New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gha: Run kubernetes Conformance and SIG-network tests #24209
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one very minor change, then this looks good to me.
|
||
- name: Install Cilium | ||
run: | | ||
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should have the --wait
flag (although I bet kubetest also waits for all the nodes to be Ready). Still good practice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check line 148, it sets it to false, for some reasons?
This has a lot of skips. Should we be creating issues to un-Skip any of them? It seems like, at least, NetworkPolicy should be enabled. |
remember how did we have it in ovn-kubernetes? I wanted to do something similiar, to read them from a file adding the issues , so we can work towards remove the list of skips to zero ... can I add this file in the repo? where would be the best place? |
I think this is fine for now; as we knock the skips down, we can consider moving it. I suspect that the skips will vary with certain configurations (e.g. dualstack, kpr, aws-cni chaining, etc). |
do you want to add a matrix ipv4, ipv6 and dual-stack? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks and LGTM 💯 🎖️
Last push removes the external dependency on the kind config and add a matrix to test ipv4, ipv6 and dual-stack. I have this action setup running for years in several projects with success, we can always remove permutation from the matrix slice if we don't want to proceed with all of them |
8b8f73b
to
167f6b0
Compare
/test |
/test test command only works for cilium committer sadly, so if you want to run full CI tests, feel free to ping us in development channel. I don't think this PR requires full CI tests (Jenkins + GHA) though as the changes are only for GHA. |
3 failures, I assume #24174 and #24202 will take care of this
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like some of the tests overlap with the existing k8s conformance test suite in cilium? Probably good to bring this up in the community meeting. /cc @aanm
I agree - the current mechanism was built some years ago based on the infra we used at the time. It currently requires a special trigger phrase and relies on some additional custom Jenkins configuration. I like the idea of moving this to GHA instead. The only thing I would suggest is to check the end of that script for which tests are being skipped + comments and maybe copy any relevant explanations+links here. At a glance it also looks like that job tests Cilium with kube-proxy, whereas this workflow tests without kube-proxy. cf. #24199 |
Do we need to run sig-storage etc.? Some of the reason behind the limited set of tests in the current script is that there's a bunch of stuff that is unrelated to Cilium's functionality. |
this regex that I added is specific for networking plugins, is the same regex I have in kubernetes/kubernetes and added to other networking plugins that reached out to me for this kind of situation |
You can take a look at the existing ipv6 (e.g. test-smoke-ipv6) jobs and kind-config-ipv6.yaml for reference. The last time I worked on this, I need the bump CIDR range as the default values might be too small. IMO, we can add ipv6 test once in subsequent PR. Relates: |
87bb8bb
to
feeafd9
Compare
The kubernetes e2e sig-network tests are created to standardize the expected behaviors for the different implementations. Running them ensure that all the ecosystem provide the same experience for users and contribute to reduce toil to implementations, knowing that the behavior is conformance with the defined by Kubernetes. Signed-off-by: Antonio Ojea <aojea@google.com>
Since my inmidiate priority is to have a Kubernetes job running I prefer to focus on having just ipv4 and monitor the job for some weeks so you can be confident is stable, I tested it locally right now and with my two PRs that got merged there are no failing tests
|
and this is green now 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small comment, the rest looks good to me. Thanks.
Full CI is not required as the changes in this PR are to add a new GHA, which is successfully run. |
Removing myself in favor of @nbusseneau |
just for clarification, both the kubernetes and e2e tests are pinned to a specific version, there is no possibility a test that was passing start to fail if is not related to a change in the cilium code or an environment problem (but this runners seems very powerful ) |
@aditighag @brlbil @nbusseneau would you mind reviewing this PR? |
I think this is good to go, but let's wait for @nbusseneau's review. |
It's been a few days since the pending reviews were requested, so let's get the PR merged. @nbusseneau Please follow up with @aojea if you have any follow-ups in mind. |
Sorry, I missed the pings last week. Had a review and LGTM, great job, thanks! |
Thanks, I'll be available for any issue related with this job |
Per the contributor ladder document https://github.com/cilium/community/blob/main/CONTRIBUTOR-LADDER.md#organization-member I'd like to request membership in the org for myself, since I plan to contribute regularly, mainly in the areas related to Kubernetes where I'm sig-network and sig-testing member and Kind maintainer. I've already contributed adding more test coverage for the Kubernetes integration to the project - cilium/cilium#25258 - cilium/cilium#24209 fixing some bugs: - cilium/cilium#24202 - cilium/cilium#24174 and helping to triage issues Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Per the contributor ladder document https://github.com/cilium/community/blob/main/CONTRIBUTOR-LADDER.md#organization-member I'd like to request membership in the org for myself, since I plan to contribute regularly, mainly in the areas related to Kubernetes where I'm sig-network and sig-testing member and Kind maintainer. I've already contributed adding more test coverage for the Kubernetes integration to the project - cilium/cilium#25258 - cilium/cilium#24209 fixing some bugs: - cilium/cilium#24202 - cilium/cilium#24174 and helping to triage issues Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
The kubernetes e2e sig-network tests are created to standardize the expected behaviors for the different implementations.
Running them ensure that all the ecosystem provide the same experience for users and contribute to reduce toil to implementations, knowing that the behavior is conformance with the defined by Kubernetes.