netpol: add allow acl rules for u2o logical gateway (#4420) #13269
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build x86 Image | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| - release-* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| push: | |
| branches: | |
| - master | |
| - release-* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| env: | |
| GO_VERSION: '' | |
| GOSEC_VERSION: '2.19.0' | |
| HELM_VERSION: v3.11.1 | |
| jobs: | |
| build-kube-ovn-base: | |
| name: Build kube-ovn-base | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| build-base: ${{ steps.build.outputs.build-base }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - id: check | |
| run: | | |
| if [ ${{ github.event_name }} != 'pull_request' ]; then | |
| exit | |
| fi | |
| if git diff --name-only HEAD^ HEAD | grep -q ^dist/images/Dockerfile.base; then | |
| echo buildx=1 >> "$GITHUB_OUTPUT" | |
| fi | |
| - uses: jlumbroso/[email protected] | |
| if: steps.check.outputs.buildx == 1 | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: docker/setup-buildx-action@v3 | |
| if: steps.check.outputs.buildx == 1 | |
| - name: Build | |
| id: build | |
| if: steps.check.outputs.buildx == 1 | |
| run: | | |
| if git diff --name-only HEAD^ HEAD | grep -q ^dist/images/Dockerfile.base$; then | |
| make base-amd64 | |
| make base-tar-amd64 | |
| echo build-base=1 >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Upload base images to artifact | |
| if: steps.build.outputs.build-base == 1 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kube-ovn-base | |
| path: image-amd64.tar | |
| build-kube-ovn: | |
| name: Build kube-ovn | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - build-kube-ovn-base | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Setup environment variables | |
| run: | | |
| echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV" | |
| echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-x86-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}-x86- | |
| - name: Unit test | |
| run: | | |
| go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| make ut | |
| - name: Install gosec | |
| run: | | |
| tmp=$(mktemp -d) | |
| archive="gosec_${{ env.GOSEC_VERSION }}_$(go env GOHOSTOS)_$(go env GOHOSTARCH).tar.gz" | |
| wget -q -O "$tmp/$archive" https://github.com/securego/gosec/releases/download/v${{ env.GOSEC_VERSION }}/$archive | |
| tar --no-same-owner -C "$tmp" -xzf "$tmp/$archive" | |
| install "$tmp/gosec" /usr/local/bin | |
| rm -rf $tmp | |
| - name: Download base images | |
| if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn-base | |
| - name: Load base images | |
| if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
| run: | | |
| docker load --input image-amd64.tar | |
| docker tag kubeovn/kube-ovn-base:$TAG-amd64 kubeovn/kube-ovn-base:$TAG | |
| docker tag kubeovn/kube-ovn-base:$TAG-debug-amd64 kubeovn/kube-ovn-base:$TAG-debug | |
| - name: Scan base image | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: image | |
| scanners: vuln | |
| image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }} | |
| format: json | |
| output: trivy-result.json | |
| ignore-unfixed: true | |
| trivyignores: .trivyignore | |
| vuln-type: library | |
| - name: Build kubectl and CNI plugins from source | |
| env: | |
| CGO_ENABLED: "0" | |
| GO_INSTALL: "go install -v -mod=mod -trimpath" | |
| run: | | |
| cat trivy-result.json | |
| dockerfile=${{ github.workspace }}/dist/images/Dockerfile | |
| export GOBIN=`dirname "$dockerfile"` | |
| cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins` | |
| cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'" | |
| jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do | |
| bin=`basename $f` | |
| case $bin in | |
| loopback|macvlan) | |
| echo "Building $bin@$cni_plugins_version from source..." | |
| sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version" | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| ;; | |
| portmap) | |
| echo "Building $bin@$cni_plugins_version from source..." | |
| sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version" | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| ;; | |
| kubectl) | |
| go mod tidy | |
| version=`go list -m -f '{{.Version}}' k8s.io/kubernetes` | |
| mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes` | |
| source "$mod_dir/hack/lib/util.sh" | |
| source "$mod_dir/hack/lib/logging.sh" | |
| source "$mod_dir/hack/lib/version.sh" | |
| repo=kubernetes/kubernetes | |
| commit=unknown | |
| read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" | | |
| jq -r '.object.type,.object.sha')) | |
| if [ $type = "commit" ]; then | |
| commit=$tag_sha | |
| else | |
| commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha') | |
| fi | |
| export KUBE_GIT_COMMIT="${commit}" | |
| export KUBE_GIT_TREE_STATE='clean' | |
| export KUBE_GIT_VERSION="${version}" | |
| export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'` | |
| export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2` | |
| goldflags="all=$(kube::version::ldflags) -s -w" | |
| echo "Building $bin@$version from source..." | |
| $GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| ;; | |
| *) | |
| ;; | |
| esac | |
| done | |
| - name: Build | |
| run: | | |
| go mod tidy | |
| git diff --exit-code go.mod go.sum | |
| make lint | |
| if [ ${{ needs.build-kube-ovn-base.outputs.build-base || 0 }} = 1 ]; then | |
| docker tag kubeovn/kube-ovn-base:$TAG-amd64 kubeovn/kube-ovn-base:$TAG | |
| docker tag kubeovn/kube-ovn-base:$TAG-amd64-no-avx512 kubeovn/kube-ovn-base:$TAG-no-avx512 | |
| docker tag kubeovn/kube-ovn-base:$TAG-debug-amd64 kubeovn/kube-ovn-base:$TAG-debug | |
| make build-kube-ovn | |
| else | |
| make image-kube-ovn | |
| fi | |
| make tar-kube-ovn | |
| - name: Upload images to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| path: kube-ovn.tar | |
| build-vpc-nat-gateway: | |
| name: Build vpc-nat-gateway | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Build | |
| run: | | |
| make image-vpc-nat-gateway | |
| make tar-vpc-nat-gateway | |
| - name: Upload image to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: vpc-nat-gateway | |
| path: vpc-nat-gateway.tar | |
| build-e2e-binaries: | |
| name: Build E2E Binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Lookup Go cache | |
| id: lookup-go-cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| lookup-only: true | |
| - uses: jlumbroso/[email protected] | |
| if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - name: Go cache | |
| if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install ginkgo | |
| if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - run: make e2e-build | |
| if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
| working-directory: ${{ env.E2E_DIR }} | |
| netpol-path-filter: | |
| name: Network Policy Path Filter | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| test-netpol: ${{ steps.filter.outputs.kube-ovn-controller }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Generate path filter | |
| run: | | |
| filter=".github/path-filters.yaml" | |
| cat > $filter <<EOF | |
| kube-ovn-controller: | |
| - go.mod | |
| - go.sum | |
| EOF | |
| sh hack/go-list.sh pkg/controller | while read f; do | |
| echo "- $f" | tee -a $filter | |
| done | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| base: ${{ github.base_ref || github.ref_name }} | |
| filters: .github/path-filters.yaml | |
| list-files: csv | |
| k8s-conformance-e2e: | |
| name: Kubernetes Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| mode: | |
| - overlay | |
| - underlay | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Export debug image tag | |
| run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV" | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| VERSION: ${{ env.DEBUG_TAG }} | |
| DEBUG_WRAPPER: valgrind | |
| run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| E2E_NETWORK_MODE: ${{ matrix.mode }} | |
| run: make k8s-conformance-e2e | |
| - name: Check valgrind result | |
| run: | | |
| kubectl -n kube-system delete po -l app=ovs | |
| kubectl -n kube-system wait pod -l app=ovs --for condition=Ready --timeout=90s | |
| sleep 10 | |
| kubectl -n kube-system rollout restart deploy ovn-central | |
| kubectl -n kube-system rollout status deploy ovn-central | |
| while true; do | |
| if [ ! -z "$(kubectl -n kube-system get ep ovn-nb -o jsonpath='{.subsets}')" ]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovn | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovs | |
| for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do | |
| echo "Checking if valgrind log file for $daemon exists..." | |
| find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1 | |
| done | |
| find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do | |
| if grep -qw 'definitely lost' "$f"; then | |
| echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')." | |
| echo $f | |
| cat "$f" | |
| exit 1 | |
| fi; | |
| done | |
| k8s-netpol-e2e: | |
| name: Kubernetes Network Policy E2E | |
| if: | | |
| always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && | |
| (needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy')) | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| - netpol-path-filter | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 90 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Export debug image tag | |
| run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV" | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| VERSION: ${{ env.DEBUG_TAG }} | |
| DEBUG_WRAPPER: valgrind | |
| run: make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make k8s-netpol-e2e | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log all | |
| mv kubectl-ko-log.tar.gz k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log | |
| path: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: Check valgrind result | |
| run: | | |
| kubectl -n kube-system delete po -l app=ovs | |
| kubectl -n kube-system wait pod -l app=ovs --for condition=Ready --timeout=90s | |
| sleep 10 | |
| kubectl -n kube-system rollout restart deploy ovn-central | |
| kubectl -n kube-system rollout status deploy ovn-central | |
| while true; do | |
| if [ ! -z "$(kubectl -n kube-system get ep ovn-nb -o jsonpath='{.subsets}')" ]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovn | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovs | |
| for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do | |
| echo "Checking if valgrind log file for $daemon exists..." | |
| find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1 | |
| done | |
| find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do | |
| if grep -qw 'definitely lost' "$f"; then | |
| echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')." | |
| echo $f | |
| cat "$f" | |
| exit 1 | |
| fi; | |
| done | |
| k8s-netpol-legacy-e2e: | |
| name: Kubernetes Network Policy Legacy E2E | |
| if: | | |
| always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && | |
| (needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy')) | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| - netpol-path-filter | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 90 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Export debug image tag | |
| run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV" | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| VERSION: ${{ env.DEBUG_TAG }} | |
| DEBUG_WRAPPER: valgrind | |
| run: make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make k8s-netpol-legacy-e2e | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log all | |
| mv kubectl-ko-log.tar.gz k8s-netpol-legacy-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: k8s-netpol-legacy-e2e-${{ matrix.ip-family }}-ko-log | |
| path: k8s-netpol-legacy-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: Check valgrind result | |
| run: | | |
| kubectl -n kube-system rollout restart deploy ovn-central | |
| kubectl -n kube-system rollout status deploy ovn-central | |
| kubectl -n kube-system delete po -l app=ovs | |
| kubectl -n kube-system wait pod -l app=ovs --for condition=Ready --timeout=90s | |
| while true; do | |
| if [ ! -z "$(kubectl -n kube-system get ep ovn-nb -o jsonpath='{.subsets}')" ]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovn | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovs | |
| for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do | |
| echo "Checking if valgrind log file for $daemon exists..." | |
| find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1 | |
| done | |
| find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do | |
| if grep -qw 'definitely lost' "$f"; then | |
| echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')." | |
| echo $f | |
| cat "$f" | |
| exit 1 | |
| fi; | |
| done | |
| cyclonus-netpol-e2e: | |
| name: Cyclonus Network Policy E2E | |
| if: | | |
| always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && | |
| (needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy')) | |
| needs: | |
| - build-kube-ovn | |
| - netpol-path-filter | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 45 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Export debug image tag | |
| run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV" | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| VERSION: ${{ env.DEBUG_TAG }} | |
| DEBUG_WRAPPER: valgrind | |
| run: make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make cyclonus-netpol-e2e | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log all | |
| mv kubectl-ko-log.tar.gz cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log | |
| path: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: Check valgrind result | |
| run: | | |
| kubectl -n kube-system delete po -l app=ovs | |
| kubectl -n kube-system wait pod -l app=ovs --for condition=Ready --timeout=90s | |
| sleep 10 | |
| kubectl -n kube-system rollout restart deploy ovn-central | |
| kubectl -n kube-system rollout status deploy ovn-central | |
| while true; do | |
| if [ ! -z "$(kubectl -n kube-system get ep ovn-nb -o jsonpath='{.subsets}')" ]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovn | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovs | |
| for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do | |
| echo "Checking if valgrind log file for $daemon exists..." | |
| find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1 | |
| done | |
| find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do | |
| if grep -qw 'definitely lost' "$f"; then | |
| echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')." | |
| echo $f | |
| cat "$f" | |
| exit 1 | |
| fi; | |
| done | |
| kube-ovn-conformance-e2e: | |
| name: Kube-OVN Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 45 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| mode: | |
| - overlay | |
| - underlay | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Export debug image tag | |
| run: echo "DEBUG_TAG='$(cat VERSION)-debug'" >> "$GITHUB_ENV" | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| VERSION: ${{ env.DEBUG_TAG }} | |
| DEBUG_WRAPPER: valgrind | |
| run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| E2E_NETWORK_MODE: ${{ matrix.mode }} | |
| run: make kube-ovn-conformance-e2e | |
| - name: Check valgrind result | |
| run: | | |
| kubectl -n kube-system delete po -l app=ovs | |
| kubectl -n kube-system wait pod -l app=ovs --for condition=Ready --timeout=90s | |
| sleep 10 | |
| kubectl -n kube-system rollout restart deploy ovn-central | |
| kubectl -n kube-system rollout status deploy ovn-central | |
| while true; do | |
| if [ ! -z "$(kubectl -n kube-system get ep ovn-nb -o jsonpath='{.subsets}')" ]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovn | |
| bash ${{ env.E2E_DIR }}/dist/images/kubectl-ko log ovs | |
| for daemon in ovsdb-nb ovsdb-sb ovn-northd ovn-controller ovsdb-server ovs-vswitchd; do | |
| echo "Checking if valgrind log file for $daemon exists..." | |
| find kubectl-ko-log -type f -name "$daemon.valgrind.log.[[:digit:]]*" -exec false {} + && exit 1 | |
| done | |
| find kubectl-ko-log -type f -name '*.valgrind.log.*' | while read f; do | |
| if grep -qw 'definitely lost' "$f"; then | |
| echo "Memory leak detected in $(basename $f | awk -F. '{print $1}')." | |
| echo $f | |
| cat "$f" | |
| exit 1 | |
| fi; | |
| done | |
| - name: Cleanup | |
| run: | | |
| if [ "${{ matrix.mode }}" != underlay ]; then | |
| sh -x dist/images/cleanup.sh | |
| fi | |
| kube-ovn-ic-conformance-e2e: | |
| name: Kube-OVN IC Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind clusters | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-ovn-ic | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-ovn-ic | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make kube-ovn-ic-conformance-e2e | |
| chart-installation-test: | |
| name: Chart Installation Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-chart | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| underlay-logical-gateway-installation-test: | |
| name: Underlay Logical Gateway Installation Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-dual | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-underlay-logical-gateway-dual | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| no-ovn-lb-test: | |
| name: Disable OVN LB Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN without LoadBalancer | |
| env: | |
| ENABLE_LB: "false" | |
| run: make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| no-np-test: | |
| name: Disable Network Policy Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| ENABLE_NP: "false" | |
| run: make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| lb-svc-e2e: | |
| name: LB Service E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-vpc-nat-gateway | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download kube-ovn image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Download vpc-nat-gateway image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: vpc-nat-gateway | |
| - name: Load images | |
| run: | | |
| docker load -i kube-ovn.tar | |
| docker load -i vpc-nat-gateway.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Multus and Kube-OVN | |
| run: make kind-install-lb-svc | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| run: make kube-ovn-lb-svc-conformance-e2e | |
| installation-compatibility-test: | |
| name: Installation Compatibility Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH k8s_version=v1.23.17 make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| cilium-chaining-e2e: | |
| name: Cilium Chaining E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: '${{ env.HELM_VERSION }}' | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN with Cilium chaining | |
| run: make kind-install-cilium-chaining | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_CILIUM_CHAINING: "true" | |
| run: make k8s-conformance-e2e | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| kube-ovn-ha-e2e: | |
| name: Kube-OVN HA E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ssl: | |
| - "true" | |
| - "false" | |
| bind-local: | |
| - "true" | |
| - "false" | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: jlumbroso/[email protected] | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.20.0 | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-ha-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: | | |
| sudo ENABLE_SSL=${{ matrix.ssl }} ENABLE_BIND_LOCAL_IP=${{ matrix.bind-local }} \ | |
| make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| run: | | |
| make kube-ovn-security-e2e | |
| make kube-ovn-ha-e2e | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| push: | |
| name: Push Images | |
| needs: | |
| - k8s-conformance-e2e | |
| - k8s-netpol-e2e | |
| - k8s-netpol-legacy-e2e | |
| - cyclonus-netpol-e2e | |
| - kube-ovn-conformance-e2e | |
| - kube-ovn-ic-conformance-e2e | |
| - lb-svc-e2e | |
| - underlay-logical-gateway-installation-test | |
| - chart-installation-test | |
| - installation-compatibility-test | |
| - no-ovn-lb-test | |
| - no-np-test | |
| - cilium-chaining-e2e | |
| - kube-ovn-ha-e2e | |
| if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download kube-ovn image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Download vpc-nat-gateway image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: vpc-nat-gateway | |
| - name: Load image | |
| run: | | |
| docker load --input kube-ovn.tar | |
| docker load --input vpc-nat-gateway.tar | |
| - name: Security Scan | |
| run: | | |
| sudo apt-get install wget apt-transport-https gnupg lsb-release | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| make scan | |
| - name: Push | |
| if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'release-') | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| COMMIT: ${{ github.sha }} | |
| run: | | |
| cat VERSION | |
| TAG=$(cat VERSION) | |
| echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
| docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn-dev:$COMMIT-x86 | |
| docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-x86 | |
| docker tag kubeovn/kube-ovn:$TAG-debug kubeovn/kube-ovn:$TAG-debug-x86 | |
| docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway-dev:$COMMIT-x86 | |
| docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-x86 | |
| docker images | |
| docker push kubeovn/kube-ovn:$TAG-x86 | |
| docker push kubeovn/kube-ovn:$TAG-no-avx512 | |
| docker push kubeovn/kube-ovn-dev:$COMMIT-x86 | |
| docker push kubeovn/kube-ovn:$TAG-debug-x86 | |
| docker push kubeovn/vpc-nat-gateway:$TAG-x86 | |
| docker push kubeovn/vpc-nat-gateway-dev:$COMMIT-x86 |