-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: Add IPsec leak detection for ci-ipsec-e2e #32930
Conversation
5346da7
to
55d1d77
Compare
All green 🟢 https://github.com/cilium/cilium/actions/runs/9396554042/job/25877952674 Second run failed on an echo-ingress-mutual-auth-spiffe/pod-to-pod flake: https://github.com/cilium/cilium/actions/runs/9396554042/job/25881297773 3rd run is also 🍏 https://github.com/cilium/cilium/actions/runs/9396554042/job/25883690215 |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good to me, thanks! I've left a couple of minor comments inline.
6aabf75
to
586db4e
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
They are to replace conn-disrupt-test action for better flexibility. Please note the new conn-disrupt-test-check doesn't run full tests by default. Signed-off-by: gray <gray.liang@isovalent.com>
So in future we can add encryption leak detection right after key rotation to avoid certain issues. ci-ipsec-e2e and ci-eks also has been adjusted to use conn-disrupt-test-* actions before and after ipsec-key-rotate action. Signed-off-by: gray <gray.liang@isovalent.com>
Signed-off-by: gray <gray.liang@isovalent.com>
PR cilium#32930 introduced a change to the conn-disrupt test that caused this migration test to fail. This PR updates the test to work with the updated test format. The inconsistency was not caught because of the path filters used in the test, so the path filters have been updated to exclude only Documentation/ and test/. Fixes: cilium#32268 Signed-off-by: jshr-w <shjayaraman@microsoft.com>
PR cilium#32930 introduced a change to the conn-disrupt test that caused this migration test to fail. This PR updates the test to work with the updated test format. The inconsistency was not caught because of the path filters used in the test, so the path filters have been updated to exclude only Documentation/ and test/. Fixes: cilium#32268 Signed-off-by: jshr-w <shjayaraman@microsoft.com>
PR cilium#32930 introduced a change to the conn-disrupt test that caused this migration test to fail. This PR updates the test to work with the updated test format. The inconsistency was not caught because of the path filters used in the test, so the path filters have been updated to exclude only Documentation/ and test/. Fixes: cilium#32268 Signed-off-by: jshr-w <shjayaraman@microsoft.com>
PR #32930 introduced a change to the conn-disrupt test that caused this migration test to fail. This PR updates the test to work with the updated test format. The inconsistency was not caught because of the path filters used in the test, so the path filters have been updated to exclude only Documentation/ and test/. Fixes: #32268 Signed-off-by: jshr-w <shjayaraman@microsoft.com>
PR cilium#32930 introduced a change to the conn-disrupt test that caused this migration test to fail. This PR updates the test to work with the updated test format. The inconsistency was not caught because of the path filters used in the test, so the path filters have been updated to exclude only Documentation/ and test/. Fixes: cilium#32268 Signed-off-by: jshr-w <shjayaraman@microsoft.com>
Add IPsec leak detection for ci-ipsec-e2e.