CI: Stabilize ConformanceKindEnvoyDaemonSet #26260
Conversation
mhofstetter
added
the
release-note/misc
mhofstetter
force-pushed
the
pr/mhofstetter/conformance-kind-envoy-ds
branch
2 times, most recently
from
53f9d4f
to
df430e2
Compare
This commit updates the kind version to v0.19.0. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit steamlines the usage of `helm-set` by using a `=` to set the value. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit changes KPR to strict in check ConformanceKindEnvoyDaemonSet. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit removes the flags `external-*` from the connectivity tests in ConformanceKindEnvoyDaemonSet. Therefore the defaults are used. This should stabilize the execution of the check on GHA. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
mhofstetter
added
area/CI
mhofstetter
force-pushed
the
pr/mhofstetter/conformance-kind-envoy-ds
branch
from
d88e03f
to
9c3c523
Compare
|
/test |
|
counting four successful runs in a row π’ π’ π’ π’ π |
mhofstetter
added
the
kind/enhancement
maintainer-s-little-helper
bot
added
the
ready-to-merge
|
@mhofstetter Can you describe a bit around the background to changing KPR? Does that mean we're losing coverage for the non-KPR approach? Was this discussed already with other folks in @cilium/sig-datapath ? The rest of the changes LGTM. |
@joestringer Thanks for reaching out. As its name indicate, the sole purpose of this workflow is to have at least some connectivity test coverage on the new feature where Envoy is deployed as separate DaemonSet. Most other aspects are covered within Conformance E2E, where the different features (including KPR) are covered in the matrix properties of the jobs. (this has been introduced after i made a copy of an existing workflow to create this workflow) At some point in the future we have to decide whether we're going to include the Envoy DaemonSet feature in the mentioned matrix too or whether it will become the new default. I had a short discussion about this with @brb while he was moving most workflows into the E2E workflow. Therefore, the switch of KPR shouldn't impact anybody else - and more importantly: we shouldn't lose any actual coverage. |
|
OK thanks. Part of where I'm coming from here is that if we need to set KPR for this CI workflow to be stable, that could be hiding a real issue underneath. We can make this workflow more stable by switching that, but I'm also aware that our users might not have the option to just enable KPR. It's very easy to toggle a few settings in different CI workflows and then just lose coverage of certain combinations, then we'll only find out a few months later once our users try to deploy it. If we think that there's a risk of this, I'd request that we file an issue to track any missing combinations or to investigate why this workflow needs KPR vs. not. In an ideal world, kube-proxy vs. KPR would be functionally equivalent, just KPR is better (performance) due to the different design. In practice though kube-proxy vs. KPR often does have real functional differences due to either bugs in the implementation or integration issues. That said I recognize now that the |
This PR tries to stabilize and de-flake the check
ConformanceKKindEnvoyDaemonSet- mainly by removing the explicit connectivity-check flagsexternal-*and using the default ones.Currently it's failing on main and branches with failures when calling the external services: e.g. https://github.com/cilium/cilium/actions/runs/5278470155/jobs/9547854043
Additional changes in the check: