Skip to content

ci: add cilium ebpf e2e overlay and podsubnet test #4073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Oct 14, 2025
Merged

ci: add cilium ebpf e2e overlay and podsubnet test #4073

merged 24 commits into from
Oct 14, 2025

Conversation

@QxBytes
Copy link
Contributor

@QxBytes QxBytes commented Oct 9, 2025
edited
Loading

Reason for Change:

Adds an E2E stage for overlay and podsubnet cilium ebpf host routing enabled. Deploys relevant components and runs the standard e2e suite (wireserver, cilium connectivity, statefile validation, restarting, async delete). Should use the built versions of iptables monitor (iptables block), ip masq merger, and cns.

Begins reorganizing some of the pipeline steps and makefile targets.
Issue Fixed:

Requirements:

Notes:
green run: https://msazure.visualstudio.com/One/_build/results?buildId=139934789&view=results

QxBytes added 19 commits October 8, 2025 11:55
@QxBytes
add initial ebpf overlay modifications
cf80ca3
@QxBytes
hardcode values for testing
f3ddf71
@QxBytes
add depends to delete
44c8d2b
@QxBytes
make ebpf use cilium v1.17
dd5b366
@QxBytes
hardcode cluster name for testing
5945c63
@QxBytes
export makefile variables
1736935
@QxBytes
add container for cilium command
dd40090
@QxBytes
add default os sku
4b01755 
without the default value for osSKU, it is set to the empty string
which is not "undefined", and so the the makefile's ?= default value is
not used either, leading to the os SKU in the makefile being ""
@QxBytes
move pod cidr to variable
1538097
@QxBytes
add ccnp to deploys to block wireserver
9586542
@QxBytes
amend ccnp to not block imds yet
1962f73
@QxBytes
Revert "hardcode cluster name for testing"
061f39c 
This reverts commit 5945c63.
@QxBytes
Revert "hardcode values for testing"
8f9c28e 
This reverts commit f3ddf71.
@QxBytes
rename targets and files
19fc7ca
@QxBytes
apply crd before custom resource
204ce9a
@QxBytes
test ebpf with test iptables monitor and merger images
3dcd990
@QxBytes
begin templating- previous commit passed
1ee27d5
@QxBytes
remove hubble and nightly copied code
fb8c8cc
@QxBytes
remove unused vars and rename target (noop)
893e2ca
@QxBytes QxBytes self-assigned this Oct 9, 2025
@QxBytes QxBytes added ci Infra or tooling. cilium Related to Cilium. labels Oct 9, 2025
@QxBytes QxBytes marked this pull request as ready for review October 9, 2025 22:39
@QxBytes QxBytes requested a review from a team as a code owner October 9, 2025 22:39
@QxBytes QxBytes requested review from Copilot and thomasricci October 9, 2025 22:39
@QxBytes
Copy link
Contributor Author

QxBytes commented Oct 9, 2025

/azp run Azure Container Networking PR

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 9, 2025

Azure Pipelines successfully started running 1 pipeline(s).

Copilot AI reviewed Oct 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds an E2E test stage for overlay Cilium eBPF host routing to the CI pipeline, along with reorganizing pipeline infrastructure and introducing new Makefile targets for cluster deployment.

  • Adds new eBPF overlay Cilium test configuration with required Kubernetes manifests
  • Introduces pipeline infrastructure for testing overlay Cilium with eBPF dataplane
  • Refactors Makefile structure to support eBPF deployment patterns

Reviewed Changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
test/validate/linux_validate.go Adds container name specification for cilium agent validation
test/integration/manifests/cilium/v1.17/ebpf/overlay/static/* New static configuration files for eBPF overlay Cilium deployment
test/integration/manifests/cilium/v1.17/ebpf/overlay/cilium.yaml Main Cilium DaemonSet configuration with eBPF and overlay networking
test/integration/manifests/cilium/v1.17/ebpf/common/* Common eBPF configuration files including RBAC and network policies
hack/aks/deploy.mk New Makefile with deployment targets for eBPF Cilium configurations
hack/aks/Makefile Updated with eBPF cluster creation and common deployment infrastructure
.pipelines/templates/* New pipeline templates for environment setup and cluster creation
.pipelines/singletenancy/cilium-overlay-ebpf/* Complete pipeline configuration for eBPF overlay testing
.pipelines/pipeline.yaml Integration of new eBPF test stage into main pipeline

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@tamilmani1989
Copy link
Member

tamilmani1989 commented Oct 9, 2025

can we add e2e for pod subnet too?

@QxBytes QxBytes force-pushed the alew/ebpf-e2e-test branch from d9e5fd5 to 1b3164c Compare October 10, 2025 00:16
@QxBytes QxBytes force-pushed the alew/ebpf-e2e-test branch from 1b3164c to 8211742 Compare October 10, 2025 00:20
@QxBytes
reuse existing template
bb9e6a6 
the only difference between the two is overlay has check that deletes the cilium test namespace
and validates the state-- otherwise the cilium tests template is identical

previous commit passed
@QxBytes
increase timeout to 20 minutes
e75a316
@QxBytes QxBytes changed the title ci: add cilium ebpf e2e overlay test ci: add cilium ebpf e2e overlay and podsubnet test Oct 10, 2025
@QxBytes QxBytes force-pushed the alew/ebpf-e2e-test branch from 10091a0 to f1f9e5a Compare October 10, 2025 22:59
@QxBytes QxBytes force-pushed the alew/ebpf-e2e-test branch from f1f9e5a to 0926778 Compare October 10, 2025 23:26
santhoshmprabhu

This comment was marked as outdated.

Sign in to view

santhoshmprabhu
santhoshmprabhu approved these changes Oct 13, 2025
View reviewed changes
Copy link
Contributor

@santhoshmprabhu santhoshmprabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked with Alexander about a couple of concerns, we'll have a follow up PR for 1 more test case.

@QxBytes
Copy link
Contributor Author

QxBytes commented Oct 13, 2025

/azp run Azure Container Networking PR

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 13, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@QxBytes QxBytes added this pull request to the merge queue Oct 13, 2025
Merged via the queue into master with commit 73f6733 Oct 14, 2025
107 of 115 checks passed
@QxBytes QxBytes deleted the alew/ebpf-e2e-test branch October 14, 2025 03:33
sivakami-projects pushed a commit that referenced this pull request Oct 23, 2025
@QxBytes
ci: add cilium ebpf e2e overlay and podsubnet test (#4073)
cb65c53 
* add initial ebpf overlay modifications

* hardcode values for testing

* add depends to delete

* make ebpf use cilium v1.17

* hardcode cluster name for testing

* export makefile variables

* add container for cilium command

* add default os sku

without the default value for osSKU, it is set to the empty string
which is not "undefined", and so the the makefile's ?= default value is
not used either, leading to the os SKU in the makefile being ""

* move pod cidr to variable

* add ccnp to deploys to block wireserver

* amend ccnp to not block imds yet

* Revert "hardcode cluster name for testing"

This reverts commit 5945c63.

* Revert "hardcode values for testing"

This reverts commit f3ddf71.

* rename targets and files

* apply crd before custom resource

* test ebpf with test iptables monitor and merger images

* begin templating- previous commit passed

* remove hubble and nightly copied code

* remove unused vars and rename target (noop)

* test ebpf podsubnet

* reuse existing template

the only difference between the two is overlay has check that deletes the cilium test namespace
and validates the state-- otherwise the cilium tests template is identical

previous commit passed

* increase timeout to 20 minutes

* swap podsubnet to ubuntu 24

* register ubuntu 2404 preview feature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tamilmani1989 tamilmani1989 tamilmani1989 approved these changes

@santhoshmprabhu santhoshmprabhu santhoshmprabhu approved these changes

@thomasricci thomasricci Awaiting requested review from thomasricci thomasricci is a code owner automatically assigned from Azure/azure-sdn-members

Assignees

@QxBytes QxBytes

Labels

ci Infra or tooling. cilium Related to Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@QxBytes @tamilmani1989 @santhoshmprabhu