connectivity: Add --flush-ct

brb · tklauser · commit 6d4434fb6007 · 2023-06-16T10:57:16.000+02:00
To flush CT of each Cilium node after running all connectivity tests. It's needed when running connectivity tests multiple times on the same cluster, and the L7 netpol tests might interfere with other tests [1]. [1]: cilium/cilium#17459 Signed-off-by: Martynas Pumputis <m@lambda.lt>
diff --git a/connectivity/check/check.go b/connectivity/check/check.go
@@ -64,6 +64,8 @@ type Parameters struct {
 	JunitFile             string
 	JunitProperties       map[string]string
 
+	FlushCT bool
+
 	K8sVersion           string
 	HelmChartDirectory   string
 	HelmValuesSecretName string
diff --git a/connectivity/check/context.go b/connectivity/check/context.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/blang/semver/v4"
@@ -383,6 +384,26 @@ func (ct *ConnectivityTest) Run(ctx context.Context) error {
 		ct.Failf("writing to junit file %s failed: %s", ct.Params().JunitFile, err)
 	}
 
+	if ct.Params().FlushCT {
+		var wg sync.WaitGroup
+
+		wg.Add(len(ct.CiliumPods()))
+		for _, ciliumPod := range ct.CiliumPods() {
+			cmd := strings.Split("cilium bpf ct flush global", " ")
+			go func(ctx context.Context, pod Pod) {
+				defer wg.Done()
+
+				ct.Debugf("Flushing CT entries in %s/%s", pod.Pod.Namespace, pod.Pod.Name)
+				_, err := pod.K8sClient.ExecInPod(ctx, pod.Pod.Namespace, pod.Pod.Name, defaults.AgentContainerName, cmd)
+				if err != nil {
+					ct.Fatal("failed to flush ct entries: %w", err)
+				}
+			}(ctx, ciliumPod)
+		}
+
+		wg.Wait()
+	}
+
 	// Report the test results.
 	return ct.report()
 }
diff --git a/internal/cli/cmd/connectivity.go b/internal/cli/cmd/connectivity.go
@@ -172,6 +172,8 @@ func newCmdConnectivityTest(hooks Hooks) *cobra.Command {
 
 	initSysdumpFlags(cmd, &params.SysdumpOptions, "sysdump-", hooks)
 
+	cmd.Flags().BoolVar(&params.FlushCT, "flush-ct", false, "Flush conntrack of Cilium on each node")
+
 	hooks.AddConnectivityTestFlags(cmd.Flags())
 
 	return cmd
