ipsec: Cover IPv6-only clusters in CI #39567
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We keep bumping the limit every time we add new test cases in the end-to-end tests. We might as well increase a lot once and for all and we can adjust if it becomes an issue. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
The IPsec key rotation action currently needs to know if IPv6 is enabled to double the number of expected keys in that case. Checking only IPv6 works because IPv4 was always enabled... until now. What we actually want to do is double the number of keys when we are running in dual-stack mode. If we are either in IPv4-only or IPv6-only mode, the number of keys should stay as is. This commit moves from an IPv6 parameter to a Dual Stack parameter. The EKS workflow is IPv4-only at the moment; the E2E IPsec workflow is dual-stack at the moment. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Add some missing logic to be able to run IPv6-only configurations in the IPsec workflows. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
The bpftrace script for leak detection didn't support IPv6-only clusters. This commit fixes it. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Same as 67bd786 ("workflows/e2e: Skip tests to outside world in IPv6-only clusters") but for IPsec workflows. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
When IPv4 is disabled, we skip the to-fqdn tests and therefore don't end up with DNS proxy traffic. The bpftrace script would therefore fail to find any such traffic. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
/test |
smagnani96
approved these changes
May 16, 2025
Artyop
approved these changes
May 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds coverage for IPv6-only configurations in the IPsec workflows, in preparation for IPsec + IPv6 underlay coverage. See commits for details.