cilium

main-focus.yaml
306 строк · 17.1 Кб
Перенос по словам
1
# This file contains the list of tests that should be included and excluded.
2
#
3
# To provide a better UX, the 'cliFocus' defined on each element from the
4
#  "include" is expanded to the specific defined 'focus'. This way we can map
5
#  which regex should be used on ginkgo --focus to an element from the "focus"
6
#  list.
7
#
8
# Further down is a list of tests that can be excluded because they are ignored
9
# by our constraints defined in the ginkgo tests. There is a justification, in
10
# form of a comment, explaining why each test is excluded.
11
#
12
# More info: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
13
---
14
focus:
15
- "f01-agent-chaos"
16
- "f02-agent-fqdn"
17
- "f03-agent-policy"
18
- "f04-agent-policy-multi-node-1"
19
- "f05-agent-policy-multi-node-2"
20
- "f06-agent-policy-basic"
21
- "f07-datapath-host"
22
- "f08-datapath-misc-1"
23
- "f09-datapath-misc-2"
24
- "f10-agent-hubble-bandwidth"
25
- "f11-datapath-service-ns-tc"
26
- "f12-datapath-service-ns-misc"
27
- "f13-datapath-service-ns-xdp-1"
28
- "f14-datapath-service-ns-xdp-2"
29
- "f15-datapath-service-ew-1"
30
- "f16-datapath-service-ew-2"
31
- "f17-datapath-service-ew-kube-proxy"
32
- "f18-datapath-bgp-lrp"
33
- "f19-update"
34
- "f20-kafka"
35
include:
36
  ###
37
  # K8sAgentChaosTest Connectivity demo application Endpoint can still connect while Cilium is not running
38
  # K8sAgentChaosTest Restart with long lived connections L3/L4 policies still work while Cilium is restarted
39
  # K8sAgentChaosTest Restart with long lived connections TCP connection is not dropped when cilium restarts
40
  - focus: "f01-agent-chaos"
41
    cliFocus: "K8sAgentChaosTest"
42

43
  ###
44
  # K8sAgentFQDNTest Restart Cilium validate that FQDN is still working
45
  # K8sAgentFQDNTest Validate that FQDN policy continues to work after being updated
46
  # K8sAgentFQDNTest Validate that multiple specs are working correctly
47
  # K8sAgentPerNodeConfigTest Correctly computes config overrides
48
  - focus: "f02-agent-fqdn"
49
    cliFocus: "K8sAgentFQDNTest|K8sAgentPerNodeConfigTest"
50

51
  ###
52
  # K8sAgentPolicyTest Clusterwide policies Test clusterwide connectivity with policies
53
  # K8sAgentPolicyTest External services To Services first endpoint creation
54
  # K8sAgentPolicyTest External services To Services first endpoint creation match service by labels
55
  # K8sAgentPolicyTest External services To Services first policy
56
  # K8sAgentPolicyTest External services To Services first policy, match service by labels
57
  # K8sAgentPolicyTest Namespaces policies Cilium Network policy using namespace label and L7
58
  # K8sAgentPolicyTest Namespaces policies Kubernetes Network Policy by namespace selector
59
  # K8sAgentPolicyTest Namespaces policies Tests the same Policy in different namespaces
60
  - focus: "f03-agent-policy"
61
    cliFocus: "K8sAgentPolicyTest Clusterwide|K8sAgentPolicyTest External|K8sAgentPolicyTest Namespaces"
62

63
  ###
64
  # K8sAgentPolicyTest Multi-node policy test validates fromEntities policies Validates fromEntities all policy
65
  # K8sAgentPolicyTest Multi-node policy test validates fromEntities policies Validates fromEntities cluster policy
66
  # K8sAgentPolicyTest Multi-node policy test validates fromEntities policies with remote-node identity disabled Allows from all hosts with cnp fromEntities host policy
67
  # K8sAgentPolicyTest Multi-node policy test validates fromEntities policies with remote-node identity enabled Validates fromEntities remote-node policy
68
  # K8sAgentPolicyTest Multi-node policy test with L7 policy using connectivity-check to check datapath
69
  - focus: "f04-agent-policy-multi-node-1"
70
    cliFocus: "K8sAgentPolicyTest Multi-node policy test validates fromEntities|K8sAgentPolicyTest Multi-node policy test with"
71

72
  ###
73
  # K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 connectivity is blocked after denying ingress
74
  # K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 connectivity is restored after importing ingress policy
75
  # K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 connectivity works from the outside before any policies
76
  # K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 With host policy Connectivity is restored after importing ingress policy
77
  # K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 With host policy Connectivity to hostns is blocked after denying ingress
78
  - focus: "f05-agent-policy-multi-node-2"
79
    cliFocus: "K8sAgentPolicyTest Multi-node policy test validates ingress"
80

81
  ###
82
  # K8sAgentPolicyTest Basic Test Traffic redirections to proxy Tests DNS proxy visibility without policy
83
  # K8sAgentPolicyTest Basic Test Traffic redirections to proxy Tests HTTP proxy visibility without policy
84
  # K8sAgentPolicyTest Basic Test Traffic redirections to proxy Tests proxy visibility interactions with policy lifecycle operations
85
  # K8sPolicyTestExtended Validate toEntities KubeAPIServer Allows connection to KubeAPIServer
86
  # K8sPolicyTestExtended Validate toEntities KubeAPIServer Denies connection to KubeAPIServer
87
  # K8sPolicyTestExtended Validate toEntities KubeAPIServer Still allows connection to KubeAPIServer with a duplicate policy
88
  - focus: "f06-agent-policy-basic"
89
    cliFocus: "K8sAgentPolicyTest Basic|K8sPolicyTestExtended"
90

91
  ###
92
  # K8sDatapathConfig Host firewall Check connectivity with IPv6 disabled
93
  # K8sDatapathConfig Host firewall With native routing
94
  # K8sDatapathConfig Host firewall With native routing and endpoint routes
95
  # K8sDatapathConfig Host firewall With VXLAN
96
  # K8sDatapathConfig Host firewall With VXLAN and endpoint routes
97
  - focus: "f07-datapath-host"
98
    cliFocus: "K8sDatapathConfig Host"
99

100
  ###
101
  # K8sDatapathConfig Encapsulation Check iptables masquerading with random-fully
102
  # K8sDatapathConfig Etcd Check connectivity
103
  # K8sDatapathConfig MonitorAggregation Checks that monitor aggregation flags send notifications
104
  # K8sDatapathConfig MonitorAggregation Checks that monitor aggregation restricts notifications
105
  - focus: "f08-datapath-misc-1"
106
    cliFocus: "K8sDatapathConfig Encapsulation|K8sDatapathConfig Etcd|K8sDatapathConfig Etcd|K8sDatapathConfig MonitorAggregation"
107

108
  ###
109
  # K8sDatapathConfig WireGuard encryption strict mode Pod-to-pod traffic is encrypted in native routing mode with per-endpoint routes
110
  # K8sDatapathConfig WireGuard encryption strict mode Pod-to-pod traffic is encrypted in native routing mode with per-endpoint routes and overlapping node and pod CIDRs
111
  # K8sDatapathConfig Check BPF masquerading with ip-masq-agent DirectRouting
112
  # K8sDatapathConfig Check BPF masquerading with ip-masq-agent DirectRouting, IPv4 only
113
  # K8sDatapathConfig Check BPF masquerading with ip-masq-agent VXLAN
114
  # K8sDatapathConfig High-scale IPcache Test ingress policy enforcement with GENEVE and endpoint routes
115
  # K8sDatapathConfig High-scale IPcache Test ingress policy enforcement with VXLAN and no endpoint routes
116
  # K8sDatapathConfig Iptables Skip conntrack for pod traffic
117
  # K8sDatapathConfig IPv4Only Check connectivity with IPv6 disabled
118
  # K8sDatapathConfig IPv6 masquerading across K8s nodes, skipped due to native routing CIDR
119
  # K8sDatapathConfig Transparent encryption DirectRouting Check connectivity with transparent encryption and direct routing with bpf_host
120
  - focus: "f09-datapath-misc-2"
121
    cliFocus: "K8sDatapathConfig WireGuard encryption strict mode|K8sDatapathConfig Check|K8sDatapathConfig IPv4Only|K8sDatapathConfig High-scale|K8sDatapathConfig Iptables|K8sDatapathConfig IPv4Only|K8sDatapathConfig IPv6|K8sDatapathConfig Transparent"
122

123
  ###
124
  # K8sAgentHubbleTest Hubble Observe Test FQDN Policy with Relay
125
  # K8sAgentHubbleTest Hubble Observe Test L3/L4 Flow
126
  # K8sAgentHubbleTest Hubble Observe Test L3/L4 Flow with hubble-relay
127
  # K8sAgentHubbleTest Hubble Observe Test L7 Flow
128
  # K8sAgentHubbleTest Hubble Observe Test L7 Flow with hubble-relay
129
  # K8sAgentHubbleTest Hubble Observe Test TLS certificate
130
  # K8sDatapathBandwidthTest Checks Bandwidth Rate-Limiting Checks Pod to Pod bandwidth, direct routing
131
  # K8sDatapathBandwidthTest Checks Bandwidth Rate-Limiting Checks Pod to Pod bandwidth, geneve tunneling
132
  # K8sDatapathBandwidthTest Checks Bandwidth Rate-Limiting Checks Pod to Pod bandwidth, vxlan tunneling
133
  - focus: "f10-agent-hubble-bandwidth"
134
    cliFocus: "K8sAgentHubbleTest|K8sDatapathBandwidthTest"
135

136
  ###
137
  # K8sDatapathServicesTest Checks N/S loadbalancing ClusterIP cannot be accessed externally when access is disabled
138
  # K8sDatapathServicesTest Checks N/S loadbalancing Supports IPv4 fragments
139
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC, direct routing and dsr with geneve
140
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC, direct routing and Hybrid-DSR with Geneve
141
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC, geneve tunnel, and Hybrid-DSR with Geneve
142
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC, direct routing and Hybrid
143
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC, geneve tunnel, dsr and Maglev
144
  - focus: "f11-datapath-service-ns-tc"
145
    cliFocus: "K8sDatapathServicesTest Checks N/S loadbalancing ClusterIP|K8sDatapathServicesTest Checks N/S loadbalancing Supports|K8sDatapathServicesTest Checks N/S loadbalancing Tests with TC"
146

147
  ###
148
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests externalIPs
149
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests GH#10983
150
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests NodePort with sessionAffinity from outside
151
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests security id propagation in N/S LB requests fwd-ed over tunnel
152
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with direct routing and DSR
153
  - focus: "f12-datapath-service-ns-misc"
154
    cliFocus: "K8sDatapathServicesTest Checks N/S loadbalancing Tests externalIPs|K8sDatapathServicesTest Checks N/S loadbalancing Tests GH|K8sDatapathServicesTest Checks N/S loadbalancing Tests NodePort|K8sDatapathServicesTest Checks N/S loadbalancing Tests security|K8sDatapathServicesTest Checks N/S loadbalancing Tests with direct|K8sDatapathServicesTest Checks N/S loadbalancing with"
155

156
  ###
157
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, DSR and Maglev
158
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, DSR and Random
159
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, DSR with Geneve and Maglev
160
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, Hybrid and Maglev
161
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, Hybrid and Random
162
  - focus: "f13-datapath-service-ns-xdp-1"
163
    cliFocus: "K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, DSR|K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, Hybrid"
164

165
  ###
166
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, SNAT and Maglev
167
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, SNAT and Random
168
  # K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, vxlan tunnel, SNAT and Random
169
  # K8sDatapathServicesTest Checks N/S loadbalancing With ClusterIP external access ClusterIP can be accessed when external access is enabled
170
  # K8sDatapathServicesTest Checks N/S loadbalancing With host policy Tests NodePort
171
  - focus: "f14-datapath-service-ns-xdp-2"
172
    cliFocus: "K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, direct routing, SNAT|K8sDatapathServicesTest Checks N/S loadbalancing Tests with XDP, vxlan|K8sDatapathServicesTest Checks N/S loadbalancing With"
173

174
  ###
175
  # K8sDatapathServicesTest Checks device reconfiguration Detects newly added device and reloads datapath
176
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Checks in-cluster KPR Tests HealthCheckNodePort
177
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Checks in-cluster KPR Tests that binding to NodePort port fails
178
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Checks in-cluster KPR with L7 policy Tests NodePort with L7 Policy
179
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Checks service accessing itself (hairpin flow)
180
  - focus: "f15-datapath-service-ew-1"
181
    cliFocus: 'K8sDatapathServicesTest Checks device|K8sDatapathServicesTest Checks E/W loadbalancing \\(ClusterIP, NodePort from inside cluster, etc\\) Checks'
182

183
  ###
184
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) TFTP with DNS Proxy port collision Tests TFTP from DNS Proxy Port
185
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) with L4 policy Tests NodePort with L4 Policy
186
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) with L7 policy Tests NodePort with L7 Policy
187
  - focus: "f16-datapath-service-ew-2"
188
    cliFocus: 'K8sDatapathServicesTest Checks E/W loadbalancing \\(ClusterIP, NodePort from inside cluster, etc\\) TFTP|K8sDatapathServicesTest Checks E/W loadbalancing \\(ClusterIP, NodePort from inside cluster, etc\\) with'
189

190
  ###
191
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Tests NodePort inside cluster (kube-proxy) 
192
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Tests NodePort inside cluster (kube-proxy) with externalTrafficPolicy=Local
193
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Tests NodePort inside cluster (kube-proxy) with IPSec and externalTrafficPolicy=Local
194
  # K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Tests NodePort inside cluster (kube-proxy) with the host firewall and externalTrafficPolicy=Local
195
  - focus: "f17-datapath-service-ew-kube-proxy"
196
    cliFocus: 'K8sDatapathServicesTest Checks E/W loadbalancing \\(ClusterIP, NodePort from inside cluster, etc\\) Tests'
197

198
  ###
199
  # K8sDatapathBGPTests Tests LoadBalancer Connectivity to endpoint via LB
200
  # K8sDatapathLRPTests Checks local redirect policy LRP connectivity
201
  # K8sDatapathLRPTests Checks local redirect policy LRP restores service when removed
202
  - focus: "f18-datapath-bgp-lrp"
203
    cliFocus: "K8sDatapathBGPTests|K8sDatapathLRPTests"
204

205
  ###
206
  # K8sUpdates Tests upgrade and downgrade from a Cilium stable image to master
207
  - focus: "f19-update"
208
    cliFocus: "K8sUpdates"
209

210
  ###
211
  # K8sKafkaPolicyTest Kafka Policy Tests KafkaPolicies
212
  # K8sSpecificMACAddressTests Check whether the pod is created Checks the pod's mac address
213
  - focus: "f20-kafka"
214
    cliFocus: "K8sKafkaPolicyTest|K8sSpecificMACAddressTests"
215

216
exclude:
217
  # The bandwidth test is disabled and hubble tests are not meant
218
  # to run on net-next.
219
  - k8s-version: "1.29"
220
    focus: "f10-agent-hubble-bandwidth"
221

222
  # These tests are meant to run with kube-proxy which is not available
223
  # with net-next
224
  - k8s-version: "1.29"
225
    focus: "f16-datapath-service-ew-2"
226

227
  # These tests are meant to run with kube-proxy which is not available
228
  # with net-next
229
  - k8s-version: "1.29"
230
    focus: "f17-datapath-service-ew-kube-proxy"
231

232
  # These tests require an external node which is only available on 1.28
233
  # / net-next so there's no point on running them
234
  - k8s-version: "1.28"
235
    focus: "f05-agent-policy-multi-node-2"
236

237
  # These tests require kernel net-next so there's no point on running them
238
  - k8s-version: "1.28"
239
    focus: "f11-datapath-service-ns-tc"
240

241
  - k8s-version: "1.28"
242
    focus: "f12-datapath-service-ns-misc"
243

244
  - k8s-version: "1.28"
245
    focus: "f13-datapath-service-ns-xdp-1"
246

247
  - k8s-version: "1.28"
248
    focus: "f14-datapath-service-ns-xdp-2"
249

250
  # These tests require an external node which is only available on 1.28
251
  # / net-next so there's no point on running them
252
  - k8s-version: "1.27"
253
    focus: "f05-agent-policy-multi-node-2"
254

255
  # These tests require kernel net-next so there's no point on running them
256
  - k8s-version: "1.27"
257
    focus: "f11-datapath-service-ns-tc"
258

259
  - k8s-version: "1.27"
260
    focus: "f12-datapath-service-ns-misc"
261

262
  - k8s-version: "1.27"
263
    focus: "f13-datapath-service-ns-xdp-1"
264

265
  - k8s-version: "1.27"
266
    focus: "f14-datapath-service-ns-xdp-2"
267

268
  # These tests require are not intended to run on kernel 5.4, thus we can ignore them
269
  - k8s-version: "1.26"
270
    focus: "f01-agent-chaos"
271

272
  - k8s-version: "1.26"
273
    focus: "f03-agent-policy"
274

275
  - k8s-version: "1.26"
276
    focus: "f04-agent-policy-multi-node-1"
277

278
  - k8s-version: "1.26"
279
    focus: "f05-agent-policy-multi-node-2"
280

281
  - k8s-version: "1.26"
282
    focus: "f11-datapath-service-ns-tc"
283

284
  - k8s-version: "1.26"
285
    focus: "f12-datapath-service-ns-misc"
286

287
  - k8s-version: "1.26"
288
    focus: "f13-datapath-service-ns-xdp-1"
289

290
  - k8s-version: "1.26"
291
    focus: "f14-datapath-service-ns-xdp-2"
292

293
  - k8s-version: "1.26"
294
    focus: "f15-datapath-service-ew-1"
295

296
  - k8s-version: "1.26"
297
    focus: "f16-datapath-service-ew-2"
298

299
  - k8s-version: "1.26"
300
    focus: "f17-datapath-service-ew-kube-proxy"
301

302
  - k8s-version: "1.26"
303
    focus: "f18-datapath-bgp-lrp"
304

305
  - k8s-version: "1.26"
306
    focus: "f20-kafka"
307
cilium

Использование cookies
