Skip to content

test: Run with host firewall #12672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

test: Run with host firewall #12672

wants to merge 3 commits into from

Conversation

pchaigno
Copy link
Member

No description provided.

pchaigno added 3 commits July 24, 2020 08:27
@pchaigno
test: Enable host firewall in CI only when label is set
482c6c7 
The host firewall is only enabled in CI if label ci/host-firewall is
set. The goal is to have default CI options closer to common user
environments and host firewall is not enabled by default in those.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
test: fromCIDR+toPorts host policy
3991c6d 
This commit extends the existing fromCIDR+toPorts policy test to test
the same kind of policy for the host firewall. To that end, it:
1. Enables the host firewall. The issue in comment is not relevant
   anymore since masquerading is disabled.
2. Introduce a helper to get the ID of the host endpoint. This helper
   will likely be needed for other host firewall tests as well.
3. Load a new DaemonSet to instanciate a host-networking pod on each k8s
   node. This pod serves as the target for host firewall connectivity
   tests.
4. Extend the existing test cases with CCNP tests.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
test: NodePort with host policy
2572a2a 
This commit adds new tests, identical to NodePort tests under vxlan
tunneling and direct routing, but with an ingress+egress host policy
applied. The host policy only allow communications between nodes and to
specific endpoints for readiness probes.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno added release-note/misc This PR makes changes that have no direct user impact. ci/host-firewall This label enables the host firewall by default in all CI tests. labels Jul 25, 2020
@coveralls
Copy link

Coverage Status

Coverage increased (+0.01%) to 37.197% when pulling 2572a2a on pr/pchaigno/test-host-firewall into 0a173dc on master.

@pchaigno
Copy link
Member Author

test-me-please

@pchaigno pchaigno closed this Jul 27, 2020
@pchaigno pchaigno deleted the pr/pchaigno/test-host-firewall branch July 27, 2020 07:11
@pchaigno pchaigno mentioned this pull request Jul 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci/host-firewall This label enables the host firewall by default in all CI tests. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pchaigno @coveralls