diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml new file mode 100644 index 00000000..8dc0a119 --- /dev/null +++ b/.github/workflows/conformance.yml @@ -0,0 +1,115 @@ +name: conformance + +on: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + branches: [ main ] + workflow_dispatch: + +env: + GO_VERSION: "1.22.0" + K8S_VERSION: "v1.29.2" + KIND_VERSION: "v0.22.0" + IMAGE_NAME: registry.k8s.io/networking/kube-network-policies + KIND_CLUSTER_NAME: kind + +permissions: write-all + +jobs: + conformance: + name: conformance + runs-on: ubuntu-22.04 + timeout-minutes: 100 + strategy: + fail-fast: false + matrix: + ipFamily: ["ipv4", "ipv6"] + env: + JOB_NAME: "kube-network-policies-${{ matrix.ipFamily }}" + IP_FAMILY: ${{ matrix.ipFamily }} + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Enable ipv4 and ipv6 forwarding + run: | + sudo sysctl -w net.ipv6.conf.all.forwarding=1 + sudo sysctl -w net.ipv4.ip_forward=1 + + - name: Set up environment (download dependencies) + run: | + TMP_DIR=$(mktemp -d) + # kubectl + curl -L https://dl.k8s.io/${{ env.K8S_VERSION }}/bin/linux/amd64/kubectl -o ${TMP_DIR}/kubectl + # kind + curl -Lo ${TMP_DIR}/kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION }}/kind-linux-amd64 + # Install + sudo cp ${TMP_DIR}/kubectl /usr/local/bin/kubectl + sudo cp ${TMP_DIR}/kind /usr/local/bin/kind + sudo chmod +x /usr/local/bin/* + + - name: Create multi node cluster + run: | + # output_dir + mkdir -p _artifacts + # create cluster + cat < _artifacts/kubeconfig.conf + + - name: Install kube-network-policies + run: | + # install CRDs + /usr/local/bin/kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml + /usr/local/bin/kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml + # install kube-network-policies + /usr/local/bin/kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/kube-network-policies/v0.2.0/install-anp.yaml + + - name: Get Cluster status + run: | + # wait network is ready + sleep 5 + /usr/local/bin/kubectl get nodes -o wide + /usr/local/bin/kubectl get pods -A + /usr/local/bin/kubectl wait --timeout=1m --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns + /usr/local/bin/kubectl wait --timeout=1m --for=condition=ready pods --namespace=kube-system -l app=kube-network-policies + + - name: Run tests + run: | + go mod download + go test -v ./conformance -run TestConformanceProfiles -args --conformance-profiles=AdminNetworkPolicy,BaselineAdminNetworkPolicy --organization=kubernetes --project=kube-network-policies --url=https://github.com/kubernetes-sigs/kube-network-policies --version=0.2.0 --contact=antonio.ojea.garcia@gmail.com --additional-info=https://github.com/kubernetes-sigs/kube-network-policies + + - name: Upload Junit Reports + if: always() + uses: actions/upload-artifact@v2 + with: + name: kind-junit-${{ env.JOB_NAME }}-${{ github.run_id }} + path: './_artifacts/*.xml' + + - name: Export logs + if: always() + run: | + /usr/local/bin/kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug ./_artifacts/logs + + - name: Upload logs + if: always() + uses: actions/upload-artifact@v2 + with: + name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }} + path: ./_artifacts/logs