Skip to content

test: Run with host firewall#12672

Closed
pchaigno wants to merge 3 commits intomasterfrom
pr/pchaigno/test-host-firewall
Closed

test: Run with host firewall#12672
pchaigno wants to merge 3 commits intomasterfrom
pr/pchaigno/test-host-firewall

Conversation

@pchaigno
Copy link
Copy Markdown
Member

@pchaigno pchaigno commented Jul 25, 2020

No description provided.

pchaigno added 3 commits July 24, 2020 08:27
@pchaigno
test: Enable host firewall in CI only when label is set
482c6c7 
The host firewall is only enabled in CI if label ci/host-firewall is
set. The goal is to have default CI options closer to common user
environments and host firewall is not enabled by default in those.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
test: fromCIDR+toPorts host policy
3991c6d 
This commit extends the existing fromCIDR+toPorts policy test to test
the same kind of policy for the host firewall. To that end, it:
1. Enables the host firewall. The issue in comment is not relevant
   anymore since masquerading is disabled.
2. Introduce a helper to get the ID of the host endpoint. This helper
   will likely be needed for other host firewall tests as well.
3. Load a new DaemonSet to instanciate a host-networking pod on each k8s
   node. This pod serves as the target for host firewall connectivity
   tests.
4. Extend the existing test cases with CCNP tests.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
test: NodePort with host policy
2572a2a 
This commit adds new tests, identical to NodePort tests under vxlan
tunneling and direct routing, but with an ingress+egress host policy
applied. The host policy only allow communications between nodes and to
specific endpoints for readiness probes.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno added release-note/misc This PR makes changes that have no direct user impact. ci/host-firewall This label enables the host firewall by default in all CI tests. labels Jul 25, 2020
@coveralls
Copy link
Copy Markdown

coveralls commented Jul 25, 2020

Coverage Status

Coverage increased (+0.01%) to 37.197% when pulling 2572a2a on pr/pchaigno/test-host-firewall into 0a173dc on master.

@pchaigno
Copy link
Copy Markdown
Member Author

pchaigno commented Jul 26, 2020

test-me-please

@pchaigno pchaigno closed this Jul 27, 2020
@pchaigno pchaigno deleted the pr/pchaigno/test-host-firewall branch July 27, 2020 07:11
@pchaigno pchaigno mentioned this pull request Jul 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci/host-firewall This label enables the host firewall by default in all CI tests. release-note/misc This PR makes changes that have no direct user impact.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pchaigno @coveralls