helm,test: Add standalone L4LB XDP tests in a form of Github Action #16338
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
brb
force-pushed
the
pr/brb/l4lb-test
branch
2 times, most recently
from
ebfcd81
to
f88d604
Compare
brb
added
area/CI-improvement
maintainer-s-little-helper
bot
removed
dont-merge/needs-release-note-label
There was a problem hiding this comment.
This feels fairly hackish but I understand why we need all that and don't have a cleaner/simpler solution 😐
A couple comments below, but nothing really blocking. I would strongly prefer if we trigger this new workflow only on comments though. Our queue of GitHub jobs is already getting out of control when all contributors are online and sending PRs...
|
ci-l4lb |
@errordeveloper It seems that Kata is not supported on OS X. Running it on a regular runner would be very slow (due to missing nested virtualization support). An alternative would be to run on a cloud provider VM, but I'd like to avoid this complexity. |
I can see how this solution seems less complex, but personally I actually find it rather quite convoluted. I would recommend using any hosted solution instead of using this sort of trick to make something work inside GitHub. I am not blocking the PR, just wanted to make my view clear. |
There was a problem hiding this comment.
Thanks, the changes LGTM. I see you've tested with pull_request uncommented and the label: https://github.com/cilium/cilium/actions/runs/905705472 👍🏻
This commit introduces the following Helm options:
- "loadBalancer.standalone" to enable the standalone Cilium L4LB.
- "loadBalancer.dsrDispatch" to choose the DSR dispatch mode.
Also, this commit replaces --node-port-{mode,acceleration} with
--bpf-lb-{mode,acceleration}, respectively. The former two were
deprecated by d73c572.
Signed-off-by: Martynas Pumputis <m@lambda.lt>
|
Thanks everyone for reviewing! Addressed all feedback, got all ACKs. Marking ready to merge. |
brb
added
the
ready-to-merge
This commit introduces a new GH action called "Cilium L4LB XDP" which is responsible for running the standalone LB tests. The action starts a Fedora VM with vagrant. We do that because we need to run Kind on cgroupv2-only machine (otherwise, bpf_sock which is required by the LB health check is not guaranteed to work). Unfortunately, GH Action does not support any runner with cgroupv2-only. So instead we run Fedora 34 which has cgroupv1 disabled on the MacOS runner which supports nested virtualisation. For now the test issues 10 requests to LB VIP from the Fedora VM. See test.sh for more details. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Martynas Pumputis <m@lambda.lt>
This PR introduces a new GH action called
Cilium L4LB XDPwhich is responsible for running the standalone LB tests.The action starts a Fedora VM with vagrant. We do that because we need to run Kind on cgroupv2-only machine (otherwise, bpf_sock which is required by the LB health check is not guaranteed to work). Unfortunately, GH Action does not support any runner with cgroupv2-only. So instead we run Fedora 34 which has cgroupv1 disabled on the MacOS runner which supports nested virtualisation.
For now the test issues 10 requests to LB VIP from the Fedora VM. See
test.shfor more details.In addition, the PR adds the
loadBalancer.standaloneand friend options to enable the standalone L4LB.Reviewable per commit.