Skip to content
Back to pull request #25221

workflows/clustermesh: set kubectl version to match the one of the kubernetes cluster #25391

Sign in to view logs

workflows/clustermesh: set kubectl version to match the one of the kubernetes cluster

workflows/clustermesh: set kubectl version to match the one of the kubernetes cluster #25391

Workflow file for this run

.github/workflows/conformance-kind.yaml at d3d63f1
name: ConformanceKind
# Any change in triggers needs to be reflected in the concurrency group.
on:
pull_request:
paths-ignore:
- 'Documentation/**'
- 'test/**'
push:
branches:
- main
- ft/main/**
paths-ignore:
- 'Documentation/**'
- 'test/**'
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
env:
kind_version: v0.17.0
kind_config: .github/kind-config.yaml
# renovate: datasource=github-releases depName=cilium/cilium-cli
cilium_cli_version: v0.13.2
jobs:
installation-and-connectivity:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout main branch to access local actions
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
- name: Set Environment Variables
uses: ./.github/actions/set-env-variables
- name: Set up job variables
id: vars
run: |
if [ ${{ github.event.pull_request }} ]; then
SHA=${{ github.event.pull_request.head.sha }}
else
SHA=${{ github.sha }}
fi
# Note: On Kind, we install Cilium with HostPort (portmap CNI chaining) enabled,
# to ensure coverage of that feature in cilium connectivity test
CILIUM_INSTALL_DEFAULTS="--chart-directory=install/kubernetes/cilium \
--helm-set=image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci \
--helm-set=image.useDigest=false \
--helm-set=image.tag=${SHA} \
--helm-set=operator.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/operator \
--helm-set=operator.image.suffix=-ci \
--helm-set=operator.image.tag=${SHA} \
--helm-set=operator.image.useDigest=false \
--helm-set=clustermesh.apiserver.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/clustermesh-apiserver-ci \
--helm-set=clustermesh.apiserver.image.tag=${SHA} \
--helm-set=clustermesh.apiserver.image.useDigest=false \
--helm-set=hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \
--helm-set=hubble.relay.image.tag=${SHA} \
--helm-set cni.chainingMode=portmap \
--helm-set loadBalancer.l7.backend=envoy \
--helm-set tls.secretsBackend=k8s \
--wait=false \
--rollback=false \
--config monitor-aggregation=none \
--version="
HUBBLE_ENABLE_DEFAULTS="--chart-directory=install/kubernetes/cilium \
--relay-image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci:${SHA} \
--relay-version=${SHA}"
CONNECTIVITY_TEST_DEFAULTS="--flow-validation=disabled --hubble=false --collect-sysdump-on-failure \
--external-target bing.com --external-cidr 8.0.0.0/8 --external-ip 8.8.8.8 --external-other-ip 8.8.4.4"
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
echo hubble_enable_defaults=${HUBBLE_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT
echo sha=${SHA} >> $GITHUB_OUTPUT
- name: Install Cilium CLI
run: |
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.cilium_cli_version }}/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
cilium version
- name: Checkout code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ steps.vars.outputs.sha }}
persist-credentials: false
- name: Create kind cluster
uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0
with:
version: ${{ env.kind_version }}
config: ${{ env.kind_config }}
- name: Wait for images to be available
timeout-minutes: 30
shell: bash
run: |
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
done
- name: Install Cilium
run: |
cilium install ${{ steps.vars.outputs.cilium_install_defaults }}
- name: Enable Relay
run: |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }}
- name: Port forward Relay
run: |
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
- name: Run connectivity test
run: |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }}
- name: Clean up Cilium
run: |
pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay"
cilium uninstall --chart-directory=install/kubernetes/cilium --wait
- name: Install Cilium with encryption
run: |
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} \
--encryption=ipsec
- name: Enable Relay
run: |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }}
- name: Port forward Relay
run: |
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
- name: Run connectivity test
run: |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} --force-deploy
- name: Post-test information gathering
if: ${{ !success() }}
run: |
kubectl get pods --all-namespaces -o wide
cilium status
cilium sysdump --output-filename cilium-sysdump-final
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently
- name: Upload artifacts
if: ${{ !success() }}
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: cilium-sysdumps
path: cilium-sysdump-*.zip
retention-days: 5