-
Notifications
You must be signed in to change notification settings - Fork 54
172 lines (150 loc) · 6.46 KB
/
cilium-integration-tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Cilium Integration Tests
on:
push:
branches:
- main
pull_request_target:
types:
- opened
- reopened
- synchronize
branches:
- main
# By specifying the access of one of the scopes, all of those that are not specified are set to 'none'.
permissions:
# To be able to access the repository with actions/checkout
contents: read
# To allow writing PR comments and setting emojis
pull-requests: write
env:
KIND_VERSION: v0.18.0
CILIUM_REPO_OWNER: cilium
CILIUM_REPO_REF: main
CILIUM_CLI_REF: latest
jobs:
cilium-connectivity-tests:
timeout-minutes: 360
name: Cilium Connectivity Tests
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
runs-on: ubuntu-latest
steps:
- name: Prepare variables for pushes to main
if: github.event_name == 'push'
run: |
echo "PROXY_IMAGE=quay.io/cilium/cilium-envoy" >> $GITHUB_ENV
echo "PROXY_TAG=${{ github.sha }}" >> $GITHUB_ENV
echo "PROXY_GITHUB_REPO=github.com/cilium/proxy" >> $GITHUB_ENV
- name: Prepare variables for PR
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
run: |
echo "PROXY_IMAGE=quay.io/cilium/cilium-envoy-dev" >> $GITHUB_ENV
echo "PROXY_TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
echo "PROXY_GITHUB_REPO=github.com/${{github.event.pull_request.head.repo.full_name}}" >> $GITHUB_ENV
- name: Checkout Cilium ${{ env.CILIUM_REPO_REF }}
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: ${{ env.CILIUM_REPO_OWNER }}/cilium # Be aware that this is the Cilium repository and not the one of the proxy itself!
ref: ${{ env.CILIUM_REPO_REF }}
persist-credentials: false
- name: Extracting Cilium version
run: |
echo "CILIUM_IMAGE_TAG=v$(cat ./VERSION)" >> $GITHUB_ENV
- name: Install Cilium CLI ${{ env.CILIUM_CLI_REF }}
run: |
versionPattern="^v[0-9]+\.[0-9]+\.[0-9]+$"
if [[ ${{ env.CILIUM_CLI_REF }} =~ $versionPattern ]]; then
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.CILIUM_CLI_REF }}/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
else
cid=$(docker create quay.io/cilium/cilium-cli-ci:${{ env.CILIUM_CLI_REF }} ls)
sudo docker cp $cid:/usr/local/bin/cilium /usr/local/bin
docker rm $cid
fi
cilium version
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: ${{ env.KIND_VERSION }}
config: '.github/kind-config.yaml'
cluster_name: 'kind'
- name: Patch Cilium Agent Dockerfile
shell: bash
run: |
sed -i -E 's|(ARG CILIUM_ENVOY_IMAGE=)(quay\.io\/cilium\/cilium-envoy:)(.*)(@sha256:[0-9a-z]*)|\1${{ env.PROXY_IMAGE }}:${{ env.PROXY_TAG }}|' ./images/cilium/Dockerfile
cat ./images/cilium/Dockerfile
if git diff --exit-code ./images/cilium/Dockerfile; then
echo "Dockerfile not modified"
exit 1
fi
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
# renovate: datasource=golang-version depName=go
go-version: 1.22.8
- name: Redirect proxy module
shell: bash
if: env.PROXY_GITHUB_REPO != 'github.com/cilium/proxy'
run: echo "replace github.com/cilium/proxy => ${{ env.PROXY_GITHUB_REPO }} ${{ env.PROXY_TAG }}" >> go.mod
- name: Update proxy module
shell: bash
if: env.PROXY_GITHUB_REPO == 'github.com/cilium/proxy'
run: go get ${{ env.PROXY_GITHUB_REPO }}@${{ env.PROXY_TAG }}
- name: Vendor proxy module
shell: bash
run: |
go mod tidy && \
go mod verify && \
go mod vendor
- name: Wait for Cilium Proxy image to be available
timeout-minutes: 45
shell: bash
run: until docker manifest inspect ${{ env.PROXY_IMAGE }}:${{ env.PROXY_TAG }} &> /dev/null; do sleep 15s; done
- name: Build Cilium Agent & Operator with patched Cilium Proxy Image
shell: bash
run: DOCKER_IMAGE_TAG=${{ env.CILIUM_IMAGE_TAG }} make docker-cilium-image docker-operator-generic-image
- name: Load Cilium Images into kind
shell: bash
run: |
kind load docker-image \
--name kind \
quay.io/cilium/operator-generic:${{ env.CILIUM_IMAGE_TAG }} \
quay.io/cilium/cilium:${{ env.CILIUM_IMAGE_TAG }}
- name: Install Cilium
timeout-minutes: 10
shell: bash
run: |
cilium install \
--chart-directory install/kubernetes/cilium \
--helm-set bpf.monitorAggregation=none \
--helm-set loadBalancer.l7.backend=envoy \
--helm-set tls.secretsBackend=k8s \
--helm-set image.repository=quay.io/cilium/cilium \
--helm-set image.tag=${{ env.CILIUM_IMAGE_TAG }} \
--helm-set image.useDigest=false \
--helm-set image.pullPolicy=Never \
--helm-set operator.image.repository=quay.io/cilium/operator \
--helm-set operator.image.suffix= \
--helm-set operator.image.tag=${{ env.CILIUM_IMAGE_TAG }} \
--helm-set operator.image.useDigest=false \
--helm-set operator.image.pullPolicy=Never \
--helm-set debug.enabled=true \
--helm-set debug.verbose=envoy
cilium hubble enable
cilium status --wait
cilium hubble port-forward&
- name: Execute Cilium L7 Connectivity Tests
shell: bash
run: cilium connectivity test --test=l7
- name: Gather Cilium system dump
if: failure()
shell: bash
run: cilium sysdump --output-filename cilium-integration-test-sysdump
- name: Upload Cilium system dump
if: failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: cilium-integration-test-sysdump
path: cilium-integration-test-sysdump.zip
retention-days: 5