github.com/zhyoulun/cilium@v1.6.12/test/k8sT/DatapathConfiguration.go (about) 1 // Copyright 2017-2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package k8sTest 16 17 import ( 18 "fmt" 19 20 . "github.com/cilium/cilium/test/ginkgo-ext" 21 "github.com/cilium/cilium/test/helpers" 22 23 . "github.com/onsi/gomega" 24 ) 25 26 var _ = Describe("K8sDatapathConfig", func() { 27 28 var kubectl *helpers.Kubectl 29 var demoDSPath string 30 var ipsecDSPath string 31 32 BeforeAll(func() { 33 kubectl = helpers.CreateKubectl(helpers.K8s1VMName(), logger) 34 demoDSPath = helpers.ManifestGet("demo_ds.yaml") 35 ipsecDSPath = helpers.ManifestGet("ipsec_ds.yaml") 36 37 deleteCiliumDS(kubectl) 38 }) 39 40 BeforeEach(func() { 41 kubectl.ApplyDefault(demoDSPath).ExpectSuccess("cannot install Demo application") 42 kubectl.ApplyDefault(ipsecDSPath).ExpectSuccess("cannot install IPsec keys") 43 kubectl.NodeCleanMetadata() 44 }) 45 46 AfterEach(func() { 47 kubectl.Delete(demoDSPath) 48 kubectl.Delete(ipsecDSPath) 49 ExpectAllPodsTerminated(kubectl) 50 51 deleteCiliumDS(kubectl) 52 }) 53 54 AfterFailed(func() { 55 kubectl.CiliumReport(helpers.KubeSystemNamespace, 56 "cilium bpf tunnel list", 57 "cilium endpoint list") 58 }) 59 60 AfterAll(func() { 61 kubectl.CloseSSHClient() 62 }) 63 64 JustAfterEach(func() { 65 kubectl.ValidateNoErrorsInLogs(CurrentGinkgoTestDescription().Duration) 66 }) 67 68 cleanService := func() { 69 // To avoid hit GH-4384 70 kubectl.DeleteResource("service", "test-nodeport testds-service").ExpectSuccess( 71 "Service is deleted") 72 } 73 74 deployCilium := func(options []string) { 75 DeployCiliumOptionsAndDNS(kubectl, options) 76 77 err := kubectl.WaitforPods(helpers.DefaultNamespace, "", helpers.HelperTimeout) 78 ExpectWithOffset(1, err).Should(BeNil(), "Pods are not ready after timeout") 79 80 _, err = kubectl.CiliumNodesWait() 81 ExpectWithOffset(1, err).Should(BeNil(), "Failure while waiting for k8s nodes to be annotated by Cilium") 82 83 By("Making sure all endpoints are in ready state") 84 err = kubectl.CiliumEndpointWaitReady() 85 ExpectWithOffset(1, err).To(BeNil(), "Failure while waiting for all cilium endpoints to reach ready state") 86 } 87 88 Context("Encapsulation", func() { 89 BeforeEach(func() { 90 SkipIfFlannel() 91 }) 92 93 validateBPFTunnelMap := func() { 94 By("Checking that BPF tunnels are in place") 95 ciliumPod, err := kubectl.GetCiliumPodOnNode(helpers.KubeSystemNamespace, helpers.K8s1) 96 ExpectWithOffset(1, err).Should(BeNil(), "Unable to determine cilium pod on node %s", helpers.K8s1) 97 status := kubectl.CiliumExec(ciliumPod, "cilium bpf tunnel list | wc -l") 98 status.ExpectSuccess() 99 Expect(status.IntOutput()).Should(Equal(3), "Did not find expected number of entries in BPF tunnel map") 100 } 101 102 It("Check connectivity with transparent encryption and VXLAN encapsulation", func() { 103 if !helpers.RunsOnNetNext() { 104 Skip("Skipping test because it is not running with the net-next kernel") 105 return 106 } 107 108 deployCilium([]string{ 109 "--set global.encryption.enabled=true", 110 }) 111 validateBPFTunnelMap() 112 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test with IPsec between nodes failed") 113 cleanService() 114 }, 600) 115 116 It("Check connectivity with sockops and VXLAN encapsulation", func() { 117 // Note if run on kernel without sockops feature is ignored 118 deployCilium([]string{ 119 "--set global.sockops.enabled=true", 120 }) 121 validateBPFTunnelMap() 122 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 123 cleanService() 124 }, 600) 125 126 It("Check connectivity with VXLAN encapsulation", func() { 127 deployCilium([]string{ 128 "--set global.tunnel=vxlan", 129 }) 130 validateBPFTunnelMap() 131 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 132 cleanService() 133 }, 600) 134 135 It("Check connectivity with Geneve encapsulation", func() { 136 deployCilium([]string{ 137 "--set global.tunnel=geneve", 138 }) 139 validateBPFTunnelMap() 140 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 141 cleanService() 142 }) 143 144 It("Check vxlan connectivity with per endpoint routes", func() { 145 Skip("Encapsulation mode is not supported with per-endpoint routes") 146 147 deployCilium([]string{ 148 "--set global.autoDirectNodeRoutes=true", 149 }) 150 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 151 cleanService() 152 }) 153 154 }) 155 156 Context("DirectRouting", func() { 157 It("Check connectivity with automatic direct nodes routes", func() { 158 SkipIfFlannel() 159 160 deployCilium([]string{ 161 "--set global.tunnel=disabled", 162 "--set global.autoDirectNodeRoutes=true", 163 }) 164 165 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 166 cleanService() 167 }) 168 169 It("Check direct connectivity with per endpoint routes", func() { 170 SkipIfFlannel() 171 172 deployCilium([]string{ 173 "--set global.tunnel=disabled", 174 "--set global.autoDirectNodeRoutes=true", 175 "--set global.endpointRoutes.enabled=true", 176 }) 177 178 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 179 cleanService() 180 }) 181 }) 182 183 Context("Transparent encryption DirectRouting", func() { 184 It("Check connectivity with transparent encryption and direct routing", func() { 185 SkipIfFlannel() 186 187 deployCilium([]string{ 188 "--set global.tunnel=disabled", 189 "--set global.autoDirectNodeRoutes=true", 190 "--set global.encryption.enabled=true", 191 "--set global.encryption.interface=enp0s8", 192 }) 193 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 194 cleanService() 195 }) 196 }) 197 198 Context("IPv4Only", func() { 199 It("Check connectivity with IPv6 disabled", func() { 200 // Flannel always disables IPv6, this test is a no-op in that case. 201 SkipIfFlannel() 202 203 deployCilium([]string{ 204 "--set global.ipv4.enabled=true", 205 "--set global.ipv6.enabled=false", 206 }) 207 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 208 cleanService() 209 }) 210 }) 211 212 Context("ManagedEtcd", func() { 213 AfterAll(func() { 214 deleteETCDOperator(kubectl) 215 }) 216 It("Check connectivity with managed etcd", func() { 217 deployCilium([]string{ 218 "--set global.etcd.enabled=true", 219 "--set global.etcd.managed=true", 220 }) 221 Expect(testPodConnectivityAcrossNodes(kubectl)).Should(BeTrue(), "Connectivity test between nodes failed") 222 cleanService() 223 }) 224 }) 225 }) 226 227 func testPodConnectivityAcrossNodes(kubectl *helpers.Kubectl) bool { 228 By("Checking pod connectivity between nodes") 229 230 filter := "zgroup=testDS" 231 232 err := kubectl.WaitforPods(helpers.DefaultNamespace, fmt.Sprintf("-l %s", filter), helpers.HelperTimeout) 233 ExpectWithOffset(1, err).Should(BeNil(), "Failure while waiting for connectivity test pods to start") 234 pods, err := kubectl.GetPodNames(helpers.DefaultNamespace, filter) 235 Expect(err).Should(BeNil(), "Failure while retrieving pod name for %s", filter) 236 podIP, err := kubectl.Get( 237 helpers.DefaultNamespace, 238 fmt.Sprintf("pod %s -o json", pods[1])).Filter("{.status.podIP}") 239 Expect(err).Should(BeNil(), "Failure to retrieve IP of pod %s", pods[1]) 240 res := kubectl.ExecPodCmd(helpers.DefaultNamespace, pods[0], helpers.Ping(podIP.String())) 241 return res.WasSuccessful() 242 }