migrate to nftables and simplify masquerading #142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e | |
on: | |
push: | |
branches: | |
- 'master' | |
- 'main' | |
tags: | |
- 'v*' | |
pull_request: | |
branches: | |
- 'master' | |
- 'main' | |
workflow_dispatch: | |
env: | |
GO_VERSION: "1.22.3" | |
K8S_VERSION: "v1.30.0" | |
KIND_VERSION: "v0.22.0" | |
KIND_CLUSTER_NAME: "kindnet" | |
REGISTRY: ghcr.io | |
IMAGE_NAME: aojea/kindnetd | |
jobs: | |
build: | |
name: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
id: go | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Build | |
run: | | |
docker build -t ghcr.io/aojea/kindnetd:test -f Dockerfile . | |
mkdir _output | |
docker save ghcr.io/aojea/kindnetd:test > _output/kindnetd-image.tar | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: test-image | |
path: _output/kindnetd-image.tar | |
e2e: | |
name: e2e | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
ipFamily: ["ipv4", "ipv6", "dual"] | |
cniMode: ["ptp", "bridge"] | |
env: | |
JOB_NAME: "kindnetd-e2e-${{ matrix.ipFamily }}-${{ matrix.cniMode }}" | |
IP_FAMILY: ${{ matrix.ipFamily }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Enable ipv4 and ipv6 forwarding | |
run: | | |
sudo sysctl -w net.ipv6.conf.all.forwarding=1 | |
sudo sysctl -w net.ipv4.ip_forward=1 | |
- name: Set up environment (download dependencies) | |
run: | | |
TMP_DIR=$(mktemp -d) | |
# Test binaries | |
curl -L https://dl.k8s.io/${{ env.K8S_VERSION }}/kubernetes-test-linux-amd64.tar.gz -o ${TMP_DIR}/kubernetes-test-linux-amd64.tar.gz | |
tar xvzf ${TMP_DIR}/kubernetes-test-linux-amd64.tar.gz \ | |
--directory ${TMP_DIR} \ | |
--strip-components=3 kubernetes/test/bin/ginkgo kubernetes/test/bin/e2e.test | |
# kubectl | |
curl -L https://dl.k8s.io/${{ env.K8S_VERSION }}/bin/linux/amd64/kubectl -o ${TMP_DIR}/kubectl | |
# kind | |
curl -Lo ${TMP_DIR}/kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION }}/kind-linux-amd64 | |
# Install | |
sudo cp ${TMP_DIR}/ginkgo /usr/local/bin/ginkgo | |
sudo cp ${TMP_DIR}/e2e.test /usr/local/bin/e2e.test | |
sudo cp ${TMP_DIR}/kubectl /usr/local/bin/kubectl | |
sudo cp ${TMP_DIR}/kind /usr/local/bin/kind | |
sudo chmod +x /usr/local/bin/* | |
# Create folder to store artifacts | |
mkdir -p _artifacts | |
- name: Create multi node cluster | |
run: | | |
# create cluster | |
cat <<EOF | /usr/local/bin/kind create cluster \ | |
--name ${{ env.KIND_CLUSTER_NAME}} \ | |
--image kindest/node:${{ env.K8S_VERSION }} \ | |
-v7 --wait 1m --retain --config=- | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
networking: | |
ipFamily: ${IP_FAMILY} | |
disableDefaultCNI: true | |
nodes: | |
- role: control-plane | |
- role: worker | |
- role: worker | |
EOF | |
# dump the kubeconfig for later | |
/usr/local/bin/kind get kubeconfig --name ${{ env.KIND_CLUSTER_NAME}} > _artifacts/kubeconfig.conf | |
- uses: actions/download-artifact@v2 | |
with: | |
name: test-image | |
- name: Install kindnetd | |
run: | | |
# preload kindnetd image | |
docker load --input kindnetd-image.tar | |
/usr/local/bin/kind load docker-image ghcr.io/aojea/kindnetd:test --name ${{ env.KIND_CLUSTER_NAME}} | |
- name: install ptp plugin | |
if: ${{ matrix.cniMode == 'ptp' }} | |
run: | | |
sed -i s#aojea/kindnetd.*#aojea/kindnetd:test# install-kindnet.yaml | |
/usr/local/bin/kubectl apply -f ./install-kindnet.yaml | |
- name: install bridge plugin | |
if: ${{ matrix.cniMode == 'bridge' }} | |
run: | | |
sed -i s#aojea/kindnetd.*#aojea/kindnetd:test# install-kindnet-bridge.yaml | |
/usr/local/bin/kubectl apply -f ./install-kindnet-bridge.yaml | |
- name: Get Cluster status | |
run: | | |
# wait network is ready | |
sleep 5 | |
/usr/local/bin/kubectl get nodes -o wide | |
/usr/local/bin/kubectl get pods -A | |
/usr/local/bin/kubectl wait --timeout=1m --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns | |
- name: Workaround CoreDNS for IPv6 airgapped | |
if: ${{ matrix.ipFamily == 'ipv6' }} | |
run: | | |
# Patch CoreDNS to work in Github CI | |
# 1. Github CI doesn´t offer IPv6 connectivity, so CoreDNS should be configured | |
# to work in an offline environment: | |
# https://github.com/coredns/coredns/issues/2494#issuecomment-457215452 | |
# 2. Github CI adds following domains to resolv.conf search field: | |
# .net. | |
# CoreDNS should handle those domains and answer with NXDOMAIN instead of SERVFAIL | |
# otherwise pods stops trying to resolve the domain. | |
# Get the current config | |
original_coredns=$(/usr/local/bin/kubectl get -oyaml -n=kube-system configmap/coredns) | |
echo "Original CoreDNS config:" | |
echo "${original_coredns}" | |
# Patch it | |
fixed_coredns=$( | |
printf '%s' "${original_coredns}" | sed \ | |
-e 's/^.*kubernetes cluster\.local/& net/' \ | |
-e '/^.*upstream$/d' \ | |
-e '/^.*fallthrough.*$/d' \ | |
-e '/^.*forward . \/etc\/resolv.conf$/d' \ | |
-e '/^.*loop$/d' \ | |
) | |
echo "Patched CoreDNS config:" | |
echo "${fixed_coredns}" | |
printf '%s' "${fixed_coredns}" | /usr/local/bin/kubectl apply -f - | |
- name: Run tests | |
run: | | |
export KUBERNETES_CONFORMANCE_TEST='y' | |
export E2E_REPORT_DIR=${PWD}/_artifacts | |
# Run tests | |
/usr/local/bin/ginkgo --nodes=25 \ | |
--focus="\[Conformance\]|\[sig-network\]" \ | |
--skip="Feature|Federation|machinery|PerformanceDNS|DualStack|Disruptive|Serial|Slow|KubeProxy|LoadBalancer|GCE|Netpol|NetworkPolicy|NodeConformance" \ | |
/usr/local/bin/e2e.test \ | |
-- \ | |
--kubeconfig=${PWD}/_artifacts/kubeconfig.conf \ | |
--provider=local \ | |
--dump-logs-on-failure=false \ | |
--report-dir=${E2E_REPORT_DIR} \ | |
--disable-log-dump=true | |
- name: Upload Junit Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: kind-junit-${{ env.JOB_NAME }}-${{ github.run_id }} | |
path: './_artifacts/*.xml' | |
- name: Export logs | |
if: always() | |
run: | | |
/usr/local/bin/kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug ./_artifacts/logs | |
- name: Upload logs | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }} | |
path: ./_artifacts/logs |