Merge pull request #2382 from mgleung/typha-failsafe

Add typha port to failsafes

config/config_params.go

@@ -230,8 +230,8 @@ type Config struct {
 	PrometheusGoMetricsEnabled      bool   `config:"bool;true"`
 	PrometheusProcessMetricsEnabled bool   `config:"bool;true"`
 
-	FailsafeInboundHostPorts  []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`
-	FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`
+	FailsafeInboundHostPorts  []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`
+	FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`
 
 	KubeNodePortRanges []numorstring.Port `config:"portrange-list;30000:32767"`
 	NATPortRange       numorstring.Port   `config:"portrange;"`

config/config_params_test.go

@@ -372,6 +372,7 @@ var _ = DescribeTable("Config parsing",
 			{Protocol: "tcp", Port: 179},
 			{Protocol: "tcp", Port: 2379},
 			{Protocol: "tcp", Port: 2380},
+			{Protocol: "tcp", Port: 5473},
 			{Protocol: "tcp", Port: 6443},
 			{Protocol: "tcp", Port: 6666},
 			{Protocol: "tcp", Port: 6667},
@@ -385,6 +386,7 @@ var _ = DescribeTable("Config parsing",
 			{Protocol: "tcp", Port: 179},
 			{Protocol: "tcp", Port: 2379},
 			{Protocol: "tcp", Port: 2380},
+			{Protocol: "tcp", Port: 5473},
 			{Protocol: "tcp", Port: 6443},
 			{Protocol: "tcp", Port: 6666},
 			{Protocol: "tcp", Port: 6667},
@@ -402,6 +404,7 @@ var _ = DescribeTable("Config parsing",
 			{Protocol: "tcp", Port: 179},
 			{Protocol: "tcp", Port: 2379},
 			{Protocol: "tcp", Port: 2380},
+			{Protocol: "tcp", Port: 5473},
 			{Protocol: "tcp", Port: 6443},
 			{Protocol: "tcp", Port: 6666},
 			{Protocol: "tcp", Port: 6667},
@@ -414,6 +417,7 @@ var _ = DescribeTable("Config parsing",
 			{Protocol: "tcp", Port: 179},
 			{Protocol: "tcp", Port: 2379},
 			{Protocol: "tcp", Port: 2380},
+			{Protocol: "tcp", Port: 5473},
 			{Protocol: "tcp", Port: 6443},
 			{Protocol: "tcp", Port: 6666},
 			{Protocol: "tcp", Port: 6667},

fv/hostendpoints_test.go

@@ -59,6 +59,7 @@ func describeHostEndpointTests(getInfra infrastructure.InfraFactory, allInterfac
 		infra = getInfra()
 		options := infrastructure.DefaultTopologyOptions()
 		options.IPIPEnabled = false
+		options.WithTypha = true
 		felixes, client = infrastructure.StartNNodeTopology(2, options, infra)
 
 		// Create workloads, using that profile. One on each "host".
@@ -131,6 +132,12 @@ func describeHostEndpointTests(getInfra infrastructure.InfraFactory, allInterfac
 		cc.ExpectSome(felixes[0], ip, 6443)
 		cc.ExpectSome(felixes[1], ip, 6443)
 	}
+	expectConnectivityToTypha := func() {
+		typhaIP1 := connectivity.TargetIP(felixes[0].TyphaIP)
+		typhaIP2 := connectivity.TargetIP(felixes[1].TyphaIP)
+		cc.ExpectSome(felixes[0], typhaIP1, 5473)
+		cc.ExpectSome(felixes[1], typhaIP2, 5473)
+	}
 
 	Context("with no policies and no profiles on the host endpoints", func() {
 		BeforeEach(func() {
@@ -163,6 +170,11 @@ func describeHostEndpointTests(getInfra infrastructure.InfraFactory, allInterfac
 			cc.CheckConnectivity()
 		})
 
+		It("should allow connectivity from nodes to Typha", func() {
+			expectConnectivityToTypha()
+			cc.CheckConnectivity()
+		})
+
 		It("should block all traffic except pod-to-pod and host-to-own-pod traffic", func() {
 			expectDenyHostToHostTraffic()
 			expectDenyHostToOtherPodTraffic()

fv/test-connection/test-connection.go

@@ -321,6 +321,13 @@ func tryConnect(remoteIPAddr, remotePort, sourceIPAddr, sourcePort, protocol str
 		return nil
 	}
 
+	if remotePort == "5473" {
+		// Testing for connectivity to Typha. If we reach here, we're good.
+		// Skip sending and receiving any data.
+		connectivity.Result{}.PrintToStdout()
+		return nil
+	}
+
 	if loopFile != "" {
 		return tc.tryLoopFile(loopFile)
 	}