-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved Cilium connectivity tests script
Signed-off-by: Philip Schmid <phisch@cisco.com>
- Loading branch information
1 parent
f4fdb5d
commit df42ebf
Showing
2 changed files
with
70 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,43 @@ | ||
#!/bin/bash | ||
#!/usr/bin/env bash | ||
|
||
set -euxo pipefail | ||
|
||
# Grab the path to the kubeconfig file. | ||
export KUBECONFIG=$(terraform output --raw path_to_kubeconfig_file) | ||
# Gran the namespace in which Cilium was installed. | ||
CILIUM_NAMESPACE=$(terraform output --raw cilium_namespace) | ||
# Hubble Relay port | ||
HUBBLE_RELAY_PORT=4245 | ||
# Cilium Connectivity tests namespace | ||
TEST_NAMESPACE="cilium-test" | ||
# All Cilium Connectivity tests namespaces | ||
NAMESPACES=("${TEST_NAMESPACE}" "${TEST_NAMESPACE}-1") | ||
|
||
# Run the connectivity tests. | ||
kubectl -n kube-system port-forward svc/hubble-relay 4245:80 & | ||
# NS precreation is required because of https://www.talos.dev/v1.5/kubernetes-guides/configuration/pod-security/ | ||
kubectl create ns cilium-test | ||
kubectl label ns cilium-test pod-security.kubernetes.io/enforce=privileged | ||
kubectl label ns cilium-test pod-security.kubernetes.io/warn=privileged | ||
kubectl -n "${CILIUM_NAMESPACE}" rollout status deployment/hubble-relay | ||
kubectl -n "${CILIUM_NAMESPACE}" port-forward svc/hubble-relay 4245:80 & | ||
PID=$! | ||
set +e | ||
cilium connectivity test | ||
set -e | ||
kill -9 "${PID}" | ||
kubectl delete ns cilium-test | ||
|
||
# Wait while forwarded port will be available | ||
while ! nc -vz localhost ${HUBBLE_RELAY_PORT} > /dev/null 2>&1 ; do | ||
echo "waiting for port-forward ..." | ||
sleep 1 | ||
done | ||
|
||
cilium status --wait | ||
|
||
# NS precreation is required because of https://www.talos.dev/v1.5/kubernetes-guides/configuration/pod-security/ | ||
for ns in "${NAMESPACES[@]}"; do | ||
kubectl create ns $ns | ||
kubectl label ns $ns pod-security.kubernetes.io/enforce=privileged | ||
kubectl label ns $ns pod-security.kubernetes.io/warn=privileged | ||
done | ||
|
||
cilium connectivity test --namespace "${CILIUM_NAMESPACE}" --test-namespace "${TEST_NAMESPACE}" | ||
|
||
trap '{ | ||
kill -9 "${PID}" | ||
for ns in "${NAMESPACES[@]}"; do | ||
kubectl delete ns $ns | ||
done | ||
}' EXIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,43 @@ | ||
#!/bin/bash | ||
#!/usr/bin/env bash | ||
|
||
set -euxo pipefail | ||
|
||
ns=cilium-test | ||
|
||
# Grab the path to the kubeconfig file. | ||
export KUBECONFIG=$(terraform output --raw path_to_kubeconfig_file) | ||
# Gran the namespace in which Cilium was installed. | ||
CILIUM_NAMESPACE=$(terraform output --raw cilium_namespace) | ||
# Hubble Relay port | ||
HUBBLE_RELAY_PORT=4245 | ||
# Cilium Connectivity tests namespace | ||
TEST_NAMESPACE="cilium-test" | ||
# All Cilium Connectivity tests namespaces | ||
NAMESPACES=("${TEST_NAMESPACE}" "${TEST_NAMESPACE}-1") | ||
|
||
# Run the connectivity tests. | ||
kubectl -n kube-system port-forward svc/hubble-relay 4245:80 & | ||
# NS precreation is required because of https://www.talos.dev/v1.5/kubernetes-guides/configuration/pod-security/ | ||
kubectl create ns ${ns} | ||
kubectl label ns ${ns} pod-security.kubernetes.io/enforce=privileged | ||
kubectl label ns ${ns} pod-security.kubernetes.io/warn=privileged | ||
kubectl -n "${CILIUM_NAMESPACE}" rollout status deployment/hubble-relay | ||
kubectl -n "${CILIUM_NAMESPACE}" port-forward svc/hubble-relay 4245:80 & | ||
PID=$! | ||
cilium connectivity test --test-namespace=${ns} | ||
kill -9 "${PID}" | ||
kubectl delete ns ${ns} | ||
|
||
# Wait while forwarded port will be available | ||
while ! nc -vz localhost ${HUBBLE_RELAY_PORT} > /dev/null 2>&1 ; do | ||
echo "waiting for port-forward ..." | ||
sleep 1 | ||
done | ||
|
||
cilium status --wait | ||
|
||
# NS precreation is required because of https://www.talos.dev/v1.5/kubernetes-guides/configuration/pod-security/ | ||
for ns in "${NAMESPACES[@]}"; do | ||
kubectl create ns $ns | ||
kubectl label ns $ns pod-security.kubernetes.io/enforce=privileged | ||
kubectl label ns $ns pod-security.kubernetes.io/warn=privileged | ||
done | ||
|
||
cilium connectivity test --namespace "${CILIUM_NAMESPACE}" --test-namespace "${TEST_NAMESPACE}" | ||
|
||
trap '{ | ||
kill -9 "${PID}" | ||
for ns in "${NAMESPACES[@]}"; do | ||
kubectl delete ns $ns | ||
done | ||
}' EXIT |