-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add DNS over TCP tests #2135
base: main
Are you sure you want to change the base?
Add DNS over TCP tests #2135
Conversation
48d7d1f
to
5afb60f
Compare
@jrajahalme there is a legitimate failure in the Go static checks: https://github.com/cilium/cilium-cli/actions/runs/7038093191?pr=2135 |
Add a new test that tests that the DNS over TCP to the external (WORLD) target works through the DNS proxy with a DNS-only policy. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Use the zero value of L4Protocol for NONE, which needed to make DNS requirement protocol specific in a following commit. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Add L4Protocol ANY for "any applicable" protocol and use it for DNS requirement. Replace DNSRequired with DNSProtocol, which can be UDP, TCP, or ANY for either of them. Make Dig+tcp test validate only TCP. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Add command line option '--numeric' to print hubble flows without IP translation. This helps in matching flow requirements to flows when debugging failing flow validation, as the flow requirements are printed (and executed) with IP addresses without translation. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
5afb60f
to
87cd110
Compare
Thanks for noting, fixed. |
@jrajahalme the newly introduced test seems to be failing in the external workloads CI workflow:
|
Enable test flow validation in external workloads test by forwarding the hubble port in external-workloads-install.sh. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Added hubble flow forwarding to external workload install to see what it going on with the test failure. |
@jrajahalme any progress on this? Should we move this PR to draft while you're investigating or just exclude the DNS over TCP tests on external workloads? |
I‘ve moved this to draft for now to avoid this PR from showing up in reviewer‘s queues. Please feel free to move it out of draft once the external workloads failure is resolved. |
Add a new
dns-tcp
test to the suite that tests DNS proxy forwarding over TCP to external address used in the test suite. No payload protocol is used or tested, so this is a bare DNS test.Plenty of other test cases cover DNS proxying for UDP, so this new test is specific to TCP.
Flow validation is extended to work on tests without payload protocol and for DNS validation on a UDP or TCP only, or both.