This directory demonstrates how to use Cilium as a CNI in coordination with the test framework on Kind.
- Create the cluster with
disableDefaultCNI
parameter. To do soCreateClusterWithConfig
is invoked with custom configuration provided inkind-config.yaml
. - Create a namespace for workloads.
- Install Cilium as a Helm chart. First add necessary chart repository and later install the chart in
kube-system
namespace. - The cluster without CNI is non-functional as nodes status is set to
NotReady
, so that the setup is waiting for Cilium deamonset to properly configure network interface and mark nodes asReady
, so the tests may proceed. - At the end all components are being deleted.
- Upload basic Cilium configuration from
templates
folder to: a. setCiliumClusterwideNetworkPolicy
s to allow connections within a cluster tokube-dns
and fromkube-dns
toapi-server
and externally. It means that ingress and egress is denied and to enable any other traffic it is required to explicitly declare it (allowlist). (templates/allow-dns.yaml
) b. allow egress traffic toapi.github.com
on443
port incilium-test
namespace for any nginx pod. (templates/allow-github.yaml
) - Create nginx deployment in the specified namespace.
- Ensure that nginx pod can connect to
api.github.com
. - Ensure that nginx pod can't connect to
www.wikipedia.org
.
go test -c -o cilium.test . && ./cilium.test --v 4