k8sT/Egress: fixes

test/helpers/kubectl.go

@@ -4297,7 +4297,6 @@ func GenerateNamespaceForTest(seed string) string {
 	replaced := strings.Replace(lowered, " ", "", -1)
 	replaced = strings.Replace(replaced, "_", "", -1)
 	replaced = strings.Replace(replaced, "/", "", -1)
-	replaced = strings.Replace(replaced, "-", "", -1)
 
 	timestamped := time.Now().Format("200601021504") + seed + replaced
 

test/k8sT/Egress.go

@@ -25,7 +25,7 @@ import (
 )
 
 var _ = SkipDescribeIf(func() bool {
-	return helpers.RunsOnEKS() || helpers.RunsOnGKE() || !helpers.RunsOn419OrLaterKernel() || helpers.DoesNotExistNodeWithoutCilium()
+	return helpers.RunsOnEKS() || helpers.RunsOnGKE() || helpers.DoesNotRunWithKubeProxyReplacement() || helpers.DoesNotExistNodeWithoutCilium()
 }, "K8sEgressGatewayTest", func() {
 	var (
 		kubectl         *helpers.Kubectl
@@ -77,9 +77,6 @@ var _ = SkipDescribeIf(func() bool {
 	}
 
 	BeforeAll(func() {
-		if helpers.DoesNotRunWithKubeProxyReplacement() {
-			Skip("EgressGatewayTest requires KubeProxyReplacement")
-		}
 
 		kubectl = helpers.CreateKubectl(helpers.K8s1VMName(), logger)
 
@@ -91,6 +88,8 @@ var _ = SkipDescribeIf(func() bool {
 
 		deploymentManager.SetKubectl(kubectl)
 
+		// We deploy cilium, to run the echo server and assign egress IP, and redeploy with
+		// different configurations for the tests.
 		ciliumFilename = helpers.TimestampFilename("cilium.yaml")
 		DeployCiliumAndDNS(kubectl, ciliumFilename)
 
@@ -107,7 +106,7 @@ var _ = SkipDescribeIf(func() bool {
 
 	AfterFailed(func() {
 		// Especially check if there are duplicated address allocated on cilium_host
-		kubectl.CiliumReport("ip addr")
+		kubectl.CiliumReport("ip addr", "cilium bpf egress list", "cilium bpf nat list")
 	})
 
 	testEgressGateway := func(fromGateway bool) {
@@ -166,127 +165,79 @@ var _ = SkipDescribeIf(func() bool {
 		Expect(res).Should(helpers.CMDSuccess(), "unable to apply %s", policyYAML)
 	}
 
-	Context("tunnel disabled with endpoint routes enabled", func() {
-		BeforeAll(func() {
-			DeployCiliumOptionsAndDNS(kubectl, ciliumFilename, map[string]string{
-				"egressGateway.enabled":  "true",
-				"tunnel":                 "disabled",
-				"autoDirectNodeRoutes":   "true",
-				"bpf.masquerade":         "true",
-				"endpointRoutes.enabled": "true",
+	doContext := func(name string, ciliumOpts map[string]string) {
+		Context(name, func() {
+			BeforeAll(func() {
+				DeployCiliumOptionsAndDNS(kubectl, ciliumFilename, ciliumOpts)
+				randomNamespace = deploymentManager.DeployRandomNamespaceShared(DemoDaemonSet)
+				kubectl.NamespaceLabel(randomNamespace, namespaceSelector)
+				deploymentManager.WaitUntilReady()
 			})
 
-			randomNamespace = deploymentManager.DeployRandomNamespaceShared(DemoDaemonSet)
-			kubectl.NamespaceLabel(randomNamespace, namespaceSelector)
-			deploymentManager.WaitUntilReady()
-
-		})
-
-		AfterAll(func() {
-			deploymentManager.DeleteAll()
-			DeployCiliumAndDNS(kubectl, ciliumFilename)
-		})
-
-		It("Checks connectivity works without policy", func() {
-			testConnectivity(false)
-			testConnectivity(true)
-		})
-
-		It("Checks egress policy and basic connectivity both work", func() {
-			applyEgressPolicy()
-			kubectl.WaitForEgressPolicyEntry(k8s1IP, outsideIP)
-			kubectl.WaitForEgressPolicyEntry(k8s2IP, outsideIP)
-
-			defer kubectl.Delete(policyYAML)
-
-			testEgressGateway(true)
-			testEgressGateway(false)
-			testConnectivity(true)
-			testConnectivity(false)
-		})
-
-	})
-
-	Context("tunnel disabled with endpoint routes disabled", func() {
-
-		BeforeAll(func() {
-			DeployCiliumOptionsAndDNS(kubectl, ciliumFilename, map[string]string{
-				"egressGateway.enabled":  "true",
-				"tunnel":                 "disabled",
-				"autoDirectNodeRoutes":   "true",
-				"bpf.masquerade":         "true",
-				"endpointRoutes.enabled": "false",
+			AfterAll(func() {
+				deploymentManager.DeleteAll()
+				DeployCiliumAndDNS(kubectl, ciliumFilename)
 			})
 
-			randomNamespace = deploymentManager.DeployRandomNamespaceShared(DemoDaemonSet)
-			kubectl.NamespaceLabel(randomNamespace, namespaceSelector)
-			deploymentManager.WaitUntilReady()
-		})
-
-		AfterAll(func() {
-			deploymentManager.DeleteAll()
-			DeployCiliumAndDNS(kubectl, ciliumFilename)
-		})
-
-		It("Checks connectivity works without policy", func() {
-			testConnectivity(false)
-			testConnectivity(true)
-		})
-
-		It("Checks egress policy and basic connectivity both work", func() {
-			applyEgressPolicy()
-			kubectl.WaitForEgressPolicyEntry(k8s1IP, outsideIP)
-			kubectl.WaitForEgressPolicyEntry(k8s2IP, outsideIP)
-
-			defer kubectl.Delete(policyYAML)
-
-			testEgressGateway(false)
-			testEgressGateway(true)
-			testConnectivity(false)
-			testConnectivity(true)
-		})
-
-	})
-
-	Context("tunnel vxlan", func() {
-
-		BeforeAll(func() {
-			DeployCiliumOptionsAndDNS(kubectl, ciliumFilename, map[string]string{
-				"egressGateway.enabled": "true",
-				"bpf.masquerade":        "true",
-				"tunnel":                "vxlan",
+			It("Checks connectivity works without policy", func() {
+				testConnectivity(false)
+				testConnectivity(true)
 			})
 
-			randomNamespace = deploymentManager.DeployRandomNamespaceShared(DemoDaemonSet)
-			kubectl.NamespaceLabel(randomNamespace, namespaceSelector)
-			deploymentManager.WaitUntilReady()
-		})
+			It("Checks egress policy and basic connectivity both work", func() {
+				applyEgressPolicy()
+				kubectl.WaitForEgressPolicyEntry(k8s1IP, outsideIP)
+				kubectl.WaitForEgressPolicyEntry(k8s2IP, outsideIP)
 
-		AfterAll(func() {
-			deploymentManager.DeleteAll()
-			DeployCiliumAndDNS(kubectl, ciliumFilename)
-		})
+				defer kubectl.Delete(policyYAML)
 
-		It("Checks connectivity works without policy", func() {
-			testConnectivity(false)
-			testConnectivity(true)
+				testEgressGateway(false)
+				testEgressGateway(true)
+				testConnectivity(false)
+				testConnectivity(true)
+			})
 		})
+	}
 
-		It("Checks egress policy and basic connectivity both work", func() {
-			applyEgressPolicy()
-			kubectl.WaitForEgressPolicyEntry(k8s1IP, outsideIP)
-			kubectl.WaitForEgressPolicyEntry(k8s2IP, outsideIP)
-
-			defer kubectl.Delete(policyYAML)
+	doContext("tunnel disabled with endpointRoutes enabled",
+		map[string]string{
+			"egressGateway.enabled":  "true",
+			"bpf.masquerade":         "true",
+			"tunnel":                 "disabled",
+			"autoDirectNodeRoutes":   "true",
+			"endpointRoutes.enabled": "true",
+		},
+	)
 
-			testEgressGateway(false)
-			testEgressGateway(true)
-			testConnectivity(false)
-			testConnectivity(true)
-		})
+	doContext("tunnel disabled with endpointRoutes disabled",
+		map[string]string{
+			"egressGateway.enabled":  "true",
+			"bpf.masquerade":         "true",
+			"tunnel":                 "disabled",
+			"autoDirectNodeRoutes":   "true",
+			"endpointRoutes.enabled": "false",
+		},
+	)
 
-	})
+	doContext("tunnel vxlan with endpointRoutes enabled",
+		map[string]string{
+			"egressGateway.enabled":  "true",
+			"bpf.masquerade":         "true",
+			"tunnel":                 "vxlan",
+			"autoDirectNodeRoutes":   "false",
+			"endpointRoutes.enabled": "true",
+		},
+	)
 
+	doContext("tunnel vxlan with endpointRoutes disabled",
+		map[string]string{
+			"egressGateway.enabled":  "true",
+			"bpf.masquerade":         "true",
+			"tunnel":                 "vxlan",
+			"autoDirectNodeRoutes":   "false",
+			"endpointRoutes.enabled": "false",
+		},
+	)
 })
 
 // Use x.x.x.100 as the egress IP

test/k8sT/manifests/egress-ip-deployment.yaml

@@ -25,14 +25,14 @@ spec:
         securityContext:
           privileged: true
         env:
-        - name: EGRESS_IPS
+        - name: EGRESS_IP
           value: "INPUT_EGRESS_IP/24"
         args:
-        - "for i in $EGRESS_IPS; do ip address add $i dev enp0s8; done; sleep 10000000"
+        - "ip address add $EGRESS_IP dev enp0s8; sleep inf"
         lifecycle:
           preStop:
             exec:
               command:
               - "/bin/sh"
               - "-c"
-              - "for i in $EGRESS_IPS; do ip address del $i dev enp0s8; done"
+              - "ip address del $EGRESS_IP dev enp0s8"