Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CPDEV-95906] IPIP Encapsulation check #568

Merged
merged 38 commits into from
Feb 13, 2024
Merged

[CPDEV-95906] IPIP Encapsulation check #568

merged 38 commits into from
Feb 13, 2024

Conversation

alexarefev
Copy link
Collaborator

@alexarefev alexarefev commented Dec 7, 2023
edited
Loading

Description

  • Calico IPIP traffic encapsulation needs to be covered by check_iaas
  • The check should work on running cluster and clean nodes as well

Solution

  • Add check for IP in IP overlay into check_iaas procedure
  • Create additional code that implements IPIP packet sending and receiving
  • Change CI process to build additional binary
  • Update Installation and Kubecheck guides

Test Cases

TestCase 1
New check is working on clean nodes

Test Configuration:

  • Hardware: 4CPU/8GB
  • OS: Ubuntu 22.04; CentOS 7; RHEL 8; Rocky Linux 8; Oracle Linux 7
  • Inventory: miniHA

Steps:

  1. Create a set of clean nodes
  2. Set plugins.calico.mode=ipip in cluster.yaml
  3. Run check_iaas procedure with --task='network.ipip_connectivity'

Results:

Before After
Not Applicable IP in IP is checked

TestCase 2
Exemptions in network.ipip_connectivity check are working

Test Configuration:

  • Hardware: 4CPU/8GB
  • OS: Ubuntu 22.04
  • Inventory: miniHA

Steps:

  1. Set plugins.calico.install=false in cluster.yaml
  2. Run check_iass procedure with --task='network.ipip_connectivity'
  3. Set plugins.calico.mode=vxlan in cluster.yaml
  4. Run check_iass procedure with --task='network.ipip_connectivity'
  5. Set IPv6 network for services.kubeadm.networking.podSubnet in cluster.yaml
  6. Run check_iass procedure with --task='network.ipip_connectivity'

Results:

Before After
Not Applicable check is skipped due to Calico is not set as CNI
Not Applicable check is skipped due to encapsulation is not set to ipip
Not Applicable check is skipped due to IP in IP encapsulation supports only IPv4 addresses

TestCase 3
The check is working on running cluster

Test Configuration:

  • Hardware: 4CPU/8GB
  • OS: Ubuntu 22.04
  • Inventory: fullHA

Steps:

  1. Run check_iass procedure with --task='network.ipip_connectivity' on running cluster. Calico must be running in ipip mode

Results:

Before After
Not Applicable Success

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • Integration CI passed
  • There is no merge conflicts

@alexarefev alexarefev added improvement New feature or request documentation Improvements or additions to documentation labels Dec 7, 2023
@koryaga koryaga requested review from ilia1243, n549 and Imadzuma December 7, 2023 08:19
@alexarefev alexarefev marked this pull request as ready for review December 11, 2023 13:28
@vlar0816 vlar0816 changed the title Encapsulation check [CPDEV-95906] Encapsulation check Dec 12, 2023
ilia1243
ilia1243 reviewed Dec 14, 2023
View reviewed changes
kubemarine/procedures/check_iaas.py Outdated Show resolved Hide resolved
kubemarine/procedures/check_iaas.py Show resolved Hide resolved
kubemarine/procedures/check_iaas.py Outdated Show resolved Hide resolved
kubemarine/procedures/check_iaas.py Outdated Show resolved Hide resolved
ilia1243
ilia1243 reviewed Jan 9, 2024
View reviewed changes
kubemarine/procedures/check_iaas.py Outdated Show resolved Hide resolved
kubemarine/procedures/check_iaas.py Outdated Show resolved Hide resolved
@alexarefev alexarefev marked this pull request as draft January 9, 2024 15:20
@alexarefev alexarefev changed the title [CPDEV-95906] Encapsulation check [CPDEV-95906] IPIP Encapsulation check Jan 10, 2024
@alexarefev alexarefev marked this pull request as ready for review January 24, 2024 06:48
@koryaga koryaga requested a review from vlar0816 January 25, 2024 08:09
@alexarefev alexarefev marked this pull request as draft January 31, 2024 08:56
theboringstuff
theboringstuff reviewed Feb 2, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
theboringstuff
theboringstuff reviewed Feb 2, 2024
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
Imadzuma
Imadzuma reviewed Feb 2, 2024
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
@alexarefev alexarefev marked this pull request as ready for review February 7, 2024 12:44
@koryaga koryaga requested a review from Imadzuma February 8, 2024 08:04
@koryaga koryaga merged commit 9f9429d into main Feb 13, 2024
41 checks passed
@koryaga koryaga deleted the encapsulation_check branch February 13, 2024 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vlar0816 vlar0816 vlar0816 approved these changes

@ilia1243 ilia1243 ilia1243 approved these changes

@koryaga koryaga koryaga approved these changes

@n549 n549 Awaiting requested review from n549

@igza0216 igza0216 Awaiting requested review from igza0216

@Imadzuma Imadzuma Awaiting requested review from Imadzuma

@theboringstuff theboringstuff Awaiting requested review from theboringstuff

Assignees

@koryaga koryaga

Labels
documentation Improvements or additions to documentation improvement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@alexarefev @koryaga @ilia1243 @Imadzuma @theboringstuff @vlar0816