CNI Accptance test on Kind #1445
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curtbushko
commented
Aug 24, 2022
| - store_artifacts: | ||
| path: /tmp/test-results | ||
| - slack/status: | ||
| # temporarily sending to #cni-acceptance-tests channel |
There was a problem hiding this comment.
Will remove before merge.
curtbushko
commented
Aug 24, 2022
.circleci/config.yml
Outdated
| - schedule: | ||
| cron: "0 0 * * *" | ||
| filters: | ||
| branches: |
There was a problem hiding this comment.
Will fix before merge.
curtbushko
commented
Aug 24, 2022
.circleci/config.yml
Outdated
| @@ -1027,29 +1076,33 @@ workflows: | |||
| - dev-upload-docker: | |||
| requires: | |||
| - build-distros-linux | |||
| - cleanup-gcp-resources | |||
There was a problem hiding this comment.
Will fix before merge.
curtbushko
commented
Aug 24, 2022
.circleci/config.yml
Outdated
| - cleanup-azure-resources | ||
| - dev-upload-docker | ||
| - acceptance-kind-1-23: | ||
| # - acceptance-gke-1-20: |
There was a problem hiding this comment.
Will fix before merge.
curtbushko
commented
Aug 24, 2022
| @@ -135,7 +135,7 @@ rollingUpdate: | |||
| --set 'connectInject.enabled=true' \ | |||
| . | tee /dev/stderr | | |||
| yq -rc '.spec.template.spec.containers[0].resources' | tee /dev/stderr) | |||
| [ "${actual}" = '{"limits":{"cpu":"75m","memory":"75Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}' ] | |||
| [ "${actual}" = '{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"75m","memory":"75Mi"}}' ] | |||
There was a problem hiding this comment.
This needed to be increased because the CNI installer was getting OOMKilled on Kind.
curtbushko
commented
Aug 24, 2022
| @@ -51,6 +51,9 @@ load _helpers | |||
| local actual=$(echo $object | yq -r '.resources[| index("namespaces")' | tee /dev/stderr) | |||
| [ "${actual}" != null ] | |||
|
|
|||
| local actual=$(echo $object | yq -r '.resources[| index("nodes")' | tee /dev/stderr) | |||
There was a problem hiding this comment.
I had added 'node' back to the connect inject cluster role in a previous PR (yesterday) and I missed the bats test for it.
curtbushko
commented
Aug 24, 2022
| memory: "75Mi" | ||
| cpu: "75m" | ||
| limits: |
There was a problem hiding this comment.
This needed to be increased because the CNI installer was getting OOMKilled on Kind.
ishustava
reviewed
Aug 24, 2022
| @@ -878,6 +890,42 @@ jobs: | |||
| fail_only: true | |||
| failure_message: "Acceptance tests against Kind with Kubernetes v1.23 failed. Check the logs at: ${CIRCLE_BUILD_URL}" | |||
|
|
|||
| acceptance-kind-cni-1-23: | |||
There was a problem hiding this comment.
could we add a job for the test-and-build pipeline as well so that it runs on every PR?
.circleci/config.yml
Outdated
| command: | | ||
| kind create cluster --config=acceptance/framework/environment/cni-kind/kind.config --name dc1 --image kindest/node:<< parameters.version >> | ||
| make kind-cni-calico | ||
| sleep 2 |
There was a problem hiding this comment.
why do we need to sleep here? wouldn't finish setup while the other kind cluster is being created?
| @@ -83,6 +85,11 @@ func (t *TestConfig) HelmValuesFromConfig() (map[string]string, error) { | |||
| setIfNotEmpty(helmValues, "global.enablePodSecurityPolicies", "true") | |||
| } | |||
|
|
|||
| if t.EnableCNI { | |||
| setIfNotEmpty(helmValues, "connectInject.enabled", "true") | |||
There was a problem hiding this comment.
I don't think we should set connectInject. For tproxy we're only setting the tproxy value so that for tests that don't use connect inject you don't end up running it because of the global flag.
There was a problem hiding this comment.
That makes sense.
Changed.
acceptance/framework/flags/flags.go
Outdated
| @@ -85,6 +87,10 @@ func (t *TestFlags) init() { | |||
| flag.BoolVar(&t.flagEnablePodSecurityPolicies, "enable-pod-security-policies", false, | |||
| "If true, the test suite will run tests with pod security policies enabled.") | |||
|
|
|||
| flag.BoolVar(&t.flagEnableCNI, "enable-cni", false, | |||
| "If true, the test suite will run tests with consul-cni plugin enabled. "+ | |||
| "In general, this will only run against tests that are mesh related (connect, dns, mesh-gateway, peering, etc") | |||
There was a problem hiding this comment.
dns test is not a mesh test
| @@ -71,6 +73,7 @@ func TestConnectInjectNamespaces(t *testing.T) { | |||
| helmValues := map[string]string{ | |||
| "global.enableConsulNamespaces": "true", | |||
| "connectInject.enabled": "true", | |||
| "connectInject.cni.enabled": strconv.FormatBool(cfg.EnableCNI), | |||
There was a problem hiding this comment.
why do we need to set it here? wouldn't it be set by the framework?
There was a problem hiding this comment.
You are correct. I am setting this all over the place and there is no need. I only discovered my mistake after I started the GKE acceptance tests.
I will remove and shrink this PR by quite a bit.
There was a problem hiding this comment.
These have been removed.
…connectInject.cni.enabled from several files as the framework will set this when the flag is passed in
This was referenced Aug 25, 2022
ishustava
reviewed
Aug 25, 2022
.circleci/config.yml
Outdated
| @@ -1007,18 +1054,22 @@ workflows: | |||
| context: consul-ci | |||
| requires: | |||
| - dev-upload-docker | |||
| - acceptance-kind-cni-1-23: | |||
There was a problem hiding this comment.
Also, we should use the same kind version as other acceptance tests in this pipeline
Suggested change
| - acceptance-kind-cni-1-23: | |
| - acceptance-tproxy-cni: |
ishustava
approved these changes
Aug 25, 2022
2 tasks
t-eckert
approved these changes
Aug 25, 2022
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
curtbushko
added a commit
that referenced
this pull request
Aug 26, 2022
- Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests - Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it. - Added a kind.config for setting up the Kind cluster - Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI - Added a nightly circleci job for running the CNI kind tests - I had missed a bats test for the connect-inject template that I merged in a previous PR
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background: In order to run acceptance tests on kind there needs to be some extra setup. Kind needs the Calico CNI plugin to be installed first and Kind needs its network to match what Calico expects.
Some tests have been disabled as running them with CNI is redundant to other acceptance tests.
There is no magic here. Helm install the CNI plugin and the tests are run. Everything should work the same as normal.
Changes proposed in this PR:
Note to Iryna, I added connect-inject-init user uid to the redirect PR last night so not to muddle this PR.
How I've tested this PR:
How I expect reviewers to test this PR:
👀
Checklist: