1
name: Network performance GKE
3
# Any change in triggers needs to be reflected in the concurrency group.
7
# For testing uncomment following lines:
12
# By specifying the access of one of the scopes, all of those that are not
13
# specified are set to 'none'.
15
# To be able to access the repository with actions/checkout
17
# To be able to request the JWT from GitHub's OIDC provider
24
# - A unique identifier depending on event type:
26
# - workflow_dispatch: PR number
28
# This structure ensures a unique concurrency group name is generated for each
29
# type of testing, such that re-runs will cancel the previous run.
31
${{ github.workflow }}
32
${{ github.event_name }}
34
(github.event_name == 'schedule' && github.sha) ||
35
(github.event_name == 'workflow_dispatch' && github.event.inputs.PR-number)
37
cancel-in-progress: true
40
clusterName: ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}
41
cilium_cli_ci_version:
44
check_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
45
USE_GKE_GCLOUD_AUTH_PLUGIN: True
50
installation-and-perf:
51
name: Installation and Perf Test
52
runs-on: ubuntu-latest
55
job_name: "Installation and Perf Test"
97
name: "native-ipsec-hubble"
103
name: "tunnel-ipsec-hubble"
109
- name: Checkout context ref (trusted)
110
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
112
ref: ${{ inputs.context-ref || github.sha }}
113
persist-credentials: false
115
- name: Set Environment Variables
116
uses: ./.github/actions/set-env-variables
118
- name: Set up job variables
121
if [ "${{ github.event_name }}" = "workflow_dispatch" ] || [ ${{ github.event.pull_request }} ] ; then
122
SHA="${{ inputs.image-tag }}"
123
OWNER="${{ inputs.PR-number }}"
125
SHA="${{ github.sha }}"
126
OWNER="${{ github.ref_name }}"
130
CILIUM_INSTALL_DEFAULTS="--chart-directory=install/kubernetes/cilium \
131
--cluster-name=${{ env.clusterName }}-${{ matrix.index }} \
132
--helm-set=agentNotReadyTaintKey=ignore-taint.cluster-autoscaler.kubernetes.io/cilium-agent-not-ready \
133
--helm-set=debug.enabled=false \
134
--helm-set=bpf.monitorAggregation=maximum \
135
--helm-set=hubble.enabled=${{ matrix.hubble == 'true' }} \
138
# only add SHA to the image tags if it was set
139
if [ -n "${SHA}" ]; then
140
echo sha=${SHA} >> $GITHUB_OUTPUT
141
CILIUM_INSTALL_DEFAULTS+=" --helm-set=image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci \
142
--helm-set=image.useDigest=false \
143
--helm-set=image.tag=${SHA} \
144
--helm-set=operator.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/operator \
145
--helm-set=operator.image.suffix=-ci \
146
--helm-set=operator.image.tag=${SHA} \
147
--helm-set=operator.image.useDigest=false \
148
--helm-set=clustermesh.apiserver.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/clustermesh-apiserver-ci \
149
--helm-set=clustermesh.apiserver.image.tag=${SHA} \
150
--helm-set=clustermesh.apiserver.image.useDigest=false \
151
--helm-set=hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \
152
--helm-set=hubble.relay.image.tag=${SHA} \
153
--helm-set=hubble.relay.image.useDigest=false"
156
CILIUM_INSTALL_DEFAULTS+=" --datapath-mode=${{ matrix.mode }}"
158
if [ "${{ matrix.encryption }}" = "ipsec" ] ; then
159
CILIUM_INSTALL_DEFAULTS+=" --helm-set=encryption.enabled=true --helm-set=encryption.type=ipsec"
162
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
163
echo owner=${OWNER} >> $GITHUB_OUTPUT
165
- name: Install Cilium CLI
166
uses: cilium/cilium-cli@7306e3cdc6caee738157f08e3e1ba26179f104e5 # v0.15.23
168
repository: ${{ env.CILIUM_CLI_RELEASE_REPO }}
169
release-version: ${{ env.CILIUM_CLI_VERSION }}
170
ci-version: ${{ env.cilium_cli_ci_version }}
172
- name: Set up gcloud credentials
174
uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1
176
workload_identity_provider: ${{ secrets.GCP_PERF_WORKLOAD_IDENTITY_PROVIDER }}
177
service_account: ${{ secrets.GCP_PERF_SA }}
178
create_credentials_file: true
179
export_environment_variables: true
181
- name: Set up gcloud CLI
182
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
184
project_id: ${{ secrets.GCP_PERF_PROJECT_ID }}
187
- name: Install gke-gcloud-auth-plugin
189
gcloud components install gke-gcloud-auth-plugin
191
- name: Display gcloud CLI info
195
- name: Create GKE cluster
197
gcloud container clusters create ${{ env.clusterName }}-${{ matrix.index }} \
198
--labels "usage=${{ github.repository_owner }}-${{ github.event.repository.name }},owner=${{ steps.vars.outputs.owner }}" \
199
--zone ${{ env.gcp_zone }} \
200
--cluster-version ${{ env.k8s_version }} \
202
--create-subnetwork="range=/26" \
203
--cluster-ipv4-cidr="/21" \
204
--services-ipv4-cidr="/24" \
205
--image-type COS_CONTAINERD \
207
--machine-type n2-standard-2 \
208
--disk-type pd-standard \
210
--node-taints ignore-taint.cluster-autoscaler.kubernetes.io/cilium-agent-not-ready=true:NoExecute
212
- name: Get cluster credentials
214
gcloud container clusters get-credentials ${{ env.clusterName }}-${{ matrix.index }} --zone ${{ env.gcp_zone }}
216
- name: Wait for images to be available
220
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
221
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
224
- name: Create custom IPsec secret
225
if: ${{ matrix.encryption == 'ipsec' }}
227
kubectl create -n kube-system secret generic cilium-ipsec-keys --from-literal=keys="15 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
229
- name: Install Cilium
232
cilium install --dry-run-helm-values ${{ steps.vars.outputs.cilium_install_defaults }}
233
cilium install ${{ steps.vars.outputs.cilium_install_defaults }}
235
- name: Wait for Cilium to be ready
237
cilium status --wait --wait-duration=10m
238
kubectl get pods -n kube-system
239
kubectl -n kube-system exec daemonset/cilium -- cilium-dbg status
241
- name: Run perf test (${{ matrix.name }})
245
cilium connectivity perf --duration=30s --host-net=true --pod-net=true --report-dir=./output
248
if: ${{ always() && steps.run-perf.outcome != 'skipped' && steps.run-perf.outcome != 'cancelled' }}
251
cilium sysdump --output-filename cilium-sysdump-final
256
while [ "$(gcloud container operations list --zone ${{ env.gcp_zone }} --filter="status=RUNNING AND targetLink~${{ env.clusterName }}-${{ matrix.index }}" --format="value(name)")" ];do
257
echo "cluster has an ongoing operation, waiting for all operations to finish"; sleep 15
259
gcloud container clusters delete ${{ env.clusterName }}-${{ matrix.index }} --zone ${{ env.gcp_zone }} --quiet --async
260
shell: bash {0} # Disable default fail-fast behavior so that all commands run independently
262
- name: Export results and sysdump to GS bucket
263
if: ${{ always() && steps.run-perf.outcome != 'skipped' && steps.run-perf.outcome != 'cancelled' }}
264
uses: cilium/scale-tests-action/export-results@238d773bd07754bfd693a6b22c94eddf3a12778d # main
266
test_name: ${{ env.test_name }}-${{ matrix.name }}
267
results_bucket: ${{ env.GCP_PERF_RESULTS_BUCKET }}
268
artifacts: ./output/*
269
other_files: cilium-sysdump-final.zip