Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CNI CRT Builds #1454

Closed
wants to merge 15 commits into from
Closed

CNI CRT Builds #1454

wants to merge 15 commits into from

Conversation

curtbushko
Copy link
Contributor

This PR is an attempt to get the CNI added to the release process using CRT.

Changes proposed in this PR:

  • Use the current build matrix for control-plane to also build the CNI plugin
  • The build adds the CNI plugin to /dist and it is zipped up so that it can be used in another build step (docker)
  • The docker build takes the zip file, extracts it and copies it into the docker image
  • Note, at this time, the above way is the only way to build the binaries and docker images because the docker build action does not support multiple binaries. The Release Team would need to change the docker build action to handle multiple binaries.

All of the above works, except...

The security scanner is looking at the zip file and expects 1 binary per zip and thus fails the security scan. I have contacted the Release Team about this to see if there is a possible workaround.

How I've tested this PR:

How I expect reviewers to test this PR:

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@curtbushko curtbushko changed the base branch from cni to main August 26, 2022 15:17
@curtbushko
Initial CNI installer & plugin (#1304)
6e75d77 
* Get structure in place and CNI installer & plugin building
@curtbushko
CNI Helm Charts
3479a45 
Add helm charts for CNI installer
@curtbushko
CNI File watcher and pre applying rules setup (#1345)
e110c22 
* Add file watcher to CNI installer to watch for config file changes and repair breakages.
* Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration.
* Add some code to get ready for the next PR that applying iptables rules
* Unit tests for installer and plugin scenarios
@curtbushko
Add redirect traffic config and apply it (#1432)
e9e3881 
* Add redirect traffic config and apply it
* Unit tests for redirect traffic and webhook changes
@curtbushko
CNI Accptance test on Kind (#1445)
0cdf969 
-  Added a new make target for installing Calico CNI in Kind. The target installs Calico CNI using config files located under /acceptance tests
- Added a helper make target for setting up local Kind with Calico just in case anyone wants to run it.
- Added a kind.config for setting up the Kind cluster
- Added an -enable-cni flag to the acceptance test config so that it can be passed through from CircleCI
-  Added a nightly circleci job for running the CNI kind tests
-  I had missed a bats test for the connect-inject template that I merged in a previous PR
@curtbushko
CNI Acceptance test on GKE (#1446)
6af6e27 
- Added a -use-gke flag to the acceptance test command so that the flag can be passed through to the tests
- If both, -enable-cni and -use-gke are passed through then the cniBinDir gets set for helm values.
- GKE would not install the CNI plugin unless the use security policy was set.
- GKE was throwing an error saying that allowPrivilegeEscalation: true needed to be set if privileged: true. Once set, tests passed.
@curtbushko
CNI Acceptance tests on EKS (#1447)
7412e64 
Add EKS as a nightly acceptance test job
@curtbushko
CNI acceptance tests on AKS (#1449)
3260750 
- Add AKS as a nightly acceptance test job
- Pulled in an updated version of AKS because Azure deprecated the version we were using
- Some policy changes pulled in from the GKE PR
@curtbushko
make it easy to redirect to a slack channel and run tests again
e32fc79
@curtbushko
Build consul-cni as part of the CRT pipelines
4ee2abd
@curtbushko
build consul-cni inline along with control-plane
f492441
@curtbushko
fix UBI images
ff16a4d
@curtbushko
build consul-cni separately, zip it, and download it as an artifact s…
377588c 
…o that docker can copy it
@curtbushko
goarch -> arch
3f587f5
@curtbushko
hardcode linux in zip name
719b176
@curtbushko curtbushko force-pushed the curtbushko/cni-crt-testing branch from 9359807 to 719b176 Compare August 26, 2022 16:00
@curtbushko curtbushko closed this Aug 26, 2022
@curtbushko
Copy link
Contributor Author

Closed in favour of a cleaner #1458

@curtbushko curtbushko deleted the curtbushko/cni-crt-testing branch April 17, 2023 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@curtbushko