[RELEASE-1.12] Drop extra network-policies (#78) #6463
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e | |
on: | |
pull_request: | |
branches: [ 'main', 'release-*' ] | |
push: | |
branches: [ 'main', 'release-*' ] | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./src/knative.dev/net-istio | |
jobs: | |
test: | |
name: test | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false # Keep running if one leg fails. | |
matrix: | |
k8s-version: | |
- v1.26.x | |
- v1.27.x | |
- v1.28.x | |
test-suite: | |
- ./test/conformance | |
- ./test/e2e | |
istio-version: | |
- latest | |
encryption: | |
- disabled | |
- system-internal-tls | |
istio-profile: | |
- no-mesh | |
- ambient | |
env: | |
GOPATH: ${{ github.workspace }} | |
KO_DOCKER_REPO: kind.local | |
# Use a semi-random cluster suffix, but somewhat predictable | |
# so reruns don't just give us a completely new value. | |
CLUSTER_SUFFIX: c${{ github.run_id }}.local | |
steps: | |
- name: Set up Go 1.21.x | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.21.x | |
- name: Install Dependencies | |
working-directory: ./ | |
run: | | |
echo '::group:: install ko' | |
curl -L https://github.com/google/ko/releases/download/v0.12.0/ko_0.12.0_Linux_x86_64.tar.gz | tar xzf - ko | |
chmod +x ./ko | |
sudo mv ko /usr/local/bin | |
echo '::endgroup::' | |
- name: Check out code onto GOPATH | |
uses: actions/checkout@v3 | |
with: | |
path: ./src/knative.dev/net-istio | |
- name: Create KinD Cluster | |
uses: chainguard-dev/actions/setup-kind@main | |
id: kind | |
with: | |
k8s-version: ${{ matrix.k8s-version }} | |
kind-worker-count: 1 | |
cluster-suffix: "${CLUSTER_SUFFIX}" | |
- name: Install Knative net-istio | |
run: | | |
set -o pipefail | |
# Replace cluster.local with random suffix. | |
sed -ie "s/cluster\.local/${CLUSTER_SUFFIX}/g" third_party/istio-${{ matrix.istio-version }}/istio-kind-${{ matrix.istio-profile }}/istio.yaml | |
# Deploy Istio | |
./third_party/istio-${{ matrix.istio-version }}/install-istio.sh istio-kind-${{ matrix.istio-profile }} | |
# Build and Publish our containers to the docker daemon (including test assets) | |
ko resolve --platform=linux/amd64 -f test/config/ -f config/ | kubectl apply -f - | |
CONFIG_ISTIO="./third_party/istio-${{ matrix.istio-version }}/istio-kind-${{ matrix.istio-profile }}/config-istio.yaml" | |
if [[ -f "${CONFIG_ISTIO}" ]]; then | |
kubectl apply -f "${CONFIG_ISTIO}" | |
fi | |
echo "GATEWAY_NAMESPACE_OVERRIDE=istio-system" >> $GITHUB_ENV | |
- name: Generate certificates and enable system-internal-tls | |
if: matrix.encryption == 'system-internal-tls' && matrix.istio-profile == 'no-mesh' | |
run: | | |
set -o pipefail | |
echo ">> Deploy certificate for upstream traffic" | |
./test/generate-upstream-cert.sh | |
echo ">> Setting environment variables for upstream tls" | |
echo "UPSTREAM_TLS_CERT=serving-certs" >> $GITHUB_ENV | |
echo "SERVER_NAME=kn-user-serving-tests" >> $GITHUB_ENV | |
echo ">> Enabling system-internal-tls in config-network" | |
kubectl apply -f test/config/system-internal-tls | |
- name: Upload Test Images | |
run: | | |
# Build and Publish our test images to the docker daemon. | |
./test/upload-test-images.sh | |
- name: Wait for Ready | |
run: | | |
echo Waiting for Pods to become ready. | |
# # TODO: Find a good way to do this with chaos enabled. | |
# kubectl wait pod --for=condition=Ready -n knative-serving -l '!job-name' | |
kubectl wait pod --for=condition=Ready -n ${GATEWAY_NAMESPACE_OVERRIDE} -l '!job-name' | |
# For debugging. | |
kubectl get pods --all-namespaces | |
- name: Run e2e Tests | |
run: | | |
set -x | |
# Exclude the control-plane node, which doesn't seem to expose the nodeport service. | |
IPS=( $(kubectl get nodes -lkubernetes.io/hostname!=kind-control-plane -ojsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}') ) | |
# Run the tests tagged as e2e on the KinD cluster. | |
go test -race -count=1 -short -timeout=20m -tags=e2e ${{ matrix.test-suite }} \ | |
--enable-alpha --enable-beta \ | |
--ingressendpoint="${IPS[0]}" \ | |
--ingressClass=istio.ingress.networking.knative.dev \ | |
--cluster-suffix=$CLUSTER_SUFFIX | |
- name: Post failure notice to Slack | |
uses: rtCamp/[email protected] | |
if: ${{ failure() && github.event_name != 'pull_request' }} | |
env: | |
SLACK_ICON: http://github.com/knative.png?size=48 | |
SLACK_USERNAME: github-actions | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
SLACK_CHANNEL: 'net-istio' | |
SLACK_COLOR: '#8E1600' | |
MSG_MINIMAL: 'true' | |
SLACK_TITLE: Periodic ${{ matrix.k8s-version }} failed. | |
SLACK_MESSAGE: | | |
For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} |