Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add integration test for POD v4/v6 egress traffic #2371

Merged
merged 1 commit into from
May 11, 2023
Merged

Add integration test for POD v4/v6 egress traffic #2371

merged 1 commit into from
May 11, 2023

Conversation

wanyufe
Copy link
Member

@wanyufe wanyufe commented May 3, 2023
edited
Loading

What type of PR is this?
feature - add integration testing for POD v4/v6 egress in v6/v4 clusters

Which issue does this PR fix:
N/A

What does this PR do / Why do we need it:
Increase integration test coverage for POD egress.

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:

Testing done on this change:

Integration testing

~/amazon-vpc-cni-k8s/test/integration/cni-egress   egress-part-3 ✚ ● ? ⍟3  ginkgo -v --fail-on-pending -- \           1 ↵  408  18:18:30
 --cluster-kubeconfig=$KUBECONFIG \
 --cluster-name=$CLUSTER_NAME_V4 \
 --aws-region=$AWS_REGION \
 --aws-vpc-id=$VPC_ID_V4 \
 --ng-name-label-key=$NG_NAME_LABEL_KEY_V4 \
 --ng-name-label-val=$NG_NAME_LABEL_VAL_V4

Running Suite: CNI Pod Networking Suite - ~/amazon-vpc-cni-k8s/test/integration/cni-egress
======================================================================================================
Random Seed: 1683325258

Will run 1 of 1 specs
------------------------------
[BeforeSuite] 
~/amazon-vpc-cni-k8s/test/integration/cni-egress/pod_egress_suite_test.go:51
  STEP: checking cluster v4 or v6 @ 05/05/23 18:21:09.943
  STEP: creating test namespace @ 05/05/23 18:21:10.141
  STEP: getting the node with the node label key eks.amazonaws.com/nodegroup and value ipv4-nodegroup @ 05/05/23 18:21:10.164
  STEP: verifying at least 1 node present for the test @ 05/05/23 18:21:10.265
  STEP: getting the instance type from node label beta.kubernetes.io/instance-type @ 05/05/23 18:21:10.426
  STEP: getting the network interface details from ec2 @ 05/05/23 18:21:10.426
  STEP: setting the environment variables on the ds to map[ENABLE_V6_EGRESS:true] @ 05/05/23 18:21:10.465
  STEP: getting the aws-node daemon set in namespace kube-system @ 05/05/23 18:21:10.465
  STEP: updating the daemon set with new environment variable @ 05/05/23 18:21:10.566
  STEP: setting the environment variables on the ds to map[ENABLE_V6_EGRESS:true] @ 05/05/23 18:21:18.607
  STEP: getting the aws-node daemon set in namespace kube-system @ 05/05/23 18:21:18.607
  STEP: updating the daemon set with new environment variable @ 05/05/23 18:21:18.608
[BeforeSuite] PASSED [19.020 seconds]
------------------------------
[CANARY] test cluster egress connectivity container can access off-cluster service using egress interface
~/amazon-vpc-cni-k8s/test/integration/cni-egress/pod_egress_test.go:131
  STEP: creating test deployment on primary node: ip-192-168-34-162.us-east-2.compute.internal @ 05/05/23 18:21:28.65
  STEP: fetching pod primarynode-egress-tester-6b89dd6fd9-nqhxp egress address ... @ 05/05/23 18:21:50.997
  STEP: fetching pod primarynode-egress-tester-6b89dd6fd9-bf4jr egress address ... @ 05/05/23 18:21:51.161
  STEP: fetching pod primarynode-egress-tester-6b89dd6fd9-9xgf8 egress address ... @ 05/05/23 18:21:51.298
  STEP: fetching pod primarynode-egress-tester-6b89dd6fd9-vdpkt egress address ... @ 05/05/23 18:21:51.451
  STEP: testing pods in primary ENI IPv6 egress running in primary node: ip-192-168-34-162.us-east-2.compute.internal @ 05/05/23 18:21:51.594
  STEP: testing pods in secondary ENI IPv6 egress running in primary node: ip-192-168-34-162.us-east-2.compute.internal @ 05/05/23 18:21:53.531
  STEP: testing IPv6 ping between PODs within same ENI using egress interface is blocked @ 05/05/23 18:21:56.055
  STEP: testing IPv6 ping between PODs within different ENIs using egress interface is blocked @ 05/05/23 18:23:42.813
  STEP: deleting the primary node egress-tester deployment @ 05/05/23 18:26:09.59
• [280.961 seconds]
------------------------------
[AfterSuite] 
~/amazon-vpc-cni-k8s/test/integration/cni-egress/pod_egress_suite_test.go:117
  STEP: deleting test namespace @ 05/05/23 18:26:09.611
  STEP: reset daemonset back @ 05/05/23 18:26:19.731
  STEP: removing the environment variables from the ds map[ENABLE_V6_EGRESS:{}] @ 05/05/23 18:26:19.731
  STEP: getting the aws-node daemon set in namespace kube-system @ 05/05/23 18:26:19.731
  STEP: updating the daemon set with new environment variable @ 05/05/23 18:26:19.731
  STEP: update environment variables map[AWS_VPC_ENI_MTU:9001 AWS_VPC_K8S_CNI_VETHPREFIX:eni], remove map[ENABLE_V6_EGRESS:{} WARM_ENI_TARGET:{} WARM_IP_TARGET:{}] @ 05/05/23 18:26:27.775
  STEP: getting the aws-node daemon set in namespace kube-system @ 05/05/23 18:26:27.775
  STEP: updating the daemon set with new environment variable @ 05/05/23 18:26:27.775
[AfterSuite] PASSED [30.282 seconds]
------------------------------

Ran 1 of 1 Specs in 330.264 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
PASS | FOCUSED

Ginkgo ran 1 suite in 5m41.369616228s
Test Suite Passed
Detected Programmatic Focus - setting exit status to 197

Automation added to e2e:

Will this PR introduce any new dependencies?:

No
Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No

Does this change require updates to the CNI daemonset config files to work?:

No
Does this PR introduce any user-facing change?:

No

This commit requires v4 cluster provisioned by Prow has ipv6 address assigned to node primary ENI.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@wanyufe wanyufe marked this pull request as ready for review May 3, 2023 22:18
@wanyufe wanyufe requested a review from a team as a code owner May 3, 2023 22:18
jdn5126
jdn5126 reviewed May 5, 2023
View reviewed changes
Copy link
Contributor

@jdn5126 jdn5126 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test overall looks good, just some comments on simplification

@wanyufe
Copy link
Member Author

wanyufe commented May 8, 2023
edited
Loading

The code was refactored based on above comments and further discussion with @jdn5126. Here is the summary of changes:

  1. test specs were moved to a new test suite (folder named cni-egress) specially purposed for egress connectivity testing.
    The reason behind is that for each test suite, PROW will provision a proper cluster to run that suite, and egress testing for IPv4 cluster has a non-default cluster env (ENABLE_V6_EGRESS = 'true'), the cluster provisioned for original cni test suite has not that env set to true.
  2. code related to secondary node had been removed - test spec only runs on primary node. Team agreed that blocking testing between pods cross primary and secondary nodes is redundant.
  3. Not to be confused with No. 2, blocking testing among pods cross primary ENI and secondary ENI is kept - both primary ENI and secondary ENI assigned to the same primary node.

jdn5126
jdn5126 reviewed May 8, 2023
View reviewed changes
Copy link
Contributor

@jdn5126 jdn5126 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few nits, otherwise this looks good to go

jdn5126
jdn5126 previously approved these changes May 8, 2023
View reviewed changes
@jdn5126 jdn5126 force-pushed the egress-part-3 branch 2 times, most recently from d863e93 to de580fc Compare May 9, 2023 19:12
@jdn5126 jdn5126 merged commit e070294 into aws:master May 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdn5126 jdn5126 jdn5126 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wanyufe @jdn5126