Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci-aks, ci-external-workloads: Use cilium-cli Helm mode #26382

Merged
merged 2 commits into from
Jun 21, 2023
Merged

ci-aks, ci-external-workloads: Use cilium-cli Helm mode #26382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
10a76e5
ci-aks: Use cilium-cli Helm mode
michi-covalent Jun 13, 2023
57e6c71
conformance-externalworkloads: Use Helm mode cilium-cli
michi-covalent Jun 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 8 additions & 13 deletions .github/workflows/conformance-aks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ env:
# renovate: datasource=github-releases depName=cilium/cilium-cli
cilium_cli_version: v0.14.7
cilium_cli_ci_version:
CILIUM_CLI_MODE: helm
check_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

jobs:
Expand Down Expand Up @@ -250,18 +251,11 @@ jobs:
--helm-set=debug.enabled=true \
--helm-set loadBalancer.l7.backend=envoy \
--helm-set tls.secretsBackend=k8s \
--azure-resource-group ${{ env.name }}-${{ matrix.location }} \
--wait=false \
--rollback=false \
joestringer marked this conversation as resolved.
Show resolved Hide resolved
--config monitor-aggregation=none \
--version="
joestringer marked this conversation as resolved.
Show resolved Hide resolved
HUBBLE_ENABLE_DEFAULTS="--chart-directory=install/kubernetes/cilium \
--relay-image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci:${SHA} \
--relay-version=${SHA}"
--helm-set=azure.resourceGroup=${{ env.name }}-${{ matrix.location }} \
--helm-set=bpf.monitorAggregation=none"
CONNECTIVITY_TEST_DEFAULTS="--flow-validation=disabled \
--hubble=false --collect-sysdump-on-failure --external-target bing.com --external-cidr 8.0.0.0/8 --external-ip 8.8.4.4 --external-other-ip 8.8.8.8"
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
echo hubble_enable_defaults=${HUBBLE_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT

- name: Install Cilium CLI
Expand Down Expand Up @@ -329,7 +323,7 @@ jobs:

- name: Enable Relay
run: |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }}
cilium hubble enable
michi-covalent marked this conversation as resolved.
Show resolved Hide resolved

- name: Wait for Cilium status to be ready
run: |
Expand All @@ -354,7 +348,7 @@ jobs:
- name: Clean up Cilium
run: |
pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay"
cilium uninstall --chart-directory=install/kubernetes/cilium --wait
cilium uninstall

- name: Create custom IPsec secret
run: |
Expand All @@ -363,11 +357,12 @@ jobs:
- name: Install Cilium with encryption
run: |
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} \
--encryption=ipsec
--helm-set encryption.enabled=true \
--helm-set encryption.type=ipsec

- name: Enable Relay
run: |
cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }}
cilium hubble enable
michi-covalent marked this conversation as resolved.
Show resolved Hide resolved

- name: Wait for Cilium status to be ready
run: |
Expand Down
19 changes: 9 additions & 10 deletions .github/workflows/conformance-externalworkloads.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ env:
# renovate: datasource=github-releases depName=cilium/cilium-cli
cilium_cli_version: v0.14.7
cilium_cli_ci_version:
CILIUM_CLI_MODE: helm
check_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
USE_GKE_GCLOUD_AUTH_PLUGIN: True

Expand Down Expand Up @@ -249,19 +250,17 @@ jobs:
--helm-set=hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \
--helm-set=hubble.relay.image.tag=${SHA} \
--helm-set=bpf.monitorAggregation=none \
--wait=false \
--rollback=false \
--kube-proxy-replacement=strict \
--version="
HUBBLE_ENABLE_DEFAULTS="--chart-directory=install/kubernetes/cilium \
--relay-image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci:${SHA} \
--relay-version=${SHA}"
--helm-set kubeProxyReplacement=strict"
CONNECTIVITY_TEST_DEFAULTS="--flow-validation=disabled --hubble=false --collect-sysdump-on-failure \
--external-target google.com --external-cidr 8.0.0.0/8 --external-ip 8.8.4.4 --external-other-ip 8.8.8.8"
CLUSTERMESH_ENABLE_DEFAULTS="--apiserver-image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/clustermesh-apiserver-ci \
--apiserver-version=${SHA}"
# Explicitly specify LoadBalancer service type since the default type is NodePort in Helm mode.
# Ref: https://github.com/cilium/cilium-cli/pull/1527#discussion_r1177244379
#
# In Helm mode, externalWorkloads.enabled is set to false by default. You need to pass
# --enable-external-workloads flag to enable it.
# Ref: https://github.com/cilium/cilium/pull/25259
CLUSTERMESH_ENABLE_DEFAULTS="--service-type LoadBalancer --enable-external-workloads"
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
echo hubble_enable_defaults=${HUBBLE_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT
echo clustermesh_enable_defaults=${CLUSTERMESH_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT

Expand Down