Merge pull request #860 from nik-netlox/main

gh-87 : GW API CICD added

.github/workflows/k3s-loxi-gwapi.yml

@@ -0,0 +1,33 @@
+name: K3s-Loxi-GWAPI-Sanity-CI
+on:
+ schedule:
+ # Runs "At 7:00 UTC every day-of-week"
+ - cron: '0 7 * * *'
+ workflow_dispatch:
+    inputs:
+      testName:
+        description: 'Test Run-Name'     
+        required: true
+        default: 'k3s-loxi-gwapi'
+jobs:
+  build:
+    name: k3s-loxi-gwapi-sanity
+    runs-on: [self-hosted, large]
+    if: github.repository == 'loxilb-io/loxilb' 
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - name: Run K3s LoxiGWAPI CICD
+        run: |
+         cd cicd/k3s-flannel-loxilb-gwapi
+         ./config.sh
+         ./validation.sh
+         ./rmconfig.sh
+         cd -
+      - name: Clean test-bed
+        if: success() || failure()
+        run: |
+          cd cicd/k3s-flannel-loxilb-gwapi/ || true
+          ./rmconfig.sh
+          cd -

cicd/k3s-flannel-loxilb-gwapi/Vagrantfile

@@ -0,0 +1,39 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+workers = (ENV['WORKERS'] || "1").to_i
+#box_name = (ENV['VAGRANT_BOX'] || "ubuntu/focal64")
+box_name = (ENV['VAGRANT_BOX'] || "sysnet4admin/Ubuntu-k8s")
+box_version = "0.7.1"
+Vagrant.configure("2") do |config|
+  config.vm.box = "#{box_name}"
+  config.vm.box_version = "#{box_version}"
+
+  if Vagrant.has_plugin?("vagrant-vbguest")
+    config.vbguest.auto_update = false
+  end
+
+  config.vm.define "loxilb" do |loxilb|
+    loxilb.vm.hostname = 'llb1'
+    #loxilb.vm.network "forwarded_port", guest: 55002, host: 5502, protocol: "tcp"
+    loxilb.vm.network :private_network, ip: "192.168.80.90", :netmask => "255.255.255.0"
+    loxilb.vm.network :private_network, ip: "192.168.90.90", :netmask => "255.255.255.0"
+    loxilb.vm.provision :shell, :path => "loxilb.sh"
+    loxilb.vm.provider :virtualbox do |vbox|
+        vbox.customize ["modifyvm", :id, "--memory", 6000]
+        vbox.customize ["modifyvm", :id, "--cpus", 4]
+    end
+  end
+
+
+  config.vm.define "master" do |master|
+    master.vm.hostname = 'master'
+    master.vm.network :private_network, ip: "192.168.80.100", :netmask => "255.255.255.0"
+    master.vm.provision :shell, :path => "master.sh"
+    master.vm.provider :virtualbox do |vbox|
+        vbox.customize ["modifyvm", :id, "--memory", 8192]
+        vbox.customize ["modifyvm", :id, "--cpus", 4]
+    end
+  end
+
+end

cicd/k3s-flannel-loxilb-gwapi/config.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+vagrant global-status  | grep -i virtualbox | cut -f 1 -d ' ' | xargs -L 1 vagrant destroy -f
+vagrant up

cicd/k3s-flannel-loxilb-gwapi/gateway.yaml

@@ -0,0 +1,35 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: test-gateway
+  namespace: kube-system
+spec:
+  gatewayClassName: test-gc
+  listeners:
+  - name: tcp-listener
+    protocol: TCP
+    port: 21818
+    allowedRoutes:
+      kinds:
+      - kind: TCPRoute
+  - name: udp-listener
+    protocol: UDP
+    port: 21819
+    allowedRoutes:
+      kinds:
+      - kind: UDPRoute
+  - name: http-listener
+    protocol: HTTP
+    port: 80
+    allowedRoutes:
+      kinds:
+      - kind: HTTPRoute
+  - name: https-listener 
+    protocol: HTTPS # Other possible value is `TLS`
+    port: 443
+    tls:
+      mode: Terminate # If protocol is `TLS`, `Passthrough` is a possible mode
+      certificateRefs:
+      - kind: Secret
+        group: ""
+        name: loxilb-ssl

cicd/k3s-flannel-loxilb-gwapi/gatewayclass.yaml

@@ -0,0 +1,7 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: test-gc
+  namespace: kube-system
+spec:
+  controllerName: "loxilb.io/loxilb"

cicd/k3s-flannel-loxilb-gwapi/httpRoute.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: http-deployment
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: http
+  template:
+    metadata:
+      labels:
+        app: http
+    spec:
+      containers:
+        - name: http-pod
+          image: ghcr.io/loxilb-io/nginx:stable
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: http-service
+spec:
+  selector:
+    app: http
+  ports:
+    - protocol: TCP
+      name: tcpport81
+      port: 81
+      targetPort: 8081
+    - protocol: TCP
+      name: tcpport80
+      port: 80
+      targetPort: 8080
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: test-http-route
+  namespace: kube-system
+spec:
+  parentRefs:
+    - name: test-gateway
+      namespace: kube-system
+      sectionName: http-listener
+  hostnames:
+     - "test.loxilb.gateway.http"
+  rules:
+    - backendRefs:
+      - name: http-service
+        namespace: default
+        port: 80

cicd/k3s-flannel-loxilb-gwapi/httpsRoute.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: https-deployment
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: https
+  template:
+    metadata:
+      labels:
+        app: https
+    spec:
+      containers:
+        - name: https-pod
+          image: ghcr.io/loxilb-io/nginx:stable
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: https-service
+spec:
+  selector:
+    app: https
+  ports:
+    - protocol: TCP
+      name: tcpport81
+      port: 81
+      targetPort: 8081
+    - protocol: TCP
+      name: tcpport80
+      port: 80
+      targetPort: 8080
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: test-https-route
+  namespace: kube-system
+spec:
+  parentRefs:
+    - name: test-gateway
+      namespace: kube-system
+      sectionName: https-listener
+  hostnames:
+     - "test.loxilb.gateway.https"
+  rules:
+    - backendRefs:
+      - name: https-service
+        namespace: default
+        port: 80

cicd/k3s-flannel-loxilb-gwapi/ingress/loxilb-ingress-deploy.yml

@@ -0,0 +1,139 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/instance: loxilb-ingress
+    app.kubernetes.io/name: loxilb-ingress
+  name: loxilb-ingress
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: loxilb-ingress
+    app.kubernetes.io/name: loxilb-ingress
+  name: loxilb-ingress
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: loxilb-ingress
+    app.kubernetes.io/name: loxilb-ingress
+  name: loxilb-ingress
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
+  - watch
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: loxilb-ingress
+    app.kubernetes.io/name: loxilb-ingress
+  name: loxilb-ingress
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: loxilb-ingress
+subjects:
+- kind: ServiceAccount
+  name: loxilb-ingress
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: loxilb-ingress
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: loxilb-ingress-app
+      app.kubernetes.io/instance: loxilb-ingress
+      app.kubernetes.io/name: loxilb-ingress
+  template:
+    metadata:
+      name: loxilb-ingress
+      labels:
+        app: loxilb-ingress-app
+        app.kubernetes.io/instance: loxilb-ingress
+        app.kubernetes.io/name: loxilb-ingress
+    spec:
+      #hostNetwork: true
+      #dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: loxilb-ingress
+      containers:
+      - name: loxilb-ingress
+        volumeMounts:
+          - mountPath: "/opt/loxilb/cert/"
+            name: loxilb-ssl
+        image: "ghcr.io/loxilb-io/loxilb-ingress:latest"
+        imagePullPolicy: Always
+        command: [ "/bin/loxilb-ingress" ]
+        ports:
+        - containerPort: 11111
+        livenessProbe:
+          httpGet:
+            path: netlox/v1/config/loadbalancer/all
+            port: 11111
+          initialDelaySeconds: 30
+          periodSeconds: 20
+          timeoutSeconds: 5
+      volumes:
+        - name: loxilb-ssl
+          secret:
+            secretName: loxilb-ssl

cicd/k3s-flannel-loxilb-gwapi/k3s.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTXpBME5UWTBNakF3SGhjTk1qUXhNVEF4TVRBeU1ESXdXaGNOTXpReE1ETXdNVEF5TURJdwpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTXpBME5UWTBNakF3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUOFNDRXB0NTBVc2lYVVM1WTlyUXNCRVZPb2ZMTWZWL1JYRlZGV2xNaDEKS2JXblFtMVIzTUJrYzhMNHdXalBlK3haRXdKVThFSmYySVZNWFFxOUZBTVdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXR6ejBNRnd0SEVWMTZ2ckNBVXpQCkFpdlRGNHd3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlMN29pQjBJVHk2NFlVNjl6SGtzMHdmdW81SnJMOTgKT0lZb0kxVHc0Tmw1QWlCTk8xclptNkVJODZ6a3ArWFpCMG9ENU93cjl3T3c3QkxYZCtsZ1JyZ2VRdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://192.168.80.100:6443
+  name: default
+contexts:
+- context:
+    cluster: default
+    user: default
+  name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+- name: default
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJVWdabHVzR21TSFV3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOek13TkRVMk5ESXdNQjRYRFRJME1URXdNVEV3TWpBeU1Gb1hEVEkxTVRFdwpNVEV3TWpBeU1Gb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJJcFVGM2dGRDFuT2FrRlYKWjJzZk50MHE4RjVVUm81ZWUzK0JHSHN2K3lQWC9ucVJ0UmVpcGZUaVljQ1p3Ry9jL2VEMCtSMFp0aGIvWnNMcApaclJndlhDalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjlxUzZJNDRFRkVHLzBRNysvczlheVR2VkxzakFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWdsY2NydkZQNjFvMVYwbjNIWWkxdG1vSHhRNUdEbUtHZnZiRTFEUVo1ZWtDSUhTa2hUYmE5elA3MGNFZQpaQndOSlRTN1JneVlEYmpxYUFoazhNcFB6OHM5Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTXpBME5UWTBNakF3SGhjTk1qUXhNVEF4TVRBeU1ESXdXaGNOTXpReE1ETXdNVEF5TURJdwpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTXpBME5UWTBNakF3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTc0E2U1ZGS3E0QnJWcmwxUUtmNjFseHpNQjQwWmlwRmYraC9lYmlsTkwKaWNRSlRjbkJ3WllLS0tIQmRaVHRMY3AyNzlzcHBGT2lKOUZCSkNUNnF6RGRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWZha3VpT09CQlJCdjlFTy92N1BXCnNrNzFTN0l3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnRGJtQTZ4ME1rTStCZlhNN3ZtR1RhQ1dqbmtMYy9DU1cKU2lPcER1UHBPeXNDSUZQQU1DTXlkK2lQT0srQU53d0hEc1BVcmJrYkRkRmVNVDd3aWVpU0dQMGEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdNSzZsSFpUendsSGU1U3lNQzIxV2loRG9HK3FQNXBkaUM4UTA1UmZVM0xvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFaWxRWGVBVVBXYzVxUVZWbmF4ODIzU3J3WGxSR2psNTdmNEVZZXkvN0k5ZitlcEcxRjZLbAo5T0pod0puQWI5ejk0UFQ1SFJtMkZ2OW13dWxtdEdDOWNBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=