diff --git a/scripts/install-cni.sh b/scripts/install-cni.sh index bc087feb5..6e88d7bc3 100755 --- a/scripts/install-cni.sh +++ b/scripts/install-cni.sh @@ -107,8 +107,12 @@ if [ "${MIGRATE_TO_DPV2:-}" == "true" ]; then fi if [ "${ENABLE_CILIUM_PLUGIN}" == "true" ]; then - echo "Adding Cilium plug-in to the CNI config." - cni_spec=${cni_spec//@cniCiliumPlugin/, {\"type\": \"cilium-cni\", \"enable-route-mtu\": true\}} + cilium_cni_config='{"type": "cilium-cni", "enable-route-mtu": true}' + if [[ -n "${CILIUM_FAST_START_NAMESPACES:-}" ]]; then + cilium_cni_config=$(jq --arg namespaces "${CILIUM_FAST_START_NAMESPACES:-}" '.["fast-start-namespaces"] = $namespaces' <<<"${cilium_cni_config}") + fi + echo "Adding Cilium plug-in to the CNI config: '$(jq -c . <<<"${cilium_cni_config}")'" + cni_spec=${cni_spec//@cniCiliumPlugin/, ${cilium_cni_config}} else echo "Not using Cilium plug-in." cni_spec=${cni_spec//@cniCiliumPlugin/} diff --git a/scripts/testcase/testcase-cilium-faststart.sh b/scripts/testcase/testcase-cilium-faststart.sh new file mode 100644 index 000000000..2a768b68d --- /dev/null +++ b/scripts/testcase/testcase-cilium-faststart.sh @@ -0,0 +1,69 @@ +export KUBERNETES_SERVICE_HOST=kubernetes.default.svc +export KUBERNETES_SERVICE_PORT=443 + +export ENABLE_CALICO_NETWORK_POLICY=false +export ENABLE_BANDWIDTH_PLUGIN=false +export ENABLE_CILIUM_PLUGIN=true +export CILIUM_HEALTHZ_PORT=63197 +export CILIUM_FAST_START_NAMESPACES=default,kube-system +export ENABLE_MASQUERADE=false +export ENABLE_IPV6=false + +CNI_SPEC_TEMPLATE=$(cat testdata/spec-template.json) +export CNI_SPEC_TEMPLATE + +function before_test() { + + function curl() { + # shellcheck disable=SC2317 + case "$*" in + *http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0*) + echo '{"ipv6s": ["2600:1900:4000:318:0:7:0:0"]}' + ;; + *https://kubernetes.default.svc:443/api/v1/nodes/*) + echo '{ + "metadata": { + "labels": { + }, + "creationTimestamp": "2024-01-03T11:54:01Z", + "name": "gke-my-cluster-default-pool-128bc25d-9c94", + "resourceVersion": "891003", + "uid": "f2353a2f-ca8c-4ca0-8dd3-ad1f964a54f0" + }, + "spec": { + "podCIDR": "10.52.1.0/24", + "podCIDRs": [ + "10.52.1.0/24" + ], + "providerID": "gce://my-gke-project/us-central1-c/gke-my-cluster-default-pool-128bc25d-9c94" + } + }' + ;; + *http://localhost:63197/*) + echo 'healthz' + ;; + *) + #unsupported + exit 1 + esac + } + export -f curl + +} + +function verify() { + local expected + local actual + + expected=$(jq -S . <"testdata/expected-cilium-faststart.json") + actual=$(jq -S . <"/host/etc/cni/net.d/${CNI_SPEC_NAME}") + + if [ "$expected" != "$actual" ] ; then + echo "Expected cni_spec value:" + echo "$expected" + echo "but actual was" + echo "$actual" + return 1 + fi + +} diff --git a/scripts/testcase/testcase-cilium.sh b/scripts/testcase/testcase-cilium.sh new file mode 100644 index 000000000..d97e2c576 --- /dev/null +++ b/scripts/testcase/testcase-cilium.sh @@ -0,0 +1,69 @@ +export KUBERNETES_SERVICE_HOST=kubernetes.default.svc +export KUBERNETES_SERVICE_PORT=443 + +export ENABLE_CALICO_NETWORK_POLICY=false +export ENABLE_BANDWIDTH_PLUGIN=false +export ENABLE_CILIUM_PLUGIN=true +export CILIUM_HEALTHZ_PORT=63197 +export CILIUM_FAST_START_NAMESPACES= +export ENABLE_MASQUERADE=false +export ENABLE_IPV6=false + +CNI_SPEC_TEMPLATE=$(cat testdata/spec-template.json) +export CNI_SPEC_TEMPLATE + +function before_test() { + + function curl() { + # shellcheck disable=SC2317 + case "$*" in + *http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0*) + echo '{"ipv6s": ["2600:1900:4000:318:0:7:0:0"]}' + ;; + *https://kubernetes.default.svc:443/api/v1/nodes/*) + echo '{ + "metadata": { + "labels": { + }, + "creationTimestamp": "2024-01-03T11:54:01Z", + "name": "gke-my-cluster-default-pool-128bc25d-9c94", + "resourceVersion": "891003", + "uid": "f2353a2f-ca8c-4ca0-8dd3-ad1f964a54f0" + }, + "spec": { + "podCIDR": "10.52.1.0/24", + "podCIDRs": [ + "10.52.1.0/24" + ], + "providerID": "gce://my-gke-project/us-central1-c/gke-my-cluster-default-pool-128bc25d-9c94" + } + }' + ;; + *http://localhost:63197/*) + echo 'healthz' + ;; + *) + #unsupported + exit 1 + esac + } + export -f curl + +} + +function verify() { + local expected + local actual + + expected=$(jq -S . <"testdata/expected-cilium.json") + actual=$(jq -S . <"/host/etc/cni/net.d/${CNI_SPEC_NAME}") + + if [ "$expected" != "$actual" ] ; then + echo "Expected cni_spec value:" + echo "$expected" + echo "but actual was" + echo "$actual" + return 1 + fi + +} diff --git a/scripts/testdata/expected-cilium-faststart.json b/scripts/testdata/expected-cilium-faststart.json new file mode 100644 index 000000000..26dac36db --- /dev/null +++ b/scripts/testdata/expected-cilium-faststart.json @@ -0,0 +1,29 @@ +{ + "name": "gke-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "ptp", + "mtu": 1460, + "ipam": { + "type": "host-local", + "ranges": [ + [{"subnet": "10.52.1.0/24"}] + ], + "routes": [ + {"dst": "0.0.0.0/0"} + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + }, { + "type": "cilium-cni", + "enable-route-mtu": true, + "fast-start-namespaces": "default,kube-system" + } + ] +} diff --git a/scripts/testdata/expected-cilium.json b/scripts/testdata/expected-cilium.json new file mode 100644 index 000000000..21640ce5c --- /dev/null +++ b/scripts/testdata/expected-cilium.json @@ -0,0 +1,28 @@ +{ + "name": "gke-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "ptp", + "mtu": 1460, + "ipam": { + "type": "host-local", + "ranges": [ + [{"subnet": "10.52.1.0/24"}] + ], + "routes": [ + {"dst": "0.0.0.0/0"} + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + }, { + "type": "cilium-cni", + "enable-route-mtu": true + } + ] +}