workflows/clustermesh: set kubectl version to match the one of the kubernetes cluster #25391
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ConformanceKind | |
# Any change in triggers needs to be reflected in the concurrency group. | |
on: | |
pull_request: | |
paths-ignore: | |
- 'Documentation/**' | |
- 'test/**' | |
push: | |
branches: | |
- main | |
- ft/main/** | |
paths-ignore: | |
- 'Documentation/**' | |
- 'test/**' | |
permissions: read-all | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
cancel-in-progress: true | |
env: | |
kind_version: v0.17.0 | |
kind_config: .github/kind-config.yaml | |
# renovate: datasource=github-releases depName=cilium/cilium-cli | |
cilium_cli_version: v0.13.2 | |
jobs: | |
installation-and-connectivity: | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
steps: | |
- name: Checkout main branch to access local actions | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
persist-credentials: false | |
- name: Set Environment Variables | |
uses: ./.github/actions/set-env-variables | |
- name: Set up job variables | |
id: vars | |
run: | | |
if [ ${{ github.event.pull_request }} ]; then | |
SHA=${{ github.event.pull_request.head.sha }} | |
else | |
SHA=${{ github.sha }} | |
fi | |
# Note: On Kind, we install Cilium with HostPort (portmap CNI chaining) enabled, | |
# to ensure coverage of that feature in cilium connectivity test | |
CILIUM_INSTALL_DEFAULTS="--chart-directory=install/kubernetes/cilium \ | |
--helm-set=image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci \ | |
--helm-set=image.useDigest=false \ | |
--helm-set=image.tag=${SHA} \ | |
--helm-set=operator.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/operator \ | |
--helm-set=operator.image.suffix=-ci \ | |
--helm-set=operator.image.tag=${SHA} \ | |
--helm-set=operator.image.useDigest=false \ | |
--helm-set=clustermesh.apiserver.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/clustermesh-apiserver-ci \ | |
--helm-set=clustermesh.apiserver.image.tag=${SHA} \ | |
--helm-set=clustermesh.apiserver.image.useDigest=false \ | |
--helm-set=hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \ | |
--helm-set=hubble.relay.image.tag=${SHA} \ | |
--helm-set cni.chainingMode=portmap \ | |
--helm-set loadBalancer.l7.backend=envoy \ | |
--helm-set tls.secretsBackend=k8s \ | |
--wait=false \ | |
--rollback=false \ | |
--config monitor-aggregation=none \ | |
--version=" | |
HUBBLE_ENABLE_DEFAULTS="--chart-directory=install/kubernetes/cilium \ | |
--relay-image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci:${SHA} \ | |
--relay-version=${SHA}" | |
CONNECTIVITY_TEST_DEFAULTS="--flow-validation=disabled --hubble=false --collect-sysdump-on-failure \ | |
--external-target bing.com --external-cidr 8.0.0.0/8 --external-ip 8.8.8.8 --external-other-ip 8.8.4.4" | |
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT | |
echo hubble_enable_defaults=${HUBBLE_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT | |
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT | |
echo sha=${SHA} >> $GITHUB_OUTPUT | |
- name: Install Cilium CLI | |
run: | | |
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.cilium_cli_version }}/cilium-linux-amd64.tar.gz{,.sha256sum} | |
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum | |
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin | |
rm cilium-linux-amd64.tar.gz{,.sha256sum} | |
cilium version | |
- name: Checkout code | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
with: | |
ref: ${{ steps.vars.outputs.sha }} | |
persist-credentials: false | |
- name: Create kind cluster | |
uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 | |
with: | |
version: ${{ env.kind_version }} | |
config: ${{ env.kind_config }} | |
- name: Wait for images to be available | |
timeout-minutes: 30 | |
shell: bash | |
run: | | |
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do | |
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done | |
done | |
- name: Install Cilium | |
run: | | |
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} | |
- name: Enable Relay | |
run: | | |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }} | |
- name: Port forward Relay | |
run: | | |
cilium hubble port-forward& | |
sleep 10s | |
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]] | |
- name: Run connectivity test | |
run: | | |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} | |
- name: Clean up Cilium | |
run: | | |
pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | |
cilium uninstall --chart-directory=install/kubernetes/cilium --wait | |
- name: Install Cilium with encryption | |
run: | | |
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} \ | |
--encryption=ipsec | |
- name: Enable Relay | |
run: | | |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }} | |
- name: Port forward Relay | |
run: | | |
cilium hubble port-forward& | |
sleep 10s | |
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]] | |
- name: Run connectivity test | |
run: | | |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} --force-deploy | |
- name: Post-test information gathering | |
if: ${{ !success() }} | |
run: | | |
kubectl get pods --all-namespaces -o wide | |
cilium status | |
cilium sysdump --output-filename cilium-sysdump-final | |
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently | |
- name: Upload artifacts | |
if: ${{ !success() }} | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: cilium-sysdumps | |
path: cilium-sysdump-*.zip | |
retention-days: 5 |