New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v1.14] gh/workflows: IPsec key rotation improvements #31429
Conversation
/test-backport-1.14 |
de3a0f6
to
94b6f78
Compare
/test-backport-1.14 |
94b6f78
to
fbf3a34
Compare
/test-backport-1.14 |
fbf3a34
to
1665948
Compare
/test-backport-1.14 |
1665948
to
2c7221a
Compare
/test-backport-1.14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
I believe there's some conflicting work in the pipeline, so let's see how we get this in the easiest. |
2c7221a
to
614db9d
Compare
/test-backport-1.14 |
614db9d
to
39eb11d
Compare
/test-backport-1.14 |
39eb11d
to
7530971
Compare
/test-backport-1.14 |
@julianwiedmann Is there something in particular I should review? This is just a backport for two PRs I already reviewed, no? |
Right, sorry - I should have noted that. The interesting part is the adjustments for the new key system in 5e1e120. This should be very much in line with the changes in #31428. |
[ upstream commit 5c988ee ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
[ upstream commit 687a4f5 ] [ backporter's notes: also apply diff from e448644 and e8ddc88 to support new key system ] The action is for testing whether IPsec key rotations do not cause any packet drops. NB for backporters: this commit just moves the code for the workflow into the new action, and the timeout increase. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
[ upstream commit 5c06c8e ] First, this commit includes the IPsec key rotation tests action. Second, it changes the CLI exec name and path to "./cilium-cli", so that it can be used by the key rotation action and friends. Third, it runs the IPsec tests only if the matrix.ipsec is set to "true". A subsequent commit will extend the matrix configuration accordingly. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
[ upstream commit f99ddb9 ] The file name is non-ideal, but changing it would require changing many files :-( For each PR we will run 1.25 w/o IPsec and 1.28 w/ IPsec. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
7530971
to
f4b64a5
Compare
Innocent rebase to pick up #31627. |
/test-backport-1.14 |
Manual backport of
Once this PR is merged, a GitHub action will update the labels of these PRs: