
	KubernetesSourcedLabelPrefix = "k8s."

	// AnySourceLabelPrefix is the optional prefix used in labels to
	// indicate they could be from anywhere.
	// NOTE: For some reason, ':' gets replaced by '.' in keys so we use that instead.
	AnySourceLabelPrefix = "any."
)
View Source 
const (
	LongTimeout  = 5 * time.Minute
	ShortTimeout = 30 * time.Second

	PollInterval = 1 * time.Second
)

Variables

View Source 
var (
	// ResultNone expects a successful command, don't match any packets.
	ResultNone = Result{
		None: true,
	}

	// ResultCurlTimeout expects a failed command, don't match any packets.
	ResultCurlTimeout = Result{
		ExitCode: ExitCurlTimeout,
	}

	// ResultOK expects a successful command and a matching flow.
	ResultOK = Result{}

	// ResultDNSOK expects a successful command, only generating DNS traffic.
	ResultDNSOK = Result{
		DNSProxy: true,
	}

	// ResultDNSOKDropCurlTimeout expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlTimeout = Result{
		DNSProxy:       true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlTimeout,
	}

	// ResultDNSOKDropCurlHTTPError expects a failed command, generating DNS traffic and a dropped flow.
	ResultDNSOKDropCurlHTTPError = Result{
		DNSProxy:       true,
		L7Proxy:        true,
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultCurlHTTPError expects a failed command, but no dropped flow or DNS proxy.
	ResultCurlHTTPError = Result{
		L7Proxy:        true,
		Drop:           false,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlHTTPError,
	}

	// ResultCurlSSLError expects a failed command with SSL error, but no dropped flow or DNS proxy.
	ResultCurlSSLError = Result{
		L7Proxy:        true,
		Drop:           false,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitCurlSSLError,
	}

	// ResultDrop expects a dropped flow and a failed command.
	ResultDrop = Result{
		Drop:           true,
		ExitCode:       ExitAnyError,
		DropReasonFunc: defaultDropReason,
	}

	// ResultDropAuthRequired expects a dropped flow with auth required as reason.
	ResultDropAuthRequired = Result{
		Drop:           true,
		DropReasonFunc: authRequiredDropReason,
	}

	// ResultAnyReasonEgressDrop expects a dropped flow at Egress and a failed command.
	ResultAnyReasonEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDropReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyEgressDrop expects a dropped flow at Egress due to policy deny and a failed command.
	ResultPolicyDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: policyDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyEgressDrop expects a dropped flow at Egress due to default deny and a failed command.
	ResultDefaultDenyEgressDrop = Result{
		Drop:           true,
		DropReasonFunc: defaultDenyReason,
		EgressDrop:     true,
		ExitCode:       ExitAnyError,
	}

	// ResultIngressAnyReasonDrop expects a dropped flow at Ingress and a failed command.
	ResultIngressAnyReasonDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDropReason,
		ExitCode:       ExitAnyError,
	}

	// ResultPolicyDenyIngressDrop expects a dropped flow at Ingress due to policy deny reason and a failed command.
	ResultPolicyDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: policyDenyReason,
		ExitCode:       ExitAnyError,
	}

	// ResultDefaultDenyIngressDrop expects a dropped flow at Ingress due to default deny reason and a failed command.
	ResultDefaultDenyIngressDrop = Result{
		Drop:           true,
		IngressDrop:    true,
		DropReasonFunc: defaultDenyReason,
		ExitCode:       ExitAnyError,
	}

	ResultEgressUnencryptedDrop = Result{
		Drop:           true,
		EgressDrop:     true,
		DropReasonFunc: unencryptedDropReason,
		ExitCode:       ExitCurlTimeout,
	}

	// ResultDropCurlTimeout expects a dropped flow and a failed command.
	ResultDropCurlTimeout = Result{
		Drop:     true,
		ExitCode: ExitCurlTimeout,
	}

	// ResultDropCurlHTTPError expects a dropped flow and a failed command.
	ResultDropCurlHTTPError = Result{
		L7Proxy:  true,
		Drop:     true,
		ExitCode: ExitCurlHTTPError,
	}
)

Functions

func ApplyFRRConfig 

func ApplyFRRConfig(ctx context.Context, t *Test, frrPod *Pod, config string)

ApplyFRRConfig applies provided CLI configuration on the given FRR pod by replacing its existing config. Base FRR config is applied along with the provided one.

func AssertFRRBGPCommunity 

func AssertFRRBGPCommunity(t *Test, frrPrefixes FRRBGPPrefixMap, checkPrefixes []netip.Prefix, expectedCommunity string)

AssertFRRBGPCommunity asserts that provided BGP community is present in provided FRR BGP prefixes filtered by checkPrefixes list.

func AssertFRRBGPNeighborTimers 

func AssertFRRBGPNeighborTimers(t *Test, neighbors map[string]FRRBGPNeighborInfo, checkNeighbors []netip.Addr, keepAliveSeconds, holdTimeSeconds int32)

AssertFRRBGPNeighborTimers asserts that peering connections of the provided neighbors filtered by checkNeighbors use the provided BGP timer intervals.

func ClearFRRConfig 

func ClearFRRConfig(ctx context.Context, t *Test, frrPod *Pod)

ClearFRRConfig clears configuration on the given FRR pod. Only base config remains applied.

func CreateOrUpdatePolicy 

func CreateOrUpdatePolicy[T policy](ctx context.Context, client client[T], obj T, mutator func(obj T) bool) (bool, error)

CreateOrUpdatePolicy implements the generic logic to create or update a policy.

func DeleteK8sResourceWithWait 

func DeleteK8sResourceWithWait[T any](ctx context.Context, t *Test, k8sClient k8s.ResourceClient[T], resourceName string)

DeleteK8sResourceWithWait deletes the provided k8s resource and waits until it is deleted.

func DumpFRRBGPState 

func DumpFRRBGPState(ctx context.Context, t *Test, frrPod *Pod)

DumpFRRBGPState dumps FRR's BGP state into the log.

func NewFRRConfigMap 

func NewFRRConfigMap() *corev1.ConfigMap

NewFRRConfigMap returns a k8s ConfigMap used by the FRR DaemonSet, containing FRR daemon configuration.

func NewFRRDaemonSet 

func NewFRRDaemonSet(params Parameters) *appsv1.DaemonSet

NewFRRDaemonSet returns a k8s DaemonSet with FRR, configured to run on "nodes without cilium".

func NewSocatClientDeployment 

func NewSocatClientDeployment(params Parameters) *appsv1.Deployment

func NewSocatServerDaemonSet 

func NewSocatServerDaemonSet(params Parameters) *appsv1.DaemonSet

func RegisterPolicy 

func RegisterPolicy[T policy](current map[string]T, policies ...T) (map[string]T, error)

func RenderFRRBGPPeeringConfig 

func RenderFRRBGPPeeringConfig(t *Test, params FRRBGPPeeringParams) string

RenderFRRBGPPeeringConfig renders standard BGP peering configuration for provided list of peer addresses. The returned config can be used to apply in an FRR pod.

func RunFRRCommand 

func RunFRRCommand(ctx context.Context, t *Test, frrPod *Pod, cmd string) []byte

RunFRRCommand runs a CLI command on the given FRR pod.

func WaitForCoreDNS 

func WaitForCoreDNS(ctx context.Context, log Logger, client Pod) error

WaitForCoreDNS waits until the client pod can reach coredns.

func WaitForDaemonSet 

func WaitForDaemonSet(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) error

WaitForDaemonSet waits until the specified daemonset becomes ready.

func WaitForDeployment 

func WaitForDeployment(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) error

WaitForDeployment waits until the specified deployment becomes ready.

func WaitForFRRBGPNeighborsState 

func WaitForFRRBGPNeighborsState(ctx context.Context, t *Test, frrPod *Pod, expPeers []netip.Addr, expState string) map[string]FRRBGPNeighborInfo

WaitForFRRBGPNeighborsState waits until provided list of BGP peers reach the provided state on the provided FRR pod and returns detailed state information of all peers.

func WaitForIPCache 

func WaitForIPCache(ctx context.Context, log Logger, agent Pod, pods []Pod) error

WaitForIPCache waits until all the specified pods are present in the IPCache of the given agent.

func WaitForNodePorts 

func WaitForNodePorts(ctx context.Context, log Logger, client Pod, nodeIP string, service Service) error

WaitForNodePorts waits until all the nodeports in a service are available on a given node.

func WaitForPodDNS 

func WaitForPodDNS(ctx context.Context, log Logger, src, dst Pod) error

WaitForPodDNS waits until src can query the DNS server on dst successfully.

func WaitForService 

func WaitForService(ctx context.Context, log Logger, client Pod, service Service) error

WaitForService waits until the given service is synchronized in CoreDNS.

func WaitForServiceEndpoints 

func WaitForServiceEndpoints(ctx context.Context, log Logger, agent Pod, service Service, backends uint, families []features.IPFamily) error

WaitForServiceEndpoints waits until the expected number of service backends are reported by the given agent.

Types

type Action 

type Action struct {

	// Should the action attempt to collect the flows with hubble
	CollectFlows bool
	// contains filtered or unexported fields
}

Action represents an individual action (e.g. a curl call) in a Scenario between a source and a destination peer.

func (*Action) CmdOutput 

func (a *Action) CmdOutput() string

func (*Action) CurlCommand 

func (a *Action) CurlCommand(peer TestPeer, opts ...string) []string

func (*Action) CurlCommandWithOutput 

func (a *Action) CurlCommandWithOutput(peer TestPeer, opts ...string) []string

func (*Action) Debug 

func (a *Action) Debug(s ...interface{})

Debug logs a debug message.

func (*Action) Debugf 

func (a *Action) Debugf(format string, s ...interface{})

Debugf logs a formatted debug message.

func (*Action) Destination 

func (a *Action) Destination() TestPeer

func (*Action) ExecInPod 

func (a *Action) ExecInPod(ctx context.Context, cmd []string)

func (*Action) Fail 

func (a *Action) Fail(s ...interface{})

Fail must be called when the Action is unsuccessful.

func (*Action) Failf 

func (a *Action) Failf(format string, s ...interface{})

Failf must be called when the Action is unsuccessful.

func (*Action) Fatal 

func (a *Action) Fatal(s ...interface{})

Fatal must be called when an irrecoverable error was encountered during the Action.

func (*Action) Fatalf 

func (a *Action) Fatalf(format string, s ...interface{})

Fatalf must be called when an irrecoverable error was encountered during the Action.

func (*Action) GetEgressMetricsRequirements 

func (a *Action) GetEgressMetricsRequirements() []MetricsResult

func (*Action) GetEgressRequirements 

func (a *Action) GetEgressRequirements(p FlowParameters) (reqs []filters.FlowSetRequirement)

func (*Action) GetIngressMetricsRequirements 

func (a *Action) GetIngressMetricsRequirements() []MetricsResult

func (*Action) GetIngressRequirements 

func (a *Action) GetIngressRequirements(p FlowParameters) []filters.FlowSetRequirement

func (*Action) IPFamily 

func (a *Action) IPFamily() features.IPFamily

IPFamily returns the IPFamily used for this test action.

func (*Action) Info 

func (a *Action) Info(s ...interface{})

Info logs a debug message.

func (*Action) Infof 

func (a *Action) Infof(format string, s ...interface{})

Infof logs a formatted debug message.

func (*Action) Log 

func (a *Action) Log(s ...interface{})

Log logs a message.

func (*Action) Logf 

func (a *Action) Logf(format string, s ...interface{})

Logf logs a formatted message.

func (*Action) Peers 

func (a *Action) Peers() string

Peers returns the name and addr:port of the peers involved in the Action. If source or destination peers are missing, returns an empty string.

func (*Action) Run 

func (a *Action) Run(f func(*Action))

Run executes function f.

This method is to be called from a Scenario implementation.

func (*Action) Scenario 

func (a *Action) Scenario() Scenario

Scenario returns the scenario the Action belongs to.

func (*Action) Source 

func (a *Action) Source() TestPeer

func (*Action) String 

func (a *Action) String() string

func (*Action) ValidateFlows 

func (a *Action) ValidateFlows(ctx context.Context, peer TestPeer, reqs []filters.FlowSetRequirement)

ValidateFlows retrieves the flow pods of the specified pod and validates that all filters find a match. On failure, t.Fail() is called.

func (*Action) ValidateMetrics 

func (a *Action) ValidateMetrics(ctx context.Context, pod Pod, results []MetricsResult)

ValidateMetrics confronts the expected metrics against the last ones retrieves.

func (*Action) WriteDataToPod 

func (a *Action) WriteDataToPod(ctx context.Context, filePath string, data []byte)

WriteDataToPod writes data to a file in the source pod It does this by using a shell command, writing huge files should be avoided

type CiliumEgressGatewayPolicyParams 

type CiliumEgressGatewayPolicyParams struct {
	// Name controls the name of the policy
	Name string

	// PodSelectorKind is used to select the client pods. The parameter is used to select pods with a matching "kind" label
	PodSelectorKind string

	// ExcludedCIDRsConf controls how the ExcludedCIDRsConf property should be configured
	ExcludedCIDRsConf ExcludedCIDRsKind
}

CiliumEgressGatewayPolicyParams is used to configure how a CiliumEgressGatewayPolicy template should be configured before being applied.

type CiliumLocalRedirectPolicyParams 

type CiliumLocalRedirectPolicyParams struct {
	// Policy is the local redirect policy yaml.
	Policy string

	// Name is the name of the local redirect policy.
	Name string

	// FrontendIP is the IP address of the address matcher frontend set in the policy spec.
	FrontendIP string

	// SkipRedirectFromBackend is the flag set in the policy spec.
	SkipRedirectFromBackend bool
}

CiliumLocalRedirectPolicyParams is used to configure a CiliumLocalRedirectPolicy template.

type ConcurrentLogger 

type ConcurrentLogger struct {
	// contains filtered or unexported fields
}

func NewConcurrentLogger 

func NewConcurrentLogger(writer io.Writer, concurrency int) *ConcurrentLogger

NewConcurrentLogger factory function that returns ConcurrentLogger.

func (*ConcurrentLogger) FinishTest 

func (c *ConcurrentLogger) FinishTest(test *Test)

FinishTest schedules the final message for the test to be printed. The message will be populated with the test log buffer if the test failed.

func (*ConcurrentLogger) Print 

func (c *ConcurrentLogger) Print(test *Test, msg string)

Print schedules message for the test to be printed.

func (*ConcurrentLogger) Printf 

func (c *ConcurrentLogger) Printf(test *Test, format string, args ...interface{})

Printf schedules message for the test to be printed.

func (*ConcurrentLogger) Start 

func (c *ConcurrentLogger) Start()

Start starts ConcurrentLogger internals in separate goroutines: - collector: collects incoming test messages. - printer: sends messages to the writer in corresponding order.

func (*ConcurrentLogger) Stop 

func (c *ConcurrentLogger) Stop()

Stop closes incoming message channel and waits while all messages are printed.

type ConditionalScenario 

type ConditionalScenario interface {
	Scenario
	Requirements() []features.Requirement
}

ConditionalScenario is a test scenario which requires certain feature requirements to be enabled. If the requirements are not met, the test scenario is skipped

type ConnectivityTest 

type ConnectivityTest struct {

	// CiliumVersion is the detected or assumed version of the Cilium agent
	CiliumVersion semver.Version

	// Features contains the features enabled on the running Cilium cluster
	Features features.Set

	CodeOwners codeowners.Ruleset

	// ClusterName is the identifier of the local cluster.
	ClusterName string

	PerfResults []common.PerfSummary
	// contains filtered or unexported fields
}

ConnectivityTest is the root context of the connectivity test suite and holds all resources belonging to it. It implements interface ConnectivityTest and is instantiated once at the start of the program,

func NewConnectivityTest 

func NewConnectivityTest(
	client *k8s.Client,
	p Parameters,
	sysdumpHooks sysdump.Hooks,
	logger *ConcurrentLogger,
	owners codeowners.Ruleset,
) (*ConnectivityTest, error)

NewConnectivityTest returns a new ConnectivityTest.

func (*ConnectivityTest) AddTest 

func (ct *ConnectivityTest) AddTest(t *Test) *Test

AddTest adds a new test scope within the ConnectivityTest and returns a new Test.

func (*ConnectivityTest) AllFlows 

func (ct *ConnectivityTest) AllFlows() bool

func (*ConnectivityTest) CiliumAgentMetrics 

func (ct *ConnectivityTest) CiliumAgentMetrics() MetricsSource

CiliumAgentMetrics returns the MetricsSource for the cilium-agent component.

func (*ConnectivityTest) CiliumNodes 

func (ct *ConnectivityTest) CiliumNodes() map[NodeIdentity]*ciliumv2.CiliumNode

func (*ConnectivityTest) CiliumPods 

func (ct *ConnectivityTest) CiliumPods() map[string]Pod

func (*ConnectivityTest) Cleanup 

func (ct *ConnectivityTest) Cleanup()

Cleanup cleans test related fields. So, ConnectivityTest instance can be re-used.

func (*ConnectivityTest) ClientPods 

func (ct *ConnectivityTest) ClientPods() map[string]Pod

func (*ConnectivityTest) Clients 

func (ct *ConnectivityTest) Clients() []*k8s.Client

func (*ConnectivityTest) ControlPlaneClientPods 

func (ct *ConnectivityTest) ControlPlaneClientPods() map[string]Pod

func (*ConnectivityTest) ControlPlaneNodes 

func (ct *ConnectivityTest) ControlPlaneNodes() map[string]*corev1.Node

func (*ConnectivityTest) CurlCommand 

func (ct *ConnectivityTest) CurlCommand(peer TestPeer, ipFam features.IPFamily, expectingSuccess bool, opts []string) []string

func (*ConnectivityTest) CurlCommandWithOutput 

func (ct *ConnectivityTest) CurlCommandWithOutput(peer TestPeer, ipFam features.IPFamily, expectingSuccess bool, opts []string) []string

func (*ConnectivityTest) Debug 

func (ct *ConnectivityTest) Debug(a ...interface{})

Debug logs a debug message.

func (*ConnectivityTest) Debugf 

func (ct *ConnectivityTest) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*ConnectivityTest) DeleteConnDisruptTestDeployment 

func (ct *ConnectivityTest) DeleteConnDisruptTestDeployment(ctx context.Context, client *k8s.Client) error

func (*ConnectivityTest) DetectMinimumCiliumVersion 

func (ct *ConnectivityTest) DetectMinimumCiliumVersion(ctx context.Context) (*semver.Version, error)

DetectMinimumCiliumVersion returns the smallest Cilium version running in the cluster(s)

func (*ConnectivityTest) DigCommand 

func (ct *ConnectivityTest) DigCommand(peer TestPeer, ipFam features.IPFamily) []string

func (*ConnectivityTest) EchoExternalServices 

func (ct *ConnectivityTest) EchoExternalServices() map[string]Service

func (*ConnectivityTest) EchoPods 

func (ct *ConnectivityTest) EchoPods() map[string]Pod

func (*ConnectivityTest) EchoServicePrefixes 

func (ct *ConnectivityTest) EchoServicePrefixes(ipFamily features.IPFamily) []netip.Prefix

func (*ConnectivityTest) EchoServices 

func (ct *ConnectivityTest) EchoServices() map[string]Service

EchoServices returns all the non headless services

func (*ConnectivityTest) EchoServicesAll 

func (ct *ConnectivityTest) EchoServicesAll() map[string]Service

func (*ConnectivityTest) ExternalEchoPods 

func (ct *ConnectivityTest) ExternalEchoPods() map[string]Pod

func (*ConnectivityTest) FRRPods 

func (ct *ConnectivityTest) FRRPods() []Pod

func (*ConnectivityTest) Fail 

func (ct *ConnectivityTest) Fail(a ...interface{})

Fail logs a failure message.

func (*ConnectivityTest) Failf 

func (ct *ConnectivityTest) Failf(format string, a ...interface{})

Failf logs a formatted failure message.

func (*ConnectivityTest) Fatal 

func (ct *ConnectivityTest) Fatal(a ...interface{})

Fatal logs an error.

func (*ConnectivityTest) Fatalf 

func (ct *ConnectivityTest) Fatalf(format string, a ...interface{})

Fatalf logs a formatted error.

func (*ConnectivityTest) Feature 

func (ct *ConnectivityTest) Feature(f features.Feature) (features.Status, bool)

func (*ConnectivityTest) FlowAggregation 

func (ct *ConnectivityTest) FlowAggregation() bool

func (*ConnectivityTest) ForEachIPFamily 

func (ct *ConnectivityTest) ForEachIPFamily(hasNetworkPolicies bool, do func(features.IPFamily))

func (*ConnectivityTest) ForceDisableFeature 

func (ct *ConnectivityTest) ForceDisableFeature(feature features.Feature)

func (*ConnectivityTest) GetTest 

func (ct *ConnectivityTest) GetTest(name string) (*Test, error)

GetTest returns the test scope for test named "name" if found, a non-nil error otherwise.

func (*ConnectivityTest) Header 

func (ct *ConnectivityTest) Header(a ...interface{})

Header prints a newline followed by a formatted message.

func (*ConnectivityTest) Headerf 

func (ct *ConnectivityTest) Headerf(format string, a ...interface{})

Headerf prints a newline followed by a formatted message.

func (*ConnectivityTest) HostNetNSPodsByNode 

func (ct *ConnectivityTest) HostNetNSPodsByNode() map[string]Pod

func (*ConnectivityTest) HubbleClient 

func (ct *ConnectivityTest) HubbleClient() observer.ObserverClient

func (*ConnectivityTest) Info 

func (ct *ConnectivityTest) Info(a ...interface{})

Info logs an informational message.

func (*ConnectivityTest) Infof 

func (ct *ConnectivityTest) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*ConnectivityTest) IngressService 

func (ct *ConnectivityTest) IngressService() map[string]Service

func (*ConnectivityTest) InternalNodeIPAddresses 

func (ct *ConnectivityTest) InternalNodeIPAddresses(ipFamily features.IPFamily) []netip.Addr

func (*ConnectivityTest) K8sClient 

func (ct *ConnectivityTest) K8sClient() *k8s.Client

func (*ConnectivityTest) K8sService 

func (ct *ConnectivityTest) K8sService() Service

func (*ConnectivityTest) KillMulticastTestSender 

func (ct *ConnectivityTest) KillMulticastTestSender() []string

func (*ConnectivityTest) Log 

func (ct *ConnectivityTest) Log(a ...interface{})

Log logs a message.

func (*ConnectivityTest) LogOwners 

func (ct *ConnectivityTest) LogOwners(scenarios ...ownedScenario)

func (*ConnectivityTest) Logf 

func (ct *ConnectivityTest) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*ConnectivityTest) LrpBackendPods 

func (ct *ConnectivityTest) LrpBackendPods() map[string]Pod

func (*ConnectivityTest) LrpClientPods 

func (ct *ConnectivityTest) LrpClientPods() map[string]Pod

func (*ConnectivityTest) MustGetTest 

func (ct *ConnectivityTest) MustGetTest(name string) *Test

MustGetTest returns the test scope for test named "name" if found, or panics otherwise.

func (*ConnectivityTest) NSLookupCommandService 

func (ct *ConnectivityTest) NSLookupCommandService(peer TestPeer, ipFam features.IPFamily) []string

func (*ConnectivityTest) Nodes 

func (ct *ConnectivityTest) Nodes() map[string]*corev1.Node

func (*ConnectivityTest) NodesWithoutCilium 

func (ct *ConnectivityTest) NodesWithoutCilium() []string

func (*ConnectivityTest) Params 

func (ct *ConnectivityTest) Params() Parameters

func (*ConnectivityTest) PerfClientPods 

func (ct *ConnectivityTest) PerfClientPods() []Pod

func (*ConnectivityTest) PerfServerPod 

func (ct *ConnectivityTest) PerfServerPod() []Pod

func (*ConnectivityTest) PingCommand 

func (ct *ConnectivityTest) PingCommand(peer TestPeer, ipFam features.IPFamily, extraArgs ...string) []string

func (*ConnectivityTest) PodCIDRPrefixes 

func (ct *ConnectivityTest) PodCIDRPrefixes(ipFamily features.IPFamily) []netip.Prefix

func (*ConnectivityTest) PostTestSleepDuration 

func (ct *ConnectivityTest) PostTestSleepDuration() time.Duration

func (*ConnectivityTest) PrintFlows 

func (ct *ConnectivityTest) PrintFlows() bool

func (*ConnectivityTest) PrintReport 

func (ct *ConnectivityTest) PrintReport(ctx context.Context) error

PrintReport print connectivity test instance run report.

func (*ConnectivityTest) PrintTestInfo 

func (ct *ConnectivityTest) PrintTestInfo()

PrintTestInfo prints connectivity test names and count.

func (*ConnectivityTest) RandomClientPod 

func (ct *ConnectivityTest) RandomClientPod() *Pod

func (*ConnectivityTest) Run 

func (ct *ConnectivityTest) Run(ctx context.Context) error

Run kicks off execution of all Tests registered to the ConnectivityTest. Each Test's Run() method is called within its own goroutine.

func (*ConnectivityTest) SecondaryNetworkNodeIPv4 

func (ct *ConnectivityTest) SecondaryNetworkNodeIPv4() map[string]string

func (*ConnectivityTest) SecondaryNetworkNodeIPv6 

func (ct *ConnectivityTest) SecondaryNetworkNodeIPv6() map[string]string

func (*ConnectivityTest) SetupAndValidate 

func (ct *ConnectivityTest) SetupAndValidate(ctx context.Context, extra SetupHooks) error

SetupAndValidate sets up and validates the connectivity test infrastructure such as the client pods and validates the deployment of them along with Cilium. This must be run before Run() is called.

func (*ConnectivityTest) ShouldRunConnDisruptNSTraffic 

func (ct *ConnectivityTest) ShouldRunConnDisruptNSTraffic() bool

func (*ConnectivityTest) SocatClientCommand 

func (ct *ConnectivityTest) SocatClientCommand(port int, group string) []string

Multicast packet receiver

func (*ConnectivityTest) SocatClientPods 

func (ct *ConnectivityTest) SocatClientPods() []Pod

func (*ConnectivityTest) SocatServer1secCommand 

func (ct *ConnectivityTest) SocatServer1secCommand(peer TestPeer, port int, group string) []string

Multicast packet sender This command exits with exit code 0 WITHOUT waiting for a second after receiving a packet.

func (*ConnectivityTest) SocatServerPods 

func (ct *ConnectivityTest) SocatServerPods() []Pod

func (*ConnectivityTest) Timestamp 

func (ct *ConnectivityTest) Timestamp()

Timestamp logs the current timestamp.

func (*ConnectivityTest) Warn 

func (ct *ConnectivityTest) Warn(a ...interface{})

Warn logs a warning message.

func (*ConnectivityTest) Warnf 

func (ct *ConnectivityTest) Warnf(format string, a ...interface{})

Warnf logs a formatted warning message.

type EchoIPPod 

type EchoIPPod struct {
	Pod
}

EchoIPPod is a Kubernetes Pod that prints back the client IP, acting as a peer in a connectivity test.

func (EchoIPPod) Path 

func (p EchoIPPod) Path() string

type EchoIPService 

type EchoIPService struct {
	Service
}

func (EchoIPService) Path 

func (s EchoIPService) Path() string

type ExcludedCIDRsKind 

type ExcludedCIDRsKind int
const (
	// NoExcludedCIDRs does not configure any excluded CIDRs in the policy
	NoExcludedCIDRs ExcludedCIDRsKind = iota

	// ExternalNodeExcludedCIDRs adds the IPs of the external nodes (i.e the ones with the "cilium.io/no-schedule" label) to the list of excluded CIDRs
	ExternalNodeExcludedCIDRs
)

type ExitCode 

type ExitCode int16
const (
	ExitAnyError    ExitCode = -1
	ExitInvalidCode ExitCode = -2

	ExitCurlHTTPError ExitCode = 22
	ExitCurlTimeout   ExitCode = 28

	ExitCurlSSLError ExitCode = 35
)

func (ExitCode) Check 

func (e ExitCode) Check(code uint8) bool

func (ExitCode) String 

func (e ExitCode) String() string

type ExpectationsFunc 

type ExpectationsFunc func(a *Action) (egress, ingress Result)

type FRRBGPAddressFamilyInfo 

type FRRBGPAddressFamilyInfo struct {
	VrfID    int             `json:"vrfId"`
	VrfName  string          `json:"vrfName"`
	RouterID string          `json:"routerId"`
	LocalAS  int             `json:"localAS"`
	Routes   FRRBGPPrefixMap `json:"routes"`
}

FRRBGPAddressFamilyInfo holds FRR BGP address family information equivalent to "show bgp <family> detail json" CLI output entry.

type FRRBGPNeighborInfo 

type FRRBGPNeighborInfo struct {
	RemoteAS                       int    `json:"remoteAs"`
	LocalAS                        int    `json:"localAs"`
	Hostname                       string `json:"hostname"`
	RemoteRouterID                 string `json:"remoteRouterId"`
	LocalRouterID                  string `json:"localRouterId"`
	BGPState                       string `json:"bgpState"`
	BgpTimerUpMsec                 int    `json:"bgpTimerUpMsec"`
	BgpTimerUpEstablishedEpoch     int    `json:"bgpTimerUpEstablishedEpoch"`
	BgpTimerHoldTimeMsecs          int    `json:"bgpTimerHoldTimeMsecs"`
	BgpTimerKeepAliveIntervalMsecs int    `json:"bgpTimerKeepAliveIntervalMsecs"`
}

FRRBGPNeighborInfo holds FRR BGP neighbor information equivalent to "show bgp neighbor json" CLI output entry.

type FRRBGPNextHopInfo 

type FRRBGPNextHopInfo struct {
	IP         string `json:"ip"`
	Hostname   string `json:"hostname"`
	Afi        string `json:"afi"`
	Scope      string `json:"scope"`
	Metric     int    `json:"metric"`
	Accessible bool   `json:"accessible"`
	Used       bool   `json:"used"`
}

FRRBGPNextHopInfo holds next hop information of a BGP route, as it can be retried from the "show bgp <family> detail json" CLI output.

type FRRBGPPeeringParams 

type FRRBGPPeeringParams struct {
	LocalASN int
	Peers    []netip.Addr
}

FRRBGPPeeringParams holds information for rendering FRR BGP peering configuration.

type FRRBGPPrefixMap 

type FRRBGPPrefixMap map[string][]FRRBGPRouteInfo

FRRBGPPrefixMap is a map of BGP route information indexed by prefix.

func WaitForFRRBGPPrefixes 

func WaitForFRRBGPPrefixes(ctx context.Context, t *Test, frrPod *Pod, expPrefixes []netip.Prefix, ipFamily features.IPFamily) FRRBGPPrefixMap

WaitForFRRBGPPrefixes waits until the provided prefixes are learned via BGP on the provided FRR pod and returns detailed information about all learned prefixes.

type FRRBGPRouteInfo 

type FRRBGPRouteInfo struct {
	Origin   string `json:"origin"`
	Valid    bool   `json:"valid"`
	Version  int    `json:"version"`
	BestPath struct {
		Overall         bool   `json:"overall"`
		SelectionReason string `json:"selectionReason"`
	} `json:"bestpath"`
	ASPath struct {
		String   string `json:"string"`
		Segments []struct {
			Type string `json:"type"`
			List []int  `json:"list"`
		} `json:"segments"`
		Length int `json:"length"`
	} `json:"aspath"`
	Community struct {
		String string   `json:"string"`
		List   []string `json:"list"`
	} `json:"community"`
	NextHops []FRRBGPNextHopInfo `json:"nexthops"`
}

FRRBGPRouteInfo holds information about a BGP route, as it can be retried from the "show bgp <family> detail json" CLI output.

type FlowParameters 

type FlowParameters struct {
	// Protocol is the network protocol being tested
	Protocol L4Protocol

	// DNSRequired is true if DNS flows must be seen before the test protocol
	DNSRequired bool

	// RSTAllowed is true if TCP connection may end with either RST or FIN
	RSTAllowed bool

	// AltDstIP, if non-empty, indicates an alternative destination address
	// for the DstAddr to be matched. This is useful if the destination address
	// is NATed before Hubble can observe the packet, which for example is the
	// case with HostReachableServices
	AltDstIP string

	// AltDstPort, if non-zero, indicates an alternative port number for the
	// DstPort to be matched. This is useful if the destination port is NATed,
	// which is for example the case for service ports, NodePort or HostPort
	AltDstPort uint32
}

FlowParameters defines parameters for test result flow matching

type FlowRequirementResults 

type FlowRequirementResults struct {
	FirstMatch         int
	LastMatch          int
	Matched            MatchMap
	Failures           int
	NeedMoreFlows      bool
	LastMatchTimestamp time.Time
}

func (*FlowRequirementResults) Merge 

func (r *FlowRequirementResults) Merge(from *FlowRequirementResults)

type HTTP 

type HTTP struct {
	Status string
	Method string
	URL    string
}

type JUnitCollector 

type JUnitCollector struct {
	// contains filtered or unexported fields
}

func NewJUnitCollector 

func NewJUnitCollector(junitProperties map[string]string, junitFile string) *JUnitCollector

NewJUnitCollector factory function that returns JUnitCollector.

func (*JUnitCollector) Collect 

func (j *JUnitCollector) Collect(ct *ConnectivityTest)

Collect collects ConnectivityTest instance test results. The method is not thread safe.

func (*JUnitCollector) Write 

func (j *JUnitCollector) Write() error

Write writes collected JUnit results into a single report file.

type L4Protocol 

type L4Protocol int

L4Protocol identifies the network protocol being tested 

const (
	TCP L4Protocol = iota
	UDP
	ICMP
)

type LRPFrontend 

type LRPFrontend struct {
	// contains filtered or unexported fields
}

func NewLRPFrontend 

func NewLRPFrontend(frontend ciliumv2.RedirectFrontend) *LRPFrontend

func (LRPFrontend) Address 

func (l LRPFrontend) Address(features.IPFamily) string

func (LRPFrontend) FlowFilters 

func (l LRPFrontend) FlowFilters() []*flow.FlowFilter

func (LRPFrontend) HasLabel 

func (l LRPFrontend) HasLabel(string, string) bool

func (LRPFrontend) Labels 

func (l LRPFrontend) Labels() map[string]string

func (LRPFrontend) Name 

func (l LRPFrontend) Name() string

func (LRPFrontend) Path 

func (l LRPFrontend) Path() string

func (LRPFrontend) Port 

func (l LRPFrontend) Port() uint32

func (LRPFrontend) Protocol 

func (l LRPFrontend) Protocol() string

func (LRPFrontend) Scheme 

func (l LRPFrontend) Scheme() string

type Logger 

type Logger interface {
	// Log logs a message.
	Log(a ...interface{})
	// Logf logs a formatted message.
	Logf(format string, a ...interface{})

	// Debug logs a debug message.
	Debug(a ...interface{})
	// Debugf logs a formatted debug message.
	Debugf(format string, a ...interface{})

	// Info logs an informational message.
	Info(a ...interface{})
	// Infof logs a formatted informational message.
	Infof(format string, a ...interface{})
}

Logger abstracts the logging functionalities implemented by the test suite, individual tests and actions.

type MatchMap 

type MatchMap map[int]bool

type MetricsResult 

type MetricsResult struct {
	Source MetricsSource
	Assert assertMetricsFunc
}

MetricsResult holds the source of metrics we want to assert and its assertion method.

func (MetricsResult) IsEmpty 

func (m MetricsResult) IsEmpty() bool

IsEmpty returns true if MetricsResult does not have any source. Assuming it corresponds to its zero value.

type MetricsSource 

type MetricsSource struct {
	Name string // the name of the source, e.g.: cilium-agent
	Pods []Pod  // the list of pods for the given source
	Port string // the container port value for prometheus
}

MetricsSource defines the info for a source to be used in metrics collection.

func (MetricsSource) IsEmpty 

func (m MetricsSource) IsEmpty() bool

IsEmpty returns if the metrics source name is empty, assuming it MetricsSource is set to its zero value.

type NodeIdentity 

type NodeIdentity struct{ Cluster, Name string }

NodeIdentity uniquely identifies a Node by Cluster and Name.

type NodeportService 

type NodeportService struct {
	Service
	Node *corev1.Node
}

NodeportService wraps a Service and exposes it through its nodeport, acting as a peer in a connectivity test. It implements interface TestPeer.

func (NodeportService) Address 

func (s NodeportService) Address(family features.IPFamily) string

Address returns the node IP of the wrapped Service.

func (NodeportService) Port 

func (s NodeportService) Port() uint32

Port returns the first nodeport of the wrapped Service.

type Parameters 

type Parameters struct {
	AssumeCiliumVersion    string
	CiliumNamespace        string
	TestNamespace          string
	TestNamespaceIndex     int
	TestConcurrency        int
	SingleNode             bool
	PrintFlows             bool
	ForceDeploy            bool
	Hubble                 bool
	HubbleServer           string
	K8sLocalHostTest       bool
	MultiCluster           string
	RunTests               []*regexp.Regexp
	SkipTests              []*regexp.Regexp
	PostTestSleepDuration  time.Duration
	FlowValidation         string
	AllFlows               bool
	Writer                 io.ReadWriter
	Verbose                bool
	Debug                  bool
	Timestamp              bool
	PauseOnFail            bool
	SkipIPCacheCheck       bool
	Perf                   bool
	PerfParameters         PerfParameters
	CurlImage              string
	JSONMockImage          string
	TestConnDisruptImage   string
	FRRImage               string
	SocatImage             string
	AgentDaemonSetName     string
	DNSTestServerImage     string
	PrintImageArtifacts    bool
	IncludeUnsafeTests     bool
	AgentPodSelector       string
	CiliumPodSelector      string
	NodeSelector           map[string]string
	DeploymentAnnotations  annotationsMap
	NamespaceAnnotations   annotations
	ExternalTarget         string
	ExternalOtherTarget    string
	ExternalCIDR           string
	ExternalIP             string
	ExternalDeploymentPort int
	ExternalOtherIP        string
	ServiceType            string
	EchoServerHostPort     int
	PodCIDRs               []podCIDRs
	NodeCIDRs              []string
	ControlPlaneCIDRs      []string
	K8sCIDR                string
	NodesWithoutCiliumIPs  []nodesWithoutCiliumIP
	JunitFile              string
	JunitProperties        map[string]string
	ImpersonateAs          string
	ImpersonateGroups      []string
	IPFamilies             []string

	IncludeConnDisruptTest          bool
	IncludeConnDisruptTestNSTraffic bool
	ConnDisruptTestSetup            bool
	ConnDisruptTestRestartsPath     string
	ConnDisruptTestXfrmErrorsPath   string
	ConnDisruptDispatchInterval     time.Duration

	ExpectedDropReasons []string
	ExpectedXFRMErrors  []string

	LogCodeOwners     bool
	ExcludeCodeOwners []string
	LogCheckLevels    []string

	FlushCT               bool
	SecondaryNetworkIface string

	K8sVersion           string
	HelmChartDirectory   string
	HelmValuesSecretName string

	Retry      uint
	RetryDelay time.Duration

	ConnectTimeout time.Duration
	RequestTimeout time.Duration
	CurlInsecure   bool
	CurlParallel   uint

	CollectSysdumpOnFailure bool
	SysdumpOptions          sysdump.Options

	ExternalTargetCANamespace string
	ExternalTargetCAName      string

	Timeout time.Duration
}

type PerfParameters 

type PerfParameters struct {
	ReportDir   string
	Duration    time.Duration
	SetupDelay  time.Duration
	HostNet     bool
	PodNet      bool
	PodToHost   bool
	HostToPod   bool
	SameNode    bool
	OtherNode   bool
	Samples     int
	MessageSize int
	Throughput  bool
	CRR         bool
	RR          bool
	UDP         bool
	Image       string
	NetQos      bool

	NodeSelectorServer map[string]string
	NodeSelectorClient map[string]string
	Tolerations        []string
}

func (*PerfParameters) GetTolerations 

func (p *PerfParameters) GetTolerations() []corev1.Toleration

type Pod 

type Pod struct {
	// Kubernetes client of the cluster this pod is running in.
	K8sClient *k8s.Client

	// Pod is the Kubernetes Pod resource.
	Pod *corev1.Pod

	// The pod is running on a node which doesn't run Cilium
	Outside bool
	// contains filtered or unexported fields
}

Pod is a Kubernetes Pod acting as a peer in a connectivity test.

func (Pod) Address 

func (p Pod) Address(family features.IPFamily) string

Address returns the network address of the Pod.

func (Pod) FlowFilters 

func (p Pod) FlowFilters() []*flow.FlowFilter

func (Pod) HasLabel 

func (p Pod) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Pod) Labels 

func (p Pod) Labels() map[string]string

func (Pod) Name 

func (p Pod) Name() string

Name returns the absolute name of the Pod.

func (Pod) NameWithoutNamespace 

func (p Pod) NameWithoutNamespace() string

NameWithoutNamespace returns only the name of the Pod.

func (Pod) Namespace 

func (p Pod) Namespace() string

Namespace returns the namespace the pod belongs to.

func (Pod) NodeName 

func (p Pod) NodeName() string

NodeName returns the node name a pod belongs to.

func (Pod) Path 

func (p Pod) Path() string

func (Pod) Port 

func (p Pod) Port() uint32

Port returns the port the Pod is listening on.

func (Pod) Scheme 

func (p Pod) Scheme() string

func (Pod) String 

func (p Pod) String() string

func (Pod) ToEchoIPPod 

func (p Pod) ToEchoIPPod() EchoIPPod

type Result 

type Result struct {
	// Request is dropped
	Drop bool

	// Request is dropped at Egress
	EgressDrop bool

	// Request is dropped at Ingress
	IngressDrop bool

	// DropReasonFunc
	DropReasonFunc func(flow *flowpb.Flow) bool

	// Metrics holds the function to compare/check metrics.
	Metrics []MetricsResult

	// No flows are to be expected. Used for ingress when egress drops
	None bool

	// DNSProxy is true when DNS Proxy is to be expected, only valid for egress
	DNSProxy bool

	// L7Proxy is true when L7 proxy (e.g., Envoy) is to be expected
	L7Proxy bool

	// HTTPStatus is non-zero when a HTTP status code in response is to be expected
	HTTP HTTP

	// ExitCode is the expected shell exit code
	ExitCode ExitCode
}

func (Result) ExpectMetricsIncrease 

func (r Result) ExpectMetricsIncrease(source MetricsSource, metrics ...string) Result

ExpectMetricsIncrease compares metrics retrieved before any action were run and after; may return an error if metrics did not increase.

func (Result) String 

func (r Result) String() string

type Scenario 

type Scenario interface {
	// Name returns the name of the Scenario.
	Name() string

	// Filepath returns the source code filename for the Scenario.
	FilePath() string

	// Run is invoked by the testing framework to execute the Scenario.
	Run(ctx context.Context, t *Test)
}

Scenario is implemented by all test scenarios like pod-to-pod, pod-to-world, etc.

type ScenarioBase 

type ScenarioBase struct {
	// contains filtered or unexported fields
}

func NewScenarioBase 

func NewScenarioBase() ScenarioBase

func (ScenarioBase) FilePath 

func (s ScenarioBase) FilePath() string

type Service 

type Service struct {
	// Service  is the Kubernetes service resource
	Service *corev1.Service

	URLPath string
}

Service is a service acting as a peer in a connectivity test. It implements interface TestPeer.

func WaitForServiceRetrieval 

func WaitForServiceRetrieval(ctx context.Context, log Logger, client *k8s.Client, namespace string, name string) (Service, error)

Service waits until the specified service is created and can be retrieved.

func (Service) Address 

func (s Service) Address(family features.IPFamily) string

Address returns the network address of the Service.

func (Service) FlowFilters 

func (s Service) FlowFilters() []*flow.FlowFilter

func (Service) HasLabel 

func (s Service) HasLabel(name, value string) bool

HasLabel checks if given label exists and value matches.

func (Service) Labels 

func (s Service) Labels() map[string]string

Labels returns the copy of service labels

func (Service) Name 

func (s Service) Name() string

Name returns the absolute name of the service.

func (Service) NameWithoutNamespace 

func (s Service) NameWithoutNamespace() string

NameWithoutNamespace returns the name of the service without the namespace.

func (Service) Path 

func (s Service) Path() string

Path returns the string '/'.

func (Service) Port 

func (s Service) Port() uint32

Port returns the first port of the Service.

func (Service) Scheme 

func (s Service) Scheme() string

Scheme returns the string 'https' if the port is 443 or 6443, otherwise it returns 'http'.

func (Service) ToEchoIPService 

func (s Service) ToEchoIPService() EchoIPService

func (Service) ToNodeportService 

func (s Service) ToNodeportService(node *corev1.Node) NodeportService

type SetupFunc 

type SetupFunc func(ctx context.Context, t *Test, testCtx *ConnectivityTest) error

SetupFunc is a callback meant to be called before running the test. It performs additional setup needed to run tests.

type SetupHooks 

type SetupHooks interface {
	// DetectFeatures is an hook to perform the detection of extra features.
	DetectFeatures(ctx context.Context, ct *ConnectivityTest) error
	// SetupAndValidate is an hook to setup additional connectivity test dependencies.
	SetupAndValidate(ctx context.Context, ct *ConnectivityTest) error
}

SetupHooks defines the extension hooks executed during the setup of the connectivity tests.

type SysdumpPolicy 

type SysdumpPolicy int

SysdumpPolicy represents a policy for sysdump collection in case of test failure. 

const (
	// SysdumpPolicyEach enables capturing one sysdump for each failing action.
	// This is the default and applies also when no explicit policy is specified.
	SysdumpPolicyEach SysdumpPolicy = iota
	// SysdumpPolicyOnce enables capturing only one sysdump for the given test,
	// independently of the number of failures.
	SysdumpPolicyOnce
	// SysdumpPolicyNever disables sysdump collection for the given test.
	SysdumpPolicyNever
)

type Test 

type Test struct {
	// contains filtered or unexported fields
}

func NewTest 

func NewTest(name string, verbose bool, debug bool) *Test

NewTest factory function.

func (*Test) CertificateCAs 

func (t *Test) CertificateCAs() map[string][]byte

CertificateCAs returns the CAs used to sign the certificates within the test.

func (*Test) CertificateKeys 

func (t *Test) CertificateKeys() map[string][]byte

CertificateKeys returns the CA keys used to sign the certificates within the test.

func (*Test) CiliumLocalRedirectPolicies 

func (t *Test) CiliumLocalRedirectPolicies() map[string]*ciliumv2.CiliumLocalRedirectPolicy

func (*Test) ContainerLogs 

func (t *Test) ContainerLogs(ctx context.Context)

ContainerLogs dumps the logs of all Cilium agents since the start of the Test. filter is applied on each line of output.

func (*Test) Context 

func (t *Test) Context() *ConnectivityTest

Context returns the enclosing context of the Test.

func (*Test) Debug 

func (t *Test) Debug(a ...interface{})

Debug logs a debug message.

func (*Test) Debugf 

func (t *Test) Debugf(format string, a ...interface{})

Debugf logs a formatted debug message.

func (*Test) EgressGatewayNode 

func (t *Test) EgressGatewayNode() string

EgressGatewayNode returns the name of the node that is supposed to act as egress gateway in the egress gateway tests.

Currently the designated node is the one running the other=client client pod.

func (*Test) Fail 

func (t *Test) Fail(a ...interface{})

Fail marks the Test as failed and logs a failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Failed 

func (t *Test) Failed() bool

func (*Test) Failf 

func (t *Test) Failf(format string, a ...interface{})

Failf marks the Test as failed and logs a formatted failure message.

Flushes the Test's internal log buffer. Any further logs against the Test will go directly to the user-specified writer.

func (*Test) Fatal 

func (t *Test) Fatal(a ...interface{})

Fatal marks the test as failed, logs an error and exits the calling goroutine.

func (*Test) Fatalf 

func (t *Test) Fatalf(format string, a ...interface{})

Fatalf marks the test as failed, logs a formatted error and exits the calling goroutine.

func (*Test) ForEachIPFamily 

func (t *Test) ForEachIPFamily(do func(features.IPFamily))

func (*Test) HasNetworkPolicies 

func (t *Test) HasNetworkPolicies() bool

func (*Test) Info 

func (t *Test) Info(a ...interface{})

Info logs an informational message.

func (*Test) Infof 

func (t *Test) Infof(format string, a ...interface{})

Infof logs a formatted informational message.

func (*Test) Log 

func (t *Test) Log(a ...interface{})

Log logs a message.

func (*Test) Logf 

func (t *Test) Logf(format string, a ...interface{})

Logf logs a formatted message.

func (*Test) Name 

func (t *Test) Name() string

Name returns the name of the test.

func (*Test) NewAction 

func (t *Test) NewAction(s Scenario, name string, src *Pod, dst TestPeer, ipFam features.IPFamily) *Action

NewAction creates a new Action. s must be the Scenario the Action is created for, name should be a visually-distinguishable name, src is the execution Pod of the action, and dst is the network target the Action will connect to.

func (*Test) NewGenericAction 

func (t *Test) NewGenericAction(s Scenario, name string) *Action

NewGenericAction creates a new Action not associated with any execution pod nor network target, but intended for generic assertions (e.g., checking the absence of log errors over multiple pods). s must be the Scenario the Action is created for, name should be a visually-distinguishable name.

func (*Test) NodesWithoutCilium 

func (t *Test) NodesWithoutCilium() []string

func (*Test) Run 

func (t *Test) Run(ctx context.Context, index int) error

Run executes all Scenarios registered to the Test.

func (*Test) String 

func (t *Test) String() string

func (*Test) WithCABundleSecret 

func (t *Test) WithCABundleSecret() *Test

WithCABundleSecret makes the secret `cabundle` with a CA bundle and adds it to the cluster

func (*Test) WithCertificate 

func (t *Test) WithCertificate(name, hostname string) *Test

WithCertificate makes a secret with a certificate and adds it to the cluster

func (*Test) WithCiliumClusterwidePolicy 

func (t *Test) WithCiliumClusterwidePolicy(policy string) *Test

WithCiliumClusterwidePolicy takes a string containing a YAML policy document and adds the clusterwide polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the CCNP enabled feature requirement is applied directly here.

func (*Test) WithCiliumEgressGatewayPolicy 

func (t *Test) WithCiliumEgressGatewayPolicy(params CiliumEgressGatewayPolicyParams) *Test

WithCiliumEgressGatewayPolicy takes a string containing a YAML policy document and adds the cilium egress gateway polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the egress gateway enabled feature requirement is applied directly here.

func (*Test) WithCiliumLocalRedirectPolicy 

func (t *Test) WithCiliumLocalRedirectPolicy(params CiliumLocalRedirectPolicyParams) *Test

func (*Test) WithCiliumPolicy 

func (t *Test) WithCiliumPolicy(policy string) *Test

WithCiliumPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the CNP enabled feature // requirement is applied directly here.

func (*Test) WithCiliumVersion 

func (t *Test) WithCiliumVersion(vr string) *Test

WithCiliumVersion limits test execution to Cilium versions that fall within the given range. The input string is passed to semver.ParseRange, see package semver. Simple examples: ">1.0.0 <2.0.0" or ">=1.14.0".

func (*Test) WithCondition 

func (t *Test) WithCondition(fn func() bool) *Test

WithCondition takes a function containing condition check logic that returns true if the test needs to be run, and false otherwise. If WithCondition gets called multiple times, all the conditions need to be satisfied for the test to run.

func (*Test) WithExpectations 

func (t *Test) WithExpectations(f ExpectationsFunc) *Test

WithExpectations sets the getExpectations test result function to use during tests

func (*Test) WithFeatureRequirements 

func (t *Test) WithFeatureRequirements(reqs ...features.Requirement) *Test

WithFeatureRequirements adds FeatureRequirements to Test, all of which must be satisfied in order for the test to be run. It adds only features that are not already present in the requirements.

func (*Test) WithFinalizer 

func (t *Test) WithFinalizer(f func(context.Context) error) *Test

WithFinalizer registers a finalizer to be executed when Run() returns.

func (*Test) WithIPRoutesFromOutsideToPodCIDRs 

func (t *Test) WithIPRoutesFromOutsideToPodCIDRs() *Test

WithIPRoutesFromOutsideToPodCIDRs instructs the test runner that podCIDR => nodeIP routes needs to be installed on a node which doesn't run Cilium before running the test (and removed after the test completion).

func (*Test) WithK8SPolicy 

func (t *Test) WithK8SPolicy(policy string) *Test

WithK8SPolicy takes a string containing a YAML policy document and adds the polic(y)(ies) to the scope of the Test, to be applied when the test starts running. When calling this method, note that the KNP enabled feature requirement is applied directly here.

func (*Test) WithResources 

func (t *Test) WithResources(spec string) *Test

WithResources registers the list of one or more YAML-defined Kubernetes resources (e.g. NetworkPolicy, etc.)

For certain well-known types, known references to the namespace are mutated

If the resource has a namepace of "cilium-test", that is mutated to the (serialized) namespace of the individual scenario.

func (*Test) WithScenarios 

func (t *Test) WithScenarios(sl ...Scenario) *Test

WithScenarios adds Scenarios to Test in the given order.

func (*Test) WithSecret 

func (t *Test) WithSecret(secret *corev1.Secret) *Test

WithSecret takes a Secret and adds it to the cluster during the test

func (*Test) WithSetupFunc 

func (t *Test) WithSetupFunc(f SetupFunc) *Test

WithSetupFunc registers a SetupFunc callback to be executed just before the test runs.

func (*Test) WithSysdumpPolicy 

func (t *Test) WithSysdumpPolicy(policy SysdumpPolicy) *Test

WithSysdumpPolicy enables tuning the policy for capturing the sysdump in case of test failure, which takes effect only when sysdumps have been requested by the user. It is intended to be used to limit the number of sysdumps generated in case of multiple subsequent failures, if they would not contain additional information (e.g., when asserting the absence of log errors over multiple pods).

type TestPeer 

type TestPeer interface {
	// Name must return the absolute name of the peer.
	Name() string

	// Scheme must return the scheme to be used in a connection string
	// to connect to this peer, e.g. 'http' or 'https'. Can be an empty string.
	Scheme() string

	// Path must return the path in the URL used, if any. Can be an empty
	// string. Must include the leading '/' when not empty.
	Path() string

	// Address must return the network address of the peer. This can be a
	// DNS name or an IP address.
	Address(features.IPFamily) string

	// Port must return the destination port number used by the test traffic to the peer.
	Port() uint32

	// HasLabel checks if given label with the given name and value exists.
	HasLabel(name, value string) bool

	// Labels returns copy of peer labels
	Labels() map[string]string

	FlowFilters() []*flow.FlowFilter
}

TestPeer is the abstraction used for all peer types (pods, services, IPs, DNS names) used for connectivity testing

func HTTPEndpoint 

func HTTPEndpoint(name, rawurl string) TestPeer

HTTPEndpoint returns a new endpoint with the given name and raw URL. Panics if rawurl cannot be parsed.

func HTTPEndpointWithLabels 

func HTTPEndpointWithLabels(name, rawurl string, labels map[string]string) TestPeer

func ICMPEndpoint 

func ICMPEndpoint(name, host string) TestPeer

ICMPEndpoint returns a new ICMP endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.