bpf: Inline assembly for packet context access #28298
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Smoke Test with IPv6 | |
| # Any change in triggers needs to be reflected in the concurrency group. | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: | |
| - main | |
| - ft/main/** | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
| cancel-in-progress: true | |
| env: | |
| # renovate: datasource=github-releases depName=cilium/cilium-cli | |
| cilium_cli_version: v0.13.2 | |
| cilium_cli_ci_version: | |
| KIND_VERSION: v0.17.0 | |
| KIND_CONFIG: .github/kind-config-ipv6.yaml | |
| # Skip external traffic (e.g. 1.1.1.1 and www.google.com) due to no support for IPv6 in github action | |
| CONFORMANCE_TEMPLATE: examples/kubernetes/connectivity-check/connectivity-check-internal.yaml | |
| TIMEOUT: 5m | |
| LOG_TIME: 30m | |
| jobs: | |
| check_changes: | |
| name: Deduce required tests from code changes | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| tested: ${{ steps.tested-tree.outputs.src }} | |
| steps: | |
| - name: Checkout code | |
| if: ${{ !github.event.pull_request }} | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| persist-credentials: false | |
| - name: Check code changes | |
| uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 | |
| id: tested-tree | |
| with: | |
| # For `push` events, compare against the `ref` base branch | |
| # For `pull_request` events, this is ignored and will compare against the pull request base branch | |
| base: ${{ github.ref }} | |
| filters: | | |
| src: | |
| - '!(test|Documentation)/**' | |
| conformance-test-ipv6: | |
| needs: check_changes | |
| if: ${{ needs.check_changes.outputs.tested == 'true' }} | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout main branch to access local actions | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| persist-credentials: false | |
| - name: Set Environment Variables | |
| uses: ./.github/actions/set-env-variables | |
| - name: Checkout | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set image tag | |
| id: vars | |
| run: | | |
| if [ ${{ github.event.pull_request.head.sha }} != "" ]; then | |
| echo tag=${{ github.event.pull_request.head.sha }} >> $GITHUB_OUTPUT | |
| else | |
| echo tag=${{ github.sha }} >> $GITHUB_OUTPUT | |
| fi | |
| - name: Precheck generated connectivity manifest files | |
| run: | | |
| make -C examples/kubernetes/connectivity-check fmt | |
| make -C examples/kubernetes/connectivity-check all | |
| test -z "$(git status --porcelain)" || (echo "please run 'make -C examples/kubernetes/connectivity-check fmt all' and submit your changes"; exit 1) | |
| - name: Enable IPv6 in docker | |
| run: | | |
| sudo cat /etc/docker/daemon.json || true | |
| # Keep existing config like cgroup-parent in github action | |
| sudo sh -c "echo '{ \"exec-opts\": [\"native.cgroupdriver=cgroupfs\"], \"cgroup-parent\": \"/actions_job\", \"ipv6\": true, \"fixed-cidr-v6\": \"2001:db8:1::/64\" }' > /etc/docker/daemon.json" | |
| sudo cat /etc/docker/daemon.json | |
| sudo ip -6 route add 2001:db8:1::/64 dev docker0 | |
| sudo sysctl net.ipv6.conf.default.forwarding=1 | |
| sudo sysctl net.ipv6.conf.all.forwarding=1 | |
| sudo systemctl restart docker | |
| - name: Create kind cluster | |
| uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 | |
| with: | |
| version: ${{ env.KIND_VERSION }} | |
| config: ${{ env.KIND_CONFIG }} | |
| - name: Wait for images to be available | |
| timeout-minutes: 30 | |
| shell: bash | |
| run: | | |
| for image in cilium-ci operator-generic-ci hubble-relay-ci ; do | |
| until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.tag }} &> /dev/null; do sleep 45s; done | |
| done | |
| - name: Install cilium chart | |
| run: | | |
| helm upgrade -i cilium ./install/kubernetes/cilium \ | |
| --namespace kube-system \ | |
| --set nodeinit.enabled=true \ | |
| --set kubeProxyReplacement=strict \ | |
| --set ipam.mode=kubernetes \ | |
| --set image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci \ | |
| --set image.tag=${{ steps.vars.outputs.tag }} \ | |
| --set image.pullPolicy=IfNotPresent \ | |
| --set image.useDigest=false \ | |
| --set hubble.relay.enabled=true \ | |
| --set hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \ | |
| --set hubble.relay.image.tag=${{ steps.vars.outputs.tag }} \ | |
| --set hubble.relay.image.pullPolicy=IfNotPresent \ | |
| --set hubble.relay.image.useDigest=false \ | |
| --set operator.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/operator \ | |
| --set operator.image.suffix=-ci \ | |
| --set operator.image.tag=${{ steps.vars.outputs.tag }} \ | |
| --set operator.image.pullPolicy=IfNotPresent \ | |
| --set operator.image.useDigest=false \ | |
| --set ipv6.enabled=true \ | |
| --set ipv4.enabled=false \ | |
| --set routingMode=native \ | |
| --set autoDirectNodeRoutes=true \ | |
| --set ipv6NativeRoutingCIDR=2001:db8:1::/64 \ | |
| --set ingressController.enabled=true \ | |
| --set bpf.monitorAggregation=none | |
| kubectl wait -n kube-system --for=condition=Ready -l app.kubernetes.io/part-of=cilium pod --timeout=5m | |
| kubectl rollout -n kube-system status deploy/coredns --timeout=5m | |
| # To make sure that cilium CRD is available (default timeout is 5m) | |
| kubectl wait --for condition=Established crd/ciliumnetworkpolicies.cilium.io --timeout=5m | |
| kubectl port-forward -n kube-system deployment/hubble-relay 4245:4245 & | |
| - name: Run conformance test (e.g. connectivity check without external 1.1.1.1 and www.google.com) | |
| run: | | |
| kubectl apply -f ${{ env.CONFORMANCE_TEMPLATE }} | |
| kubectl wait --for=condition=Available --all deployment --timeout=${{ env.TIMEOUT }} | |
| - name: Install Cilium CLI | |
| if: ${{ failure() }} | |
| uses: cilium/cilium-cli@b5af8b2ce225699954dd5204e6e65e500711973e | |
| with: | |
| release-version: ${{ env.cilium_cli_version }} | |
| ci-version: ${{ env.cilium_cli_ci_version }} | |
| - name: Report cluster failure status and capture cilium-sysdump | |
| if: ${{ failure() }} | |
| # The following is needed to prevent hubble from receiving an empty | |
| # file (EOF) on stdin and displaying no flows. | |
| shell: 'script -q -e -c "bash --noprofile --norc -eo pipefail {0}"' | |
| run: | | |
| echo "=== Retrieve cluster state ===" | |
| kubectl get pods --all-namespaces -o wide | |
| cilium status | |
| cilium sysdump --output-filename cilium-sysdump-out | |
| - name: Upload cilium-sysdump | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ failure() }} | |
| with: | |
| name: cilium-sysdump-out.zip | |
| path: cilium-sysdump-out.zip |