1
name: Conformance K8s Upstream Network
20
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
21
cancel-in-progress: true
26
cluster_name: cilium-testing
27
cilium_cli_ci_version:
33
kubernetes-e2e-net-conformance:
34
name: Installation and Conformance Test
35
runs-on: ubuntu-latest
43
IP_FAMILY: ${{ matrix.ipFamily }}
46
- name: Checkout main branch to access local actions
47
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
49
ref: ${{ github.event.repository.default_branch }}
50
persist-credentials: false
51
- name: Set Environment Variables
52
uses: ./.github/actions/set-env-variables
54
- name: Enable ipv4 and ipv6 forwarding
56
sudo sysctl -w net.ipv6.conf.all.forwarding=1
57
sudo sysctl -w net.ipv4.ip_forward=1
59
- name: Set up environment (download Kubernetes dependencies)
63
curl -L https://dl.k8s.io/${{ env.k8s_version }}/kubernetes-test-linux-amd64.tar.gz -o ${TMP_DIR}/kubernetes-test-linux-amd64.tar.gz
64
tar xvzf ${TMP_DIR}/kubernetes-test-linux-amd64.tar.gz \
65
--directory ${TMP_DIR} \
66
--strip-components=3 kubernetes/test/bin/ginkgo kubernetes/test/bin/e2e.test
68
curl -L https://dl.k8s.io/${{ env.k8s_version }}/bin/linux/amd64/kubectl -o ${TMP_DIR}/kubectl
70
curl -Lo ${TMP_DIR}/kind https://kind.sigs.k8s.io/dl/${{ env.kind_version }}/kind-linux-amd64
72
sudo cp ${TMP_DIR}/ginkgo /usr/local/bin/ginkgo
73
sudo cp ${TMP_DIR}/e2e.test /usr/local/bin/e2e.test
74
sudo cp ${TMP_DIR}/kubectl /usr/local/bin/kubectl
75
sudo cp ${TMP_DIR}/kind /usr/local/bin/kind
76
sudo chmod +x /usr/local/bin/*
77
sudo rm -rf ${TMP_DIR}
79
- name: Create multi node cluster
81
cat <<EOF | /usr/local/bin/kind create cluster \
82
--name ${{ env.cluster_name}} \
83
--image kindest/node:${{ env.k8s_version }} \
84
-v7 --wait 1m --retain --config=-
86
apiVersion: kind.x-k8s.io/v1alpha4
88
ipFamily: ${IP_FAMILY}
90
disableDefaultCNI: true
97
- name: Workaround CoreDNS for IPv6 airgapped
98
if: ${{ matrix.ipFamily == 'ipv6' }}
100
# Patch CoreDNS to work in Github CI
101
# 1. Github CI doesn´t offer IPv6 connectivity, so CoreDNS should be configured
102
# to work in an offline environment:
103
# https://github.com/coredns/coredns/issues/2494#issuecomment-457215452
104
# 2. Github CI adds following domains to resolv.conf search field:
106
# CoreDNS should handle those domains and answer with NXDOMAIN instead of SERVFAIL
107
# otherwise pods stops trying to resolve the domain.
108
# Get the current config
109
original_coredns=$(/usr/local/bin/kubectl get -oyaml -n=kube-system configmap/coredns)
110
echo "Original CoreDNS config:"
111
echo "${original_coredns}"
114
printf '%s' "${original_coredns}" | sed \
115
-e 's/^.*kubernetes cluster\.local/& net/' \
116
-e '/^.*upstream$/d' \
117
-e '/^.*fallthrough.*$/d' \
118
-e '/^.*forward . \/etc\/resolv.conf$/d' \
121
echo "Patched CoreDNS config:"
122
echo "${fixed_coredns}"
123
printf '%s' "${fixed_coredns}" | /usr/local/bin/kubectl apply -f -
125
- name: Get Cilium's default values
127
uses: ./.github/actions/helm-default
129
image-tag: ${{ github.event.pull_request.head.sha }}
131
- name: Set up job variables
134
# Note: On Kind, we install Cilium with HostPort (portmap CNI chaining) enabled,
135
# to ensure coverage of that feature in cilium connectivity test
136
CILIUM_INSTALL_DEFAULTS="${{ steps.default_vars.outputs.cilium_install_defaults }} \
137
--helm-set=cni.chainingMode=portmap \
138
--helm-set=kubeProxyReplacement=true \
139
--helm-set=sessionAffinity=true \
140
--helm-set=identityChangeGracePeriod="0s""
141
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
142
echo sha=${{ steps.default_vars.outputs.sha }} >> $GITHUB_OUTPUT
144
- name: Install Cilium CLI
145
uses: cilium/cilium-cli@7306e3cdc6caee738157f08e3e1ba26179f104e5
147
repository: ${{ env.CILIUM_CLI_RELEASE_REPO }}
148
release-version: ${{ env.CILIUM_CLI_VERSION }}
149
ci-version: ${{ env.cilium_cli_ci_version }}
151
- name: Checkout code
152
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
154
ref: ${{ steps.vars.outputs.sha }}
155
persist-credentials: false
157
- name: Wait for images to be available
161
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
162
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
165
- name: Install Cilium
168
cilium install --wait ${{ steps.vars.outputs.cilium_install_defaults }}
170
- name: Run Kubernetes sig-network conformance test
176
kind get kubeconfig --name ${{ env.cluster_name }} > _artifacts/kubeconfig.conf
195
export KUBERNETES_CONFORMANCE_TEST='y'
196
export E2E_REPORT_DIR=${PWD}/_artifacts
197
/usr/local/bin/ginkgo --nodes=5 \
198
--focus="(HostPort.*\[Conformance\].*|Services.*\[Conformance\].*|Net.*ol.*)" \
199
--skip="(Legacy|HostPort.validates.that.there.is.no.conflict.between.pods.with.same.hostPort.but.different.hostIP.and.protocol|should.allow.egress.access.to.server.in.CIDR.block|should.enforce.except.clause.while.egress.access.to.server.in.CIDR.block|should.ensure.an.IP.overlapping.both.IPBlock.CIDR.and.IPBlock.Except.is.allowed|Feature:SCTPConnectivity|should.serve.endpoints.on.same.port.and.different.protocols)" \
200
/usr/local/bin/e2e.test \
202
--kubeconfig=${PWD}/_artifacts/kubeconfig.conf \
204
--dump-logs-on-failure=true \
205
--report-dir=${E2E_REPORT_DIR} \
206
--disable-log-dump=true
208
- name: Post-test information gathering
209
if: ${{ !success() && steps.install-cilium.outcome != 'skipped' }}
211
kubectl get pods --all-namespaces -o wide
213
cilium sysdump --output-filename cilium-sysdump-final
214
/usr/local/bin/kind export logs --name ${{ env.cluster_name }} --loglevel=debug ./_artifacts/logs
217
- name: Upload artifacts
218
if: ${{ !success() }}
219
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
221
name: cilium-sysdumps
222
path: cilium-sysdump-*.zip
225
- name: Upload cluster logs
226
if: ${{ !success() }}
227
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
230
path: ./_artifacts/logs
233
- name: Upload Kubernetes e2e Junit Reports
235
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
237
name: kubernetes-e2e-junit
238
path: './_artifacts/*.xml'
240
- name: Publish Test Results As GitHub Summary
242
uses: aanm/junit2md@332ebf0fddd34e91b03a832cfafaa826306558f9
244
junit-directory: "_artifacts"