Skip to content

fix subnet acl with same net allow #11583

fix subnet acl with same net allow

fix subnet acl with same net allow #11583

name: Build x86 Image
on:
pull_request:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- '**.md'
push:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- '**.md'
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
env:
GO_VERSION: ''
KIND_VERSION: v0.22.0
GOSEC_VERSION: '2.19.0'
HELM_VERSION: v3.14.4
SUBMARINER_VERSION: '0.17.1'
jobs:
build-kube-ovn-base:
name: Build kube-ovn-base
runs-on: ubuntu-22.04
outputs:
build-base: ${{ steps.check.outputs.build-base }}
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
with:
fetch-depth: 2
- id: check
run: |
if [ ${{ github.event_name }} != 'pull_request' ]; then
exit
fi
if git diff --name-only HEAD^ HEAD | grep -q ^dist/images/Dockerfile.base$; then
echo build-base=1 >> "$GITHUB_OUTPUT"
fi
- uses: docker/setup-buildx-action@v3
if: steps.check.outputs.build-base == 1
- name: Build kube-ovn-base image
id: build
if: steps.check.outputs.build-base == 1
run: |
make base-amd64
make base-tar-amd64
- name: Upload base images to artifact
if: steps.check.outputs.build-base == 1
uses: actions/upload-artifact@v4
with:
name: kube-ovn-base
path: image-amd64.tar
build-kube-ovn-dpdk-base:
name: Build kube-ovn-dpdk-base
runs-on: ubuntu-22.04
outputs:
build-dpdk-base: ${{ steps.check.outputs.build-dpdk-base }}
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
with:
fetch-depth: 2
- id: check
run: |
if [ ${{ github.event_name }} != 'pull_request' ]; then
exit
fi
if git diff --name-only HEAD^ HEAD | grep -q ^dist/images/Dockerfile.base-dpdk$; then
echo build-dpdk-base=1 >> "$GITHUB_OUTPUT"
fi
- uses: docker/setup-buildx-action@v3
if: steps.check.outputs.build-dpdk-base == 1
- name: Build kube-ovn-dpdk-base image
id: build
if: steps.check.outputs.build-dpdk-base == 1
run: |
make base-amd64-dpdk
make base-tar-amd64-dpdk
- name: Upload dpdk base images to artifact
if: steps.check.outputs.build-dpdk-base == 1
uses: actions/upload-artifact@v4
with:
name: kube-ovn-dpdk-base
path: image-amd64-dpdk.tar
build-kube-ovn:
name: Build kube-ovn
runs-on: ubuntu-22.04
needs:
- build-kube-ovn-base
- build-kube-ovn-dpdk-base
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-x86-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}-x86-
- name: Unit test
run: |
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
make ut
- name: Install gosec
run: |
tmp=$(mktemp -d)
archive="gosec_${{ env.GOSEC_VERSION }}_$(go env GOHOSTOS)_$(go env GOHOSTARCH).tar.gz"
wget -q -O "$tmp/$archive" https://github.com/securego/gosec/releases/download/v${{ env.GOSEC_VERSION }}/$archive
tar --no-same-owner -C "$tmp" -xzf "$tmp/$archive"
install "$tmp/gosec" /usr/local/bin
rm -rf $tmp
- name: Download base images
if: needs.build-kube-ovn-base.outputs.build-base == 1
uses: actions/download-artifact@v4
with:
name: kube-ovn-base
- name: Load base images
if: needs.build-kube-ovn-base.outputs.build-base == 1
run: docker load --input image-amd64.tar
- name: Download dpdk base images
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1
uses: actions/download-artifact@v4
with:
name: kube-ovn-dpdk-base
- name: Load dpdk base images
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1
run: docker load --input image-amd64-dpdk.tar
- name: Build
run: |
go mod tidy
git diff --exit-code
make lint
if [ ${{ needs.build-kube-ovn-base.outputs.build-base || 0 }} = 1 ]; then
TAG=$(cat VERSION)
docker tag kubeovn/kube-ovn-base:$TAG-amd64 kubeovn/kube-ovn-base:$TAG
docker tag kubeovn/kube-ovn-base:$TAG-debug-amd64 kubeovn/kube-ovn-base:$TAG-debug
make build-kube-ovn
else
make image-kube-ovn
fi
make tar-kube-ovn
- name: Build dpdk
run: |
if [ ${{ needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base || 0 }} = 1 ]; then
TAG=$(cat VERSION)
docker tag kubeovn/kube-ovn-base:$TAG-amd64-dpdk kubeovn/kube-ovn-base:$TAG-dpdk
make build-kube-ovn-dpdk
else
make image-kube-ovn-dpdk
fi
make tar-kube-ovn-dpdk
- name: Upload images to artifact
uses: actions/upload-artifact@v4
with:
name: kube-ovn
path: kube-ovn.tar
- name: Upload dpdk images to artifact
uses: actions/upload-artifact@v4
if: github.event_name != 'pull_request'
with:
name: kube-ovn-dpdk
path: kube-ovn-dpdk.tar
build-vpc-nat-gateway:
name: Build vpc-nat-gateway
runs-on: ubuntu-22.04
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Build
run: |
make image-vpc-nat-gateway
make tar-vpc-nat-gateway
- name: Upload image to artifact
uses: actions/upload-artifact@v4
with:
name: vpc-nat-gateway
path: vpc-nat-gateway.tar
build-e2e-binaries:
name: Build E2E Binaries
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- run: make e2e-build
working-directory: ${{ env.E2E_DIR }}
netpol-path-filter:
name: Network Policy Path Filter
if: github.event_name != 'pull_request'
runs-on: ubuntu-22.04
outputs:
test-netpol: ${{ steps.filter.outputs.kube-ovn-controller }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: go.mod
check-latest: true
cache: false
- name: Generate path filter
run: |
filter=".github/path-filters.yaml"
cat > $filter <<EOF
kube-ovn-controller:
- go.mod
- go.sum
EOF
sh hack/go-list.sh pkg/controller | while read f; do
echo "- $f" | tee -a $filter
done
- uses: dorny/paths-filter@v3
id: filter
with:
base: ${{ github.base_ref || github.ref_name }}
filters: .github/path-filters.yaml
list-files: csv
k8s-conformance-e2e:
name: Kubernetes Conformance E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
mode:
- overlay
- underlay
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- name: Remove DNS search domain
run: |
sudo sed -i '/^search/d' /etc/resolv.conf
sudo systemctl restart docker
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Export debug image tag
run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV"
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
VERSION: ${{ env.DEBUG_TAG }}
DEBUG_WRAPPER: valgrind
run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
E2E_NETWORK_MODE: ${{ matrix.mode }}
run: make k8s-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log
path: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log.tar.gz
- name: Check valgrind result
run: |
kubectl -n kube-system rollout restart ds ovs-ovn
kubectl -n kube-system rollout status ds ovs-ovn
sleep 10
kubectl -n kube-system rollout restart deploy ovn-central
kubectl -n kube-system rollout status deploy ovn-central
while true; do
if [ $(kubectl -n kube-system get pod -l app=ovs -o name | wc -l) -eq $(kubectl get node -o name | wc -l) ]; then
break
fi
sleep 1
done
kubectl ko log ovn
kubectl ko log ovs
for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do
echo "Checking if valgrind log file for $daemon exists..."
find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1
done
find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do
if grep -qw 'definitely lost' "$f"; then
echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')."
echo $f
cat "$f"
exit 1
fi;
done
k8s-netpol-e2e:
name: Kubernetes Network Policy E2E
if: |
always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') &&
(needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy'))
needs:
- build-kube-ovn
- build-e2e-binaries
- netpol-path-filter
runs-on: ubuntu-22.04
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- name: Remove DNS search domain
run: |
sudo sed -i '/^search/d' /etc/resolv.conf
sudo systemctl restart docker
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Export debug image tag
run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV"
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
VERSION: ${{ env.DEBUG_TAG }}
DEBUG_WRAPPER: valgrind
run: make kind-install-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
run: make k8s-netpol-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log
path: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
- name: Check valgrind result
run: |
kubectl -n kube-system rollout restart ds ovs-ovn
kubectl -n kube-system rollout status ds ovs-ovn
sleep 10
kubectl -n kube-system rollout restart deploy ovn-central
kubectl -n kube-system rollout status deploy ovn-central
while true; do
if [ $(kubectl -n kube-system get pod -l app=ovs -o name | wc -l) -eq $(kubectl get node -o name | wc -l) ]; then
break
fi
sleep 1
done
kubectl ko log ovn
kubectl ko log ovs
for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do
echo "Checking if valgrind log file for $daemon exists..."
find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1
done
find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do
if grep -qw 'definitely lost' "$f"; then
echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')."
echo $f
cat "$f"
exit 1
fi;
done
cyclonus-netpol-e2e:
name: Cyclonus Network Policy E2E
if: |
always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') &&
(needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy'))
needs:
- build-kube-ovn
- netpol-path-filter
runs-on: ubuntu-22.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Export debug image tag
run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV"
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
VERSION: ${{ env.DEBUG_TAG }}
DEBUG_WRAPPER: valgrind
run: make kind-install-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
run: make cyclonus-netpol-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log
path: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
- name: Check valgrind result
run: |
kubectl -n kube-system rollout restart ds ovs-ovn
kubectl -n kube-system rollout status ds ovs-ovn
sleep 10
kubectl -n kube-system rollout restart deploy ovn-central
kubectl -n kube-system rollout status deploy ovn-central
while true; do
if [ $(kubectl -n kube-system get pod -l app=ovs -o name | wc -l) -eq $(kubectl get node -o name | wc -l) ]; then
break
fi
sleep 1
done
kubectl ko log ovn
kubectl ko log ovs
for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do
echo "Checking if valgrind log file for $daemon exists..."
find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1
done
find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do
if grep -qw 'definitely lost' "$f"; then
echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')."
echo $f
cat "$f"
exit 1
fi;
done
kube-ovn-conformance-e2e:
name: Kube-OVN Conformance E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
mode:
- overlay
- underlay
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Export debug image tag
run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV"
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
VERSION: ${{ env.DEBUG_TAG }}
DEBUG_WRAPPER: valgrind
run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
E2E_NETWORK_MODE: ${{ matrix.mode }}
run: |
make kube-ovn-conformance-e2e
make kind-install-kubevirt
make kube-ovn-kubevirt-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log
path: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: Check valgrind result
run: |
kubectl -n kube-system rollout restart ds ovs-ovn
kubectl -n kube-system rollout status ds ovs-ovn
sleep 10
kubectl -n kube-system rollout restart deploy ovn-central
kubectl -n kube-system rollout status deploy ovn-central
while true; do
if [ $(kubectl -n kube-system get pod -l app=ovs -o name | wc -l) -eq $(kubectl get node -o name | wc -l) ]; then
break
fi
sleep 1
done
kubectl ko log ovn
kubectl ko log ovs
for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do
echo "Checking if valgrind log file for $daemon exists..."
find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1
done
find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do
if grep -qw 'definitely lost' "$f"; then
echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')."
echo $f
cat "$f"
exit 1
fi;
done
- name: Cleanup
run: sh -x dist/images/cleanup.sh
kube-ovn-ic-conformance-e2e:
name: Kube-OVN IC Conformance E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
timeout-minutes: 15
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind clusters
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-ovn-ic-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install-ovn-ic-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
run: make kube-ovn-ic-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
for cluster in `kind get clusters`; do
kubectl config use-context kind-$cluster
make kubectl-ko-log
mv kubectl-ko-log.tar.gz kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-$cluster-ko-log.tar.gz
done
tar zcvf kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz \
`kind get clusters | xargs -I {} echo kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-{}-ko-log.tar.gz`
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-ko-log
path: kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
multus-conformance-e2e:
name: Multus Conformance E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
- ipv6
- dual
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load images
run: docker load -i kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install-${{ matrix.ip-family }}
- name: Install Multus
run: make kind-install-multus
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
run: make kube-ovn-multus-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz multus-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: multus-conformance-e2e-${{ matrix.ip-family }}-ko-log
path: multus-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz
chart-test:
name: Chart Installation/Uninstallation Test
needs: build-kube-ovn
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
ssl:
- "true"
- "false"
timeout-minutes: 30
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
ENABLE_SSL: "${{ matrix.ssl }}"
run: make kind-install-chart
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: Uninstall Kube-OVN
run: make kind-uninstall-chart
underlay-logical-gateway-installation-test:
name: Underlay Logical Gateway Installation Test
needs: build-kube-ovn
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-dual
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install-underlay-logical-gateway-dual
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: Cleanup
run: sh -x dist/images/cleanup.sh
no-ovn-lb-test:
name: Disable OVN LB Test
needs: build-kube-ovn
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN without LoadBalancer
env:
ENABLE_LB: "false"
run: make kind-install
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: Cleanup
run: sh -x dist/images/cleanup.sh
no-np-test:
name: Disable Network Policy Test
needs: build-kube-ovn
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
ENABLE_NP: "false"
run: make kind-install
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: Cleanup
run: sh -x dist/images/cleanup.sh
lb-svc-e2e:
name: LB Service E2E
needs:
- build-kube-ovn
- build-vpc-nat-gateway
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Download vpc-nat-gateway image
uses: actions/download-artifact@v4
with:
name: vpc-nat-gateway
- name: Load images
run: |
docker load -i kube-ovn.tar
docker load -i vpc-nat-gateway.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Multus and Kube-OVN
run: make kind-install-lb-svc
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
run: make kube-ovn-lb-svc-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
webhook-e2e:
name: Webhook E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load images
run: |
docker load -i kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install-webhook
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
run: make kube-ovn-webhook-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz webhook-e2e-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: webhook-e2e-ko-log
path: webhook-e2e-ko-log.tar.gz
installation-compatibility-test:
name: Installation Compatibility Test
needs: build-kube-ovn
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH k8s_version=v1.23.17 make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz installation-compatibility-test-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: installation-compatibility-test-ko-log
path: installation-compatibility-test-ko-log.tar.gz
- name: Cleanup
run: sh -x dist/images/cleanup.sh
cilium-chaining-e2e:
name: Cilium Chaining E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
ip-family:
- ipv4
# - ipv6
# - dual
mode:
- overlay
- underlay
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- uses: azure/[email protected]
with:
version: '${{ env.HELM_VERSION }}'
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- name: Remove DNS search domain
run: |
sudo sed -i '/^search/d' /etc/resolv.conf
sudo systemctl restart docker
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-cilium-chaining-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN with Cilium chaining
run: make kind-install-cilium-chaining-${{ matrix.mode }}-${{ matrix.ip-family }}
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_CILIUM_CHAINING: "true"
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
E2E_NETWORK_MODE: ${{ matrix.mode }}
run: make k8s-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz cilium-chaining-e2e-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: cilium-chaining-e2e-ko-log
path: cilium-chaining-e2e-ko-log.tar.gz
- name: Cleanup
run: sh -x dist/images/cleanup.sh
kube-ovn-ha-e2e:
name: Kube-OVN HA E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
ssl:
- "true"
- "false"
bind-local:
- "true"
- "false"
ip-family:
- ipv4
- ipv6
- dual
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-ha-${{ matrix.ip-family }}
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
env:
NET_STACK: "${{ matrix.ip-family }}"
ENABLE_SSL: "${{ matrix.ssl }}"
ENABLE_BIND_LOCAL_IP: "${{ matrix.bind-local }}"
run: make kind-install-chart
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
run: |
make kube-ovn-security-e2e
make kube-ovn-ha-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log
path: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: Cleanup
run: sh -x dist/images/cleanup.sh
kube-ovn-submariner-conformance-e2e:
name: Kube-OVN Submariner Conformance E2E
needs:
- build-kube-ovn
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install submariner subctl
env:
VERSION: v${{ env.SUBMARINER_VERSION }}
DESTDIR: /usr/local/bin
run: curl -Ls https://get.submariner.io | bash
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init-ovn-submariner
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install-ovn-submariner
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
run: make kube-ovn-submariner-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz kube-ovn-submariner-conformance-e2e-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: kube-ovn-submariner-conformance-e2e-ko-log
path: kube-ovn-submariner-conformance-e2e-ko-log.tar.gz
- name: Cleanup
run: sh -x dist/images/cleanup.sh
iptables-vpc-nat-gw-conformance-e2e:
name: Iptables VPC NAT Gateway E2E
needs:
- build-kube-ovn
- build-vpc-nat-gateway
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Download vpc-nat-gateway image
uses: actions/download-artifact@v4
with:
name: vpc-nat-gateway
- name: Load images
run: |
docker load -i kube-ovn.tar
docker load -i vpc-nat-gateway.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN with VPC NAT gateway enabled
run: make kind-install-vpc-nat-gw
- name: Run E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
run: make iptables-vpc-nat-gw-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
- name: kubectl ko log
if: failure()
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz iptables-vpc-nat-gw-conformance-e2e-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure()
with:
name: iptables-vpc-nat-gw-conformance-e2e-ko-log
path: iptables-vpc-nat-gw-conformance-e2e-ko-log.tar.gz
ovn-vpc-nat-gw-conformance-e2e:
name: OVN VPC NAT Gateway E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_FULL_VER=$(go version | awk '{print $3}')" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load images
run: docker load -i kube-ovn.tar
- name: Create kind cluster
run: |
sudo pip3 install jinjanator
sudo PATH=~/.local/bin:$PATH make kind-init
sudo cp -r /root/.kube/ ~/.kube/
sudo chown -R $(id -un). ~/.kube/
- name: Install Kube-OVN
run: make kind-install
- name: Run Vip E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
run: make vip-conformance-e2e
- name: Run Ovn VPC NAT GW E2E
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
run: make ovn-vpc-nat-gw-conformance-e2e
- name: Check kube ovn pod restarts
run: |
make check-kube-ovn-pod-restarts
push:
name: Push Images
needs:
- k8s-conformance-e2e
- k8s-netpol-e2e
- cyclonus-netpol-e2e
- kube-ovn-conformance-e2e
- kube-ovn-ic-conformance-e2e
- multus-conformance-e2e
- ovn-vpc-nat-gw-conformance-e2e
- iptables-vpc-nat-gw-conformance-e2e
- webhook-e2e
- lb-svc-e2e
- underlay-logical-gateway-installation-test
- chart-test
- installation-compatibility-test
- no-ovn-lb-test
- no-np-test
- cilium-chaining-e2e
- kube-ovn-ha-e2e
- kube-ovn-submariner-conformance-e2e
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
runs-on: ubuntu-22.04
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Download kube-ovn image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Download kube-ovn-dpdk image
uses: actions/download-artifact@v4
if: github.event_name != 'pull_request'
with:
name: kube-ovn-dpdk
- name: Download vpc-nat-gateway image
uses: actions/download-artifact@v4
with:
name: vpc-nat-gateway
- name: Load image
run: |
docker load --input kube-ovn.tar
docker load --input vpc-nat-gateway.tar
if [ '${{ github.event_name }}' != 'pull_request' ]; then
docker load --input kube-ovn-dpdk.tar
fi
- name: Security Scan
run: |
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
make scan
- name: Push
if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'release-')
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
COMMIT: ${{ github.sha }}
run: |
cat VERSION
TAG=$(cat VERSION)
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn-dev:$COMMIT-x86
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-x86
docker tag kubeovn/kube-ovn:$TAG-debug kubeovn/kube-ovn:$TAG-debug-x86
docker tag kubeovn/kube-ovn:$TAG-dpdk kubeovn/kube-ovn:$TAG-dpdk-x86
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway-dev:$COMMIT-x86
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-x86
docker images
docker push kubeovn/kube-ovn:$TAG-x86
docker push kubeovn/kube-ovn-dev:$COMMIT-x86
docker push kubeovn/kube-ovn:$TAG-debug-x86
docker push kubeovn/kube-ovn:$TAG-dpdk-x86
docker push kubeovn/vpc-nat-gateway:$TAG-x86
docker push kubeovn/vpc-nat-gateway-dev:$COMMIT-x86