fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (#6374)

fix(kuma-cni): IPV6 iptables with provided gateway and CNI V2 Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com> (cherry picked from commit 08a5f9b) # Conflicts: # test/e2e_env/multizone/multizone_suite_test.go
kumahq · Mar 29, 2023 · acee4c4 · acee4c4
1 parent 8731b94
commit acee4c4
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 10 deletions.
diff --git a/app/cni/pkg/cni/injector_linux.go b/app/cni/pkg/cni/injector_linux.go
@@ -96,23 +96,22 @@ func mapToConfig(intermediateConfig *IntermediateConfig, logWriter *bufio.Writer
 	if err != nil {
 		return nil, err
 	}
+	inboundPortV6, err := convertToUint16("inbound port ipv6", intermediateConfig.inboundPortV6)
+	if err != nil {
+		return nil, err
+	}
+	enableIpV6, err := transparentproxy.ShouldEnableIPv6(inboundPortV6)
+	if err != nil {
+		return nil, err
+	}
+	cfg.IPv6 = enableIpV6
 	redirectInbound := !isGateway
 	if redirectInbound {
 		inboundPort, err := convertToUint16("inbound port", intermediateConfig.inboundPort)
 		if err != nil {
 			return nil, err
 		}
 
-		inboundPortV6, err := convertToUint16("inbound port ipv6", intermediateConfig.inboundPortV6)
-		if err != nil {
-			return nil, err
-		}
-		enableIpV6, err := transparentproxy.ShouldEnableIPv6(inboundPortV6)
-		if err != nil {
-			return nil, err
-		}
-		cfg.IPv6 = enableIpV6
-
 		excludedPorts, err := convertCommaSeparatedString(intermediateConfig.excludeInboundPorts)
 		if err != nil {
 			return nil, err

diff --git a/test/e2e_env/multizone/connectivity/cni_v2_ipv6_gateway.go b/test/e2e_env/multizone/connectivity/cni_v2_ipv6_gateway.go
@@ -0,0 +1,55 @@
+package connectivity
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata"
+	. "github.com/kumahq/kuma/test/framework"
+	"github.com/kumahq/kuma/test/framework/client"
+	"github.com/kumahq/kuma/test/framework/deployments/democlient"
+	"github.com/kumahq/kuma/test/framework/deployments/testserver"
+	"github.com/kumahq/kuma/test/framework/envs/multizone"
+)
+
+func GatewayIPV6CNIV2() {
+	namespace := "gw-ipv6-cniv2"
+	meshName := "gw-ipv6-cniv2"
+
+	BeforeAll(func() {
+		Expect(multizone.Global.Install(MTLSMeshUniversal(meshName))).To(Succeed())
+		Expect(WaitForMesh(meshName, multizone.Zones())).To(Succeed())
+
+		err := NewClusterSetup().
+			Install(NamespaceWithSidecarInjection(namespace)).
+			Install(democlient.Install(
+				democlient.WithNamespace(namespace),
+				democlient.WithMesh(meshName),
+				democlient.WithPodAnnotations(map[string]string{
+					metadata.KumaGatewayAnnotation: "enabled",
+				}),
+			)).
+			Install(testserver.Install(
+				testserver.WithNamespace(namespace),
+				testserver.WithMesh(meshName),
+				testserver.WithEchoArgs("echo", "--instance", "kube-test-server"),
+			)).
+			Setup(multizone.KubeZone2)
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	E2EAfterAll(func() {
+		Expect(multizone.KubeZone2.TriggerDeleteNamespace(namespace)).To(Succeed())
+		Expect(multizone.Global.DeleteMesh(meshName)).To(Succeed())
+	})
+
+	It("client should communicate with server", func() {
+		Eventually(func(g Gomega) {
+			response, err := client.CollectEchoResponse(multizone.KubeZone2, "demo-client", "http://test-server_gw-ipv6-cniv2_svc_80.mesh",
+				client.FromKubernetesPod(meshName, "demo-client"),
+			)
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(response.Instance).To(Equal("kube-test-server"))
+		}, "30s", "1s").Should(Succeed())
+	})
+}
diff --git a/test/e2e_env/multizone/multizone_suite_test.go b/test/e2e_env/multizone/multizone_suite_test.go
@@ -34,6 +34,7 @@ type State struct {
 	KubeZone2 K8sNetworkingState
 }
 
+<<<<<<< HEAD
 var _ = SynchronizedBeforeSuite(
 	func() []byte {
 		env.Global = NewUniversalCluster(NewTestingT(), Kuma3, Silent)
@@ -221,6 +222,29 @@ var _ = SynchronizedBeforeSuite(
 		Expect(env.UniZone2.AddNetworking(state.UniZone2.ZoneEgress, Config.ZoneEgressApp)).To(Succeed())
 		Expect(env.UniZone2.AddNetworking(state.UniZone2.ZoneIngress, Config.ZoneIngressApp)).To(Succeed())
 	},
+=======
+var (
+	_ = Describe("Gateway", gateway.GatewayHybrid, Ordered)
+	_ = Describe("Cross-mesh Gateways", gateway.CrossMeshGatewayOnMultizone, Ordered)
+	_ = Describe("External Service locality aware", localityawarelb.ExternalServicesWithLocalityAwareLb, Ordered)
+	_ = Describe("Healthcheck", healthcheck.ApplicationOnUniversalClientOnK8s, Ordered)
+	_ = Describe("Inspect", inspect.Inspect, Ordered)
+	_ = Describe("TrafficPermission", trafficpermission.TrafficPermission, Ordered)
+	_ = Describe("TrafficRoute", trafficroute.TrafficRoute, Ordered)
+	_ = Describe("MeshHTTPRoute", meshhttproute.Test, Ordered)
+	_ = Describe("InboundPassthrough", inbound_communication.InboundPassthrough, Ordered)
+	_ = Describe("InboundPassthroughDisabled", inbound_communication.InboundPassthroughDisabled, Ordered)
+	_ = Describe("ZoneEgress Internal Services", zoneegress.InternalServices, Ordered)
+	_ = Describe("Connectivity", connectivity.Connectivity, Ordered)
+	_ = Describe("Connectivity Gateway IPV6 CNI V2", connectivity.GatewayIPV6CNIV2, Ordered)
+	_ = Describe("Sync", multizone_sync.Sync, Ordered)
+	_ = Describe("MeshTrafficPermission", meshtrafficpermission.MeshTrafficPermission, Ordered)
+	_ = Describe("Zone Disable", zonedisable.ZoneDisable, Ordered)
+	_ = Describe("External Services", externalservices.ExternalServicesOnMultizoneUniversal, Ordered)
+	_ = Describe("Ownership", ownership.MultizoneUniversal, Ordered)
+	_ = Describe("Resilience", resilience.ResilienceMultizoneUniversal, Ordered)
+	_ = Describe("Resilience Postgres", resilience.ResilienceMultizoneUniversalPostgres, Ordered)
+>>>>>>> 08a5f9ba6 (fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (#6374))
 )
 
 var _ = Describe("Gateway", gateway.GatewayHybrid, Ordered)