connectivity: Add node-to-node encryption tests#1308
Merged
Conversation
1 task
f8c50b6 to
1aef8a9
Compare
This commit introduces the following encryption tests which check whether there is no unencrypted traffic leakage: * Node to remote pod * Pod to remote node * Node to remote node Also, it refactors the previous encryption test case to make it reusable by the new test cases. One important detail is that the tcpdump filter is appended with "and (tcp or icmp)", as otherwise in the case of the node-to-node test case the tcpdump would capture encrypted UDP WireGuard traffic. Tested manually with cilium/cilium#19401 (until #merge-cilium-and-cilium-cli). Signed-off-by: Martynas Pumputis <m@lambda.lt>
1aef8a9 to
173f18e
Compare
brb
added a commit
to cilium/cilium
that referenced
this pull request
Jan 10, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
pchaigno
reviewed
Jan 10, 2023
| ) | ||
| ct.NewTest("node-to-node-encryption"). | ||
| WithFeatureRequirements(check.RequireFeatureEnabled(check.FeatureEncryptionNode), | ||
| check.RequireFeatureEnabled(check.FeatureEncryptionNode)). |
Member
There was a problem hiding this comment.
@brb Shouldn't the first constant here be FeatureEncryptionPod instead of FeatureEncryptionNode?
brb
added a commit
to cilium/cilium
that referenced
this pull request
Jan 11, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
gandro
pushed a commit
to cilium/cilium
that referenced
this pull request
Jan 12, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
brb
added a commit
to cilium/cilium
that referenced
this pull request
Jan 13, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
brb
added a commit
to cilium/cilium
that referenced
this pull request
Jan 16, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
gandro
pushed a commit
to cilium/cilium
that referenced
this pull request
Jan 23, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
ldelossa
pushed a commit
to cilium/cilium
that referenced
this pull request
Jan 24, 2023
The encryption tests were introduced in cilium/cilium-cli#1308. Signed-off-by: Martynas Pumputis <m@lambda.lt>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit introduces the following encryption tests which check whether there is no unencrypted traffic leakage:
Also, it refactors the previous encryption test case to make it reusable by the new test cases.
One important detail is that the tcpdump filter is appended with
and (tcp or icmp), as otherwise in the case of the node-to-node test case the tcpdump would capture encrypted UDP WireGuard traffic.Tested manually with cilium/cilium#19401 (until #merge-cilium-and-cilium-cli).
cc @gandro