According to the latest U/S meeting we could merge this, although it requires resolving conflicts.

Done!

According to the latest U/S meeting we could merge this, although it requires resolving conflicts.

^ any thoughts on this? , seems ok (passing the E2E tests)

I want to confirm with first I will merge your E2E first, and then we can rebase this one on top, I guess they will have some conflicts.

This PR improves many aspects of the build. Works great. Should be merged before e2e stuff and we will sync accordingly.

Running Suite: Submariner E2E suite

Random Seed: 1560186127 - Will randomize all specs Will run 3 of 3 specs

[example] Basic example to demonstrate how to write tests using the framework Should be able to create a pod using the provided client /go/src/github.com/rancher/submariner/test/e2e/example/example.go:25 STEP: Creating kubernetes clients STEP: Building namespace api objects, basename basic-example STEP: Creating a namespace e2e-tests-basic-example-77xfv to execute the test in STEP: Creating a bunch of pods STEP: Waiting for the example-pod(s) to be scheduled and running STEP: Collecting pod ClusterIPs just for fun Jun 10 17:02:17.621: INFO: Detected pod with IP: 10.245.1.3 Jun 10 17:02:17.621: INFO: Detected pod with IP: 10.245.1.4 Jun 10 17:02:17.621: INFO: Detected pod with IP: 10.245.2.3 STEP: Creating a bunch of pods STEP: Waiting for the example-pod(s) to be scheduled and running STEP: Collecting pod ClusterIPs just for fun Jun 10 17:02:27.680: INFO: Detected pod with IP: 10.246.1.4 Jun 10 17:02:27.681: INFO: Detected pod with IP: 10.246.2.4 Jun 10 17:02:27.681: INFO: Detected pod with IP: 10.246.2.3 STEP: Destroying namespace "e2e-tests-basic-example-77xfv" for this suite on all clusters. •

[example] Basic example to demonstrate how to write tests using the framework Should be able to list existing nodes on the cluster /go/src/github.com/rancher/submariner/test/e2e/example/example.go:22 STEP: Creating kubernetes clients STEP: Building namespace api objects, basename basic-example STEP: Creating a namespace e2e-tests-basic-example-9dl8g to execute the test in STEP: Requesting node list from API STEP: Checking that we had more than 0 nodes on the reponse Jun 10 17:02:27.723: INFO: Detected node with IP: 172.17.0.4 Jun 10 17:02:27.723: INFO: Detected node with IP: 172.17.0.5 Jun 10 17:02:27.724: INFO: Detected node with IP: 172.17.0.6 STEP: Requesting node list from API STEP: Checking that we had more than 0 nodes on the reponse Jun 10 17:02:27.729: INFO: Detected node with IP: 172.17.0.8 Jun 10 17:02:27.729: INFO: Detected node with IP: 172.17.0.9 Jun 10 17:02:27.729: INFO: Detected node with IP: 172.17.0.7 STEP: Destroying namespace "e2e-tests-basic-example-9dl8g" for this suite on all clusters. •

[dataplane] Basic Pod to Service tests across clusters without discovery Should be able to perform a Pod to Service TCP connection and exchange data between different clusters /go/src/github.com/rancher/submariner/test/e2e/dataplane/tcp_pod_to_service.go:14 STEP: Creating kubernetes clients STEP: Building namespace api objects, basename dataplane-p2s-nd STEP: Creating a namespace e2e-tests-dataplane-p2s-nd-66hzb to execute the test in STEP: Creating a listener pod in cluster B, which will wait for a handshake over TCP STEP: Pointing a service ClusterIP to the listerner pod in cluster B Jun 10 17:02:33.819: INFO: Service for listener pod has ClusterIP: 100.96.51.231 STEP: Creating a connector pod in cluster B, which will attempt the specific UUID handshake over TCP STEP: Waiting for the connector pod to exit with code 0, returning what listener sent Jun 10 17:02:43.868: INFO: Listener output: listening on 0.0.0.0:1234 ... connect to 10.246.1.5:1234 from 10.246.1.1:40771 (10.246.1.1:40771) connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45 connector says 7e54d99a-a29c-4fd6-b777-375ee838af45

STEP: Waiting for the listener pod to exit with code 0, returning what connector sent Jun 10 17:02:43.874: INFO: Connector output 100.96.51.231 (100.96.51.231:1234) open listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1 listener says 11d2a64f-3233-4f98-8e75-ec1029e94cf1

STEP: Verifying what the pods sent to each other contain the right UUIDs STEP: Destroying namespace "e2e-tests-dataplane-p2s-nd-66hzb" for this suite on all clusters. • Ran 3 of 3 Specs in 36.547 seconds SUCCESS! -- 3 Passed | 0 Failed | 0 Pending | 0 Skipped PASS ok github.com/rancher/submariner/test/e2e 36.578s

This isn’t ready to go in yet, I need to run an e2e test on it.

... and it fails the e2e test.

And now it passes!

Any specific error or just failed connection test?

I am for this, but think this requires a good bit of testing.

Yes, it does indeed.

The original packaged strongswan version is pretty old (from what I recall) and given the fact that we're using VICI extensively I'm wondering if any functional changes may have happened to it.

If we want to play it safe, we could base the image on debian:9 instead, which has the same version as the original StrongSwan (5.5.1), with added security fixes. ubuntu:18.04 provides 5.6.2.

I am for this, but think this requires a good bit of testing.

The original packaged strongswan version is pretty old (from what I recall) and given the fact that we're using VICI extensively I'm wondering if any functional changes may have happened to it.