Adds new Cilium subcommand: cilium encrypt status and cilium encrypt flush
#16770
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment has been minimized.
This comment has been minimized.
maintainer-s-little-helper
bot
added
dont-merge/needs-sign-off
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
rolinh
changed the title
cilium encypt status and cilium encrypt flushcilium encrypt status and cilium encrypt flush
rolinh
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
rolinh
requested changes
Jul 5, 2021
rolinh
requested changes
Jul 5, 2021
pchaigno
added
the
area/encryption
rolinh
requested changes
Jul 6, 2021
h3llix
force-pushed
the
hellixSoc1
branch
2 times, most recently
from
b67277d
to
fe5c304
Compare
pchaigno
reviewed
Jul 8, 2021
h3llix
force-pushed
the
hellixSoc1
branch
2 times, most recently
from
0aacb73
to
189f667
Compare
twpayne
approved these changes
Jul 12, 2021
rolinh
approved these changes
Jul 13, 2021
pchaigno
reviewed
Jul 13, 2021
There was a problem hiding this comment.
A couple remaining nits below. The output in case of failure could also be improved a bit. For example, this is what I get just after having run cilium encrypt flush:
Encryption: IPsec
Keys in use: 0
Max Seq. Number: /0xffffffff
Errors: 9
XfrmInNoStates: 9
For Max Seq. Number we could either default to a 0 value or even explicitly state N/A when they are no oseq matches. XfrmInNoStates should also be indented for clarity.
pchaigno
added
the
dont-merge/needs-rebase
pchaigno
requested changes
Jul 29, 2021
There was a problem hiding this comment.
Found a couple errors while testing. We could also cover a couple more cases in the unit tests.
General remarks:
- Commit
fix(cilium encrypt): fix helper functions and minor nitsshould be squashed in the relevant previous commits. For example, if there is a fix to helper function A, then that fix should be in the commit that introduced function A. - We don't usually have the format
feat(),test(), etc. in Cilium. I like it, but I think it would be best to drop it for consistency with the rest of the commit history. - You will need to rebase with latest master. In general, I would advise to always rebase with latest master when you update the branch. That's the best way to keep the branch up-to-date.
h3llix
force-pushed
the
hellixSoc1
branch
2 times, most recently
from
44c2a68
to
707999e
Compare
Add subcommand `cilium encrypt status` and `cilium encrypt flush` to interact with IPsec mode of the node. Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com>
pchaigno
approved these changes
Jul 30, 2021
Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com>
Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com>
|
The end-to-end tests don't cover those new CLIs and other tests are all passing. All team review requests are covered, sometimes with multiple reviews. Marking ready to merge. |
pchaigno
added
ready-to-merge
vadorovsky
approved these changes
Aug 2, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #14638
cilium encrypt statusdisplays information on the current status of the IPSec configuration whilecilium encrypt flushflushes the current XFRM States.Here is the cli output:
