Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 17ad63fa0b09d3dfe461ac237cd5db5eaeefc2ed^! / . / metropolis / node / kubernetes / networkpolicy / BUILD.bazel
commit17ad63fa0b09d3dfe461ac237cd5db5eaeefc2ed[log] [tgz]
authorJan Schär <jan@monogon.tech>Thu Feb 27 14:43:56 2025 +0100
committerJan Schär <jan@monogon.tech>Thu Feb 27 17:33:51 2025 +0000
treeaa133f4b89c91044047c902dad5b752696098b14
parent12e4b549f88c91e5eccb2abe1631793c879a66c6 [diff] [blame]
m/n/kubernetes/networkpolicy: add Cyclonus test suite

This adds a test for the network policy controller, based on the
Cyclonus test suite. Running Cyclonus on a real cluster takes multiple
hours, as there are over 200 test cases, each of which takes around 1
minute. The test implemented here uses a fake Kubernetes API and pods,
which allows running all tests in around 15 seconds.

IPv6 is partially implemented but disabled. The tests pass, but each
test takes around 2 seconds, because some ICMPv6 replies for blocked TCP
connections seem to get lost somewhere and are only processed when the
TCP SYN is resent one second later.

Change-Id: Id77f2dd4d884b6d156e238e07e88c222e3bbe9a2
Reviewed-on: https://review.monogon.dev/c/monogon/+/3905
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

diff --git a/metropolis/node/kubernetes/networkpolicy/BUILD.bazel b/metropolis/node/kubernetes/networkpolicy/BUILD.bazel
index d3d3b76..287427e 100644
--- a/metropolis/node/kubernetes/networkpolicy/BUILD.bazel
+++ b/metropolis/node/kubernetes/networkpolicy/BUILD.bazel

@@ -1,4 +1,5 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+load("//osbase/test/ktest:ktest.bzl", "k_test")
 
 go_library(
     name = "networkpolicy",
@@ -21,3 +22,28 @@
         "@org_dolansoft_git_dolansoft_k8s_nft_npc//nftctrl",
     ],
 )
+
+go_test(
+    name = "networkpolicy_test",
+    srcs = ["networkpolicy_test.go"],
+    deps = [
+        "@com_github_mattfenwick_cyclonus//pkg/connectivity",
+        "@com_github_mattfenwick_cyclonus//pkg/connectivity/probe",
+        "@com_github_mattfenwick_cyclonus//pkg/generator",
+        "@com_github_mattfenwick_cyclonus//pkg/kube",
+        "@com_github_mattfenwick_cyclonus//pkg/matcher",
+        "@com_github_vishvananda_netlink//:netlink",
+        "@io_k8s_api//core/v1:core",
+        "@io_k8s_api//networking/v1:networking",
+        "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
+        "@io_k8s_apimachinery//pkg/runtime",
+        "@io_k8s_client_go//tools/cache",
+        "@org_dolansoft_git_dolansoft_k8s_nft_npc//nftctrl",
+        "@org_golang_x_sys//unix",
+    ],
+)
+
+k_test(
+    name = "ktest",
+    tester = ":networkpolicy_test",
+)