-
Notifications
You must be signed in to change notification settings - Fork 122
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #807 from nik-netlox/main
gh-87 : CICD added for client-loxilb IPSec HA
- Loading branch information
Showing
38 changed files
with
3,147 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: K8s-Calico-Cluster-IPSec-HA-Sanity-CI | ||
| on: | ||
| schedule: | ||
| # Runs "At 19:00 UTC every day-of-week" | ||
| - cron: '0 19 * * *' | ||
| workflow_dispatch: | ||
| inputs: | ||
| testName: | ||
| description: 'Test Run-Name' | ||
| required: true | ||
| default: 'k8s-calico-cluster-ipsec-ha' | ||
| jobs: | ||
| test-runner: | ||
| name: k8s-calico-cluster-ipsec-ha-sanity | ||
| runs-on: [self-hosted, large] | ||
| if: github.repository == 'loxilb-io/loxilb' | ||
| && github.event.inputs.tagName == '' | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Run the test | ||
| run: | | ||
| cd cicd/k8s-calico-ipsec-ha | ||
| ./config.sh | ||
| ./validation_with_sctp.sh | ||
| cd - | ||
| - name: Clean test-bed | ||
| if: success() || failure() | ||
| run: | | ||
| cd cicd/k8s-calico-ipsec-ha || true | ||
| ./rmconfig.sh | ||
| cd - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| ## Test Case Description | ||
|
|
||
| This scenario will demonstrate LoxiLB with ipsec in HA mode(clustering). The setup will have 2 LoxiLB nodes, K8s(1 Master Nodes & 2 Worker Nodes) cluster with Calico CNI in ipvs mode. LoxiLB will be running as external Service LB. Workloads will be spawned in all the cluster nodes. | ||
|
|
||
| Client will be connected to the LoxiLB with L3 network over IPSec tunnels. Client and LoxiLB will do eBGP peering over IPSec tunnels where Cluster nodes and LoxiLB will do iBGP. LoxiLB will advertise the Service CIDR or VirtualIP to the client and cluster nodes. | ||
|
|
||
| Service CIDR will also be a Virtual IP, different from the K8s cluster network. | ||
|
|
||
| In scenarios where LoxiLB runs outside of the cluster in HA mode, it is advised to create LB services in fullnat mode for ease of connectivity. | ||
|
|
||
| Please follow the link for detailed explanation about similar scenario(except ipsec): https://www.loxilb.io/post/k8s-deploying-hitless-and-ha-load-balancing | ||
|
|
||
| If you wish to create this scenario in your lab then install Vagrant and follow the steps below: | ||
|
|
||
| 1. Run ./config.sh to setup the K8s cluster, client and LoxiLB nodes | ||
|
|
||
| 2. Run ./validation.sh to run the TCP HA test or ./validation_with_sctp.sh to run TCP & SCTP HA Test. Test Results will be displayed at the end. | ||
|
|
||
| 3. Run ./rmconfig.sh to cleanup the setup. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| # -*- mode: ruby -*- | ||
| # vi: set ft=ruby : | ||
|
|
||
| require "yaml" | ||
| settings = YAML.load_file "yaml/settings.yaml" | ||
|
|
||
| workers = settings["nodes"]["workers"]["count"] | ||
| loxilbs = (ENV['LOXILBS'] || "2").to_i | ||
|
|
||
| Vagrant.configure("2") do |config| | ||
|
|
||
| if Vagrant.has_plugin?("vagrant-vbguest") | ||
| config.vbguest.auto_update = false | ||
| end | ||
| config.vm.define "host" do |host| | ||
| host.vm.hostname = 'host1' | ||
| host.vm.box = settings["software"]["cluster"]["box"] | ||
| host.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0" | ||
| host.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0" | ||
| host.vm.provision :shell, :path => "node_scripts/host.sh" | ||
| host.vm.provider :virtualbox do |vbox| | ||
| vbox.customize ["modifyvm", :id, "--memory", 2048] | ||
| vbox.customize ["modifyvm", :id, "--cpus", 1] | ||
| end | ||
| end | ||
|
|
||
| (1..loxilbs).each do |node_number| | ||
| config.vm.define "llb#{node_number}" do |loxilb| | ||
| loxilb.vm.box = settings["software"]["loxilb"]["box"]["name"] | ||
| loxilb.vm.box_version = settings["software"]["loxilb"]["box"]["version"] | ||
| loxilb.vm.hostname = "llb#{node_number}" | ||
| ip = node_number + 251 | ||
| loxilb.vm.network :private_network, ip: "192.168.80.#{ip}", :netmask => "255.255.255.0" | ||
| loxilb.vm.network :private_network, ip: "192.168.90.#{ip}", :netmask => "255.255.255.0" | ||
| loxilb.vm.provision :shell, :path => "node_scripts/loxilb#{node_number}.sh" | ||
| loxilb.vm.provider :virtualbox do |vbox| | ||
| vbox.customize ["modifyvm", :id, "--memory", 4096] | ||
| vbox.customize ["modifyvm", :id, "--cpus", 2] | ||
| vbox.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] | ||
| end | ||
| end | ||
| end | ||
|
|
||
| config.vm.define "master" do |master| | ||
| master.vm.box = settings["software"]["cluster"]["box"] | ||
| master.vm.hostname = 'master' | ||
| master.vm.network :private_network, ip: settings["network"]["control_ip"], :netmask => "255.255.255.0" | ||
| master.vm.provision "shell", | ||
| env: { | ||
| "DNS_SERVERS" => settings["network"]["dns_servers"].join(" "), | ||
| "ENVIRONMENT" => settings["environment"], | ||
| "KUBERNETES_VERSION" => settings["software"]["kubernetes"], | ||
| "OS" => settings["software"]["os"] | ||
| }, | ||
| path: "node_scripts/common.sh" | ||
| master.vm.provision "shell", | ||
| env: { | ||
| "CALICO_VERSION" => settings["software"]["calico"], | ||
| "CONTROL_IP" => settings["network"]["control_ip"], | ||
| "POD_CIDR" => settings["network"]["pod_cidr"], | ||
| "SERVICE_CIDR" => settings["network"]["service_cidr"] | ||
| }, | ||
| path: "node_scripts/master.sh" | ||
|
|
||
| master.vm.provider :virtualbox do |vbox| | ||
| vbox.customize ["modifyvm", :id, "--memory", 4096] | ||
| vbox.customize ["modifyvm", :id, "--cpus", 2] | ||
| vbox.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] | ||
| end | ||
| end | ||
|
|
||
| (1..workers).each do |node_number| | ||
| config.vm.define "worker#{node_number}" do |worker| | ||
| worker.vm.box = settings["software"]["cluster"]["box"] | ||
| worker.vm.hostname = "worker#{node_number}" | ||
| ip = node_number + 200 | ||
| worker.vm.network :private_network, ip: "192.168.80.#{ip}", :netmask => "255.255.255.0" | ||
| worker.vm.provision "shell", | ||
| env: { | ||
| "DNS_SERVERS" => settings["network"]["dns_servers"].join(" "), | ||
| "ENVIRONMENT" => settings["environment"], | ||
| "KUBERNETES_VERSION" => settings["software"]["kubernetes"], | ||
| "OS" => settings["software"]["os"] | ||
| }, | ||
| path: "node_scripts/common.sh" | ||
| worker.vm.provision "shell", path: "node_scripts/worker.sh" | ||
|
|
||
| worker.vm.provider :virtualbox do |vbox| | ||
| vbox.customize ["modifyvm", :id, "--memory", 4096] | ||
| vbox.customize ["modifyvm", :id, "--cpus", 2] | ||
| vbox.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] | ||
| end | ||
| end | ||
| end | ||
| end |
Oops, something went wrong.