Skip to content

gh: conn-disrupt: fix XFRM error checks#42724

Merged
julianwiedmann merged 1 commit intomainfrom
pr/jwi/main/gh-xfrm
Nov 13, 2025
Merged

gh: conn-disrupt: fix XFRM error checks#42724
julianwiedmann merged 1 commit intomainfrom
pr/jwi/main/gh-xfrm

Conversation

@julianwiedmann
Copy link
Copy Markdown
Member

@julianwiedmann julianwiedmann commented Nov 12, 2025
edited
Loading

XFRM error checking is supposed to occur before/after a conn-disrupt test. During the test-setup step we collect the initial XFRM errors, and the test-check step is meant to compare the new error count against the previously collected error count.

But this requires that we actually run the no-ipsec-xfrm-error test during conn-disrupt's test-check step.

Opt-out the ipsec-e2e workflow for now until the observed XfrmOutPolBlock errors are addressed.

@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 12, 2025

/ci-ipsec-e2e

@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 12, 2025

/ci-e2e-upgrade

@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 12, 2025
edited
Loading

Going back through old CI, this seems to affect ipsec-e2e, ipsec-upgrade and e2e-upgrade for all active branches. I'm confused how this regressed.

GetTestSuites() makes me 🤯 though.

@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 12, 2025

Oh nice, hit one error straight away:

Node 172.20.0.4 xfrm errors were changed (previous errors: , current errors: outbound_policy_blocked:14)

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Nov 13, 2025
@julianwiedmann julianwiedmann added kind/bug/CI This is a bug in the testing code. area/CI Continuous Integration testing issue or flake release-note/ci This PR makes changes to the CI. backport/author The backport will be carried out by the author of the PR. feature/ipsec Relates to Cilium's IPsec feature needs-backport/1.16 needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Nov 13, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Nov 13, 2025
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 13, 2025

/test

@julianwiedmann
gh: conn-disrupt: fix XFRM error checks
96b05d6 
XFRM error checking is supposed to occur before/after a conn-disrupt
test. During the test-setup step we collect the initial XFRM errors, and
the test-check step is meant to compare the new error count against the
previously collected error count.

But this requires that we actually run the `no-ipsec-xfrm-error` test
during conn-disrupt's test-check step.

Opt-out the ipsec-e2e workflow for now until the observed
`XfrmOutPolBlock` errors are addressed.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Nov 13, 2025

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review November 13, 2025 12:12
@julianwiedmann julianwiedmann requested review from a team as code owners November 13, 2025 12:12
@julianwiedmann julianwiedmann added this pull request to the merge queue Nov 13, 2025
Merged via the queue into main with commit 0517e36 Nov 13, 2025
373 of 377 checks passed
@julianwiedmann julianwiedmann deleted the pr/jwi/main/gh-xfrm branch November 13, 2025 16:47
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Nov 13, 2025
This was referenced Nov 13, 2025
Merged
Merged
@julianwiedmann julianwiedmann added backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Nov 13, 2025
pchaigno
pchaigno reviewed Nov 13, 2025
View reviewed changes
@github-actions github-actions bot added backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. and removed backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. labels Nov 14, 2025
@julianwiedmann julianwiedmann mentioned this pull request Nov 14, 2025
Merged
1 task
@github-actions github-actions bot added backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.16 backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Nov 14, 2025
@julianwiedmann julianwiedmann mentioned this pull request Nov 17, 2025
Merged
@cilium-release-bot cilium-release-bot bot moved this to Released in cilium v1.19.0 Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pchaigno pchaigno pchaigno approved these changes

Assignees

No one assigned

Labels

area/CI Continuous Integration testing issue or flake backport/author The backport will be carried out by the author of the PR. backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. feature/ipsec Relates to Cilium's IPsec feature kind/bug/CI This is a bug in the testing code. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI.

Projects

No open projects
cilium v1.19.0
Status: Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@julianwiedmann @pchaigno @msune