ci: Require cluster-wide connectivity before running tests #18153
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gandro
added
area/health
|
/test |
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
94df4d3
to
3f12fc5
Compare
This comment has been minimized.
This comment has been minimized.
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
3f12fc5
to
169aae3
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
/test |
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
169aae3
to
ff97bfe
Compare
|
/test https://jenkins.cilium.io/job/Cilium-PR-K8s-1.22-kernel-4.19/75/ Edit: Seems like the readiness check is not sufficient, as it does not consider node count. Will try to modify |
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
ff97bfe
to
9fd19f0
Compare
|
/test Edit: Uncovered a bug in https://jenkins.cilium.io/job/Cilium-PR-K8s-1.23-kernel-4.9/77/ Reproducible on Vagrant via |
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
fef6ad5
to
e1a47c3
Compare
|
/test Runtime failed with a provisioning failure: https://jenkins.cilium.io/job/Cilium-PR-Runtime-net-next/810/ Edit: All Jenkins pipeline affected by these changes are green ✔️ Will re-run after pushing a few minor changes and mark ready for review. |
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
e1a47c3
to
a2d2e3d
Compare
|
/test |
This commit extends the cilium-health API to expose the status of secondary addresses of the cilium-health endpoint. To ensure backwards-compatibility of the cilium-health API and JSON output, the old field is deprecated and a new one is introduced. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit modifies the cilium-health server to populate the newly added `health-endpoint` field in node health status model. It now also includes the address and probe status of secondary endpoint paths. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit changes the way cilium health status is displayed in `cilium status` and `cilium-health status` with regards to secondary addresses (i.e. IPv6 host or health endpoint IP addresses in dual-stack setups). Firstly, in the brief output format (i.e. the output of `cilium status`), we do not consider a host or endpoint as "reachable" if a secondary path is unreachable. This is similar to how we already treat partial reachability for a health probe if ICMP succeeded but HTTP did not. Secondly, in `cilium-health status --verbose`, we now also print the status of secondary endpoint addresses (which we usually probe, but before this commit never displayed anywhere). Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit changes the output of `cilium-health status` to always display the status of unhealthy secondary paths. This makes it easier for users to spot the reason why cilium health reports connectivity issues, as this information is usually hidden behind the `--verbose` flag. This approach is similar to how we already show unhealth nodes in the brief output. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit changes the semantics of the `unreachable_nodes` and `unreachable_health_endpoints` metrics to include nodes or endpoints where the secondary path (i.e. IPv6 in dual-stack) has no connectitivty. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This modifies the bugtool to collect the verbose `cilium-health status` output which includes information about secondary paths (i.e. IPv6 paths in dual-stack setups). Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This changes the K8sHealthTest suite to use the newly introduced `health-endpoint` field insteaed of the deprecated `endpoint` field. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
To work around a bug where host firewall and endpoint routes drops very small packages on the return path. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
In our CI setup, we have a helper function called `ciliumHealthPreFlightCheck` which ensures that all nodes participating in CI have connectivity to each other. However, that check did not consider connectivity to remote endpoints or alternative paths. This commit extends that function to ensure that not only connectivity between the node has been established, but also that connectivity to the health endpoint both via ICMP and HTTP is healthy. This commit also introduces checks for secondary addresses (i.e. IPv6 addresses in dual-stack setups). If no secondary addresses are present, the JSONPath filter used here returns an empty string which will be ignored. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro
force-pushed
the
pr/gandro/cilium-health-dualstack
branch
from
6dc645e
to
8ccdf11
Compare
|
Addressed two nits, rebased and removed the commit which un-qurantines the test (and thus this PR needs no sign-off from team loadbalancer anymore). Main diff: diff --git a/pkg/health/client/client.go b/pkg/health/client/client.go
index ab2b2f088466..fe93c9834d55 100644
--- a/pkg/health/client/client.go
+++ b/pkg/health/client/client.go
@@ -274,7 +274,7 @@ func GetAllHostAddresses(node *models.NodeStatus) []*models.PathStatus {
}
// GetEndpointPrimaryAddress returns the PrimaryAddress for the health endpoint
-// within node. If node.Host is nil, returns nil.
+// within node. If node.HealthEndpoint is nil, returns nil.
func GetEndpointPrimaryAddress(node *models.NodeStatus) *models.PathStatus {
if node.HealthEndpoint == nil {
return nil
@@ -283,7 +283,8 @@ func GetEndpointPrimaryAddress(node *models.NodeStatus) *models.PathStatus {
return node.HealthEndpoint.PrimaryAddress
}
-// GetEndpointSecondaryAddresses returns the secondary host addresses (if any)
+// GetEndpointSecondaryAddresses returns the secondary health endpoint addresses
+// (if any)
func GetEndpointSecondaryAddresses(node *models.NodeStatus) []*models.PathStatus {
if node.HealthEndpoint == nil {
return nil |
|
/test Job 'Cilium-PR-K8s-GKE' failed and has not been observed before, so may be related to your PR: Click to show.Test NameFailure OutputIf it is a flake, comment |
gandro
requested review from
joestringer
and removed request for
a team and
jibi
|
|
/test-gke |
|
/ci-multicluster |
joestringer
approved these changes
Dec 15, 2021
maintainer-s-little-helper
bot
added
the
ready-to-merge
tklauser
added
backport-done/1.11
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces more in-depth checks on
cilium-healthin CI.The first set of commits ensures that
cilium-healthproperly reports connectivity failures in dual-stack setups. Before this PR,cilium-healthwould probe the connectivity of secondary endpoint addresses, but not report any failures in the health API and thus also not display the failures incilium statusorcilium-health status. To fix this, the API is extended to expose the status of the secondary endpoint addresses probes, and the formatting and output logic is improved to better display and report these kind of failures.The second set of commits modifies CI to make use of this new functionality, i.e.
ciliumHealthPreFlightCheckis extended such that we wait for all paths to be healthy before we start a test suite. This likely fixes a a few flakes in e.g. direct routing mode, where we started the test suite even though the direct routes for IPv6 endpoint addresses have not yet been installed.Ref: #17895 (should fix that flake, but the test will not yet be unquarantined)