-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cilium: test encryption workflows for GKE #15595
Conversation
0fd1bca
to
c92e13c
Compare
7104738
to
ceb2533
Compare
ceb2533
to
2996a7a
Compare
Looks like its working... |
This is consistently passing the tests portion, but I see an occasional,
from the cleanup step. Is this a known issue? |
2996a7a
to
1fa955b
Compare
I have seen that sometimes, but not much. I wonder if it's a GH related issue (i.e. not being able to retrieve workflow logs from the underlying machines for some reason, and we can't do anything about it), or if it's just that we hit the Perhaps we ought to bump it to 20 or 25? Actually, this also begs the question: do we want to split workflows so as not to test encryption when unnecessary, keeping the testing lean and fast? |
It might be useful to split workflows so we can test one without the other. |
@aanm wdyt split this into its own workflow or keep them together? |
@jrfastab I think we should keep the encryption in the same workflow. Are the encryption tests taking that much time? It is preferable to test all things than test a couple things and then things end up breaking. @nbusseneau what's the downside of enabling the workflow by default on all PRs with the |
@aanm works for me. This is probably ready to go and deciding how/where to enable this can happen as a follow up? |
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
1fa955b
to
748b8b5
Compare
correct |
For potential external readers: discussed in community meeting => we are going to trigger the workflows with
Do you think we should increase timeout from 20 to 25, as per proposed above? |
I don't think there is any reason to run all tests for a workflow change. |
Test work flows with encryption and GKE.
This adds an additional run of
cilium test connectivity
to the gke workflow, but this time with encryption enabled. After this commit the workflow is the following.above omits a few --wait ops and the cluster setup for clarity. For now I manually delete the pods to work-around issue, cilium/cilium-cli#156, where the uninstall does not delete cilium-test pods and the --restart-pods on install does not restart them.
I've done multiple runs of the workflow and most passed. I observed two errors that seem unrelated to this PR. First sometimes the cleanup fails with,
And then once the initial (without encryption) connectivity test failed the pod->world test. It seems like a flake.