Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Add workflow for v1.13 #38

Merged
merged 2 commits into from
Mar 13, 2024
Merged

CI: Add workflow for v1.13 #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1bee4c2
CI: add workflow for v1.13
tommyp1ckles Mar 9, 2024
96cdfef
CI: Improve cluster naming to avoid collisions.
tommyp1ckles Mar 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
228 changes: 228 additions & 0 deletions .github/workflows/conformance-13.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,228 @@
# Due to difference in configuring v1.13 and v1.14+ we split v1.13 into
# seperate workflow.
# TODO: We can delete this and rely on just the primary conformance.yml to
# test v1.14/v1.15/v1.16 upon the release of v1.16.
name: Talos Conformance (v1.13)
on:
pull_request_target:
types:
- opened
- synchronize
- reopened
schedule:
# Run weekly.
- cron: '0 9 * * 1'
push:
branches:
- main
pull_request:
jobs:
setup-and-test:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
max-parallel: 2
matrix:
cilium:
# renovate: datasource=github-releases depName=cilium/cilium
- 'v1.13.10'
talos:
# renovate: datasource=github-releases depName=siderolabs/talos
- 'v1.6.5'
# renovate: datasource=github-releases depName=siderolabs/talos
- 'v1.5.4'
config:
- name: 'Vanilla'
kube-proxy: false
kube-proxy-replacement: "strict"
socketlb: false
bpf-masquerade: true
ipam-mode: 'kubernetes'
ipv4: true
ipv6: false
encryption-enabled: false
encryption-type: ipsec
tunnel-mode: vxlan
nodeport: true
l7: true
ingress: true

- name: 'Wireguard'
kube-proxy: true
kube-proxy-replacement: "partial"
socketlb: false
bpf-masquerade: true
ipam-mode: 'kubernetes'
ipv4: true
ipv6: false
encryption-enabled: true
encryption-type: wireguard
tunnel-mode: vxlan
nodeport: true
l7: false
ingress: false

- name: 'IPSEC'
kube-proxy: true
kube-proxy-replacement: "partial"
socketlb: true
bpf-masquerade: false
ipam-mode: 'kubernetes'
ipv4: true
ipv6: false
encryption-enabled: true
encryption-type: ipsec
tunnel-mode: vxlan
nodeport: false
l7: false
ingress: false

- name: 'No KPR and w/ BPF Masq'
kube-proxy: true
kube-proxy-replacement: "partial"
socketlb: true
bpf-masquerade: true
ipam-mode: 'kubernetes'
ipv4: true
ipv6: false
encryption-enabled: false
tunnel-mode: vxlan
nodeport: true
l7: true
ingress: false

- name: 'Clusterpool IPAM Mode'
kube-proxy: false
kube-proxy-replacement: "strict"
socketlb: false
bpf-masquerade: true
ipam-mode: 'cluster-pool'
ipv4: true
ipv6: false
encryption-enabled: false
encryption-type: ipsec
tunnel-mode: vxlan
nodeport: true
l7: true
ingress: false

- name: 'With Geneve Tunnel'
kube-proxy: false
kube-proxy-replacement: "strict"
socketlb: false
bpf-masquerade: true
ipam-mode: 'kubernetes'
ipv4: true
ipv6: false
encryption-enabled: false
encryption-type: ipsec
tunnel-mode: geneve
nodeport: true
l7: true
ingress: false

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS credentials from shared services account
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::478566851380:role/TalosConformanceCI
aws-region: us-east-2
- uses: hashicorp/setup-terraform@v3
- name: Create Talos Cluster
run: |
cd test/conformance
./create-ci-env.sh \
--kube-proxy ${{ matrix.config.kube-proxy}} \
--talos-version ${{ matrix.talos }} \
--pr ${{ github.run_number }} \
--owner "isovalent/terraform-aws-talos"
make apply
- name: Install Cilium CLI
uses: cilium/cilium-cli@4aa6347c532075df28027772fa1e4ec2f7415341 # v0.15.20
with:
repository: cilium/cilium-cli
release-version: v0.15.20
ci-version: ""
binary-name: cilium-cli
binary-dir: /usr/local/bin
- name: Install Cilium
run: |
cd test/conformance
export $(make print-kubeconfig)
kubectl create -n kube-system secret generic cilium-ipsec-keys \
--from-literal=keys="3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
kubectl create -n kube-system -f ipmasq-config.yaml
cilium-cli install --version="${{ matrix.cilium }}" \
--values=values.yaml \
--set ipv4.enabled=${{ matrix.config.ipv4 }} \
--set ipv6.enabled=${{ matrix.config.ipv6 }} \
--set bpf.masquerade=${{ matrix.config.bpf-masquerade }} \
--set kubeProxyReplacement=${{ matrix.config.kube-proxy-replacement }} \
--set socketLB.enabled=${{ matrix.config.socketlb }} \
--set ipam.mode=${{ matrix.config.ipam-mode }} \
--set ingressController.enabled=${{ matrix.config.ingress }} \
--set encryption.enabled=${{ matrix.config.encryption-enabled }} \
--set encryption.type=${{ matrix.config.encryption-type }} \
--set tunnelProtocol=${{ matrix.config.tunnel-mode }} \
--set nodePort.enabled=${{ matrix.config.nodeport }} \
--set l7Proxy=${{ matrix.config.l7 }}
cilium-cli status --wait

- name: Run E2E Connectivity Tests
run: |
cd test/conformance
export $(make print-kubeconfig)
./wait
kubectl create ns cilium-test
kubectl label ns cilium-test pod-security.kubernetes.io/enforce=privileged
kubectl label ns cilium-test pod-security.kubernetes.io/warn=privileged
cilium-cli connectivity test --collect-sysdump-on-failure

- name: Fetch artifacts
if: ${{ !success() && steps.run-tests.outcome != 'skipped' }}
shell: bash
run: |
cd test/conformance
export $(make print-kubeconfig)
kubectl get svc -o wide -A
kubectl get pods --all-namespaces -o wide
cilium-cli status
mkdir -p cilium-sysdumps
cilium-cli sysdump --output-filename cilium-sysdump-${{ github.run_id }}-${{ github.run_number }}

- name: Upload artifacts
if: ${{ !success() }}
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: cilium-sysdumps-${{ github.run_id }}-${{ github.run_number }}
path: ./test/conformance/cilium-sysdump-*.zip

- name: Cleanup
if: always()
run: |
cd test/conformance
make destroy

finalize:
runs-on: ubuntu-22.04
if: always()
permissions:
id-token: write
contents: read
needs: setup-and-test
steps:
- name: Send notification
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
with:
channel-id: 'C02T57KV69Y'
slack-message: "Talos AWS Terraform: <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ needs.setup-and-test.result == 'success' && 'workflow passed!> :tada::tada::tada:' || 'workflow failed!> :rotating_light::rotating_light::rotating_light:' }}"

5 changes: 3 additions & 2 deletions .github/workflows/conformance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
contents: read
strategy:
fail-fast: false
max-parallel: 8
max-parallel: 6
matrix:
cilium:
# renovate: datasource=github-releases depName=cilium/cilium
Expand Down Expand Up @@ -128,6 +128,7 @@ jobs:
./create-ci-env.sh \
--kube-proxy ${{ matrix.config.kube-proxy}} \
--talos-version ${{ matrix.talos }} \
--pr ${{ github.run_number }} \
--owner "isovalent/terraform-aws-talos"
make apply
- name: Install Cilium CLI
Expand Down Expand Up @@ -168,7 +169,7 @@ jobs:
kubectl create ns cilium-test
kubectl label ns cilium-test pod-security.kubernetes.io/enforce=privileged
kubectl label ns cilium-test pod-security.kubernetes.io/warn=privileged
cilium-cli connectivity test
cilium-cli connectivity test --collect-sysdump-on-failure

- name: Fetch artifacts
if: ${{ !success() && steps.run-tests.outcome != 'skipped' }}
Expand Down
Loading