Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
workflows: Cover IPsec+VXLAN+endpoint routes in datapath tests
Commit 92a3e31 ("bpf: Remove link scope of cilium_host's IPv4 address") fixed connectivity via a NodePort service with tunneling and endpoint routes. Commit d39ca10 ("ipsec: Don't match on packet mark for FWD XFRM policy") then fixed cross-node pod connectivity with tunneling, endpoint routes, and IPsec. We can therefore start test this specific setup in the datapath tests. bpf-next is picked as the kernel to have some coverage of IPsec on the latest kernel. We currently rely on some assumption on kernel internals [1]. 1 - https://github.com/cilium/cilium/blob/v1.13.0-rc5/bpf/lib/encap.h#L24-L25 Signed-off-by: Paul Chaignon <paul@cilium.io>
- Loading branch information