New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
List of eks failing tests #9678
Comments
I took a new stab at this and the following tests are the ones left failing (at commit 9c0939a):
I suspect we still skip some tests because they do not match kernel conditions/node setup and other things. Also I think that the BPF based masq was not tested, not sure if we have specific e2e tests for those. All tests were ran on:
Tagging @joestringer since we talked about this on Slack a few weeks ago. |
Could they be failing for the same reason they were failing on GKE? See e0fba74. |
I tried the tests with direct routing disabled so we test just the encryption functionality and the thing I found out is that the connectivity check is failing due to Cilium on the server side is detecting the packets as being received from the identity Endpoint on one node:
Monitor output for the server on that node:
Policy entries for that endpoint:
|
Is 10.0.183.243 actually a remote node IP or it is the IP of the client pod? If it's the IP of the remote node, that shouldn't happen because masquerading is disabled, right? Happy to help debug this via Slack if that helps. |
This issue has been automatically marked as stale because it has not |
This issue has not seen any activity since it was marked stale. |
See #9682 for how to run these
See #9675 for fixups and hacks
[Fail] K8sHealthTest [BeforeEach] checks cilium-health status between nodes
[TODO] Skip on eks because endpoint-endpoint probe won't work with chaining
[Fail] K8sFQDNTest [BeforeEach] Restart Cilium validate that FQDN is still working
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
[Fail] K8sFQDNTest [BeforeEach] Validate that multiple specs are working correctly
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
[Fail] K8sUpdates [It] Tests upgrade and downgrade from a Cilium stable image to master
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Updates.go:194
[Fail] K8sKafkaPolicyTest Kafka Policy Tests [It] KafkaPolicies
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/KafkaPolicies.go:237
[Fail] K8sIstioTest [BeforeEach] Istio Bookinfo Demo Tests bookinfo inter-service connectivity
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/istio.go:109
[Fail] K8sServicesTest Checks ClusterIP Connectivity [It] Checks service on same node
fix w/ GetNodeNames
[Fail] K8sServicesTest Checks service across nodes [It] Tests NodePort (kube-proxy)
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
Passes with fixed DNS IP
[Fail] K8sServicesTest Checks service across nodes with L7 policy [It] Tests NodePort with L7 Policy
Fails on curls to cilium host internal IP and remote IP. test/k8sT/services.go:286
[Fail] K8sServicesTest Bookinfo Demo [It] Tests bookinfo demo
503 Service Unavailable probably because envoy isn’t able to upstream
[Fail] K8sDatapathConfig MonitorAggregation [It] Checks that monitor aggregation restricts notifications
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/DatapathConfiguration.go:127
[Fail] K8sDatapathConfig Encapsulation [It] Check connectivity with sockops and VXLAN encapsulation
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/DatapathConfiguration.go:168
[Fail] K8sDatapathConfig Encapsulation [It] Check connectivity with VXLAN encapsulation
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/DatapathConfiguration.go:168
[Fail] K8sDatapathConfig Encapsulation [It] Check connectivity with Geneve encapsulation
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/DatapathConfiguration.go:168
[Fail] K8sDatapathConfig Transparent encryption DirectRouting [It] Check connectivity with transparent encryption and direct routing
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/assertionHelpers.go:135
[Fail] K8sDatapathConfig IPv4Only [It] Check connectivity with IPv6 disabled
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/DatapathConfiguration.go:262
[Fail] K8sDatapathConfig ManagedEtcd [It] Check connectivity with managed etcd
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/assertionHelpers.go:135
[Fail] K8sPolicyTest Basic Test [It] checks all kind of Kubernetes policies
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:269
[TODO] ingress proxy - skip
[Fail] K8sPolicyTest Basic Test [It] CNP test MatchExpressions key
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:355
[TODO] ingress proxy - skip
[Fail] K8sPolicyTest Basic Test Validate CNP update [It] Enforces connectivity correctly when the same L3/L4 CNP is updated
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:674
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
Passes with fixed DNS IP
[Fail] K8sPolicyTest Basic Test Redirects traffic to proxy when no policy is applied with proxy-visibility annotation [BeforeEach] Tests HTTP proxy visibility without policy
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:786
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
Passes with fixed DNS IP
[Fail] K8sPolicyTest Basic Test Redirects traffic to proxy when no policy is applied with proxy-visibility annotation [BeforeEach] Tests DNS proxy visibility without policy
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:539
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
Passes with fixed DNS IP
[Fail] K8sPolicyTest Basic Test Redirects traffic to proxy when no policy is applied with proxy-visibility annotation [BeforeEach] Tests proxy visibility interactions with policy lifecycle operations
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:539
[TODO] Hardcoded DNS bind service IP is wrong for this cluster. Need to switch to a template.
Passes with fixed DNS IP
[Fail] K8sPolicyTest GuestBook Examples [It] checks policy example
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:1019
[Fail] K8sPolicyTest Namespaces policies [BeforeEach] Tests the same Policy in different namespaces
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:1113
[Fail] K8sPolicyTest Namespaces policies [BeforeEach] Kubernetes Network Policy by namespace selector
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:539
[Fail] K8sPolicyTest Namespaces policies [BeforeEach] Cilium Network policy using namespace label and L7
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:539
[TODO] ingress proxy - skip
[Fail] K8sPolicyTest Clusterwide policies [BeforeEach] Test clusterwide connectivity with policies
/Users/ray/covalent/gopath/src/github.com/cilium/cilium/test/k8sT/Policies.go:1324
The text was updated successfully, but these errors were encountered: