1
name: Conformance AKS (ci-aks)
8
description: "Pull request number."
11
description: "Context in which the workflow runs. If PR is from a fork, will be the PR target branch (general case). If PR is NOT from a fork, will be the PR branch itself (this allows committers to test changes to workflows directly from PRs)."
14
description: "SHA under test (head of the PR branch)."
17
description: "[JSON object] Arbitrary arguments passed from the trigger comment via regex capture group. Parse with 'fromJson(inputs.extra-args).argName' in workflow."
47
${{ github.workflow }}
48
${{ github.event_name }}
50
(github.event_name == 'schedule' && github.sha) ||
51
(github.event_name == 'workflow_dispatch' && github.event.inputs.PR-number)
53
cancel-in-progress: true
56
name: ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}
57
cost_reduction: --node-vm-size Standard_B2s --node-osdisk-size 30
58
cilium_cli_ci_version:
60
check_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
64
name: Commit Status Start
65
runs-on: ubuntu-latest
67
- name: Set initial commit status
68
uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307
70
sha: ${{ inputs.SHA || github.sha }}
74
runs-on: ubuntu-latest
76
matrix: ${{ steps.set-matrix.outputs.matrix }}
78
- name: Checkout context ref (trusted)
79
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
81
ref: ${{ inputs.context-ref || github.sha }}
82
persist-credentials: false
84
- name: Convert YAML to JSON
86
work_dir=".github/actions/azure"
87
destination_directory="/tmp/generated/azure"
88
mkdir -p "${destination_directory}"
90
yq -o=json "${work_dir}/k8s-versions.yaml" | jq . > "${destination_directory}/azure.json"
92
- name: Generate Matrix
95
cd /tmp/generated/azure
100
if [[ "${{ github.event_name }}" == "schedule" || "${{ inputs.PR-number }}" == v* ]];then
101
jq '{ "include": [ .include[] | select(.disabled==null) ] }' azure.json > /tmp/matrix.json
103
jq '{ "include": [ .include[] | select(.default) ] }' azure.json > /tmp/matrix.json
106
echo "Generated matrix:"
108
echo "matrix=$(jq -c . < /tmp/matrix.json)" >> $GITHUB_OUTPUT
110
installation-and-connectivity:
111
name: Installation and Connectivity Test
112
needs: generate-matrix
113
runs-on: ubuntu-latest
116
job_name: "Installation and Connectivity Test"
119
matrix: ${{fromJson(needs.generate-matrix.outputs.matrix)}}
122
- name: Checkout context ref (trusted)
123
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
125
ref: ${{ inputs.context-ref || github.sha }}
126
persist-credentials: false
128
- name: Set Environment Variables
129
uses: ./.github/actions/set-env-variables
131
- name: Override cluster name
133
# Extend default name with matrix index to avoid cluster name conflicts
134
NAME=${{ env.name }}-${{ matrix.index }}
135
echo "name=${NAME}" >> "$GITHUB_ENV"
137
- name: Get Cilium's default values
139
uses: ./.github/actions/helm-default
141
image-tag: ${{ inputs.SHA }}
142
chart-dir: ./untrusted/install/kubernetes/cilium
144
- name: Set up job variables
147
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
148
OWNER="${{ inputs.PR-number }}"
150
OWNER="${{ github.ref_name }}"
154
CILIUM_INSTALL_DEFAULTS="${{ steps.default_vars.outputs.cilium_install_defaults }} \
155
--cluster-name=${{ env.name }} \
156
--helm-set loadBalancer.l7.backend=envoy \
157
--helm-set tls.secretsBackend=k8s \
158
--helm-set=azure.resourceGroup=${{ env.name }}"
159
CONNECTIVITY_TEST_DEFAULTS="--flow-validation=disabled \
160
--hubble=false --collect-sysdump-on-failure --external-target bing.com --external-cidr 8.0.0.0/8 --external-ip 8.8.4.4 --external-other-ip 8.8.8.8"
161
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
162
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT
163
echo sha=${{ steps.default_vars.outputs.sha }} >> $GITHUB_OUTPUT
164
echo owner=${OWNER} >> $GITHUB_OUTPUT
166
- name: Install Cilium CLI
167
uses: cilium/cilium-cli@7306e3cdc6caee738157f08e3e1ba26179f104e5
169
repository: ${{ env.CILIUM_CLI_RELEASE_REPO }}
170
release-version: ${{ env.CILIUM_CLI_VERSION }}
171
ci-version: ${{ env.cilium_cli_ci_version }}
173
- name: Login to Azure
174
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d
176
creds: ${{ secrets.AZURE_PR_SP_CREDS }}
178
- name: Install aks-preview CLI extension
180
az extension add --name aks-preview
181
az extension update --name aks-preview
184
- name: Create AKS cluster
188
--name ${{ env.name }} \
189
--location ${{ matrix.location }} \
190
--tags usage=${{ github.repository_owner }}-${{ github.event.repository.name }} owner=${{ steps.vars.outputs.owner }}
194
--resource-group ${{ env.name }} \
195
--name ${{ env.name }} \
196
--location ${{ matrix.location }} \
197
--kubernetes-version ${{ matrix.version }} \
198
--network-plugin none \
200
${{ env.cost_reduction }} \
203
- name: Get cluster credentials
205
az aks get-credentials \
206
--resource-group ${{ env.name }} \
207
--name ${{ env.name }}
209
- name: Wait for images to be available
213
for image in cilium-ci operator-azure-ci hubble-relay-ci ; do
214
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
219
- name: Checkout pull request branch (NOT TRUSTED)
220
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
222
ref: ${{ steps.vars.outputs.sha }}
223
persist-credentials: false
226
install/kubernetes/cilium
228
- name: Install Cilium
231
cilium install ${{ steps.vars.outputs.cilium_install_defaults }}
237
- name: Wait for Cilium status to be ready
239
cilium status --wait --wait-duration=10m
241
- name: Port forward Relay
243
cilium hubble port-forward&
245
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
247
- name: Make JUnit report directory
249
mkdir -p cilium-junits
251
- name: Run connectivity test (${{ join(matrix.*, ', ') }})
253
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} \
254
--junit-file "cilium-junits/${{ env.job_name }} (${{ join(matrix.*, ', ') }}) - 1.xml" \
255
--junit-property github_job_step="Run connectivity test (${{ join(matrix.*, ', ') }})"
257
- name: Clean up Cilium
259
pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" || test $? -eq 1
260
cilium uninstall --wait
262
- name: Create custom IPsec secret
264
kubectl create -n kube-system secret generic cilium-ipsec-keys --from-literal=keys="15 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
266
- name: Install Cilium with encryption
268
cilium install ${{ steps.vars.outputs.cilium_install_defaults }} \
269
--helm-set encryption.enabled=true \
270
--helm-set encryption.type=ipsec
276
- name: Wait for Cilium status to be ready
278
cilium status --wait --wait-duration=10m
280
- name: Port forward Relay
282
cilium hubble port-forward&
284
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
286
- name: Run connectivity test with IPSec (${{ join(matrix.*, ', ') }})
288
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} --force-deploy \
289
--junit-file "cilium-junits/${{ env.job_name }} (${{ join(matrix.*, ', ') }}) - 2.xml" \
290
--junit-property github_job_step="Run connectivity test with IPSec (${{ join(matrix.*, ', ') }})"
292
- name: Post-test information gathering
293
if: ${{ !success() && steps.install-cilium.outcome != 'skipped' }}
295
kubectl get pods --all-namespaces -o wide
297
cilium sysdump --output-filename cilium-sysdump-final-${{ join(matrix.*, '-') }}
303
az group delete --name ${{ env.name }} --yes --no-wait
306
- name: Upload artifacts
307
if: ${{ !success() }}
308
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
310
name: cilium-sysdumps-${{ matrix.index }}
311
path: cilium-sysdump-*.zip
313
- name: Upload JUnits [junit]
315
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
317
name: cilium-junits-${{ matrix.index }}
318
path: cilium-junits/*.xml
320
- name: Publish Test Results As GitHub Summary
322
uses: aanm/junit2md@332ebf0fddd34e91b03a832cfafaa826306558f9
324
junit-directory: "cilium-junits"
328
name: Merge and Upload Artifacts
329
runs-on: ubuntu-latest
330
needs: installation-and-connectivity
332
- name: Merge Sysdumps
333
if: ${{ needs.installation-and-connectivity.result == 'failure' }}
334
uses: actions/upload-artifact/merge@5d5d22a31266ced268874388b861e4b58bb5c2f3
336
name: cilium-sysdumps
337
pattern: cilium-sysdumps-*
340
continue-on-error: true
342
uses: actions/upload-artifact/merge@5d5d22a31266ced268874388b861e4b58bb5c2f3
345
pattern: cilium-junits-*
351
name: Commit Status Final
352
needs: installation-and-connectivity
353
runs-on: ubuntu-latest
355
- name: Set final commit status
356
uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307
358
sha: ${{ inputs.SHA || github.sha }}
359
status: ${{ needs.installation-and-connectivity.result }}