Airren Ren
Monday, January 1, 1
Test Result
Passed Case:
| Cluster | k8s | scc | crd-controller | cnf | cert-manager |
|---|---|---|---|---|---|
| overlay | v1.17.0 | old version | latest version | 0.5.1 | v1.1.0 |
| hub/edge-1/edge-2 | v1.23.0 | - | latest version | 0.5.1 | v1.6.1 |
Failed Case:
case1:
| Cluster | k8s | scc | crd-controller | cnf | cert-manager |
|---|---|---|---|---|---|
| overlay | v1.23.0 | new version | latest version | 0.5.1 | v1.6.1 |
| hub/edge-1/edge-2 | v1.23.0 | - | latest version | 0.5.1 | v1.6.1 |
case2:
| Cluster | k8s | scc | crd-controller | cnf | cert-manager |
|---|---|---|---|---|---|
| overlay | v1.23.0 | new version | latest version | 0.5.0 | v1.6.1 |
| hub/edge-1/edge-2 | v1.23.0 | - | latest version | 0.5.0 | v1.6.1 |
Bugs:
- CNF can’t auto load cacert “CN=overlay1-cert” from
/etc/ipsec.d/cacerts/localtodevice*_ca.pem.- If multiple cacerts in one file, Strongswan only can load the first cert through
ipsec rereadall. - Do not find the root cause, on in the Failed Case.
- If multiple cacerts in one file, Strongswan only can load the first cert through
- If the Default NAT CR added the Iptables rule to CNF before the Data Plane Tunnel is established, it will add a wrong rule without an interface name.
- this bug also exist in Passed Case.
DNS IP 10.248.2.5
vi /etc/resolve.conf
1sysctl net.ipv4.ip_forward
xxxxxxxxxx udhcpc -i net1