workflows/ipsec: Add missing --flush-ct for key rotation

[ upstream commit 751c17c ] Now that we cover the key rotations in the IPsec e2e tests, we are running the connectivity test suite twice. That means we can run in the usual bug where an existing CT entry is reused and leads to us sending traffic to the proxy when we shouldn't. Thus, we need to flush the CT entries at the end of the first test run, with --flush-ct. Fixes: de192de ("ci-ipsec-e2e: Add IPsec key rotation test") Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
cilium · Oct 4, 2023 · d28ba99 · d28ba99
1 parent af8c8b1
commit d28ba99
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/conformance-ipsec-e2e.yaml b/.github/workflows/conformance-ipsec-e2e.yaml
@@ -264,7 +264,8 @@ jobs:
               --sysdump-hubble-flows-count=1000000 --sysdump-hubble-flows-timeout=5m \
               --sysdump-output-filename "cilium-sysdump-${{ matrix.name }}-<ts>" \
               --junit-file "cilium-junits/${{ env.job_name }} (${{ join(matrix.*, ', ') }}).xml" \
-              --junit-property github_job_step="Run tests (${{ join(matrix.*, ', ') }})"
+              --junit-property github_job_step="Run tests (${{ join(matrix.*, ', ') }})" \
+              --flush-ct
 
       - name: Rotate IPsec Key & Test (${{ join(matrix.*, ', ') }})
         uses: ./.github/actions/conn-disrupt-test