Skip to content

UDN: Ensure pod2service isolation in local gw mode. #20943

UDN: Ensure pod2service isolation in local gw mode.

UDN: Ensure pod2service isolation in local gw mode. #20943

Workflow file for this run

name: ovn-ci
on:
merge_group:
pull_request:
branches: [ master ]
schedule:
- cron: '0 */12 * * *'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ovn-ci-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
GO_VERSION: 1.22.0
K8S_VERSION: v1.30.2
KIND_CLUSTER_NAME: ovn
KIND_INSTALL_INGRESS: true
KIND_ALLOW_SYSTEM_WRITES: true
# This skips tests tagged as Serial
# Current Serial tests are not relevant for OVN
PARALLEL: true
# This must be a directory
CI_IMAGE_CACHE: tmp/image_cache/
CI_IMAGE_MASTER_TAR: image-master.tar
CI_IMAGE_PR_TAR: image-pr.tar
CI_DIST_IMAGES_OUTPUT: dist/images/_output/
jobs:
# separate job for parallelism
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Verify
uses: golangci/golangci-lint-action@v4
with:
version: v1.56.1
working-directory: go-controller
args: --modules-download-mode=vendor --timeout=15m0s --verbose
build-master:
name: Build-master
runs-on: ubuntu-latest
steps:
# Create a cache for the built master image
- name: Restore master image cache
id: image_cache_master
uses: actions/cache@v4
with:
path: |
${{ env.CI_IMAGE_CACHE }}
key: ${{ github.run_id }}-image-cache-master
# if CI_IMAGE_MASTER_TAR isn't in cache, try pulling it and saving to the cache rather
# than building, resort back to building if the cache isn't populated and
# pulling the image fails.
- name: Check if master image build is needed
id: is_master_image_build_needed
continue-on-error: false
run: |
set -x
if [ -f ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}.gz ]; then
cp ${CI_IMAGE_CACHE}/${CI_IMAGE_MASTER_TAR}.gz ${CI_IMAGE_MASTER_TAR}.gz
gunzip ${CI_IMAGE_MASTER_TAR}.gz
echo "MASTER_IMAGE_RESTORED_FROM_CACHE=true" >> "$GITHUB_OUTPUT"
echo "MASTER_IMAGE_RESTORED=true" >> "$GITHUB_OUTPUT"
exit 0
fi
if docker pull ghcr.io/ovn-org/ovn-kubernetes/ovn-kube-fedora:master; then
docker tag ghcr.io/ovn-org/ovn-kubernetes/ovn-kube-fedora:master ovn-daemonset-fedora:dev
echo "MASTER_IMAGE_RESTORED=true" >> "$GITHUB_OUTPUT"
exit 0
fi
# only run the following steps if the master image was not found in the cache
- name: Check out code into the Go module directory - from master branch
if: steps.is_master_image_build_needed.outputs.MASTER_IMAGE_RESTORED != 'true' && success()
uses: actions/checkout@v4
with:
ref: master
- name: Set up Go
if: steps.is_master_image_build_needed.outputs.MASTER_IMAGE_RESTORED != 'true' && success()
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Build - from master branch
if: steps.is_master_image_build_needed.outputs.MASTER_IMAGE_RESTORED != 'true' && success()
run: |
set -x
pushd go-controller
make
make windows
popd
- name: Build docker image - from master branch
if: steps.is_master_image_build_needed.outputs.MASTER_IMAGE_RESTORED != 'true' && success()
run: |
pushd dist/images
sudo cp -f ../../go-controller/_output/go/bin/ovn* .
sudo cp -f ../../go-controller/_output/go/bin/hybrid-overlay-node .
echo "ref: $(git rev-parse --symbolic-full-name HEAD) commit: $(git rev-parse HEAD)" > git_info
docker build -t ovn-daemonset-fedora:dev -f Dockerfile.fedora .
popd
- name: Cache master image
if: steps.is_master_image_build_needed.outputs.MASTER_IMAGE_RESTORED_FROM_CACHE != 'true' && success()
continue-on-error: false
run: |
set -x
if [ -f ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR} ]; then
rm -f ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}
fi
if [ -f ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}.gz ]; then
rm -f ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}.gz
fi
docker save ovn-daemonset-fedora:dev -o ${CI_IMAGE_MASTER_TAR}
mkdir -p ${CI_IMAGE_CACHE}
cp ${CI_IMAGE_MASTER_TAR} ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}
gzip ${CI_IMAGE_CACHE}${CI_IMAGE_MASTER_TAR}
# run the following always if none of the steps before failed
- uses: actions/upload-artifact@v4
with:
name: test-image-master
path: ${{ env.CI_IMAGE_MASTER_TAR }}
build-pr:
name: Build-PR
runs-on: ubuntu-latest
steps:
# Create a cache for the build PR image
- name: Restore PR image cache
id: image_cache_pr
uses: actions/cache@v4
with:
path: |
${{ env.CI_IMAGE_CACHE }}
key: ${{ github.run_id }}-image-cache-pr
- name: Check if PR image build is needed
id: is_pr_image_build_needed
continue-on-error: true
run: |
set -x
if [ -f ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}.gz ]; then
mkdir -p ${CI_DIST_IMAGES_OUTPUT}
cp ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}.gz ${CI_DIST_IMAGES_OUTPUT}/${CI_IMAGE_PR_TAR}.gz
gunzip ${CI_DIST_IMAGES_OUTPUT}/${CI_IMAGE_PR_TAR}.gz
echo "PR_IMAGE_RESTORED=true" >> "$GITHUB_OUTPUT"
fi
# only run the following steps if the PR image was not found in the cache
- name: Check out code into the Go module directory - from current pr branch
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
uses: actions/checkout@v4
- name: Set up Go
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Install VRF kernel module
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
run: |
set -x
sudo apt-get install linux-modules-extra-$(uname -r) -y
sudo modprobe vrf
- name: Build and Test - from current pr branch
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
run: |
set -x
pushd go-controller
# exit early if there are gofmt issues
make gofmt
make
make windows
COVERALLS=1 CONTAINER_RUNNABLE=1 make check
popd
- name: Build docker image - from current pr branch
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
run: |
pushd dist/images
sudo cp -f ../../go-controller/_output/go/bin/ovn* .
sudo cp -f ../../go-controller/_output/go/bin/hybrid-overlay-node .
echo "ref: $(git rev-parse --symbolic-full-name HEAD) commit: $(git rev-parse HEAD)" > git_info
docker build -t ovn-daemonset-fedora:pr -f Dockerfile.fedora .
mkdir _output
docker save ovn-daemonset-fedora:pr > _output/${CI_IMAGE_PR_TAR}
popd
- name: Submit code coverage to Coveralls
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
continue-on-error: true
env:
COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: off
run: |
set -x
go get github.com/mattn/goveralls
go get github.com/modocache/gover
PATH=$PATH:$(go env GOPATH)/bin
mkdir -p $(go env GOPATH)/src/github.com/ovn-org
ln -sf $(pwd) $(go env GOPATH)/src/github.com/ovn-org/ovn-kubernetes
gover
goveralls -coverprofile=gover.coverprofile -service=github
- name: Cache PR image
if: steps.is_pr_image_build_needed.outputs.PR_IMAGE_RESTORED != 'true' && success()
continue-on-error: true
run: |
set -x
if [ -f ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR} ]; then
rm -f ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}
fi
if [ -f ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}.gz ]; then
rm -f ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}.gz
fi
mkdir -p ${CI_IMAGE_CACHE}/
cp ${CI_DIST_IMAGES_OUTPUT}/${CI_IMAGE_PR_TAR} ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}
gzip ${CI_IMAGE_CACHE}/${CI_IMAGE_PR_TAR}
# run the following if none of the previous steps failed
- uses: actions/upload-artifact@v4
with:
name: test-image-pr
path: ${{ env.CI_DIST_IMAGES_OUTPUT }}/${{ env.CI_IMAGE_PR_TAR }}
ovn-upgrade-e2e:
name: Upgrade OVN from Master to PR branch based image
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
timeout-minutes: 120
needs:
- build-master
- build-pr
strategy:
fail-fast: false
matrix:
gateway-mode: [local, shared]
env:
JOB_NAME: "Upgrade-Tests-${{ matrix.gateway-mode }}"
OVN_HA: "false"
KIND_IPV4_SUPPORT: "true"
KIND_IPV6_SUPPORT: "false"
OVN_HYBRID_OVERLAY_ENABLE: "false"
OVN_GATEWAY_MODE: "${{ matrix.gateway-mode }}"
OVN_MULTICAST_ENABLE: "false"
steps:
- name: Check out code into the Go module directory - from Master branch
uses: actions/checkout@v4
with:
ref: master
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Set up environment
run: |
export GOPATH=$(go env GOPATH)
echo "GOPATH=$GOPATH" >> $GITHUB_ENV
echo "$GOPATH/bin" >> $GITHUB_PATH
- name: Free up disk space
run: |
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli aspnetcore-* dotnet-* ghc-* firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable mono-* \
msbuild mysql-server-core-* php-* php7* \
powershell temurin-* zulu-*
- name: Download test-image-master
uses: actions/download-artifact@v4
with:
name: test-image-master
- name: Disable ufw
# For IPv6 and Dualstack, ufw (Uncomplicated Firewall) should be disabled.
# Not needed for KIND deployments, so just disable all the time.
run: |
sudo ufw disable
- name: Load docker image
run: |
docker load --input ${CI_IMAGE_MASTER_TAR} && rm -rf ${CI_IMAGE_MASTER_TAR}
- name: kind setup
run: |
export OVN_IMAGE="ovn-daemonset-fedora:dev"
make -C test install-kind
- name: Export kind logs
if: always()
run: |
mkdir -p /tmp/kind/logs
kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug /tmp/kind/logs
set -x
docker ps -a
docker exec ovn-control-plane crictl images
docker exec ovn-worker crictl images
docker exec ovn-worker2 crictl images
- name: Upload kind logs
if: always()
uses: actions/upload-artifact@v4
with:
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }}
path: /tmp/kind/logs
- name: Download test-image-pr
uses: actions/download-artifact@v4
with:
name: test-image-pr
- name: Load docker image
run: |
docker load --input ${CI_IMAGE_PR_TAR} && rm -rf ${CI_IMAGE_PR_TAR}
- name: Check out code into the Go module directory - from PR branch
uses: actions/checkout@v4
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: ovn upgrade
run: |
export OVN_IMAGE="ovn-daemonset-fedora:pr"
make -C test upgrade-ovn
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Run E2E shard-conformance
run: |
make -C test shard-conformance
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Export kind logs
if: always()
run: |
mkdir -p /tmp/kind/logs-kind-pr-branch
kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug /tmp/kind/logs-kind-pr-branch
- name: Upload kind logs
if: always()
uses: actions/upload-artifact@v4
with:
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }}-after-upgrade
path: /tmp/kind/logs-kind-pr-branch
e2e:
name: e2e
runs-on: ubuntu-latest
# 30 mins for kind, 180 mins for control-plane tests, 10 minutes for all other steps
timeout-minutes: 220
strategy:
fail-fast: false
matrix:
# Valid options are:
# target: ["shard-conformance", "control-plane", "multi-homing", "multi-node-zones", "node-ip-mac-migration", "compact-mode"]
# shard-conformance: hybrid-overlay = multicast-enable = emptylb-enable = false
# control-plane: hybrid-overlay = multicast-enable = emptylb-enable = true
# ha: ["HA", "noHA"]
# gateway-mode: ["local", "shared"]
# ipfamily: ["ipv4", "ipv6", "dualstack"]
# disable-snat-multiple-gws: ["noSnatGW", "snatGW"]
# second-bridge: ["2br", "1br"]
# ic: ["ic-disabled", "ic-single-node-zones", "ic-multi-node-zones"]
# num-workers : "<integer value>"
# num-nodes-per-zone : "<integer value>"
# forwarding : ["", "disable-forwarding"]
# dns-name-resolver : ["", "enable-dns-name-resolver"]
include:
- {"target": "shard-conformance", "ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "shard-conformance", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "shard-conformance", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "shard-conformance", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "control-plane", "ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-disabled", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "control-plane", "ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "control-plane-helm","ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "control-plane-helm","ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "multi-homing", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "multi-homing-helm", "ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "node-ip-mac-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "node-ip-mac-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "compact-mode", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "multi-homing", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "multi-node-zones", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-multi-node-zones", "num-workers": "3", "num-nodes-per-zone": "2"}
- {"target": "external-gateway", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones"}
- {"target": "external-gateway", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "external-gateway", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones"}
- {"target": "external-gateway", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled", "num-workers": "3"}
- {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "num-workers": "3"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "forwarding": "disable-forwarding"}
- {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "tools", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
needs: [ build-pr ]
env:
JOB_NAME: "${{ matrix.target }}-${{ matrix.ha }}-${{ matrix.gateway-mode }}-${{ matrix.ipfamily }}-${{ matrix.disable-snat-multiple-gws }}-${{ matrix.second-bridge }}-${{ matrix.ic }}"
OVN_HYBRID_OVERLAY_ENABLE: "${{ matrix.target == 'control-plane' || matrix.target == 'control-plane-helm' }}"
OVN_MULTICAST_ENABLE: "${{ matrix.target == 'control-plane' || matrix.target == 'control-plane-helm' }}"
OVN_EMPTY_LB_EVENTS: "${{ matrix.target == 'control-plane' || matrix.target == 'control-plane-helm' }}"
OVN_HA: "${{ matrix.ha == 'HA' }}"
OVN_DISABLE_SNAT_MULTIPLE_GWS: "${{ matrix.disable-snat-multiple-gws == 'noSnatGW' }}"
KIND_INSTALL_METALLB: "${{ matrix.target == 'control-plane' || matrix.target == 'control-plane-helm' }}"
OVN_GATEWAY_MODE: "${{ matrix.gateway-mode }}"
OVN_SECOND_BRIDGE: "${{ matrix.second-bridge == '2br' }}"
KIND_IPV4_SUPPORT: "${{ matrix.ipfamily == 'IPv4' || matrix.ipfamily == 'dualstack' }}"
KIND_IPV6_SUPPORT: "${{ matrix.ipfamily == 'IPv6' || matrix.ipfamily == 'dualstack' }}"
ENABLE_MULTI_NET: "${{ matrix.target == 'multi-homing' || matrix.target == 'kv-live-migration' || matrix.target == 'network-segmentation' || matrix.target == 'tools' || matrix.target == 'multi-homing-helm' }}"
ENABLE_NETWORK_SEGMENTATION: "${{ matrix.target == 'network-segmentation' || matrix.target == 'tools' || matrix.target == 'kv-live-migration'}}"
KIND_INSTALL_KUBEVIRT: "${{ matrix.target == 'kv-live-migration' }}"
OVN_COMPACT_MODE: "${{ matrix.target == 'compact-mode' }}"
OVN_DUMMY_GATEWAY_BRIDGE: "${{ matrix.target == 'compact-mode' }}"
OVN_ENABLE_INTERCONNECT: "${{ matrix.ic == 'ic-single-node-zones' || matrix.ic == 'ic-multi-node-zones'}}"
KIND_NUM_WORKER: "${{ matrix.num-workers }}"
KIND_NUM_NODES_PER_ZONE: "${{ matrix.num-nodes-per-zone }}"
OVN_DISABLE_FORWARDING: "${{ matrix.forwarding == 'disable-forwarding' }}"
USE_HELM: "${{ matrix.target == 'control-plane-helm' || matrix.target == 'multi-homing-helm' }}"
OVN_ENABLE_DNSNAMERESOLVER: "${{ matrix.dns-name-resolver == 'enable-dns-name-resolver' }}"
steps:
- name: Install VRF kernel module
run: |
set -x
sudo apt-get install linux-modules-extra-$(uname -r) -y
sudo modprobe vrf
- name: Free up disk space
run: |
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli aspnetcore-* dotnet-* ghc-* firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable mono-* \
msbuild mysql-server-core-* php-* php7* \
powershell temurin-* zulu-*
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Set up environment
run: |
export GOPATH=$(go env GOPATH)
echo "GOPATH=$GOPATH" >> $GITHUB_ENV
echo "$GOPATH/bin" >> $GITHUB_PATH
if [ $OVN_SECOND_BRIDGE == "true" ]; then
echo OVN_TEST_EX_GW_NETWORK=kindexgw >> $GITHUB_ENV
echo OVN_ENABLE_EX_GW_NETWORK_BRIDGE=true >> $GITHUB_ENV
fi
- name: Disable ufw
# For IPv6 and Dualstack, ufw (Uncomplicated Firewall) should be disabled.
# Not needed for KIND deployments, so just disable all the time.
run: |
sudo ufw disable
- name: Download test-image-pr
uses: actions/download-artifact@v4
with:
name: test-image-pr
- name: Load docker image
run: |
docker load --input ${CI_IMAGE_PR_TAR} && rm -rf ${CI_IMAGE_PR_TAR}
- name: kind setup
timeout-minutes: 30
run: |
export OVN_IMAGE="ovn-daemonset-fedora:pr"
make -C test install-kind
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Run Tests
# e2e tests take ~60 minutes normally, 120 should be more than enough
# set 3 hours for control-plane tests as these might take a while
timeout-minutes: ${{ matrix.target == 'control-plane' && 180 || matrix.target == 'control-plane-helm' && 180 || matrix.target == 'external-gateway' && 180 || 120 }}
run: |
# used by e2e diagnostics package
export OVN_IMAGE="ovn-daemonset-fedora:pr"
if [ "${{ matrix.target }}" == "multi-homing" ] || [ "${{ matrix.target }}" == "multi-homing-helm" ]; then
make -C test control-plane WHAT="Multi Homing"
elif [ "${{ matrix.target }}" == "node-ip-mac-migration" ]; then
make -C test control-plane WHAT="Node IP and MAC address migration"
elif [ "${{ matrix.target }}" == "compact-mode" ]; then
SINGLE_NODE_CLUSTER="true" make -C test shard-network
elif [ "${{ matrix.target }}" == "multi-node-zones" ]; then
make -C test control-plane WHAT="Multi node zones interconnect"
elif [ "${{ matrix.target }}" == "external-gateway" ]; then
make -C test control-plane WHAT="External Gateway"
elif [ "${{ matrix.target }}" == "kv-live-migration" ]; then
make -C test control-plane WHAT="Kubevirt Virtual Machines"
elif [ "${{ matrix.target }}" == "control-plane-helm" ]; then
make -C test control-plane
make -C test conformance
elif [ "${{ matrix.target }}" == "network-segmentation" ]; then
make -C test control-plane WHAT="Network Segmentation"
elif [ "${{ matrix.target }}" == "tools" ]; then
make -C go-controller build
make -C test tools
else
make -C test ${{ matrix.target }}
if [ "${{ matrix.ipfamily }}" != "ipv6" ]; then
make -C test conformance
fi
fi
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Export kind logs
if: always()
run: |
mkdir -p /tmp/kind/logs
kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug /tmp/kind/logs
- name: Upload kind logs
if: always()
uses: actions/upload-artifact@v4
with:
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }}
path: /tmp/kind/logs
e2e-dual-conversion:
name: e2e-dual-conversion
if: github.event_name != 'schedule'
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
include:
- {"ha": "HA", "interconnect": "interconnect-disabled"}
- {"ha": "noHA", "interconnect": "interconnect-single-node-zones", "num-zones": "3", "num-nodes-per-zone": "1"}
# - {"ha": "noHA", "interconnect": "interconnect-multi-node-zones", "num-zones": "2", "num-nodes-per-zone": "2"}
needs: [ build-pr ]
env:
JOB_NAME: "DualStack-conversion-shared-${{ matrix.ha }}-${{ matrix.interconnect }}"
OVN_HA: "${{ matrix.ha == 'HA' }}"
KIND_IPV4_SUPPORT: "true"
KIND_IPV6_SUPPORT: "false"
OVN_HYBRID_OVERLAY_ENABLE: "false"
OVN_GATEWAY_MODE: "shared"
OVN_MULTICAST_ENABLE: "false"
DUALSTACK_CONVERSION: "true"
OVN_ENABLE_INTERCONNECT: "${{ matrix.interconnect == 'interconnect-single-node-zones' || matrix.interconnect == 'interconnect-multi-node-zones'}}"
KIND_NUM_ZONES: "${{ matrix.num-zones }}"
KIND_NUM_NODES_PER_ZONE: "${{ matrix.num-nodes-per-zone }}"
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/*.sum"
id: go
- name: Set up environment
run: |
export GOPATH=$(go env GOPATH)
echo "GOPATH=$GOPATH" >> $GITHUB_ENV
echo "$GOPATH/bin" >> $GITHUB_PATH
- name: Free up disk space
run: |
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli aspnetcore-* dotnet-* ghc-* firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable mono-* \
msbuild mysql-server-core-* php-* php7* \
powershell temurin-* zulu-*
- name: Disable ufw
# For IPv6 and Dualstack, ufw (Uncomplicated Firewall) should be disabled.
# Not needed for KIND deployments, so just disable all the time.
run: |
sudo ufw disable
- name: Download test-image-pr
uses: actions/download-artifact@v4
with:
name: test-image-pr
- name: Load docker image
run: |
docker load --input ${CI_IMAGE_PR_TAR} && rm -rf ${CI_IMAGE_PR_TAR}
- name: kind IPv4 setup
run: |
export OVN_IMAGE="ovn-daemonset-fedora:pr"
make -C test install-kind
- name: Convert IPv4 cluster to Dual Stack
run: |
./contrib/kind-dual-stack-conversion.sh
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Run Dual-Stack Tests
run: |
make -C test shard-test WHAT="Networking Granular Checks\|DualStack"
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Run Dual-Stack Control-Plane Tests
run: |
make -C test control-plane WHAT="DualStack"
- name: Runner Diagnostics
uses: ./.github/actions/diagnostics
- name: Export kind logs
if: always()
run: |
mkdir -p /tmp/kind/logs
kind export logs --name ${KIND_CLUSTER_NAME} --loglevel=debug /tmp/kind/logs
- name: Upload kind logs
if: always()
uses: actions/upload-artifact@v4
with:
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }}
path: /tmp/kind/logs
- name: Export ovn dbs
if: ${{ failure() }}
run: |
mkdir -p /tmp/kind/ovndbs
for node in ovn-control-plane ovn-worker ovn-worker2
do for db in ovnnb_db.db ovnsb_db.db
do docker cp ${node}:/var/lib/openvswitch/${db} /tmp/kind/ovndbs/${node}_${db} ||:
done
done
- name: Upload ovn dbs
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: kind-ovndbs-${{ env.JOB_NAME }}-${{ github.run_id }}
path: /tmp/kind/ovndbs