-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cilium: 4 sig-network tests fail (sonobuoy) #144
Comments
This only happens with cilium. |
With k8s-1.24.4 and cilium v1.12.2, we are down to one failed test.
|
Retesting with k8s-1.25.3 and cilium v1.12.2, we still have the 4 failed tests:
|
Retesting with k8s-1.25.3 and cilium v1.13.3, we have only HostPort failed:
|
Thanks for testing @chess-knight -- we have progress, which is nice! |
Ok. I investigated a little bit further and I found this open upstream issue. If I understand the mentioned issue correctly, there is still one sub-issue, which needs to be resolved to fully support HostPort in the default installation. |
Side-note: There is a known workaround cilium@14287#issuecomment-1645325590 |
I again dived into the mentioned problem and here are my findings:
Conclusion: But, we need to decide if we want to replace kube-proxy with cilium by setting The question about kube-proxy replacement I see as a separate issue, which we can solve in the future. Also, I don't see the portmap plugin as a critical option because it is used by default in calico and we will have certified conformance tests passed. So I am for adding P.S. I tested it with default settings (k8s v1.25.11) and I hope that it will work the same for other k8s versions. See also this cilium/cilium#21060 (comment) |
Wow, thanks for this very detailed analysis. From my point of view we can set However we should keep in mind that we want to use ciliums implementation for gateway-API which requires I prefer to pass the tests first, make cilium the tested default and deal with all things related to gateway-API in the next step (after merging the PR) |
Preface:
(I shortened them because the full string includes square brackets and the string is used as regex lateron) I have had nearly every possible result from 3 failing test to 4 failing test, one or a pass of all tests, all with k8s 1.25.11, cilium 1.13 and kubeproxyReplacement disabled. The most consistent result was 4 failing tests (6 or 7 times in a row now). The command i used to run the test is:
Unfortunately this regex runs 7 Tests according to |
Ok, now i am up to what you found out and i can reproduce that all tests pass with: kubeProxyReplacement=disabled Regarding the hostPort thing: As far as i have understood it is not recommended using it (although for example cinder does). From a conformance and cluster-provider perspective it is still required to support it. So regarding your question
It is not recommended to use hostPort (as the guy who applies pod-resources) but required to work (as the guy who wants to provide a certified cluster). That this is achieved by cilium by using the portmap plugin does not matter (this is how i understand it) @chess-knight What do you think? Am i missing something? |
Fixes #144 Signed-off-by: Roman Hros <roman.hros@dnation.cloud>
Hello @mxmxchere, |
fantastic, so as i can read in your code, we both agree that we should set those three options and are good to go. |
Yes, I tested it multiple times successfully |
$ sonobuoy e2e --focus 'Services.*clusterIP'
[It] [sig-network] Services should be able to switch session affinity for service with type clusterIP [LinuxOnly] [Conformance]
[It] [sig-network] Services should have session affinity timeout work for service with type clusterIP [LinuxOnly]
[It] [sig-network] Services should have session affinity work for service with type clusterIP [LinuxOnly] [Conformance] Test |
From my experiences, it is probably because there are always 3 additional e2e tests before and after - |
Fixes #144 Signed-off-by: Roman Hros <roman.hros@dnation.cloud> Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
* Add migration steps for existing k8s clusters to adopt #432 (#477) This commit adds migration steps for existing k8s clusters to be able to adopt #432 feature. #432 added option to use a custom container registry in containerd. Issue: #470 Signed-off-by: Matej Feder <matej.feder@dnation.cloud> Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com> (cherry picked from commit 970ed8f) * Pass conformance tests with cilium (#489) Fixes #144 Signed-off-by: Roman Hros <roman.hros@dnation.cloud> Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com> (cherry picked from commit e8ef70f) Signed-off-by: Filip Dobrovolny <dobrovolny.filip@gmail.com> * Option to deploy harbor (#445) * Deploy harbor during create cluster stage This approach uses only 2 variables(domain, email). There is also kustomize and envsubst used. Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Move harbor deployment to separate script Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Create ec2 credentials Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Add persistence Change also staging issuer to prod Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Deploy dependencies(flux, cert-mgr, ingress-nginx) Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Add some info message about manual dns action Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Fix deploing dependencies Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Add info about getting admin password Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Restructuralize harbor variables Add also clusterIP deployment option Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Force Cinder CSI deployment when persistence is true Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Address comments from @matofeder Add more documentation, usefull log messages and more Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Fix on specific k8s-harbor repo tag As discussed with @fdobrovolny Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Mention forced services in configuration and default environment Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Add KUBECONFIG needed for the secret scripts Move deploying of Harbor to the end of create_cluster.sh Signed-off-by: Roman Hros <roman.hros@dnation.cloud> * Fix yamllint warnings Signed-off-by: Roman Hros <roman.hros@dnation.cloud> --------- Signed-off-by: Roman Hros <roman.hros@dnation.cloud> Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com> Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com> (cherry picked from commit 82ad213) Signed-off-by: Filip Dobrovolny <dobrovolny.filip@gmail.com> --------- Signed-off-by: Roman Hros <roman.hros@dnation.cloud> Signed-off-by: Filip Dobrovolny <dobrovolny.filip@gmail.com> Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com> Co-authored-by: Matej Feder <matej.feder@dnation.cloud> Co-authored-by: Roman Hros <roman.hros@dnation.cloud> Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
Testing a capo cluster with k8s-1.21.9, I consistently get 4 failed tests:
Failed tests:
To Do: Investigate:
The text was updated successfully, but these errors were encountered: