Skip to content

cilium-cli: add IPv6 connectivity test for LocalRedirectPolicy #37192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 31, 2025
Merged

cilium-cli: add IPv6 connectivity test for LocalRedirectPolicy #37192

merged 1 commit into from
Mar 31, 2025

Conversation

saiaunghlyanhtet
Copy link
Member

@saiaunghlyanhtet saiaunghlyanhtet commented Jan 23, 2025
edited
Loading

Modified LRP connectivity test for IPv6.

Fixes: #36960

@saiaunghlyanhtet saiaunghlyanhtet requested a review from a team as a code owner January 23, 2025 08:08
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 23, 2025
@github-actions github-actions bot added cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary kind/community-contribution This was a contribution made by a community member. labels Jan 23, 2025
@saiaunghlyanhtet saiaunghlyanhtet mentioned this pull request Jan 23, 2025
Closed
@julianwiedmann julianwiedmann added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. area/lrp Impacts Local Redirect Policy. labels Jan 23, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jan 23, 2025
@julianwiedmann julianwiedmann added the dont-merge/waiting-for-review Requires further review before merging. label Jan 23, 2025
@tklauser
Copy link
Member

(not an issue with this PR, but these tests should probably be owned by @cilium/sig-lb, I've filed #37193 to add respective CODEOWNERS entries)

@julianwiedmann julianwiedmann removed request for a team and Artyop January 24, 2025 06:53
@julianwiedmann julianwiedmann removed the dont-merge/waiting-for-review Requires further review before merging. label Jan 24, 2025
@ysksuzuki
Copy link
Member

ysksuzuki commented Jan 30, 2025
edited
Loading

Hi @saiaunghlyanhtet, thank you for the PR!

I tested it in my local kind cluster but looks like it's failing. Would you be able to check it?

$ go build ./cilium-cli/cmd/cilium/
$ ./cilium connectivity test --include-unsafe-tests --test "local-redirect-policy"

[=] [cilium-test-1] Test [local-redirect-policy] [96/109]

  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-ipv6' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-ipv6' to namespace 'cilium-test-1' on cluster kind-kind..
  [-] Scenario [local-redirect-policy/lrp]
  🟥 Failed to ensure local redirect BPF entries: %w timeout while waiting for condition, last error: frontend [[fd00::169:254:169:254]:80/TCP] backend [10.244.3.202] mapping not found in BPF LB map [cilium-6p9kv] map[0.0.0.0:30301/TCP:[0.0.0.0:0 (11) (0) [NodePort, non-routable, dsr]  10.244.3.62:8080/TCP (11) (1)] 0.0.0.0:31193/TCP:[10.244.2.217:8080/TCP (16) (1) 0.0.0.0:0 (16) (0) [NodePort, non-routable, dsr] ] 0.0.0.0:4000/TCP:[0.0.0.0:0 (20) (0) [HostPort, non-routable]  10.244.3.62:8080/TCP (20) (1)] 10.96.0.10:53/TCP:[10.244.2.239:53/TCP (5) (1) 0.0.0.0:0 (5) (0) [ClusterIP, non-routable, dsr]  10.244.2.91:53/TCP (5) (2)] 10.96.0.10:53/UDP:[10.244.2.239:53/UDP (4) (1) 10.244.2.91:53/UDP (4) (2) 0.0.0.0:0 (4) (0) [ClusterIP, non-routable, dsr] ] 10.96.0.10:9153/TCP:[10.244.2.239:9153/TCP (3) (1) 10.244.2.91:9153/TCP (3) (2) 0.0.0.0:0 (3) (0) [ClusterIP, non-routable, dsr] ] 10.96.0.1:443/TCP:[0.0.0.0:0 (1) (0) [ClusterIP, non-routable, dsr]  172.18.0.4:6443/TCP (1) (1)] 10.96.25.173:443/TCP:[0.0.0.0:0 (2) (0) [ClusterIP, InternalLocal, non-routable, dsr]  172.18.0.5:4244/TCP (2) (1)] 10.96.35.254:8080/TCP:[10.244.2.217:8080/TCP (12) (1) 0.0.0.0:0 (12) (0) [ClusterIP, non-routable, dsr] ] 10.96.55.196:8080/TCP:[10.244.3.62:8080/TCP (6) (1) 0.0.0.0:0 (6) (0) [ClusterIP, non-routable, dsr] ] 169.254.169.254:80/TCP:[10.244.3.202:8080/TCP (22) (1) 0.0.0.0:0 (22) (0) [LocalRedirect] ] 169.254.169.255:80/TCP:[0.0.0.0:0 (23) (0) [LocalRedirect]  10.244.3.202:8080/TCP (23) (1)] 172.18.0.5:30301/TCP:[0.0.0.0:0 (10) (0) [NodePort, dsr]  10.244.3.62:8080/TCP (10) (1)] 172.18.0.5:31193/TCP:[10.244.2.217:8080/TCP (15) (1) 0.0.0.0:0 (15) (0) [NodePort, dsr] ] 172.18.0.5:4000/TCP:[10.244.3.62:8080/TCP (19) (1) 0.0.0.0:0 (19) (0) [HostPort] ] [::]:30301/TCP:[[::]:0 (8) (0) [NodePort, non-routable, dsr]  [fd00:10:244:3::a58b]:8080/TCP (8) (1)] [::]:31193/TCP:[[fd00:10:244:2::2568]:8080/TCP (17) (1) [::]:0 (17) (0) [NodePort, non-routable, dsr] ] [::]:4000/TCP:[[fd00:10:244:3::a58b]:8080/TCP (21) (1) [::]:0 (21) (0) [HostPort, non-routable] ] [fc00:c111::5]:30301/TCP:[[fd00:10:244:3::a58b]:8080/TCP (9) (1) [::]:0 (9) (0) [NodePort, dsr] ] [fc00:c111::5]:31193/TCP:[[::]:0 (14) (0) [NodePort, dsr]  [fd00:10:244:2::2568]:8080/TCP (14) (1)] [fc00:c111::5]:4000/TCP:[[fd00:10:244:3::a58b]:8080/TCP (18) (1) [::]:0 (18) (0) [HostPort] ] [fd00:10:96::4036]:8080/TCP:[[fd00:10:244:3::a58b]:8080/TCP (7) (1) [::]:0 (7) (0) [ClusterIP, non-routable, dsr] ] [fd00:10:96::97c4]:8080/TCP:[[::]:0 (13) (0) [ClusterIP, non-routable, dsr]  [fd00:10:244:2::2568]:8080/TCP (13) (1)] [fd00::169:254:169:254]:80/TCP:[[::]:0 (24) (0) [LocalRedirect]  [fd00:10:244:3::275e]:8080/TCP (24) (1)] [fd00::169:254:169:255]:80/TCP:[[::]:0 (25) (0) [LocalRedirect]  [fd00:10:244:3::275e]:8080/TCP (25) (1)]]
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-ipv6' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-ipv6' in namespace 'cilium-test-1' on cluster kind-kind..

📋 Test Report [cilium-test-1]
❌ 1/1 tests failed (0/0 actions), 108 tests skipped, 0 scenarios skipped:

ysksuzuki
ysksuzuki requested changes Jan 30, 2025
View reviewed changes
Copy link
Member

@ysksuzuki ysksuzuki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the test failure mentioned above

@saiaunghlyanhtet
Copy link
Member Author

Hi @saiaunghlyanhtet, thank you for the PR!

I tested it in my local kind cluster but looks like it's failing. Would you be able to check it?

$ go build ./cilium-cli/cmd/cilium/
$ ./cilium connectivity test --include-unsafe-tests --test "local-redirect-policy"

[=] [cilium-test-1] Test [local-redirect-policy] [96/109]

  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-ipv6' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-ipv6' to namespace 'cilium-test-1' on cluster kind-kind..
  [-] Scenario [local-redirect-policy/lrp]
  🟥 Failed to ensure local redirect BPF entries: %w timeout while waiting for condition, last error: frontend [[fd00::169:254:169:254]:80/TCP] backend [10.244.3.202] mapping not found in BPF LB map [cilium-6p9kv] map[0.0.0.0:30301/TCP:[0.0.0.0:0 (11) (0) [NodePort, non-routable, dsr]  10.244.3.62:8080/TCP (11) (1)] 0.0.0.0:31193/TCP:[10.244.2.217:8080/TCP (16) (1) 0.0.0.0:0 (16) (0) [NodePort, non-routable, dsr] ] 0.0.0.0:4000/TCP:[0.0.0.0:0 (20) (0) [HostPort, non-routable]  10.244.3.62:8080/TCP (20) (1)] 10.96.0.10:53/TCP:[10.244.2.239:53/TCP (5) (1) 0.0.0.0:0 (5) (0) [ClusterIP, non-routable, dsr]  10.244.2.91:53/TCP (5) (2)] 10.96.0.10:53/UDP:[10.244.2.239:53/UDP (4) (1) 10.244.2.91:53/UDP (4) (2) 0.0.0.0:0 (4) (0) [ClusterIP, non-routable, dsr] ] 10.96.0.10:9153/TCP:[10.244.2.239:9153/TCP (3) (1) 10.244.2.91:9153/TCP (3) (2) 0.0.0.0:0 (3) (0) [ClusterIP, non-routable, dsr] ] 10.96.0.1:443/TCP:[0.0.0.0:0 (1) (0) [ClusterIP, non-routable, dsr]  172.18.0.4:6443/TCP (1) (1)] 10.96.25.173:443/TCP:[0.0.0.0:0 (2) (0) [ClusterIP, InternalLocal, non-routable, dsr]  172.18.0.5:4244/TCP (2) (1)] 10.96.35.254:8080/TCP:[10.244.2.217:8080/TCP (12) (1) 0.0.0.0:0 (12) (0) [ClusterIP, non-routable, dsr] ] 10.96.55.196:8080/TCP:[10.244.3.62:8080/TCP (6) (1) 0.0.0.0:0 (6) (0) [ClusterIP, non-routable, dsr] ] 169.254.169.254:80/TCP:[10.244.3.202:8080/TCP (22) (1) 0.0.0.0:0 (22) (0) [LocalRedirect] ] 169.254.169.255:80/TCP:[0.0.0.0:0 (23) (0) [LocalRedirect]  10.244.3.202:8080/TCP (23) (1)] 172.18.0.5:30301/TCP:[0.0.0.0:0 (10) (0) [NodePort, dsr]  10.244.3.62:8080/TCP (10) (1)] 172.18.0.5:31193/TCP:[10.244.2.217:8080/TCP (15) (1) 0.0.0.0:0 (15) (0) [NodePort, dsr] ] 172.18.0.5:4000/TCP:[10.244.3.62:8080/TCP (19) (1) 0.0.0.0:0 (19) (0) [HostPort] ] [::]:30301/TCP:[[::]:0 (8) (0) [NodePort, non-routable, dsr]  [fd00:10:244:3::a58b]:8080/TCP (8) (1)] [::]:31193/TCP:[[fd00:10:244:2::2568]:8080/TCP (17) (1) [::]:0 (17) (0) [NodePort, non-routable, dsr] ] [::]:4000/TCP:[[fd00:10:244:3::a58b]:8080/TCP (21) (1) [::]:0 (21) (0) [HostPort, non-routable] ] [fc00:c111::5]:30301/TCP:[[fd00:10:244:3::a58b]:8080/TCP (9) (1) [::]:0 (9) (0) [NodePort, dsr] ] [fc00:c111::5]:31193/TCP:[[::]:0 (14) (0) [NodePort, dsr]  [fd00:10:244:2::2568]:8080/TCP (14) (1)] [fc00:c111::5]:4000/TCP:[[fd00:10:244:3::a58b]:8080/TCP (18) (1) [::]:0 (18) (0) [HostPort] ] [fd00:10:96::4036]:8080/TCP:[[fd00:10:244:3::a58b]:8080/TCP (7) (1) [::]:0 (7) (0) [ClusterIP, non-routable, dsr] ] [fd00:10:96::97c4]:8080/TCP:[[::]:0 (13) (0) [ClusterIP, non-routable, dsr]  [fd00:10:244:2::2568]:8080/TCP (13) (1)] [fd00::169:254:169:254]:80/TCP:[[::]:0 (24) (0) [LocalRedirect]  [fd00:10:244:3::275e]:8080/TCP (24) (1)] [fd00::169:254:169:255]:80/TCP:[[::]:0 (25) (0) [LocalRedirect]  [fd00:10:244:3::275e]:8080/TCP (25) (1)]]
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-ipv6' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-ipv6' in namespace 'cilium-test-1' on cluster kind-kind..

📋 Test Report [cilium-test-1]
❌ 1/1 tests failed (0/0 actions), 108 tests skipped, 0 scenarios skipped:

When I tested for the first time, it worked. But, in the second time, it failed. I am looking into it.

@saiaunghlyanhtet saiaunghlyanhtet force-pushed the cilium-cli/ipv6-conn-test-lrp branch from 1c6bcfb to 63f87e5 Compare February 3, 2025 10:29
@saiaunghlyanhtet saiaunghlyanhtet requested a review from a team as a code owner February 3, 2025 10:29
@saiaunghlyanhtet
Copy link
Member Author

saiaunghlyanhtet commented Feb 3, 2025
edited
Loading

@ysksuzuki Sorry for the delay. Previous test failures are fixed. But there is something annoying. When I test IPv6 with skipRedirectFromBackend true, sometimes the test passes. Sometimes it does not. I also found this issue #36740. What do you think about this?

@ysksuzuki
Copy link
Member

It seems that skipRedirectFromBackend isn't working with ipv6.

........
  ℹ️  curl stdout:
  fd00:10:244:3::b9f0:49072 -> fd00::169:254:169:255:80 = 200
  ℹ️  curl stderr:
  
  
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-v4' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-v6' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v4' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v6' to namespace 'cilium-test-1' on cluster kind-kind..
  [-] Scenario [local-redirect-policy/lrp]
  [.] Action [local-redirect-policy/lrp/curl-0-ipv4: cilium-test-1/lrp-client-55f54dbf99-tdtvx (10.244.3.248) -> 169.254.169.254:80/TCP (169.254.169.254:80)]
  [.] Action [local-redirect-policy/lrp/curl-0-ipv4: cilium-test-1/lrp-backend-5dc456df96-b5k8z (10.244.3.142) -> 169.254.169.254:80/TCP (169.254.169.254:80)]
  [.] Action [local-redirect-policy/lrp/curl-0-ipv6: cilium-test-1/lrp-client-55f54dbf99-tdtvx (fd00:10:244:3::1a32) -> fd00::169:254:169:254:80/TCP (fd00::169:254:169:254:80)]
  [.] Action [local-redirect-policy/lrp/curl-0-ipv6: cilium-test-1/lrp-backend-5dc456df96-b5k8z (fd00:10:244:3::b9f0) -> fd00::169:254:169:254:80/TCP (fd00::169:254:169:254:80)]
  [-] Scenario [local-redirect-policy/lrp-skip-redirect-from-backend]
  [.] Action [local-redirect-policy/lrp-skip-redirect-from-backend/curl-0-ipv4: cilium-test-1/lrp-client-55f54dbf99-tdtvx (10.244.3.248) -> 169.254.169.255:80/TCP (169.254.169.255:80)]
  [.] Action [local-redirect-policy/lrp-skip-redirect-from-backend/curl-0-ipv4: cilium-test-1/lrp-backend-5dc456df96-b5k8z (10.244.3.142) -> 169.254.169.255:80/TCP (169.254.169.255:80)]
  [.] Action [local-redirect-policy/lrp-skip-redirect-from-backend/curl-0-ipv6: cilium-test-1/lrp-client-55f54dbf99-tdtvx (fd00:10:244:3::1a32) -> fd00::169:254:169:255:80/TCP (fd00::169:254:169:255:80)]
  [.] Action [local-redirect-policy/lrp-skip-redirect-from-backend/curl-0-ipv6: cilium-test-1/lrp-backend-5dc456df96-b5k8z (fd00:10:244:3::b9f0) -> fd00::169:254:169:255:80/TCP (fd00::169:254:169:255:80)]
  ❌ command "curl -w %{local_ip}:%{local_port} -> %{remote_ip}:%{remote_port} = %{response_code} --silent --fail --show-error --output /dev/null --connect-timeout 2 --max-time 10 http://[fd00::169:254:169:255]:80" succeeded while it should have failed: fd00:10:244:3::b9f0:49072 -> fd00::169:254:169:255:80 = 200
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-v4' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-v6' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v4' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v6' in namespace 'cilium-test-1' on cluster kind-kind..

📋 Test Report [cilium-test-1]
❌ 1/1 tests failed (1/8 actions), 109 tests skipped, 0 scenarios skipped:
Test [local-redirect-policy]:
  ❌ local-redirect-policy/lrp-skip-redirect-from-backend/curl-0-ipv6: cilium-test-1/lrp-backend-5dc456df96-b5k8z (fd00:10:244:3::b9f0) -> fd00::169:254:169:255:80/TCP (fd00::169:254:169:255:80)

@ysksuzuki
Copy link
Member

Opened #37575. We need to fix it and then add the test for ipv6

@dylandreimerink dylandreimerink added the dont-merge/blocked Another PR must be merged before this one. label Feb 17, 2025
@nathanjsweet nathanjsweet mentioned this pull request Mar 12, 2025
Closed
3 tasks
@julianwiedmann
Copy link
Member

heh, I think this will still fail in CI because we're starting the e2e-upgrade workflow on v1.17. Let me set up a test branch quickly ...

@julianwiedmann julianwiedmann mentioned this pull request Mar 25, 2025
Closed
@julianwiedmann
Copy link
Member

👋 #38509 is merged, and re-running the failing upgrade tests now gives the same results as in #38491. The SocketLB configs are fixed 🎉.

We'll need a version check to only run the the affected tests on v1.17.3 and newer, as that will be the first patch release with the fix.

@saiaunghlyanhtet saiaunghlyanhtet force-pushed the cilium-cli/ipv6-conn-test-lrp branch from ae7c994 to 81d89fc Compare March 26, 2025 10:08
@saiaunghlyanhtet
Copy link
Member Author

Fixed for skipping IPv6 scenario with skipRedirectFromBackend=false when per-packet lb is enabled.

@saiaunghlyanhtet
Copy link
Member Author

/test

@saiaunghlyanhtet saiaunghlyanhtet force-pushed the cilium-cli/ipv6-conn-test-lrp branch 3 times, most recently from e30e555 to 9ed70ff Compare March 26, 2025 13:12
@saiaunghlyanhtet
Copy link
Member Author

/ci-e2e-upgrade

@saiaunghlyanhtet
Copy link
Member Author

@julianwiedmann @ysksuzuki
CI for E2E looks good now. Is there anything that needs to be fixed or improved?

@ysksuzuki
Copy link
Member

Thank you @saiaunghlyanhtet !

Looks like it panics when running on a cluster with enable-ipv6: false. It might be better to use ForEachIPFamily when running tests for each IP family, depending on the cluster configuration.

There's an issue where the agent crashes when deleting a CLRP while IPv6 is disabled. I can take care of this one.
#38570

[=] [cilium-test-1] Test [local-redirect-policy] [101/114]
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-v4' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-v6' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v4' to namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Applying CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v6' to namespace 'cilium-test-1' on cluster kind-kind..
  [-] Scenario [local-redirect-policy/lrp]
  [.] Action [local-redirect-policy/lrp/curl-0-ipv4: cilium-test-1/lrp-client-55f54dbf99-7t8lk (10.244.1.179) -> 169.254.169.254:80/TCP (169.254.169.254:80)]
.  [.] Action [local-redirect-policy/lrp/curl-0-ipv4: cilium-test-1/lrp-backend-5dc456df96-9hqc8 (10.244.1.238) -> 169.254.169.254:80/TCP (169.254.169.254:80)]
.  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-v4' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-v6' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumNetworkPolicy 'client-egress-to-cidr-lrp-deny' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v4' in namespace 'cilium-test-1' on cluster kind-kind..
  ℹ️  📜 Deleting CiliumLocalRedirectPolicy 'lrp-address-matcher-skip-redirect-from-backend-v6' in namespace 'cilium-test-1' on cluster kind-kind..
panic: runtime error: index out of range [1] with length 1

goroutine 554 [running]:
github.com/cilium/cilium/cilium-cli/connectivity/tests.lrp.runTestsForIPFamily({{{0xa0bbc2a, 0x24}}, 0x0}, {0x8c210b8, 0xc00087d480}, 0xc00123ac60, {0xc000a370e8, 0x1, 0x1?}, 0x2)
	/home/yusuke/go/src/github.com/cilium/cilium/cilium-cli/connectivity/tests/lrp.go:128 +0xda5
github.com/cilium/cilium/cilium-cli/connectivity/tests.lrp.Run({{{0xa0bbc2a?, 0x5ccd0a0?}}, 0x60?}, {0x8c210b8, 0xc00087d480}, 0xc00123ac60)
	/home/yusuke/go/src/github.com/cilium/cilium/cilium-cli/connectivity/tests/lrp.go:97 +0x608
github.com/cilium/cilium/cilium-cli/connectivity/check.(*Test).Run(0xc00123ac60, {0x8c210b8, 0xc00087d480}, 0x65)
	/home/yusuke/go/src/github.com/cilium/cilium/cilium-cli/connectivity/check/test.go:382 +0x664
github.com/cilium/cilium/cilium-cli/connectivity/check.(*ConnectivityTest).Run.func1()
	/home/yusuke/go/src/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go:449 +0x99
created by github.com/cilium/cilium/cilium-cli/connectivity/check.(*ConnectivityTest).Run in goroutine 494
	/home/yusuke/go/src/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go:443 +0x91

@saiaunghlyanhtet
cilium-cli: add IPv6 connectivity test for LocalRedirectPolicy
957727e 
Signed-off-by: saiaunghlyanhtet <saiaunghlyanhtet2003@gmail.com>
@saiaunghlyanhtet saiaunghlyanhtet force-pushed the cilium-cli/ipv6-conn-test-lrp branch from 9ed70ff to 957727e Compare March 28, 2025 04:05
@saiaunghlyanhtet
Copy link
Member Author

/test

@saiaunghlyanhtet
Copy link
Member Author

Used ForEachIPFamily for handling tests for each IP family. I think that current CI failures are not related to this PR.

ysksuzuki
ysksuzuki approved these changes Mar 29, 2025
View reviewed changes
Copy link
Member

@ysksuzuki ysksuzuki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@ysksuzuki ysksuzuki removed the dont-merge/blocked Another PR must be merged before this one. label Mar 29, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 29, 2025
@dylandreimerink dylandreimerink requested review from a team and christarazi and removed request for a team March 31, 2025 11:48
@dylandreimerink
Copy link
Member

Github wants a review from @cilium/ci-structure, seems it did not request a review automatically, did so manually

@maintainer-s-little-helper maintainer-s-little-helper bot removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 31, 2025
@pchaigno pchaigno added this pull request to the merge queue Mar 31, 2025
Merged via the queue into cilium:main with commit eeebd4e Mar 31, 2025
71 checks passed
@ysksuzuki
Copy link
Member

We'll need a version check to only run the the affected tests on v1.17.3 and newer, as that will be the first patch release with the fix.

Opened a PR to add the version check
#38630

@github-actions github-actions bot mentioned this pull request Apr 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

@ysksuzuki ysksuzuki ysksuzuki approved these changes

@christarazi christarazi Awaiting requested review from christarazi christarazi is a code owner automatically assigned from cilium/ci-structure

Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. area/lrp Impacts Local Redirect Policy. cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary kind/community-contribution This was a contribution made by a community member. pinned These issues are not marked stale by our issue bot. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cilium-cli: add IPv6 connectivity test for LocalRedirectPolicy
6 participants
@saiaunghlyanhtet @tklauser @ysksuzuki @julianwiedmann @dylandreimerink @pchaigno