Skip to content

Commit

Permalink
ci-ipsec-e2e: Use cilium-config
Browse files Browse the repository at this point in the history 
To remove the boilerplate.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
  • Loading branch information
@brb
brb committed Dec 4, 2023
1 parent 53c6160 commit 72110ce
Showing 1 changed file with 21 additions and 83 deletions.
104 changes: 21 additions & 83 deletions .github/workflows/conformance-ipsec-e2e.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,94 +125,32 @@ jobs:
- name: Set Environment Variables
uses: ./.github/actions/set-env-variables

- name: Get Cilium's default values
id: default_vars
uses: ./.github/actions/helm-default
- name: Derive Cilium installation config and junit type
id: cilium-config
uses: ./.github/actions/cilium-config
with:
image-tag: ${{ inputs.SHA }}

- name: Set up job variables
id: vars
run: |
CILIUM_INSTALL_DEFAULTS="${{ steps.default_vars.outputs.cilium_install_defaults }} \
--wait \
--helm-set=hubble.eventBufferCapacity=65535 \
--helm-set=authentication.mutual.spire.enabled=true \
--helm-set=authentication.mutual.spire.install.enabled=true \
--nodes-without-cilium=kind-worker3 \
--helm-set-string=kubeProxyReplacement=${{ matrix.kpr }}"
TUNNEL="--helm-set-string=tunnelProtocol=${{ matrix.tunnel }}"
if [ "${{ matrix.tunnel }}" == "disabled" ]; then
TUNNEL="--helm-set-string=routingMode=native --helm-set-string=autoDirectNodeRoutes=true --helm-set-string=ipv4NativeRoutingCIDR=10.244.0.0/16"
TUNNEL="${TUNNEL} --helm-set-string=ipv6NativeRoutingCIDR=fd00:10:244::/56"
fi
LB_MODE=""
if [ "${{ matrix.lb-mode }}" != "" ]; then
LB_MODE="--helm-set-string=loadBalancer.mode=${{ matrix.lb-mode }}"
fi
ENDPOINT_ROUTES=""
if [ "${{ matrix.endpoint-routes }}" == "true" ]; then
ENDPOINT_ROUTES="--helm-set-string=endpointRoutes.enabled=true"
fi
IPV6=""
if [ "${{ matrix.ipv6 }}" != "false" ]; then
IPV6="--helm-set=ipv6.enabled=true"
fi
MASQ=""
if [ "${{ matrix.kpr }}" == "true" ]; then
# BPF-masq requires KPR=true.
MASQ="--helm-set=bpf.masquerade=true"
if [ "${{ matrix.host-fw }}" == "true" ]; then
# BPF IPv6 masquerade not currently supported with host firewall - GH-26074
MASQ="${MASQ} --helm-set=enableIPv6Masquerade=false"
fi
fi
EGRESS_GATEWAY=""
if [ "${{ matrix.egress-gateway }}" == "true" ]; then
EGRESS_GATEWAY="--helm-set=egressGateway.enabled=true --helm-set=debug.enabled=true"
fi
LB_ACCELERATION=""
if [ "${{ matrix.lb-acceleration }}" != "" ]; then
LB_ACCELERATION="--helm-set=loadBalancer.acceleration=${{ matrix.lb-acceleration }}"
fi
ENCRYPT=""
if [ "${{ matrix.encryption }}" != "" ]; then
ENCRYPT="--helm-set=encryption.enabled=true --helm-set=encryption.type=${{ matrix.encryption }}"
if [ "${{ matrix.encryption-node }}" != "" ]; then
ENCRYPT+=" --helm-set=encryption.nodeEncryption=${{ matrix.encryption-node }}"
fi
fi
HOST_FW=""
if [ "${{ matrix.host-fw }}" == "true" ]; then
HOST_FW="--helm-set=hostFirewall.enabled=true"
fi
CONFIG="${CILIUM_INSTALL_DEFAULTS} ${TUNNEL} ${LB_MODE} ${ENDPOINT_ROUTES} ${IPV6} ${MASQ} ${EGRESS_GATEWAY} ${ENCRYPT} ${HOST_FW} ${LB_ACCELERATION}"
echo "cilium_install_defaults=${CONFIG}" >> $GITHUB_OUTPUT
JUNIT=""
for NAME in ${{ matrix.kube-proxy }} ${{ matrix.tunnel }} ${{ matrix.lb-mode }} ${{ matrix.encryption }} ${{ matrix.endpoint-routes }}; do
if [[ "${NAME}" != "" ]] && [[ "${NAME}" != "disabled" ]] && [[ "${NAME}" != "none" ]]; then
if [[ "${JUNIT}" != "" ]]; then
JUNIT+="-"
fi
if [[ "${NAME}" == "true" ]];then
NAME="endpoint-routes"
fi
JUNIT+="${NAME}"
fi
done
echo junit_type="${JUNIT}" >> $GITHUB_OUTPUT
echo sha=${{ steps.default_vars.outputs.sha }} >> $GITHUB_OUTPUT
image-tag: ${{ env.SHA }}
chart-dir: './install/kubernetes/cilium'
tunnel: ${{ matrix.tunnel }}
devices: ${{ matrix.devices }}
endpoint-routes: ${{ matrix.endpoint-routes }}
ipv6: ${{ matrix.ipv6 }}
kpr: ${{ matrix.kpr }}
lb-mode: ${{ matrix.lb-mode }}
lb-acceleration: ${{ matrix.lb-acceleration }}
encryption: ${{ matrix.encryption }}
encryption-node: ${{ matrix.encryption-node }}
egress-gateway: ${{ matrix.egress-gateway }}
host-fw: ${{ matrix.host-fw }}
ingress-controller: ${{ matrix.ingress-controller }}
misc: ${{ matrix.misc }}

# Warning: since this is a privileged workflow, subsequent workflow job
# steps must take care not to execute untrusted code.
- name: Checkout pull request branch (NOT TRUSTED)
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ steps.vars.outputs.sha }}
ref: ${{ env.SHA }}
persist-credentials: false

- name: Install Cilium CLI-cli
Expand Down Expand Up @@ -246,7 +184,7 @@ jobs:
shell: bash
run: |
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ env.SHA }} &> /dev/null; do sleep 45s; done
done
- name: Run tests (${{ join(matrix.*, ', ') }})
Expand All @@ -257,7 +195,7 @@ jobs:
--from-literal=keys="3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
export CILIUM_CLI_MODE=helm
./cilium-cli install ${{ steps.vars.outputs.cilium_install_defaults }}
./cilium-cli install ${{ steps.cilium-config.outputs.config }}
kubectl -n cilium-spire wait --for=condition=Ready pod -l app=spire-server --timeout=300s
kubectl -n cilium-spire wait --for=condition=Ready pod -l app=spire-agent --timeout=300s
Expand Down

0 comments on commit 72110ce

Please sign in to comment.