Update EKS conformance tests to use both amd64 and arm64 hosts.

[chancez]

Update EKS conformance tests to use both amd64 and arm64 hosts.

[chancez]

So far it's passing on all but ci-awscni-1.11 and ci-awscni-1.12. These are failing because they're using the chart from the PR, with bandwithManager=false, but in master it should be bandwidthManager.enabled=false. I'm not sure the proper way to test these workflow changes with their appropriate branches however. I might try updating their checkout steps to use the branches temporarily.

[chancez]

Okay, I got it passing all the conformance tests with the two DO NOT MERGE commits. Should be ready for review.

Just in case I end up removing the commits, here's the commit with all EKS/AWS conformance tests passing: f15970e

[chancez]

I'm gonna leave the DO NOT MERGE commits until someone says I should remove them, since I might need them if PR review requires me to update something (which will require those commits to test it).

[pchaigno]

Can you explain why that is required? I'm concerned over the potential security impact of this change since we are now checking out untrusted user code.

[chancez]

This was needed to actually test my changes to the CI workflows, otherwise it would fail to checkout the setup-eks-cluster action I created.

Beyond that, I'm not sure if this change makes sense beyond testing. I had thought that since we only run these CI jobs via issue comments it would be safe, but I realize that anyone can make these comments on their own PRs, so that change should probably be a "DO NOT MERGE" commit. I can make sure to remove these changes before we merge the PR.

[nbusseneau]

Yes, the reason we have this step is to protect against a malicious user checking out their malicious PR in the CI.

[nbusseneau]

LGTM as long as temp commit and the checkout step change are dropped :)

[nbusseneau]

Are these instances available in enough capacity in your experience? I've had bad experiences on my end with arm64 hosts availability, but maybe it changed since then...

[chancez]

I honestly haven't used them a ton, but I've not really heard of too many issues with capacity. I suspect it's a lot better than it used to be. We could also add other instance ARM types if it becomes a problem. This is just the cheapest option.

[chancez]

Rebasing to fix conflicts, keeping DO NOT MERGE commits to re-test and make sure it still works.

[chancez]

All the conformance CI passed for 2a6067e.

I'm going to remove the DO NOT MERGE commits. Note, that CI will fail after this because the new setup-eks-cluster action isn't in master, and the default CI checkout master for the workflows/actions, so it will fail to find the action and fail.

Concern was addressed.

[qmonnet]

Looks good from my side, thanks!

[chancez]

Okay, I think this is waiting on a few more "required" tests. Since this is literally just updating AWS/EKS CI workflows themselves, I don't think that's necessary. So I'm going to mark it as ready-to-merge.