test kubespan creating/removing sysctl

siderolabs · Jan 15, 2025 · 4f5df9c · 4f5df9c
1 parent 2a47c33
commit 4f5df9c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/internal/app/machined/pkg/controllers/kubespan/manager.go b/internal/app/machined/pkg/controllers/kubespan/manager.go
@@ -574,7 +574,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
 		}
 
 		if err = safe.WriterModify(ctx, r, runtime.NewKernelParamSpec(
-			runtime.NamespaceName,
+			kubespan.NamespaceName,
 			kernel.Sysctl+".net.ipv4.conf."+constants.KubeSpanLinkName+".src_valid_mark",
 		), func(res *runtime.KernelParamSpec) error {
 			res.TypedSpec().Value = "1"
@@ -621,6 +621,10 @@ func (ctrl *ManagerController) cleanup(ctx context.Context, r controller.Runtime
 			namespace: kubespan.NamespaceName,
 			typ:       kubespan.PeerStatusType,
 		},
+		{
+			namespace: kubespan.NamespaceName,
+			typ:       runtime.KernelParamSpecType,
+		},
 	} {
 		// list keys for cleanup
 		list, err := r.List(ctx, resource.NewMetadata(item.namespace, item.typ, "", resource.VersionUndefined))

diff --git a/internal/app/machined/pkg/controllers/kubespan/manager_test.go b/internal/app/machined/pkg/controllers/kubespan/manager_test.go
@@ -25,6 +25,7 @@ import (
 	"github.com/siderolabs/talos/pkg/machinery/resources/config"
 	"github.com/siderolabs/talos/pkg/machinery/resources/kubespan"
 	"github.com/siderolabs/talos/pkg/machinery/resources/network"
+	"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
 )
 
 type ManagerSuite struct {
@@ -40,6 +41,10 @@ func (suite *ManagerSuite) TestDisabled() {
 	suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg))
 
 	ctest.AssertNoResource[*network.NfTablesChain](suite, "kubespan_outgoing")
+	ctest.AssertNoResource[*runtime.KernelParamSpec](
+		suite,
+		"proc.sys.net.ipv4.conf.kubespan.src_valid_mark",
+	)
 }
 
 type mockWireguardClient struct {
@@ -373,6 +378,14 @@ func (suite *ManagerSuite) TestReconcile() {
 		},
 	)
 
+	ctest.AssertResource(
+		suite,
+		"proc.sys.net.ipv4.conf.kubespan.src_valid_mark",
+		func(res *runtime.KernelParamSpec, asrt *assert.Assertions) {
+			asrt.Equal(res.TypedSpec().Value, "1")
+		},
+	)
+
 	// update config and disable wireguard, everything should be cleaned up
 	cfg.TypedSpec().Enabled = false
 	suite.Require().NoError(suite.State().Update(suite.Ctx(), cfg))
@@ -386,6 +399,10 @@ func (suite *ManagerSuite) TestReconcile() {
 		suite,
 		"kubespan_prerouting",
 	)
+	ctest.AssertNoResource[*runtime.KernelParamSpec](
+		suite,
+		"proc.sys.net.ipv4.conf.kubespan.src_valid_mark",
+	)
 }
 
 func asUDP(addr netip.AddrPort) *net.UDPAddr {