[v1.14] CI IPsec backports #29966
Merged
[v1.14] CI IPsec backports #29966
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
qmonnet
added
kind/backports
|
/test-backport-1.14 |
viktor-kurchenko
approved these changes
Dec 18, 2023
|
Something's off with |
qmonnet
force-pushed
the
pr/qmonnet/backport/1.14-ci-ipsec
branch
from
6e541c1
to
4ce8ce0
Compare
|
/test-backport-1.14 |
1 similar comment
|
/test-backport-1.14 |
qmonnet
force-pushed
the
pr/qmonnet/backport/1.14-ci-ipsec
branch
2 times, most recently
from
35ae3b5
to
26f8cc4
Compare
|
/test-backport-1.14 |
qmonnet
added
the
dont-merge/preview-only
[ upstream commit c9296a5 ] This is going to be used when exposing a K8s cluster in a LVH VM to its hypervisor host ("0.0.0.0:6443"). Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit b6255d0 ] The action provisions K8s cluster on LVH VM, and then exposes it to GHA runner. With this action we will be able to run kubectl / cilium / etc commands directly from GHA runner instead of SSH'ing into VM. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 936c8ae ] [ Backport notes: - Solved conflicts in conformance-e2e.yaml, because of cilium/little-vm-helper version that was upgraded on the branch - Replaced "cilium-dbg" from main to simply "cilium" - Ignored the step to debug issue 26062, not present on this branch Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit f8e61f3 ] [ Backport notes: - Minor conflict on "Setup Conn Disrupt Test"'s command: --conn-disrupt-dispatch-interval passed to cilium-cli - Minor conflict on "Perform Conn Disrupt Test"'s command: disabling node-to-node-encryption check passed to cilium-cli - Minor conflicts in conformance-ipsec-e2e.yaml: Using "cilium" instead of "cilium-dbg" - Ignore the step to debug issue 26062, not present on this branch - Use v1.14 version of lvh-kind instead of main ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit cd93d37 ] Reduces the GH workflow complexity, and will allow us to reuse the workflow for non-Kind based tests. [ Backport notes: - Minor conflict: "IMAGE=quay.io/cilium/kindest-node:${k8s_version}" not present in this branch (the block is removed in this commit anyway) - Minor conflict: Keep --conn-dirsupt-dispatch-interval 0ms - Minor conflict: Remove note on the need to update cilium to cilium-dbg - Ignore the step to debug issue 26062, not present on this branch - Use v1.14 version of lvh-kind instead of main ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 654d92f ] Otherwise, an external PR can inject malicious cmds in the action. [ Backport note: Use v1.14 version of lvh-kind instead of main ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 6ae9354 ] The workflow to test upgrades/downgrades with IPsec supports two cases: upgrading from the last minor version, or from the last patch release. In the case of patch releases, there are instances where we are not able to determine the latest patch releases. This is the case on the current development branch, where no patch releases have been created yet, for example. In such a case, we skip most of the steps in the job. When implementing the check on the patch release value and the bypass of the relevant steps, we omitted to skip the step where we wait for the CI images to be available, potentially causing unnecessary wait time for the job. Let's skip this step as well. Since we're at it, we can also skip the step for setting Kind parameters. Fixes: c9dedb4 ("ci/ipsec: Skip upgrade/downgrade test to patch release on main branch") Fixes: cd93d37 ("ci-ipsec-upgrade: Use lvh-kind") Reported-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
qmonnet
force-pushed
the
pr/qmonnet/backport/1.14-ci-ipsec
branch
from
26f8cc4
to
e33d661
Compare
|
Thanks for the reviews! I removed the test commit. I also rebased on the current v1.14 head (no conflict on the workflows), so I'm re-running the test suite; however, IPsec & conformance workflows modified in this PR are not expected to succeed now that I removed the test commit to point to the PR's branch version of the Amazing screenshot
|
qmonnet
removed
the
dont-merge/preview-only
|
/test-backport-1.14 |
qmonnet
added
the
ready-to-merge
julianwiedmann
approved these changes
Dec 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here's a bunch of IPsec CI backports labelled as
backport/author, before the workflows diverge too much.Once this PR is merged, you can update the PR labels via:
or with