Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate multicluster + ipsec + tunnel #9994

Closed
joestringer opened this issue Jan 29, 2020 · 5 comments · Fixed by #23496
Closed

Validate multicluster + ipsec + tunnel #9994

joestringer opened this issue Jan 29, 2020 · 5 comments · Fixed by #23496
Labels
area/CI-improvement Topic or proposal to improve the Continuous Integration workflow area/clustermesh Relates to multi-cluster routing functionality in Cilium. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. pinned These issues are not marked stale by our issue bot. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.

Comments

@joestringer
Copy link
Member

joestringer commented Jan 29, 2020
edited

We should figure out some automation around testing this combination and validate the functionality against a test suite for encryption in conjunction with tunneling mode, and ensure this works across clusters.
@joestringer joestringer added the area/CI Continuous Integration testing issue or flake label Jan 29, 2020
@joestringer
Copy link
Member Author

Two broad options:

  • Refactor existing tests to make them cluster-oblivious. This could be a lot of work but would allow high coverage for existing tests. Increases development burden for writing and maintaining tests.
  • Add a new set of multicluster-aware tests. Test the pieces that are different in multicluster:
    • Connectivity
    • LB (across clusters)
    • Policy (identity is different across clusters, including cluster labels)
    • Visibility (identities / labels show up as expected in monitor output)

@aanm aanm added this to the 1.8 milestone Feb 7, 2020
@stale
Copy link

stale bot commented Apr 7, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Apr 7, 2020
@aanm
Copy link
Member

aanm commented Apr 14, 2020

I think @seanmwinn is or was recently testing this?

@stale stale bot removed the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Apr 14, 2020
@joestringer joestringer added the pinned These issues are not marked stale by our issue bot. label Apr 14, 2020
@joestringer
Copy link
Member Author

I believe so, but manually. We will need to integrate this into some form of regular automated tests to prevent regressions.

@joestringer joestringer added area/CI-improvement Topic or proposal to improve the Continuous Integration workflow and removed area/CI Continuous Integration testing issue or flake labels Apr 28, 2020
@joestringer
Copy link
Member Author

One potential direction: Make use of kind per #11157 instructions.

@pchaigno pchaigno added area/clustermesh Relates to multi-cluster routing functionality in Cilium. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. integration/encrypt labels Oct 27, 2020
@borkmann borkmann added the sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. label Jan 12, 2021
@brb brb removed this from the 1.8 milestone Sep 28, 2021
@giorio94 giorio94 mentioned this issue Feb 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/CI-improvement Topic or proposal to improve the Continuous Integration workflow area/clustermesh Relates to multi-cluster routing functionality in Cilium. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. pinned These issues are not marked stale by our issue bot. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

test: add cluster mesh conformance tests with Kind cilium/cilium
5 participants
@brb @borkmann @joestringer @pchaigno @aanm