Enhance e2e tests for WireGuard (#3668)

Make sure route to Pod and gateway on peer Node target WireGuard device. Fixes #3517 Signed-off-by: Kumar Atish <[email protected]>
antrea-io · Jul 7, 2022 · 15cb018 · 15cb018
1 parent 49028e1
commit 15cb018
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/test/e2e/wireguard_test.go b/test/e2e/wireguard_test.go
@@ -20,6 +20,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 
@@ -102,6 +103,63 @@ func testPodConnectivity(t *testing.T, data *TestData) {
 	defer deletePods()
 	numPods := 2
 	data.runPingMesh(t, podInfos[:numPods], agnhostContainerName)
+
+	// Make sure that route to Pod on peer Node and route to peer gateway is targeting the WireGuard device.
+	srcPod, err := data.getAntreaPodOnNode(nodeName(0))
+	require.NoError(t, err)
+	var srcIP, peerGatewayIP, peerPodIP string
+	ipv4, ipv6 := nodeGatewayIPs(0)
+	if ipv4 != "" {
+		srcIP = ipv4
+	} else {
+		srcIP = ipv6
+	}
+	ipv4, ipv6 = nodeGatewayIPs(1)
+	if ipv4 != "" {
+		peerGatewayIP = ipv4
+	} else {
+		peerGatewayIP = ipv6
+	}
+	podIPs := waitForPodIPs(t, data, podInfos)
+	for _, pi := range podInfos {
+		if pi.os == "linux" && pi.nodeName != nodeName(0) {
+			if podIPs[pi.name].ipv4 != nil {
+				peerPodIP = podIPs[pi.name].ipv4.String()
+			} else {
+				peerPodIP = podIPs[pi.name].ipv6.String()
+			}
+			break
+		}
+	}
+
+	tests := []struct {
+		name               string
+		dstIP              string
+		expectedDeviceName string
+		expectedSrcIP      string
+	}{
+		{
+			name:               "routeToPodOnPeerNode",
+			dstIP:              peerPodIP,
+			expectedDeviceName: "antrea-wg0",
+			expectedSrcIP:      srcIP,
+		},
+		{
+			name:               "routeToPeerGateway",
+			dstIP:              peerGatewayIP,
+			expectedDeviceName: "antrea-wg0",
+			expectedSrcIP:      srcIP,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := []string{"ip", "route", "get", tt.dstIP}
+			stdout, _, err := data.RunCommandFromPod(antreaNamespace, srcPod, agentContainerName, cmd)
+			require.NoError(t, err)
+			assert.Contains(t, stdout, tt.expectedDeviceName)
+			assert.Contains(t, stdout, tt.expectedSrcIP)
+		})
+	}
 }
 
 // testServiceConnectivity verifies host-to-service can be transferred through the encrypted tunnel correctly.