Skip to content

Commit

Permalink
Run Conformance and Performance tests with github actions
Browse files Browse the repository at this point in the history
  • Loading branch information
jaydeokar committed Aug 28, 2023
1 parent cf57309 commit 7abbedf
Show file tree
Hide file tree
Showing 17 changed files with 516 additions and 0 deletions.
19 changes: 19 additions & 0 deletions .github/actions/install-dependencies/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: InstallDependencies
description: 'Installs Go, Docker, Ginkgo, EKSCTL binaries'
runs:
using: "composite"
steps:
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
check-latest: true
- name: Set up ginkgo
shell: bash
run: |
# Install ginkgo version from go.mod
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Set up eksctl
shell: bash
run: |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin/
39 changes: 39 additions & 0 deletions .github/workflows/e2e-conformance.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: e2e-conformance-tests

on:
workflow_dispatch: {}
schedule:
- cron: "0 0 * * *" # Run Everyday at Midnight

permissions:
id-token: write
contents: read

jobs:
e2e-conformance-tests:
strategy:
fail-fast: false
matrix:
ip-family: [ IPv4, IPv6 ]
# kubernetes-versions: ["1.25", "1.26", "1.27"]
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
steps:
- name: Checkout latest commit in the PR
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
role-duration-seconds: 14400
- name: Run e2e conformance test
env:
RUN_CONFORMANCE_TESTS: true
KUBERNETES_VERSION: 1.27
CNI_ADDON_VERSION: v1.14.0-eksbuild.3
CNI_ADDON_CONFIGURATION: '{"enableNetworkPolicy": "true"}'
IP_FAMILY: ${{ matrix.ip-family }}
run: |
./scripts/run-tests.sh
41 changes: 41 additions & 0 deletions .github/workflows/performance-tests.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Performance tests

on:
workflow_dispatch: {}
schedule:
- cron: "0 9 * * 2" # every Tuesday

permissions:
id-token: write
contents: read

jobs:
performance-tests:
strategy:
fail-fast: false
matrix:
ip-family: [ "IPv4", "IPv6"]
# kubernetes-versions: ["1.25", "1.26", "1.27"]
if: github.repository == 'aws/aws-network-policy-agent'
runs-on: ubuntu-latest
steps:
- name: Checkout latest commit in the PR
uses: actions/checkout@v3
- name: Install Dependencies
uses: ./.github/actions/install-dependencies
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.OSS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
role-duration-seconds: 14400
- name: Run performance tests
env:
RUN_PERFORMANCE_TESTS: true
KUBERNETES_VERSION: 1.27
NODES_CAPACITY: 10
INSTANCE_TYPE: c5.xlarge
CNI_ADDON_VERSION: v1.13.3-eksbuild.1
CNI_ADDON_CONFIGURATION: ""
IP_FAMILY: ${{ matrix.ip-family }}
run: |
./scripts/run-tests.sh
20 changes: 20 additions & 0 deletions scripts/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
## Integration Test scripts

This package contains shell scripts and libraries used for running e2e integration tests.

### run-test.sh

`run-test.sh` can run various integration test suites against the current revision in the invoking directory.

#### Tests
The following tests are valid to run, and setting the respective environment variable to true will run them:
1. Conformance Tests - `RUN_CONFORMANCE_TESTS`
2. Performance Tests - `RUN_PERFORMANCE_TESTS`


#### Conformance tests
This runs the upstream cyclonus test suite for testing network policy


#### Performance tests
This for now runs the upstream cyclonus tests and only collects the memory metrics during the run
24 changes: 24 additions & 0 deletions scripts/lib/cleanup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@

function check_path_cleanup(){

local worker_nodes=$(kubectl get nodes -o custom-columns=NAME:.metadata.name --no-headers)
for node in $worker_nodes
do
export NODE=$node
envsubst '$NODE' < ${DIR}/test/check-cleanup-pod.yaml > ${DIR}/test/check-cleanup-pod-$node.yaml
kubectl apply -f ${DIR}/test/check-cleanup-pod-$node.yaml
rm -rf ${DIR}/test/check-cleanup-pod-$node.yaml
done
sleep 20

for node in $worker_nodes
do
if [[ $(kubectl get pods $node -ojsonpath="{.status.phase}") == "Failed" ]]; then
echo "BPF files not cleaned up on $node.. $(kubectl logs $node)"
exit 1
fi
kubectl delete pods $node
done

echo "BPF files were cleaned up from the nodes"
}
40 changes: 40 additions & 0 deletions scripts/lib/cloudwatch.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
function install_cloudwatch_agent(){

local perf_cluster_name=""
if [[ $IP_FAMILY == "IPv4" ]]; then
perf_cluster_name="eks-network-policy-perf-v4"
else
perf_cluster_name="eks-network-policy-perf-v6"
fi

echo "Create IAM Service Account for CW agent"
kubectl create ns $CW_NAMESPACE

eksctl create iamserviceaccount \
--cluster $CLUSTER_NAME \
--name cloudwatch-agent \
--namespace $CW_NAMESPACE \
--attach-policy-arn $CW_POLICY_ARN \
--approve

echo "Install Cloudwatch Agent DS"
kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-serviceaccount.yaml

echo '{ "logs": { "metrics_collected": { "kubernetes": { "metrics_collection_interval": 30, "cluster_name": "'${perf_cluster_name}'" }},"force_flush_interval": 5 }}' | jq > cwagentconfig.json
kubectl create cm -n $CW_NAMESPACE cwagentconfig --from-file cwagentconfig.json
kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-daemonset.yaml

# Allow CW agent to startup and push initial logs
sleep 60
}

function uninstall_cloudwatch_agent(){

eksctl delete iamserviceaccount \
--cluster $CLUSTER_NAME \
--name cloudwatch-agent \
--namespace $CW_NAMESPACE || echo " IAM Service Account role not found"

rm -rf cwagentconfig.json || echo "CW agent config not found"
kubectl delete namespace $CW_NAMESPACE || echo "No namespace: $CW_NAMESPACE found"
}
63 changes: 63 additions & 0 deletions scripts/lib/cluster.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@


function set_cluster_defaults(){

CLUSTER_NAME=network-policy-${RANDOM}
: "${AWS_REGION:=us-west-2}"
: "${AMI_FAMILY:=AmazonLinux2}"
: "${NODEGROUP_TYPE:=linux}"
: "${NODES_CAPACITY:=3}"
: "${INSTANCE_TYPE:=t3.large}"
: "${KUBERNETES_VERSION:=1.27}"
: "${IP_FAMILY:=IPv4}"
: "${CNI_ADDON_VERSION:=v1.14.0-eksbuild.3}"
: "${CNI_ADDON_CONFIGURATION:=""}"
: "${CW_NAMESPACE:=amazon-cloudwatch}"
: "${CW_POLICY_ARN:=arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy}"
: "${NETWORK_POLICY_NS:=netpol-test}"
: "${ENDPOINT_URL:=""}"
}

function create_cluster(){

cat <<EOF > eks-cluster.yaml
apiVersion: eksctl.io/v1alpha5
iam:
withOIDC: true
addons:
- name: vpc-cni
version: ${CNI_ADDON_VERSION}
configurationValues: ${CNI_ADDON_CONFIGURATION}
- name: coredns
- name: kube-proxy
kind: ClusterConfig
kubernetesNetworkConfig:
ipFamily: ${IP_FAMILY}
managedNodeGroups:
- amiFamily: ${AMI_FAMILY}
desiredCapacity: ${NODES_CAPACITY}
instanceType: ${INSTANCE_TYPE}
labels:
alpha.eksctl.io/cluster-name: ${CLUSTER_NAME}
alpha.eksctl.io/nodegroup-name: ${CLUSTER_NAME}-${NODEGROUP_TYPE}-nodes
maxSize: ${NODES_CAPACITY}
minSize: 1
name: ${CLUSTER_NAME}-${NODEGROUP_TYPE}
tags:
alpha.eksctl.io/nodegroup-name: ${CLUSTER_NAME}-${NODEGROUP_TYPE}-nodes
alpha.eksctl.io/nodegroup-type: managed
metadata:
name: ${CLUSTER_NAME}
region: ${AWS_REGION}
version: "${KUBERNETES_VERSION}"
EOF

eksctl create cluster -f ./eks-cluster.yaml
}

function delete_cluster(){

eksctl delete cluster -f ./eks-cluster.yaml
rm -rf ./eks-cluster.yaml
}

68 changes: 68 additions & 0 deletions scripts/lib/network-policy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@

function install_network_policy_mao(){

local options=" --no-cli-pager"
if [[ ! -z $ENDPOINT_URL ]]; then
options+=" --endpoint-url $ENDPOINT_URL"
fi

if [[ ! -z $CNI_ADDON_CONFIGURATION ]]; then
options+=" --configuration $CNI_ADDON_CONFIGURATION"
fi

aws eks create-addon \
--addon-name vpc-cni \
--addon-version $CNI_ADDON_VERSION \
--resolve-conflicts overwrite \
--cluster-name ${CLUSTER_NAME} $options

local status=""
local retries=30
local try=0
while [[ $status != "ACTIVE" && $try -lt $retries ]]
do
status=$(aws eks describe-addon \
--addon-name vpc-cni \
--cluster-name ${CLUSTER_NAME} $options | jq -r '.addon.status')
echo "Addon status - $status"
try=$((try+1))
sleep 10
done

if [[ $status != "ACTIVE" ]]; then
local err_message=$(aws eks describe-addon \
--addon-name vpc-cni \
--cluster-name ${CLUSTER_NAME} $options | jq -r '.addon.health')
echo $err_message
exit 1
fi

echo "Addon installed Successfully"
}

function install_network_policy_helm(){

echo "Installing Network Policy using VPC-CNI helm chart"
helm repo add eks https://aws.github.io/eks-charts

if [[ $IP_FAMILY == "IPv4" ]]; then
ENABLE_IPv4=true
ENABLE_IPv6=false
ENABLE_PREFIX_DELEGATION=false
else
ENABLE_IPv4=false
ENABLE_IPv6=true
ENABLE_PREFIX_DELEGATION=true
fi

helm upgrade --install aws-vpc-cni eks/aws-vpc-cni --wait --timeout 300 \
--namespace kube-system \
--set enableNetworkPolicy=true \
--set originalMatchLabels=true \
--set init.env.ENABLE_IPv6=$ENABLE_IPv6 \
--set image.env.ENABLE_IPv6=$ENABLE_IPv6 \
--set nodeAgent.enableIpv6=$ENABLE_IPv6 \
--set image.env.ENABLE_PREFIX_DELEGATION=$ENABLE_PREFIX_DELEGATION \
--set image.env.ENABLE_IPv4=$ENABLE_IPv4

}
16 changes: 16 additions & 0 deletions scripts/lib/tests.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
function run_cyclonus_tests(){

kubectl create ns $NETWORK_POLICY_NS
kubectl create clusterrolebinding cyclonus --clusterrole=cluster-admin --serviceaccount=$NETWORK_POLICY_NS:cyclonus
kubectl create sa cyclonus -n $NETWORK_POLICY_NS

kubectl apply -f ${DIR}/test/cyclonus-config.yaml -n $NETWORK_POLICY_NS

kubectl wait --for=condition=complete --timeout=240m -n $NETWORK_POLICY_NS job.batch/cyclonus || echo "Job timed out after 4 hrs"
kubectl logs -n $NETWORK_POLICY_NS job/cyclonus > ${DIR}/results.log

}

function run_performance_tests(){
run_cyclonus_tests
}
39 changes: 39 additions & 0 deletions scripts/run-tests.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#! /bin/bash

set -Eeuox pipefail

DIR=$(cd "$(dirname "$0")"; pwd)

source ${DIR}/lib/cleanup.sh
source ${DIR}/lib/cloudwatch.sh
source ${DIR}/lib/cluster.sh
source ${DIR}/lib/network-policy.sh
source ${DIR}/lib/tests.sh

: "${RUN_PERFORMANCE_TESTS:=false}"
: "${RUN_CONFORMANCE_TESTS:=false}"

cleanup() {

if [[ $RUN_PERFORMANCE_TESTS == "true" ]]; then
uninstall_cloudwatch_agent
fi

delete_cluster
}

trap cleanup EXIT

set_cluster_defaults
create_cluster

if [[ $RUN_PERFORMANCE_TESTS == "true" ]]; then
echo "Runnning Performance tests"
install_cloudwatch_agent
run_performance_tests
elif [[ $RUN_CONFORMANCE_TESTS == "true" ]]; then
echo "Running Conformance tests"
run_cyclonus_tests
fi

check_path_cleanup
Loading

0 comments on commit 7abbedf

Please sign in to comment.