Skip to content

workflows: Extend IPsec tests to cover egress gateway #35323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 21, 2024
Merged

workflows: Extend IPsec tests to cover egress gateway #35323

merged 4 commits into from
Oct 21, 2024

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Oct 9, 2024
edited
Loading

The first two commits are cleanup for the IPsec workflows. The third extends coverage to IPsec + KPR + egress gateway. The last one avoids the matrix deduplication and prettyfies the job display.

@pchaigno pchaigno added release-note/ci This PR makes changes to the CI. feature/ipsec Relates to Cilium's IPsec feature labels Oct 9, 2024
@pchaigno pchaigno force-pushed the pr/pchaigno/tests-extend-ipsec-coverage branch 9 times, most recently from 04f03d1 to b116ed2 Compare October 11, 2024 16:43
@pchaigno pchaigno changed the title workflows: Same configs between two IPsec workflows workflows: Extend IPsec tests to cover egress gateway Oct 14, 2024
@pchaigno pchaigno marked this pull request as ready for review October 14, 2024 17:41
@pchaigno pchaigno requested review from a team as code owners October 14, 2024 17:41
aanm
aanm approved these changes Oct 15, 2024
View reviewed changes
Copy link
Member

@aanm aanm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pchaigno shall we backport this PR?

aanm
aanm requested changes Oct 15, 2024
View reviewed changes
@pchaigno pchaigno force-pushed the pr/pchaigno/tests-extend-ipsec-coverage branch 3 times, most recently from 952d970 to 2fd8fc5 Compare October 16, 2024 15:23
@pchaigno pchaigno enabled auto-merge October 17, 2024 11:33
@pchaigno pchaigno force-pushed the pr/pchaigno/tests-extend-ipsec-coverage branch 2 times, most recently from 72f88f9 to bfa81a4 Compare October 20, 2024 21:32
@pchaigno
Copy link
Member Author

@pchaigno shall we backport this PR?

I believe we should, adding the label.

I don't think we can. IPsec+KPR is not supported in v1.15 so upgrade workflow would fail.

@pchaigno pchaigno removed the needs-backport/1.16 This PR / issue needs backporting to the v1.16 branch label Oct 25, 2024
@julianwiedmann julianwiedmann mentioned this pull request Oct 25, 2024
Merged
1 task
@julianwiedmann
Copy link
Member

@pchaigno shall we backport this PR?

I believe we should, adding the label.

I don't think we can. IPsec+KPR is not supported in v1.15 so upgrade workflow would fail.

Let's try something funky, how do you feel about #35540 ?

julianwiedmann
julianwiedmann reviewed Oct 25, 2024
View reviewed changes
@pchaigno pchaigno mentioned this pull request Oct 25, 2024
Merged
julianwiedmann added a commit to julianwiedmann/cilium that referenced this pull request Oct 28, 2024
@julianwiedmann
CODEOWNERS: let cilium/ipsec cover .github/actions/ipsec
0c4f2bd 
Added by cilium#35323.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann mentioned this pull request Oct 28, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 28, 2024
@julianwiedmann
CODEOWNERS: let cilium/ipsec cover .github/actions/ipsec
5ced3e3 
Added by #35323.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added the backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. label Oct 28, 2024
@github-actions github-actions bot added backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. and removed backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. labels Oct 28, 2024
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
smagnani96 added a commit that referenced this pull request Dec 4, 2024
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
3ac02f0 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Dec 10, 2024
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
6a4a1d1 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Dec 13, 2024
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
f3b3437 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Dec 13, 2024
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
e13875a 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Jan 7, 2025
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
a1e2b08 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Jan 8, 2025
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
127fa56 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
smagnani96 added a commit that referenced this pull request Jan 10, 2025
@smagnani96
conformance-ipsec-e2e: do not split egress-gateway tests
34f52ed 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
github-merge-queue bot pushed a commit that referenced this pull request Jan 10, 2025
@smagnani96 @pchaigno
conformance-ipsec-e2e: do not split egress-gateway tests
a6ea748 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
rastislavs pushed a commit that referenced this pull request Jan 21, 2025
@smagnani96 @rastislavs
conformance-ipsec-e2e: do not split egress-gateway tests
3c75d34 
[ upstream commit a6ea748 ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
github-merge-queue bot pushed a commit that referenced this pull request Jan 22, 2025
@smagnani96 @michi-covalent
conformance-ipsec-e2e: do not split egress-gateway tests
ad5caad 
[ upstream commit a6ea748 ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
rastislavs pushed a commit that referenced this pull request Jan 22, 2025
@smagnani96 @rastislavs
conformance-ipsec-e2e: do not split egress-gateway tests
340e049 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at multiple places
  caused by different surrounding context ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
rastislavs pushed a commit that referenced this pull request Jan 22, 2025
@smagnani96 @rastislavs
conformance-ipsec-e2e: do not split egress-gateway tests
3fe12c9 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at various places.
  There were no separate egress gateway testing steps present in this
  version of the workflow, but feature-status steps related to EGW
  were still present (probably were backported separately). ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
rastislavs pushed a commit that referenced this pull request Jan 22, 2025
@smagnani96 @rastislavs
conformance-ipsec-e2e: do not split egress-gateway tests
550ed2e 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at various places.
  There were no separate egress gateway testing steps present in this
  version of the workflow, but feature-status steps related to EGW
  were still present (probably were backported separately). ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
christarazi pushed a commit that referenced this pull request Jan 22, 2025
@smagnani96 @christarazi
conformance-ipsec-e2e: do not split egress-gateway tests
92bd61f 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at various places.
  There were no separate egress gateway testing steps present in this
  version of the workflow, but feature-status steps related to EGW
  were still present (probably were backported separately). ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
joestringer pushed a commit that referenced this pull request Jan 23, 2025
@smagnani96 @joestringer
conformance-ipsec-e2e: do not split egress-gateway tests
d1b864d 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at various places.
  There were no separate egress gateway testing steps present in this
  version of the workflow, but feature-status steps related to EGW
  were still present (probably were backported separately). ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
github-merge-queue bot pushed a commit that referenced this pull request Jan 24, 2025
@smagnani96 @jrajahalme
conformance-ipsec-e2e: do not split egress-gateway tests
55b9350 
[ upstream commit a6ea748 ]

[ backporter's notes: manually resolved conflicts at multiple places
  caused by different surrounding context ]

In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in #35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
jongj pushed a commit to jongj/cilium that referenced this pull request Feb 11, 2025
@smagnani96 @jongj
conformance-ipsec-e2e: do not split egress-gateway tests
f644599 
In the previous commit, we introduced to the bpftrace the capability to
skip tracking traffic with destination address outside pod CIDRs.
At this point, in conformance-ipsec-e2e tests we do not need to split tests
anymore (egress-gateway vs all the others), previously modified in cilium#35323,
"workflows/ipsec: Cover egress gateway", ea6bdac.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julianwiedmann julianwiedmann julianwiedmann left review comments

@nebril nebril nebril approved these changes

@aanm aanm aanm approved these changes

@jschwinger233 jschwinger233 jschwinger233 approved these changes

Assignees
No one assigned
Labels
backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. feature/egress-gateway Impacts the egress IP gateway feature. feature/ipsec Relates to Cilium's IPsec feature ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pchaigno @julianwiedmann @nebril @aanm @jschwinger233