cilium: fix endpoint event zero encryption key

We observed in the K8sWatcher for "ciliumendpoints" the call ConvertToCiliumEndpointAddFunc was taking an endpoint event with a valid Encryption field and converting it to '0'. To fix we can make the translation more explicit. Fixes: 720c0b0 ("pkg/k8s: do not DeepCopy when converting to CiliumEndpoint") Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: André Martins <andre@cilium.io>
cilium · Jun 9, 2020 · b41bbc0 · b41bbc0
1 parent 0d89f05
commit b41bbc0
Show file tree

Hide file tree

Showing 2 changed files with 133 additions and 4 deletions.
diff --git a/pkg/k8s/factory_functions.go b/pkg/k8s/factory_functions.go
@@ -684,7 +684,10 @@ func ConvertToCiliumEndpoint(obj interface{}) interface{} {
 				Labels:      nil,
 				Annotations: nil,
 			},
-			Encryption: &concreteObj.Status.Encryption,
+			Encryption: func() *cilium_v2.EncryptionSpec {
+				enc := concreteObj.Status.Encryption
+				return &enc
+			}(),
 			Identity:   concreteObj.Status.Identity,
 			Networking: concreteObj.Status.Networking,
 			NamedPorts: concreteObj.Status.NamedPorts,
@@ -713,7 +716,10 @@ func ConvertToCiliumEndpoint(obj interface{}) interface{} {
 					Labels:      nil,
 					Annotations: nil,
 				},
-				Encryption: &ciliumEndpoint.Status.Encryption,
+				Encryption: func() *cilium_v2.EncryptionSpec {
+					enc := ciliumEndpoint.Status.Encryption
+					return &enc
+				}(),
 				Identity:   ciliumEndpoint.Status.Identity,
 				Networking: ciliumEndpoint.Status.Networking,
 				NamedPorts: ciliumEndpoint.Status.NamedPorts,

diff --git a/pkg/k8s/factory_functions_test.go b/pkg/k8s/factory_functions_test.go
@@ -19,6 +19,7 @@ package k8s
 import (
 	"time"
 
+	"github.com/cilium/cilium/api/v1/models"
 	"github.com/cilium/cilium/pkg/annotation"
 	"github.com/cilium/cilium/pkg/checker"
 	fakeDatapath "github.com/cilium/cilium/pkg/datapath/fake"
@@ -1224,13 +1225,135 @@ func (s *K8sSuite) Test_ConvertToCiliumEndpoint(c *C) {
 			args: args{
 				obj: cache.DeletedFinalStateUnknown{
 					Key: "foo",
-					Obj: &v2.CiliumEndpoint{},
+					Obj: &v2.CiliumEndpoint{
+						TypeMeta: metav1.TypeMeta{
+							Kind:       "CiliumEndpoint",
+							APIVersion: "v2",
+						},
+						ObjectMeta: metav1.ObjectMeta{
+							Name:            "foo",
+							GenerateName:    "generated-Foo",
+							Namespace:       "bar",
+							UID:             "fdadada-dada",
+							ResourceVersion: "5454",
+							Generation:      5,
+							CreationTimestamp: metav1.Time{
+								Time: time.Date(2018, 01, 01, 01, 01, 01, 01, time.UTC),
+							},
+							Labels: map[string]string{
+								"foo": "bar",
+							},
+							Annotations: map[string]string{
+								"foo": "bar",
+							},
+							OwnerReferences: []metav1.OwnerReference{
+								{
+									Kind:               "Pod",
+									APIVersion:         "v1",
+									Name:               "foo",
+									UID:                "65dasd54d45",
+									Controller:         nil,
+									BlockOwnerDeletion: func() *bool { a := true; return &a }(),
+								},
+							},
+							ClusterName: "default",
+						},
+						Status: v2.EndpointStatus{
+							ID:          0,
+							Controllers: nil,
+							ExternalIdentifiers: &models.EndpointIdentifiers{
+								ContainerID:   "3290f4bc32129cb3e2f81074557ad9690240ea8fcce84bcc51a9921034875878",
+								ContainerName: "foo",
+								K8sNamespace:  "foo",
+								K8sPodName:    "bar",
+								PodName:       "foo/bar",
+							},
+							Health: &models.EndpointHealth{
+								Bpf:           "good",
+								Connected:     false,
+								OverallHealth: "excellent",
+								Policy:        "excellent",
+							},
+							Identity: &v2.EndpointIdentity{
+								ID: 9654,
+								Labels: []string{
+									"k8s:io.cilium.namespace=bar",
+								},
+							},
+							Networking: &v2.EndpointNetworking{
+								Addressing: []*v2.AddressPair{
+									{
+										IPV4: "10.0.0.1",
+										IPV6: "fd00::1",
+									},
+								},
+								NodeIP: "192.168.0.1",
+							},
+							Encryption: v2.EncryptionSpec{
+								Key: 250,
+							},
+							Policy: &v2.EndpointPolicy{
+								Ingress: &v2.EndpointPolicyDirection{
+									Enforcing: true,
+								},
+								Egress: &v2.EndpointPolicyDirection{
+									Enforcing: true,
+								},
+							},
+							State: "",
+							NamedPorts: []*models.Port{
+								{
+									Name:     "foo-port",
+									Port:     8181,
+									Protocol: "TCP",
+								},
+							},
+						},
+					},
 				},
 			},
 			want: cache.DeletedFinalStateUnknown{
 				Key: "foo",
 				Obj: &types.CiliumEndpoint{
-					Encryption: &v2.EncryptionSpec{},
+					TypeMeta: slim_metav1.TypeMeta{
+						Kind:       "CiliumEndpoint",
+						APIVersion: "v2",
+					},
+					ObjectMeta: slim_metav1.ObjectMeta{
+						Name:            "foo",
+						Namespace:       "bar",
+						UID:             "fdadada-dada",
+						ResourceVersion: "5454",
+						// We don't need to store labels nor annotations because
+						// they are not used by the CEP handlers.
+						Labels:      nil,
+						Annotations: nil,
+					},
+					Identity: &v2.EndpointIdentity{
+						ID: 9654,
+						Labels: []string{
+							"k8s:io.cilium.namespace=bar",
+						},
+					},
+					Networking: &v2.EndpointNetworking{
+						Addressing: []*v2.AddressPair{
+							{
+								IPV4: "10.0.0.1",
+								IPV6: "fd00::1",
+							},
+						},
+						NodeIP: "192.168.0.1",
+					},
+					Encryption: &v2.EncryptionSpec{
+						Key: 250,
+					},
+					NamedPorts: []*models.Port{
+						{
+							Name:     "foo-port",
+							Port:     8181,
+							Protocol: "TCP",
+						},
+					},
 				},
 			},
 		},