From 4f5df9c47719c587cde9926f620e44ea697ae958 Mon Sep 17 00:00:00 2001 From: Dmitry Sharshakov Date: Wed, 15 Jan 2025 14:26:39 +0100 Subject: [PATCH] test kubespan creating/removing sysctl --- .../pkg/controllers/kubespan/manager.go | 6 +++++- .../pkg/controllers/kubespan/manager_test.go | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/internal/app/machined/pkg/controllers/kubespan/manager.go b/internal/app/machined/pkg/controllers/kubespan/manager.go index 45b821e913..1d5e72fe77 100644 --- a/internal/app/machined/pkg/controllers/kubespan/manager.go +++ b/internal/app/machined/pkg/controllers/kubespan/manager.go @@ -574,7 +574,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo } if err = safe.WriterModify(ctx, r, runtime.NewKernelParamSpec( - runtime.NamespaceName, + kubespan.NamespaceName, kernel.Sysctl+".net.ipv4.conf."+constants.KubeSpanLinkName+".src_valid_mark", ), func(res *runtime.KernelParamSpec) error { res.TypedSpec().Value = "1" @@ -621,6 +621,10 @@ func (ctrl *ManagerController) cleanup(ctx context.Context, r controller.Runtime namespace: kubespan.NamespaceName, typ: kubespan.PeerStatusType, }, + { + namespace: kubespan.NamespaceName, + typ: runtime.KernelParamSpecType, + }, } { // list keys for cleanup list, err := r.List(ctx, resource.NewMetadata(item.namespace, item.typ, "", resource.VersionUndefined)) diff --git a/internal/app/machined/pkg/controllers/kubespan/manager_test.go b/internal/app/machined/pkg/controllers/kubespan/manager_test.go index 819171164e..269c66932c 100644 --- a/internal/app/machined/pkg/controllers/kubespan/manager_test.go +++ b/internal/app/machined/pkg/controllers/kubespan/manager_test.go @@ -25,6 +25,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/resources/config" "github.com/siderolabs/talos/pkg/machinery/resources/kubespan" "github.com/siderolabs/talos/pkg/machinery/resources/network" + "github.com/siderolabs/talos/pkg/machinery/resources/runtime" ) type ManagerSuite struct { @@ -40,6 +41,10 @@ func (suite *ManagerSuite) TestDisabled() { suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg)) ctest.AssertNoResource[*network.NfTablesChain](suite, "kubespan_outgoing") + ctest.AssertNoResource[*runtime.KernelParamSpec]( + suite, + "proc.sys.net.ipv4.conf.kubespan.src_valid_mark", + ) } type mockWireguardClient struct { @@ -373,6 +378,14 @@ func (suite *ManagerSuite) TestReconcile() { }, ) + ctest.AssertResource( + suite, + "proc.sys.net.ipv4.conf.kubespan.src_valid_mark", + func(res *runtime.KernelParamSpec, asrt *assert.Assertions) { + asrt.Equal(res.TypedSpec().Value, "1") + }, + ) + // update config and disable wireguard, everything should be cleaned up cfg.TypedSpec().Enabled = false suite.Require().NoError(suite.State().Update(suite.Ctx(), cfg)) @@ -386,6 +399,10 @@ func (suite *ManagerSuite) TestReconcile() { suite, "kubespan_prerouting", ) + ctest.AssertNoResource[*runtime.KernelParamSpec]( + suite, + "proc.sys.net.ipv4.conf.kubespan.src_valid_mark", + ) } func asUDP(addr netip.AddrPort) *net.UDPAddr {