forked from cilium/cilium
-
Notifications
You must be signed in to change notification settings - Fork 0
125 lines (111 loc) · 5.1 KB
/
conformance-k8s-network-policies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: Cyclonus network policy test
on:
schedule:
# run once a day at midnight
- cron: '0 0 * * *'
env:
KIND_VERSION: v0.11.1
KIND_CONFIG: .github/kind-config.yaml
CONFORMANCE_TEMPLATE: examples/kubernetes/connectivity-check/connectivity-check.yaml
TIMEOUT: 2m
LOG_TIME: 30m
jobs:
preflight-clusterrole:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
persist-credentials: false
- name: Check pre-flight clusterrole
run: |
cd install/kubernetes/cilium/templates
echo "Checking for differences between preflight and agent clusterrole"
diff \
-I '^[ ]\{2\}name: cilium.*' \
-I '^Keep file in synced with.*' \
-I '{{- if.*' \
cilium-agent-clusterrole.yaml \
cilium-preflight-clusterrole.yaml
cyclonus-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
persist-credentials: false
- name: Precheck generated connectivity manifest files
run: |
make -C examples/kubernetes/connectivity-check fmt
make -C examples/kubernetes/connectivity-check all
test -z "$(git status --porcelain)" || (echo "please run 'make -C examples/kubernetes/connectivity-check fmt all' and submit your changes"; exit 1)
- name: Set image tag
id: vars
run: |
if [ ${{ github.event.pull_request.head.sha }} != "" ]; then
echo ::set-output name=tag::${{ github.event.pull_request.head.sha }}
else
echo ::set-output name=tag::${{ github.sha }}
fi
- name: Wait for images to be available
timeout-minutes: 10
shell: bash
run: |
until curl --silent -f -lSL "https://quay.io/api/v1/repository/${{ github.repository_owner }}/cilium-ci/tag/${{ steps.vars.outputs.tag }}/images" &> /dev/null; do sleep 45s; done
until curl --silent -f -lSL "https://quay.io/api/v1/repository/${{ github.repository_owner }}/operator-generic-ci/tag/${{ steps.vars.outputs.tag }}/images" &> /dev/null; do sleep 45s; done
- name: Create kind cluster
uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478
with:
version: ${{ env.KIND_VERSION }}
config: ${{ env.KIND_CONFIG }}
- name: Install cilium chart
run: |
helm install cilium ./install/kubernetes/cilium \
--wait \
--namespace kube-system \
--set nodeinit.enabled=true \
--set kubeProxyReplacement=partial \
--set hostServices.enabled=false \
--set externalIPs.enabled=true \
--set nodePort.enabled=true \
--set hostPort.enabled=true \
--set bpf.masquerade=false \
--set ipam.mode=kubernetes \
--set image.repository=quay.io/${{ github.repository_owner }}/cilium-ci \
--set image.tag=${{ steps.vars.outputs.tag }} \
--set image.pullPolicy=IfNotPresent \
--set image.useDigest=false \
--set operator.image.repository=quay.io/${{ github.repository_owner }}/operator \
--set operator.image.suffix=-ci \
--set operator.image.tag=${{ steps.vars.outputs.tag }} \
--set operator.image.pullPolicy=IfNotPresent \
--set operator.image.useDigest=false \
--set prometheus.enabled=true \
--set operator.prometheus.enabled=true \
--set hubble.enabled=true \
--set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}"
kubectl wait -n kube-system --for=condition=Ready --all pod --timeout=5m
# To make sure that cilium CRD is available (default timeout is 5m)
# https://github.com/cilium/cilium/blob/master/operator/crd.go#L34
kubectl wait --for condition=Established crd/ciliumnetworkpolicies.cilium.io --timeout=5m
- name: Run cyclonus network policy test
working-directory: tests/netpol-cyclonus
run: ./test-cyclonus.sh
- name: Capture cilium-sysdump
if: ${{ failure() }}
run: |
curl -sLO https://github.com/cilium/cilium-sysdump/releases/latest/download/cilium-sysdump.zip
python cilium-sysdump.zip --output cilium-sysdump-out
- name: Upload cilium-sysdump
uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074
if: ${{ failure() }}
with:
name: cilium-sysdump-out.zip
path: cilium-sysdump-out.zip
- name: Send slack notification
if: ${{ (cancelled() || failure()) && (github.event_name == 'schedule' || github.event_name == 'push') }}
uses: 8398a7/action-slack@dcc8c8e9dd8802e21a712dc0c003db97b42efe43
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message)
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}