check: allow to configure pod selector in WithCiliumEgressPolicy()

add a new PodSelectorKind parameter to CiliumEgressGatewayPolicyParams, which allows to select the pod matching the "kind" label Signed-off-by: Gilberto Bertin <[email protected]>
cilium · Jan 4, 2024 · 0a85f6c · 0a85f6c
1 parent 6f14fac
commit 0a85f6c
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 43 deletions.
diff --git a/connectivity/check/test.go b/connectivity/check/test.go
@@ -470,6 +470,12 @@ const (
 // CiliumEgressGatewayPolicyParams is used to configure how a CiliumEgressGatewayPolicy template should be configured
 // before being applied.
 type CiliumEgressGatewayPolicyParams struct {
+	// Name controls the name of the policy
+	Name string
+
+	// PodSelectorKind is used to select the client pods. The parameter is used to select pods with a matching "kind" label
+	PodSelectorKind string
+
 	// ExcludedCIDRs controls how the ExcludedCIDRs property should be configured
 	ExcludedCIDRs ExcludedCIDRsKind
 }
@@ -500,6 +506,12 @@ func (t *Test) WithCiliumEgressGatewayPolicy(policy string, params CiliumEgressG
 			}
 		}
 
+		// Set the policy name
+		pl[i].Name = params.Name
+
+		// Set the pod selector
+		pl[i].Spec.Selectors[0].PodSelector.MatchLabels["kind"] = params.PodSelectorKind
+
 		// Set the egress gateway node
 		egressGatewayNode := t.EgressGatewayNode()
 		if egressGatewayNode == "" {

diff --git a/connectivity/manifests/egress-gateway-policy-excluded-cidrs.yaml b/connectivity/manifests/egress-gateway-policy-excluded-cidrs.yaml
diff --git a/connectivity/manifests/egress-gateway-policy.yaml b/connectivity/manifests/egress-gateway-policy.yaml
@@ -1,31 +1,16 @@
 apiVersion: cilium.io/v2
 kind: CiliumEgressGatewayPolicy
 metadata:
-  name: cegp-sample
+  name: # set by the check package in WithCiliumEgressGatewayPolicy()
 spec:
   selectors:
   - podSelector:
       matchLabels:
         io.kubernetes.pod.namespace: cilium-test
-        kind: client
-  destinationCIDRs:
-  - 0.0.0.0/0
-  egressGateway:
-    nodeSelector:
-      matchLabels:
-        kubernetes.io/hostname: NODE_NAME_PLACEHOLDER
----
-apiVersion: cilium.io/v2
-kind: CiliumEgressGatewayPolicy
-metadata:
-  name: cegp-sample-echo-service
-spec:
-  selectors:
-  - podSelector:
-      matchLabels:
-        kind: echo
+        kind: # set by the check package in WithCiliumEgressGatewayPolicy()
   destinationCIDRs:
   - 0.0.0.0/0
+  excludedCIDRs: # set by the check package in WithCiliumEgressGatewayPolicy()
   egressGateway:
     nodeSelector:
       matchLabels:

diff --git a/connectivity/suite.go b/connectivity/suite.go
@@ -188,9 +188,6 @@ var (
 
 	//go:embed manifests/egress-gateway-policy.yaml
 	egressGatewayPolicyYAML string
-
-	//go:embed manifests/egress-gateway-policy-excluded-cidrs.yaml
-	egressGatewayPolicyExcludedCIDRsYAML string
 )
 
 var (
@@ -199,7 +196,8 @@ var (
 )
 
 func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*check.ConnectivityTest) error,
-	addExtraSetup func(context.Context, *check.ConnectivityTest) error) error {
+	addExtraSetup func(context.Context, *check.ConnectivityTest) error,
+) error {
 	if err := ct.SetupAndValidate(ctx, addExtraSetup); err != nil {
 		return err
 	}
@@ -796,7 +794,14 @@ func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*ch
 
 	if ct.Params().IncludeUnsafeTests {
 		ct.NewTest("egress-gateway").
-			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{}).
+			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+				Name:            "cegp-sample-client",
+				PodSelectorKind: "client",
+			}).
+			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+				Name:            "cegp-sample-echo",
+				PodSelectorKind: "echo",
+			}).
 			WithIPRoutesFromOutsideToPodCIDRs().
 			WithFeatureRequirements(features.RequireEnabled(features.EgressGateway),
 				features.RequireEnabled(features.NodeWithoutCilium)).
@@ -807,8 +812,11 @@ func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*ch
 
 	if versioncheck.MustCompile(">=1.14.0")(ct.CiliumVersion) {
 		ct.NewTest("egress-gateway-excluded-cidrs").
-			WithCiliumEgressGatewayPolicy(egressGatewayPolicyExcludedCIDRsYAML,
-				check.CiliumEgressGatewayPolicyParams{ExcludedCIDRs: check.ExternalNodeExcludedCIDRs}).
+			WithCiliumEgressGatewayPolicy(egressGatewayPolicyYAML, check.CiliumEgressGatewayPolicyParams{
+				Name:            "cegp-sample-client",
+				PodSelectorKind: "client",
+				ExcludedCIDRs:   check.ExternalNodeExcludedCIDRs,
+			}).
 			WithFeatureRequirements(features.RequireEnabled(features.EgressGateway),
 				features.RequireEnabled(features.NodeWithoutCilium)).
 			WithScenarios(
@@ -897,7 +905,7 @@ func Run(ctx context.Context, ct *check.ConnectivityTest, addExtraTests func(*ch
 		WithExpectations(func(a *check.Action) (egress, ingress check.Result) {
 			if a.Source().HasLabel("other", "client") && // Only client2 is allowed to make HTTP calls.
 				(a.Destination().Port() == 8080) { // port 8080 is traffic to echo Pod.
-				if a.Destination().HasLabel("other", "echo") { //we are POSTing only other echo
+				if a.Destination().HasLabel("other", "echo") { // we are POSTing only other echo
 					egress = check.ResultOK
 
 					egress.HTTP = check.HTTP{