Skip to content

Commit

Permalink
[no ci] test noci (squashme)
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Sauber <[email protected]>
  • Loading branch information
@asauber
asauber committed Apr 19, 2023
1 parent 78c2230 commit 8e346f0
Showing 1 changed file with 0 additions and 203 deletions.
203 changes: 0 additions & 203 deletions .github/workflows/kind.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,209 +19,6 @@ env:
kubectl_version: v1.23.6

jobs:
installation-and-connectivity:
runs-on: ubuntu-22.04
timeout-minutes: 40
strategy:
matrix:
mode: ["classic", "helm"]
steps:
- name: Set mode
run: |
echo "CILIUM_CLI_MODE=${{ matrix.mode }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

- name: Install kubectl
run: |
curl -sLO "https://dl.k8s.io/release/${{ env.kubectl_version }}/bin/linux/amd64/kubectl"
curl -sLO "https://dl.k8s.io/${{ env.kubectl_version }}/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client
- name: Set up Go
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9
with:
go-version: 1.20.2

- name: Set up Go for root
run: |
sudo ln -sf `which go` `sudo which go` || true
sudo go version
- name: Build and install cilium CLI binary
run: sudo make install

- name: Create kind cluster
uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00
with:
version: ${{ env.KIND_VERSION }}
config: ${{ env.KIND_CONFIG }}

- name: Set NODES_WITHOUT_CILIUM
run: |
# To add more elements, keep it comma-separated.
echo "NODES_WITHOUT_CILIUM=chart-testing-worker2" >> $GITHUB_ENV
- name: Label nodes
if: ${{ matrix.mode == 'helm' }}
run: |
IFS=',' read -ra nodes <<< "$NODES_WITHOUT_CILIUM"
for node in "${nodes[@]}"; do
kubectl label nodes "${node}" cilium.io/no-schedule=true
done
# This is needed for the tests that run with nodes without Cilium.
- name: Install static routes
run: |
EXTERNAL_FROM_CIDRS=($(kubectl get nodes -o jsonpath='{range .items[*]}{.spec.podCIDR}{"\n"}{end}'))
EXTERNAL_NODE_IPS=() # Nodes IPs are collected to be passed to the Cilium CLI later on.
# Loop over each pod CIDR from all nodes.
for i in "${!EXTERNAL_FROM_CIDRS[@]}"; do
EXTERNAL_FROM_CIDR=${EXTERNAL_FROM_CIDRS[i]}
if [[ $EXTERNAL_FROM_CIDR =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
IP_FAMILY="v4"
elif [[ $EXTERNAL_FROM_CIDR =~ ^[0-9a-fA-F:]+/[0-9]+$ ]]; then
IP_FAMILY="v6"
else
echo "ERROR: Malformed pod CIDR '${EXTERNAL_FROM_CIDR}'" >&2
exit 1
fi
IFS=',' read -ra NODES_WITHOUT <<< "$NODES_WITHOUT_CILIUM" # Split by comma into an array
for WITHOUT in "${NODES_WITHOUT[@]}"; do
# Fetch node with a specific pod CIDR.
node=$(kubectl get nodes -o jsonpath="{range .items[?(@.spec.podCIDR == '$EXTERNAL_FROM_CIDR')]}{@.metadata.name}{end}")
if [[ -z "$node" ]]; then
echo "ERROR: Could not find node with .spec.podCIDR matching ${EXTERNAL_FROM_CIDR}" >&2
exit 1
fi
for NODE_IP in $(kubectl get node "$node" -o jsonpath="{.status.addresses[?(@.type == 'InternalIP')].address}"); do
# Skip if the node IP's family mismatches with pod CIDR's
# family. Cannot create a route with the gateway IP family
# mismatching the subnet.
if [[ "$IP_FAMILY" == "v4" && ! "$NODE_IP" =~ \. ]]; then
continue
elif [[ "$IP_FAMILY" == "v6" && ! "$NODE_IP" =~ \: ]]; then
continue
fi
# Install static route on the host, towards the pod CIDR via the node IP.
docker exec "$WITHOUT" ip route replace "${EXTERNAL_FROM_CIDR}" via "${NODE_IP}"
EXTERNAL_NODE_IPS+=("${NODE_IP}")
done
done
done
# Join the elements with a comma delimiter, or leave them unmodified
# if there's only one element so that it can be passed properly to
# the CLI.
if [[ ${#EXTERNAL_NODE_IPS[@]} -eq 1 ]]; then
EXTERNAL_NODE_IPS_PARAM="${EXTERNAL_NODE_IPS[0]}"
else
EXTERNAL_NODE_IPS_PARAM=$(IFS=','; echo "${EXTERNAL_NODE_IPS[*]}")
fi
echo "EXTERNAL_NODE_IPS_PARAM=${EXTERNAL_NODE_IPS_PARAM}" >> $GITHUB_ENV
# Install Cilium with HostPort support for extended connectivity test.
- name: Install Cilium
run: |
cilium install \
--version=${{ env.cilium_version }} \
--nodes-without-cilium="${NODES_WITHOUT_CILIUM}" \
--wait=false \
--helm-set bpf.monitorAggregation=none \
--helm-set cni.chainingMode=portmap \
--helm-set loadBalancer.l7.backend=envoy \
--helm-set tls.secretsBackend=k8s
- name: Enable Relay
run: |
cilium hubble enable --ui
cilium status --wait
- name: Relay Port Forward
run: |
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
- name: Connectivity Test
run: |
# Run the connectivity test in non-default namespace (i.e. not cilium-test)
cilium connectivity test --debug --all-flows --test-namespace test-namespace \
--external-from-cidrs="${EXTERNAL_NODE_IPS_PARAM}" \
--collect-sysdump-on-failure
- name: Uninstall cilium
run: |
pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay"
cilium uninstall --wait
- name: Install Cilium with IPsec Encryption
if: ${{ matrix.mode == 'classic' }}
run: |
cilium install \
--version=${{ env.cilium_version}} \
--encryption=ipsec \
--nodes-without-cilium="${NODES_WITHOUT_CILIUM}" \
--helm-set kubeProxyReplacement=disabled
- name: Install Cilium with IPsec Encryption
if: ${{ matrix.mode == 'helm' }}
run: |
kubectl create -n kube-system secret generic cilium-ipsec-keys \
--from-literal=keys="3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
cilium install \
--version=${{ env.cilium_version}} \
--nodes-without-cilium="${NODES_WITHOUT_CILIUM}" \
--helm-set encryption.enabled=true \
--helm-set encryption.type=ipsec \
--helm-set kubeProxyReplacement=disabled
- name: Enable Relay
run: |
cilium hubble enable
cilium status --wait
- name: Relay Port Forward
run: |
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
- name: Connectivity test
run: |
cilium connectivity test --debug --force-deploy --all-flows --test-namespace another-test-namespace \
--external-from-cidrs="${EXTERNAL_NODE_IPS_PARAM}" \
--collect-sysdump-on-failure
- name: Cleanup
if: ${{ always() }}
run: |
cilium status
kubectl get pods --all-namespaces -o wide
cilium sysdump --output-filename cilium-sysdump-out --hubble-flows-count 10000
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently

- name: Unlabel nodes
if: ${{ matrix.mode == 'helm' }}
run: |
IFS=',' read -ra nodes <<< "$NODES_WITHOUT_CILIUM"
for node in "${nodes[@]}"; do
kubectl label nodes "${node}" cilium.io/no-schedule-
done
- name: Upload Artifacts
if: ${{ !success() }}
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: cilium-sysdump-out.zip
path: cilium-sysdump-out.zip
retention-days: 5

helm-upgrade-clustermesh:
runs-on: ubuntu-22.04
timeout-minutes: 40
Expand Down

0 comments on commit 8e346f0

Please sign in to comment.