Skip to content

Commit

Permalink
gke: Run cilium-cli inside a container
Browse files Browse the repository at this point in the history
Update gke.yaml to run cilium-cli inside a container instead of using
cilium-cli-test-job-chart.

Ref: #2623
Ref: #2627
Ref: cilium/design-cfps#9

Signed-off-by: Michi Mutsuzaki <[email protected]>
  • Loading branch information
michi-covalent committed Jun 26, 2024
1 parent 9658f02 commit 9e1942d
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 70 deletions.
31 changes: 0 additions & 31 deletions .github/in-cluster-test-scripts/gke.sh

This file was deleted.

65 changes: 26 additions & 39 deletions .github/workflows/gke.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -127,55 +127,42 @@ jobs:
run: |
gcloud container clusters get-credentials ${{ env.clusterName }} --zone ${{ env.zone }}
- name: Create gcloud-free kubeconfig and load it in configmap
run: |
.github/get-kubeconfig.sh
kubectl create configmap cilium-cli-kubeconfig -n kube-system --from-file kubeconfig
- name: Install Cilium CLI
uses: ./
with:
skip-build: 'true'
image-tag: ${{ steps.vars.outputs.sha }}

- name: Load test script in configmap
- name: Run test
run: |
kubectl create configmap cilium-cli-test-script -n kube-system --from-file=in-cluster-test-script.sh=.github/in-cluster-test-scripts/gke.sh
cilium install \
--version "${{ env.cilium_version }}" \
--set cluster.name="${{ env.clusterName }}" \
--set bpf.monitorAggregation=none \
--set loadBalancer.l7.backend=envoy \
--set tls.secretsBackend=k8s
- name: Create cilium-cli job
run: |
helm install .github/cilium-cli-test-job-chart \
--generate-name \
--set tag=${{ steps.vars.outputs.sha }} \
--set cilium_version=${{ env.cilium_version }} \
--set cluster_name=${{ env.clusterName }} \
--set cluster_cidr=${{ steps.cluster.outputs.cluster_cidr }}
- name: Wait for test job
env:
timeout: 45m
run: |
# Background wait for job to complete or timeout
kubectl -n kube-system wait job/cilium-cli --for=condition=complete --timeout=${{ env.timeout }} &
complete_pid=$!
# Enable Relay
cilium hubble enable
# Background wait for job to fail
(kubectl -n kube-system wait job/cilium-cli --for=condition=failed --timeout=${{ env.timeout }} && exit 1) &
failed_pid=$!
# Wait for cilium and hubble relay to be ready
# NB: necessary to work against occassional flakes due to https://github.com/cilium/cilium-cli/issues/918
cilium status --wait
# Active wait for whichever background process ends first
wait -n $complete_pid $failed_pid
EXIT_CODE=$?
# Port forward Relay
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]
# Retrieve job logs
kubectl logs --timestamps -n kube-system job/cilium-cli
exit ${EXIT_CODE}
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently
# Run connectivity test
cilium connectivity test --all-flows --collect-sysdump-on-failure --external-target google.com.
# Run performance test
cilium connectivity perf --duration 1s
- name: Post-test information gathering
if: ${{ !success() }}
run: |
echo "=== Install latest stable CLI ==="
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
cilium version
echo "=== Retrieve cluster state ==="
kubectl get pods --all-namespaces -o wide
cilium status
Expand Down

0 comments on commit 9e1942d

Please sign in to comment.