ginkgo: remove ClusterIP can be accessed when external access is enabled#44193
ginkgo: remove ClusterIP can be accessed when external access is enabled#44193julianwiedmann merged 3 commits intomainfrom
ClusterIP can be accessed when external access is enabled#44193Conversation
cd02664 to
05279f1
Compare
|
/test |
|
Should this come with a matching BPF test, which plugs in such a SVC entry and validates the datapath? |
05279f1 to
295f29b
Compare
I checked and I believe we already cover this, basically in every BPF unit test where we create the service with SVC_FLAG_ROUTABLE (e.g., |
48a699f to
5a5654a
Compare
eeeca1f to
b474c2b
Compare
ack, makes sense! That means those tests are currently all testing the ClusterIP case (that's a bit unexpected ...), since nothing is setting But that's a future improvement for the test suite, nothing to worry about right now. Did you also find a test for the negative path (drops in the N/S path when the ROUTABLE flag is not set) ? |
I think the SVC_FLAG_NODEPORT is relevant only for
I'm adding in the 1st PR of this patch series #44192, both IPv4/6. |
oh yeah absolutely. I just would have expected most of our existing NS BPF tests to actually insert proper Nodeport services. Even if that shouldn't make much difference in the current code behavior. This sort of subtle drift between controlplane and datapath test behavior is hard to avoid of course. |
5a5654a to
2cea2c0
Compare
b474c2b to
4ea0b13
Compare
be419c9 to
7df91c6
Compare
8074fb5 to
545cee4
Compare
2302321 to
bed38a9
Compare
545cee4 to
0eefe2c
Compare
0d56d14 to
262bf7f
Compare
0eefe2c to
7b9a43d
Compare
7b9a43d to
22611ac
Compare
6fa9df7 to
ece09b6
Compare
This commit adds a testdata file for the ClusterIP when external access is enabled. This basically takes the first steps of `clusterip.txtar`, but enabled the `--bpf-lb-external-clusterip=true` flag, so we expect the ClusterIP to be routable and have the `ClusterIP+sessionAffinity` flag when displayed. In addition, we enable Maglev as LB algorithm, as we are doing in the Ginkgo test. We therefore expect from the LB map something like: ``` ... MAGLEV: ID=1 INNER=[1(1021)] SVC: ID=1 ADDR=10.96.50.104:80/TCP SLOT=0 LBALG=undef AFFTimeout=42 COUNT=1 QCOUNT=0 FLAGS=ClusterIP+sessionAffinity ... ``` Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
This commit adds a BPF unit test for loadbalancing of external packets destined to ClusterIP service. This aims at replacing the Ginkgo "ClusterIP can be accessed when external access is enabled" test. Differently than testing a non-routable ClusterIP service, in this BPF test we enable the SVC_FLAG_ROUTABLE flag when creating the SVC in the bpf map. Therefore, we expect the packet to be correctly handled, DNATed, and conntrack to track the connections. Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
…bled` This commit removed the Ginkgo test in favor of the script test and BPF tests introduced in the previous commits. Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
ece09b6 to
f79c43f
Compare
|
/test |
Complementary PR of #44192 ✂️
Pleaser refer to commit messages:
Related: #44168.