Skip to content

[Not for review]Test wireguard compactability with other features #7536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xliuxu wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[Not for review]Test wireguard compactability with other features #7536

xliuxu wants to merge 4 commits into from

Conversation

@xliuxu
Copy link
Contributor

@xliuxu xliuxu commented Nov 5, 2025

No description provided.

@xliuxu xliuxu force-pushed the topic/xliuxu/verify-wg-features branch from d98e410 to b9fe77f Compare November 6, 2025 07:14
@xliuxu
Copy link
Contributor Author

xliuxu commented Nov 6, 2025

/test-all

@xliuxu xliuxu force-pushed the topic/xliuxu/verify-wg-features branch 3 times, most recently from d312db6 to de86f08 Compare November 27, 2025 06:38
@xliuxu xliuxu force-pushed the topic/xliuxu/verify-wg-features branch 5 times, most recently from bf22fec to ae1fa48 Compare December 9, 2025 02:51
@xliuxu
Fix Egress with WireGuard encryption enabled
ff0a28b 
When WireGuard encryption is enabled, Egress traffic from remote Pods
needs tunnel-based forwarding and policy routing rules similar to
hybrid mode. This commit removes the WireGuard exception from tunnel
interface creation and adds the necessary OpenFlow flows and routing
rules to support Egress functionality with WireGuard.

Fixes: antrea-io#6190

Signed-off-by: Xu Liu <xu.liu@broadcom.com>
@xliuxu
Fix Traceflow with WireGuard enabled
f380344 
WireGuard uses direct routing for same-subnet traffic similar to hybrid
mode, but Traceflow was not checking for WireGuard mode when determining
packet actions and forwarding behavior.

This commit adds WireGuard mode checks in the Traceflow packet parsing
and flow generation logic to correctly handle packets when WireGuard
encryption is enabled.

Signed-off-by: xliuxu <xu.liu@broadcom.com>
@xliuxu
Fix testReconcileGatewayRoutesOnStartup with WireGuard
d9d7b2f 
The test was failing when WireGuard encryption is enabled because it
expects gateway routes for encap mode, but WireGuard doesn't require
gateway routes since it handles routing through its own interface.

This commit adds encryption mode detection to the test framework and
updates the test to expect 0 gateway routes when WireGuard is enabled
with encap mode.

Signed-off-by: xliuxu <xu.liu@broadcom.com>
@xliuxu xliuxu force-pushed the topic/xliuxu/verify-wg-features branch from ae1fa48 to 40af84b Compare December 18, 2025 03:04
@jainpulkit22 @xliuxu
Add job to run e2e test with traffic encryption mode as WireGuard
8397ba7 
This commit adds support for running e2e tests with WireGuard encryption
enabled on Kind clusters in GitHub Actions. The changes include:

- Add WireGuard support to test-e2e-kind.sh script with --wireguard flag
- Add GitHub Actions workflow job for WireGuard e2e tests in kind.yml
- Keep generate-manifest.sh changes to support --wireGuard flag

The WireGuard e2e tests will run on Kind clusters in GitHub Actions,
replacing the previous Jenkins-based approach.

Signed-off-by: Pulkit Jain <pulkit.jain@broadcom.com>
@xliuxu xliuxu force-pushed the topic/xliuxu/verify-wg-features branch from 40af84b to 8397ba7 Compare December 18, 2025 03:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xliuxu @jainpulkit22