Skip to content
Smoke test

[Snyk] Security upgrade ubuntu from 16.04 to xenial-20210114 #2556

Sign in to view logs

[Snyk] Security upgrade ubuntu from 16.04 to xenial-20210114

[Snyk] Security upgrade ubuntu from 16.04 to xenial-20210114 #2556

Workflow file for this run

.github/workflows/tests-smoke.yaml at 64753ad
name: Smoke test
# Any change in triggers needs to be reflected in the concurrency group.
on:
pull_request: {}
push:
branches:
- master
- ft/master/**
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
env:
KIND_VERSION: v0.11.1
KIND_CONFIG: .github/kind-config.yaml
CONFORMANCE_TEMPLATE: examples/kubernetes/connectivity-check/connectivity-check.yaml
TIMEOUT: 2m
LOG_TIME: 30m
jobs:
check_changes:
name: Deduce required tests from code changes
runs-on: ubuntu-18.04
outputs:
tested: ${{ steps.tested-tree.outputs.src }}
steps:
- name: Checkout code
if: ${{ !github.event.pull_request }}
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Check code changes
uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721
id: tested-tree
with:
filters: |
src:
- '!(test|Documentation)/**'
preflight-clusterrole:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Check pre-flight clusterrole
run: |
cd install/kubernetes/cilium/templates
echo "Checking for differences between preflight and agent clusterrole"
diff \
-I '^[ ]\{2\}name: cilium.*' \
-I '^Keep file in sync with.*' \
-I '{{- if.*' \
cilium-agent/clusterrole.yaml \
cilium-preflight/clusterrole.yaml
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Run helm lint
run: |
make -C install/kubernetes lint
helm-docs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Run helm-docs
run: |
make -C install/kubernetes docs
test -z "$(git status --porcelain)" || (echo "please run 'make -C install/kubernetes docs' and submit your changes"; exit 1)
helm-charts:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Run helm-charts
run: |
make -C install/kubernetes
test -z "$(git status --porcelain)" || (echo "please run 'make -C install/kubernetes' and submit your changes"; exit 1)
conformance-test:
needs: check_changes
if: ${{ needs.check_changes.outputs.tested == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
- name: Set image tag
id: vars
run: |
if [ ${{ github.event.pull_request.head.sha }} != "" ]; then
echo ::set-output name=tag::${{ github.event.pull_request.head.sha }}
else
echo ::set-output name=tag::${{ github.sha }}
fi
- name: Precheck generated connectivity manifest files
run: |
make -C examples/kubernetes/connectivity-check fmt
make -C examples/kubernetes/connectivity-check all
test -z "$(git status --porcelain)" || (echo "please run 'make -C examples/kubernetes/connectivity-check fmt all' and submit your changes"; exit 1)
- name: Create kind cluster
uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478
with:
version: ${{ env.KIND_VERSION }}
config: ${{ env.KIND_CONFIG }}
- name: Wait for images to be available
timeout-minutes: 30
shell: bash
run: |
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
until curl --silent -f -lSL "https://quay.io/api/v1/repository/${{ github.repository_owner }}/${image}/tag/${{ steps.vars.outputs.tag }}/images" &> /dev/null; do sleep 45s; done
done
- name: Install cilium chart
run: |
helm install cilium ./install/kubernetes/cilium \
--wait \
--namespace kube-system \
--set nodeinit.enabled=true \
--set kubeProxyReplacement=partial \
--set hostServices.enabled=false \
--set externalIPs.enabled=true \
--set nodePort.enabled=true \
--set hostPort.enabled=true \
--set bpf.masquerade=false \
--set ipam.mode=kubernetes \
--set image.repository=quay.io/${{ github.repository_owner }}/cilium-ci \
--set image.tag=${{ steps.vars.outputs.tag }} \
--set image.pullPolicy=IfNotPresent \
--set image.useDigest=false \
--set hubble.relay.enabled=true \
--set hubble.relay.image.repository=quay.io/${{ github.repository_owner }}/hubble-relay-ci \
--set hubble.relay.image.tag=${{ steps.vars.outputs.tag }} \
--set hubble.relay.image.pullPolicy=IfNotPresent \
--set hubble.relay.image.useDigest=false \
--set operator.image.repository=quay.io/${{ github.repository_owner }}/operator \
--set operator.image.suffix=-ci \
--set operator.image.tag=${{ steps.vars.outputs.tag }} \
--set operator.image.pullPolicy=IfNotPresent \
--set operator.image.useDigest=false \
--set prometheus.enabled=true \
--set operator.prometheus.enabled=true \
--set hubble.enabled=true \
--set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}"
kubectl wait -n kube-system --for=condition=Ready --all pod --timeout=5m
# To make sure that cilium CRD is available (default timeout is 5m)
# https://github.com/cilium/cilium/blob/master/operator/crd.go#L34
kubectl wait --for condition=Established crd/ciliumnetworkpolicies.cilium.io --timeout=5m
kubectl port-forward -n kube-system deployment/hubble-relay 4245:4245 &
- name: Run conformance test (e.g. connectivity check)
run: |
kubectl apply -f ${{ env.CONFORMANCE_TEMPLATE }}
kubectl wait --for=condition=Available --all deployment --timeout=${{ env.TIMEOUT }}
- name: Check prometheus metrics
if: ${{ success() }}
run: |
cd $HOME
cilium_pod=$(kubectl -n kube-system get po -o name --field-selector=status.phase==Running -l 'k8s-app=cilium' -o jsonpath='{.items[0].metadata.name}' )
kubectl -n kube-system exec $cilium_pod -- sh -c "apt update && apt install curl -y"
kubectl -n kube-system exec $cilium_pod -- curl http://localhost:9090/metrics > metrics.prom
GO111MODULE=on go get github.com/prometheus/prometheus/cmd/promtool@e4487274853c587717006eeda8804e597d120340 # This is commit hash for v2.24.1
cat metrics.prom | $HOME/go/bin/promtool check metrics
- name: Capture cilium-sysdump
if: ${{ failure() }}
# The following is needed to prevent hubble from receiving an empty
# file (EOF) on stdin and displaying no flows.
shell: 'script -q -e -c "bash --noprofile --norc -eo pipefail {0}"'
run: |
echo "=== Install latest stable CLI ==="
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
cilium version
echo "=== Retrieve cluster state ==="
kubectl get pods --all-namespaces -o wide
cilium status
cilium sysdump --output-filename cilium-sysdump-out
- name: Upload cilium-sysdump
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
if: ${{ failure() }}
with:
name: cilium-sysdump-out.zip
path: cilium-sysdump-out.zip
- name: Send slack notification
if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }}
uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message)
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}