From 888fe53e432cd4a48ce923bcd92a42fd88cda8fa Mon Sep 17 00:00:00 2001 From: Quan Tian Date: Thu, 28 Apr 2022 23:31:46 +0800 Subject: [PATCH 1/2] Determine conformance container image version at runtime Since Sonobuoy 0.20, Sonobuoy releases are no longer attached to Kubernetes releases and can determine the images at runtime according to the Kubernetes server's version. This patch removes pinned K8s test image versions to fix compatability issues caused by version skew. Signed-off-by: Quan Tian --- ci/README.md | 11 +++++------ ci/k8s-conformance-image-version | 1 - ci/run-k8s-e2e-tests.sh | 14 +++++++------- ci/test-conformance-aks.sh | 2 +- ci/test-conformance-eks.sh | 2 +- ci/test-conformance-gke.sh | 2 +- ci/verify-sonobuoy.sh | 2 +- 7 files changed, 16 insertions(+), 18 deletions(-) delete mode 100644 ci/k8s-conformance-image-version diff --git a/ci/README.md b/ci/README.md index 49092fe283f..fbdcad8f22e 100644 --- a/ci/README.md +++ b/ci/README.md @@ -5,9 +5,8 @@ This directory includes all the scripts required to run CI on Antrea. For information about our Jenkins CI jobs and how to run the same tests locally, see [here](jenkins/README.md). -File [k8s-conformance-image-version](k8s-conformance-image-version) stores the -version number of the K8s conformance container image we currently use to run -tests. +For K8s conformance upstream tests, the version of the K8s conformance container +image will be determined at runtime according to the Kubernetes server's version. ## Antrea test suite @@ -36,8 +35,8 @@ We run 4 different categories of tests as part of CI: components can be deployed successfully, check end-to-end connectivity for different types of traffic (e.g. Pod-to-Pod, Pod-to-Service), validate the implementation of Antrea-speicifc APIs - (e.g. [ClusterNetworkPolicy](/docs/network-policy.md), - [Traceflow](/docs/traceflow-guide.md), ...). + (e.g. [ClusterNetworkPolicy](../docs/antrea-network-policy.md), + [Traceflow](../docs/traceflow-guide.md), ...). * **Kubernetes upstream tests**: our CI relies on Kubernetes community tests to ensure conformance and validate the implementation of the NetworkPolicy API. @@ -78,7 +77,7 @@ You can run the linters locally with `make golangci` from the root of the repository. Some issues can be fixed automatically for you if you run `make golangci-fix`. -See our [golangci-lint configuration file](/.golangci.yml) for more details. +See our [golangci-lint configuration file](../.golangci.yml) for more details. You can also run the `golint` linter with `make lint` to see suggestions about how to improve your code, and we encourage you to do so when submitting a diff --git a/ci/k8s-conformance-image-version b/ci/k8s-conformance-image-version deleted file mode 100644 index 9b43a2ccda9..00000000000 --- a/ci/k8s-conformance-image-version +++ /dev/null @@ -1 +0,0 @@ -v1.19.4 diff --git a/ci/run-k8s-e2e-tests.sh b/ci/run-k8s-e2e-tests.sh index dc1d39e5694..486b6428d46 100755 --- a/ci/run-k8s-e2e-tests.sh +++ b/ci/run-k8s-e2e-tests.sh @@ -37,12 +37,12 @@ DEFAULT_E2E_NETWORKPOLICY_FOCUS="\[Feature:NetworkPolicy\]" DEFAULT_E2E_NETWORKPOLICY_SKIP="" MODE="report" THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -KUBE_CONFORMANCE_IMAGE="" -KUBE_CONFORMANCE_IMAGE_VERSION="$(head -n1 $THIS_DIR/k8s-conformance-image-version)" +KUBE_CONFORMANCE_IMAGE_OPTION="" +KUBE_CONFORMANCE_IMAGE_VERSION_OPTION="" IMAGE_PULL_POLICY="Always" CONFORMANCE_IMAGE_CONFIG_PATH="${THIS_DIR}/conformance-image-config.yaml" -SONOBUOY_IMAGE="projects.registry.vmware.com/sonobuoy/sonobuoy:v0.19.0" -SYSTEMD_LOGS_IMAGE="projects.registry.vmware.com/sonobuoy/systemd-logs:v0.3" +SONOBUOY_IMAGE="projects.registry.vmware.com/sonobuoy/sonobuoy:v0.56.4" +SYSTEMD_LOGS_IMAGE="projects.registry.vmware.com/sonobuoy/systemd-logs:v0.4" _usage="Usage: $0 [--e2e-conformance] [--e2e-network-policy] [--e2e-focus ] [--e2e-skip ] [--kubeconfig ] [--kube-conformance-image-version ] @@ -91,7 +91,7 @@ case $key in shift 2 ;; --kube-conformance-image-version) - KUBE_CONFORMANCE_IMAGE_VERSION="$2" + KUBE_CONFORMANCE_IMAGE_VERSION_OPTION="--kube-conformance-image-version $2" shift 2 ;; --e2e-conformance) @@ -172,14 +172,14 @@ function run_sonobuoy() { $SONOBUOY run --wait \ $KUBECONFIG_OPTION \ $KUBE_CONFORMANCE_IMAGE_OPTION \ - --kube-conformance-image-version $KUBE_CONFORMANCE_IMAGE_VERSION \ + $KUBE_CONFORMANCE_IMAGE_VERSION_OPTION \ --mode "certified-conformance" --image-pull-policy ${IMAGE_PULL_POLICY} \ --sonobuoy-image ${SONOBUOY_IMAGE} --systemd-logs-image ${SYSTEMD_LOGS_IMAGE} --e2e-repo-config ${CONFORMANCE_IMAGE_CONFIG_PATH} else $SONOBUOY run --wait \ $KUBECONFIG_OPTION \ $KUBE_CONFORMANCE_IMAGE_OPTION \ - --kube-conformance-image-version $KUBE_CONFORMANCE_IMAGE_VERSION \ + $KUBE_CONFORMANCE_IMAGE_VERSION_OPTION \ --e2e-focus "$focus_regex" --e2e-skip "$skip_regex" --image-pull-policy ${IMAGE_PULL_POLICY} \ --sonobuoy-image ${SONOBUOY_IMAGE} --systemd-logs-image ${SYSTEMD_LOGS_IMAGE} --e2e-repo-config ${CONFORMANCE_IMAGE_CONFIG_PATH} fi diff --git a/ci/test-conformance-aks.sh b/ci/test-conformance-aks.sh index 1cf72c919fb..4e74deff337 100755 --- a/ci/test-conformance-aks.sh +++ b/ci/test-conformance-aks.sh @@ -30,7 +30,7 @@ RUN_CLEANUP_ONLY=false KUBECONFIG_PATH="$HOME/jenkins/out/aks" TEST_SCRIPT_RC=0 MODE="report" -KUBE_CONFORMANCE_IMAGE_VERSION=v1.19.4 +KUBE_CONFORMANCE_IMAGE_VERSION=auto _usage="Usage: $0 [--cluster-name ] [--kubeconfig ] [--k8s-version ]\ [--azure-app-id ] [--azure-tenant-id ] [--azure-password ] \ diff --git a/ci/test-conformance-eks.sh b/ci/test-conformance-eks.sh index 72c88277718..ebe179b150d 100755 --- a/ci/test-conformance-eks.sh +++ b/ci/test-conformance-eks.sh @@ -31,7 +31,7 @@ RUN_CLEANUP_ONLY=false KUBECONFIG_PATH="$HOME/jenkins/out/eks" MODE="report" TEST_SCRIPT_RC=0 -KUBE_CONFORMANCE_IMAGE_VERSION=v1.18.5 +KUBE_CONFORMANCE_IMAGE_VERSION=auto _usage="Usage: $0 [--cluster-name ] [--kubeconfig ] [--k8s-version ]\ [--aws-access-key ] [--aws-secret-key ] [--aws-region ] [--ssh-key Date: Fri, 29 Apr 2022 00:38:24 +0800 Subject: [PATCH 2/2] Use default dnsPolicy for AKS AKS overrides KUBERNETES_SERVICE_HOST with a FQDN value. Using ClusterFirstWithHostNet would lead to antrea-agent start failure. Signed-off-by: Quan Tian --- build/yamls/antrea-aks.yml | 2 +- build/yamls/patches/aks/dnsPolicy.yml | 8 ++++++++ hack/generate-manifest.sh | 10 ++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 build/yamls/patches/aks/dnsPolicy.yml diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 56b6fce30a5..5733ebf78fa 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -4272,7 +4272,7 @@ spec: - mountPath: /var/log/openvswitch name: host-var-log-antrea subPath: openvswitch - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: ClusterFirst hostNetwork: true initContainers: - command: diff --git a/build/yamls/patches/aks/dnsPolicy.yml b/build/yamls/patches/aks/dnsPolicy.yml new file mode 100644 index 00000000000..dee311508c7 --- /dev/null +++ b/build/yamls/patches/aks/dnsPolicy.yml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: antrea-agent +spec: + template: + spec: + dnsPolicy: ClusterFirst diff --git a/hack/generate-manifest.sh b/hack/generate-manifest.sh index 1ecdf687406..33a958844a3 100755 --- a/hack/generate-manifest.sh +++ b/hack/generate-manifest.sh @@ -355,6 +355,16 @@ if [[ $ENCAP_MODE == "networkPolicyOnly" ]] ; then cd .. fi +if [[ $CLOUD == "AKS" ]]; then + mkdir aks && cd aks + cp ../../patches/aks/*.yml . + touch kustomization.yml + $KUSTOMIZE edit add base $BASE + $KUSTOMIZE edit add patch --path dnsPolicy.yml + BASE=../aks + cd .. +fi + if [[ $CLOUD == "GKE" ]]; then mkdir gke && cd gke cp ../../patches/gke/*.yml .