New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: Extend the clusterIP tests with policy #15928
test: Extend the clusterIP tests with policy #15928
Conversation
I'm contemplating moving policy creation to |
test-only --focus="K8sServicesTest Checks service accessing itself (hairpin flow)" --kernel_version=net-next |
test-only --focus="K8sServicesTest.* Checks service accessing itself.*" --kernel_version=net-next |
Test for PR cilium#15321 - tests the case where a pod connects to itself via service clusterIP when selected by a policy. Signed-off-by: Aditi Ghag <aditi@cilium.io>
eb1e2cd
to
799bc1a
Compare
test-only --focus="K8sServicesTest.* Checks service accessing itself.*" --kernel_version=net-next |
Since I was assigned, could you for educational reasons explain to me how the test works with the added policy and how it checks that #15321 is correctly implemented? It's hard for me to decipher this yet :) |
@joamaki See the commit description:
So Aditi added a policy to the existing ClusterIP tests to ensure we cover the case fixed by #15321, where we'd get a wrong policy denied when a pod tries to access itself via ClusterIP VIP. One of those ClusterIP tests is |
Failures are not related to this PR -
The failed block is different from
Unit test failure in a wireguard unit test. I'll take a quick look, and file a PR.
This should be an independent test suite, and shouldn't be affected from Gingko test changes, no? /cc @pchaigno |
Yes, that's correct. I think this is ready to merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
Mainly for PR #15321 - tests the case where a pod connects to itself via service clusterIP when selected by a policy.
Signed-off-by: Aditi Ghag aditi@cilium.io