diff --git a/.github/workflows/cyclonus-netpol-extended-nightly-test.yaml b/.github/workflows/cyclonus-netpol-extended-nightly-test.yaml new file mode 100644 index 0000000000..aab619ceae --- /dev/null +++ b/.github/workflows/cyclonus-netpol-extended-nightly-test.yaml @@ -0,0 +1,80 @@ +name: Cyclonus Network Policy Extended Test + +on: + workflow_dispatch: + schedule: + # run once a day at midnight + - cron: "0 0 * * *" + +jobs: + cyclonus-test: + runs-on: ubuntu-latest + timeout-minutes: 240 + strategy: + matrix: + # run cyclonus tests in parallel for NPM with the given ConfigMaps + profile: + [ + v1-default.yaml, + v1-place-azure-chain-first.yaml, + v2-default.yaml, + v2-apply-on-need.yaml, + v2-place-azure-after-kube-services.yaml, + ] + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: "^1.17" + + - name: Setup Kind + uses: engineerd/setup-kind@v0.5.0 + with: + version: "v0.11.1" + config: ./test/kind/kind.yaml + name: npm-kind + + - name: Check Kind + run: | + kubectl get po -owide -A + + - name: Make NPM image + run: | + make npm-image VERSION=cyclonus PLATFORM=linux/amd64 CONTAINER_BUILDER=docker + + - name: Install Azure NPM + # set the ConfigMap based on the build matrix + # currently have to restart the daemonset because changing the ConfigMap doesn't restart NPM + run: | + sed -i 's/mcr.microsoft.com\/containernetworking\/azure-npm:.*/acnpublic.azurecr.io\/azure-npm:cyclonus/' ./npm/azure-npm.yaml + kind load docker-image acnpublic.azurecr.io/azure-npm:cyclonus --name npm-kind + kubectl apply -f ./npm/azure-npm.yaml + echo "Applying profile: ${{ matrix.profile }}" + kubectl apply -f ./npm/profiles/${{ matrix.profile }} + kubectl rollout restart ds azure-npm -n kube-system + + - name: Check Cluster Components + run: | + sleep 10 + kubectl get po -owide -A + kubectl describe ds azure-npm -n kube-system + + - name: Run Cyclonus network policy test + run: make test-extended-cyclonus + + - name: Fetch logs + if: always() + run: | + kubectl logs -n kube-system -l k8s-app=azure-npm --tail -1 --prefix > npm-logs_${{ matrix.profile }}.txt + mv ./test/cyclonus/cyclonus-test.txt ./cyclonus-test_${{ matrix.profile }}.txt + + - name: "Upload Logs" + uses: actions/upload-artifact@v2 + if: always() + with: + name: logs + path: | + ./npm-logs_${{ matrix.profile }}.txt + ./cyclonus-test_${{ matrix.profile }}.txt diff --git a/Makefile b/Makefile index 5c80e200e4..6d3e61775a 100644 --- a/Makefile +++ b/Makefile @@ -513,6 +513,10 @@ test-cyclonus: ## run the cyclonus test for npm. cd test/cyclonus && bash ./test-cyclonus.sh cd .. +test-extended-cyclonus: ## run the cyclonus test for npm. + cd test/cyclonus && bash ./test-cyclonus.sh extended + cd .. + .PHONY: kind kind: kind create cluster --config ./test/kind/kind.yaml diff --git a/test/cyclonus/install-cyclonus-exclude-sctp.yaml b/test/cyclonus/install-cyclonus-exclude-sctp.yaml new file mode 100644 index 0000000000..a2b1b55785 --- /dev/null +++ b/test/cyclonus/install-cyclonus-exclude-sctp.yaml @@ -0,0 +1,27 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cyclonus + namespace: kube-system + labels: + app: cyclonus +spec: + template: + spec: + restartPolicy: Never + containers: + - command: + - ./cyclonus + - generate + - --noisy=true + - --ignore-loopback=true + - --cleanup-namespaces=true + - --perturbation-wait-seconds=5 + - --pod-creation-timeout-seconds=30 + - --job-timeout-seconds=2 + - --server-protocol=TCP,UDP + - --exclude=sctp + name: cyclonus + imagePullPolicy: IfNotPresent + image: mfenwick100/cyclonus:v0.4.7 + serviceAccount: cyclonus diff --git a/test/cyclonus/install-cyclonus.yaml b/test/cyclonus/install-cyclonus.yaml index c74e4d59ea..ac30e08754 100644 --- a/test/cyclonus/install-cyclonus.yaml +++ b/test/cyclonus/install-cyclonus.yaml @@ -20,8 +20,7 @@ spec: - --pod-creation-timeout-seconds=30 - --job-timeout-seconds=2 - --server-protocol=TCP,UDP - - --verbosity=debug name: cyclonus imagePullPolicy: IfNotPresent image: mfenwick100/cyclonus:v0.4.7 - serviceAccount: cyclonus \ No newline at end of file + serviceAccount: cyclonus diff --git a/test/cyclonus/test-cyclonus.sh b/test/cyclonus/test-cyclonus.sh index 114fc1ca7f..2aa7da50c4 100755 --- a/test/cyclonus/test-cyclonus.sh +++ b/test/cyclonus/test-cyclonus.sh @@ -3,9 +3,20 @@ set -eo pipefail set -xv +cyclonusProfile="./install-cyclonus.yaml" +if [ -z "$1" ] + then + echo "Running with default profile: $cyclonusProfile" +elif [[ $1 == "extended" ]]; +then + # extended will exclude SCTP and will run 214 testcases with cyclonus + cyclonusProfile="./install-cyclonus-exclude-sctp.yaml" + echo "Running with exclude SCTP profile with 214 testcases: $cyclonusProfile" +fi + kubectl delete --ignore-not-found=true clusterrolebinding cyclonus kubectl delete --ignore-not-found=true sa cyclonus -n kube-system -kubectl delete --ignore-not-found=true -f ./install-cyclonus.yaml +kubectl delete --ignore-not-found=true -f $cyclonusProfile kubectl delete --ignore-not-found=true ns x y z sleep 5 @@ -13,7 +24,7 @@ sleep 5 # set up cyclonus kubectl create clusterrolebinding cyclonus --clusterrole=cluster-admin --serviceaccount=kube-system:cyclonus kubectl create sa cyclonus -n kube-system -kubectl create -f ./install-cyclonus.yaml +kubectl create -f $cyclonusProfile sleep 5 @@ -33,7 +44,7 @@ cat "$LOG_FILE" kubectl delete --ignore-not-found=true clusterrolebinding cyclonus kubectl delete --ignore-not-found=true sa cyclonus -n kube-system -kubectl delete --ignore-not-found=true -f ./install-cyclonus.yaml +kubectl delete --ignore-not-found=true -f $cyclonusProfile # if 'failure' is in the logs, fail; otherwise succeed rc=0