test: add basic tests for hubble-relay

These tests are the same tests for L3/L4 and L7 flows that target the local hubble server but they target hubble-relay instead. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
cilium · May 20, 2020 · f2b7478 · f2b7478
1 parent 610b91c
commit f2b7478
Showing 1 changed file with 48 additions and 6 deletions.
diff --git a/test/k8sT/hubble.go b/test/k8sT/hubble.go
@@ -18,8 +18,10 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"strconv"
 	"strings"
 
+	"github.com/asaskevich/govalidator"
 	"github.com/cilium/cilium/pkg/annotation"
 	. "github.com/cilium/cilium/test/ginkgo-ext"
 	"github.com/cilium/cilium/test/helpers"
@@ -35,8 +37,9 @@ var _ = Describe("K8sHubbleTest", func() {
 
 		hubblePodK8s1 string
 
-		hubbleSelector  = "-l k8s-app=hubble-cli"
-		hubbleNamespace = helpers.CiliumNamespace
+		hubbleNamespace    = helpers.CiliumNamespace
+		hubbleRelayService = "hubble-relay"
+		hubbleRelayAddress string
 
 		demoPath string
 
@@ -86,16 +89,22 @@ var _ = Describe("K8sHubbleTest", func() {
 		demoPath = helpers.ManifestGet(kubectl.BasePath(), "demo.yaml")
 
 		DeployCiliumOptionsAndDNS(kubectl, ciliumFilename, map[string]string{
-			"global.hubble.cli.enabled":     "true",
 			"global.hubble.metricsServer":   fmt.Sprintf(":%s", prometheusPort),
 			"global.hubble.metrics.enabled": `"{dns:query;ignoreAAAA,drop,tcp,flow,port-distribution,icmp,http}"`,
+			"global.hubble.cli.enabled":     "true",
+			"global.hubble.relay.enabled":   "true",
 		})
 
-		err := kubectl.WaitforPods(hubbleNamespace, hubbleSelector, helpers.HelperTimeout)
-		Expect(err).Should(BeNil(), "hubble-cli pods did not become ready")
-
+		var err error
+		ExpectHubbleCLIReady(kubectl, hubbleNamespace)
 		hubblePodK8s1, err = kubectl.GetHubbleClientPodOnNodeWithLabel(hubbleNamespace, helpers.K8s1)
 		Expect(err).Should(BeNil(), "unable to find hubble-cli pod on %s", helpers.K8s1)
+
+		ExpectHubbleRelayReady(kubectl, hubbleNamespace)
+		hubbleRelayIP, hubbleRelayPort, err := kubectl.GetServiceHostPort(hubbleNamespace, hubbleRelayService)
+		Expect(err).Should(BeNil(), "Cannot get service %s", hubbleRelayService)
+		Expect(govalidator.IsIP(hubbleRelayIP)).Should(BeTrue(), "hubbleRelayIP is not an IP")
+		hubbleRelayAddress = net.JoinHostPort(hubbleRelayIP, strconv.Itoa(hubbleRelayPort))
 	})
 
 	AfterFailed(func() {
@@ -169,6 +178,21 @@ var _ = Describe("K8sHubbleTest", func() {
 			res.ExpectContains(`hubble_flows_processed_total{subtype="to-endpoint",type="Trace",verdict="FORWARDED"}`)
 		})
 
+		It("Test L3/L4 Flow with hubble-relay", func() {
+			ctx, cancel := context.WithTimeout(context.Background(), helpers.MidCommandTimeout)
+			defer cancel()
+			follow := kubectl.HubbleObserveFollow(ctx, hubbleNamespace, hubblePodK8s1, fmt.Sprintf(
+				"--server %s --last 1 --type trace --from-pod %s/%s --to-namespace %s --to-label %s --to-port %d",
+				hubbleRelayAddress, namespaceForTest, appPods[helpers.App2], namespaceForTest, app1Labels, app1Port))
+
+			res := kubectl.ExecPodCmd(namespaceForTest, appPods[helpers.App2],
+				helpers.CurlFail(fmt.Sprintf("http://%s/public", app1ClusterIP)))
+			res.ExpectSuccess("%q cannot curl clusterIP %q", appPods[helpers.App2], app1ClusterIP)
+
+			err := follow.WaitUntilMatchFilterLineTimeout(`{$.Type}`, "L3_L4", helpers.ShortCommandTimeout)
+			Expect(err).To(BeNil(), fmt.Sprintf("hubble observe query timed out on %q", follow.OutputPrettyPrint()))
+		})
+
 		It("Test L7 Flow", func() {
 			addVisibilityAnnotation(namespaceForTest, app1Labels, "Ingress", "80", "TCP", "HTTP")
 			defer removeVisbilityAnnotation(namespaceForTest, app1Labels)
@@ -193,5 +217,23 @@ var _ = Describe("K8sHubbleTest", func() {
 			res.ExpectSuccess("%s/%s cannot curl metrics %q", hubbleNamespace, hubblePodK8s1, app1ClusterIP)
 			res.ExpectContains(`hubble_flows_processed_total{subtype="HTTP",type="L7",verdict="FORWARDED"}`)
 		})
+
+		It("Test L7 Flow with hubble-relay", func() {
+			addVisibilityAnnotation(namespaceForTest, app1Labels, "Ingress", "80", "TCP", "HTTP")
+			defer removeVisbilityAnnotation(namespaceForTest, app1Labels)
+
+			ctx, cancel := context.WithTimeout(context.Background(), helpers.MidCommandTimeout)
+			defer cancel()
+			follow := kubectl.HubbleObserveFollow(ctx, hubbleNamespace, hubblePodK8s1, fmt.Sprintf(
+				"--server %s --last 1 --type l7 --from-pod %s/%s --to-namespace %s --to-label %s --protocol http",
+				hubbleRelayAddress, namespaceForTest, appPods[helpers.App2], namespaceForTest, app1Labels))
+
+			res := kubectl.ExecPodCmd(namespaceForTest, appPods[helpers.App2],
+				helpers.CurlFail(fmt.Sprintf("http://%s/public", app1ClusterIP)))
+			res.ExpectSuccess("%q cannot curl clusterIP %q", appPods[helpers.App2], app1ClusterIP)
+
+			err := follow.WaitUntilMatchFilterLineTimeout(`{$.Type}`, "L7", helpers.ShortCommandTimeout)
+			Expect(err).To(BeNil(), fmt.Sprintf("hubble observe query timed out on %q", follow.OutputPrettyPrint()))
+		})
 	})
 })