-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Run Conformance and Performance tests with github actions
- Loading branch information
Showing
17 changed files
with
516 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: InstallDependencies | ||
description: 'Installs Go, Docker, Ginkgo, EKSCTL binaries' | ||
runs: | ||
using: "composite" | ||
steps: | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
check-latest: true | ||
- name: Set up ginkgo | ||
shell: bash | ||
run: | | ||
# Install ginkgo version from go.mod | ||
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo | ||
- name: Set up eksctl | ||
shell: bash | ||
run: | | ||
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | ||
sudo mv /tmp/eksctl /usr/local/bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
name: e2e-conformance-tests | ||
|
||
on: | ||
workflow_dispatch: {} | ||
schedule: | ||
- cron: "0 0 * * *" # Run Everyday at Midnight | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
e2e-conformance-tests: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
ip-family: [ IPv4, IPv6 ] | ||
# kubernetes-versions: ["1.25", "1.26", "1.27"] | ||
if: github.repository == 'aws/aws-network-policy-agent' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout latest commit in the PR | ||
uses: actions/checkout@v3 | ||
- name: Install Dependencies | ||
uses: ./.github/actions/install-dependencies | ||
- uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
role-to-assume: ${{ secrets.OSS_ROLE_ARN }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
role-duration-seconds: 14400 | ||
- name: Run e2e conformance test | ||
env: | ||
RUN_CONFORMANCE_TESTS: true | ||
KUBERNETES_VERSION: 1.27 | ||
CNI_ADDON_VERSION: v1.14.0-eksbuild.3 | ||
CNI_ADDON_CONFIGURATION: '{"enableNetworkPolicy": "true"}' | ||
IP_FAMILY: ${{ matrix.ip-family }} | ||
run: | | ||
./scripts/run-tests.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
name: Performance tests | ||
|
||
on: | ||
workflow_dispatch: {} | ||
schedule: | ||
- cron: "0 9 * * 2" # every Tuesday | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
performance-tests: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
ip-family: [ "IPv4", "IPv6"] | ||
# kubernetes-versions: ["1.25", "1.26", "1.27"] | ||
if: github.repository == 'aws/aws-network-policy-agent' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout latest commit in the PR | ||
uses: actions/checkout@v3 | ||
- name: Install Dependencies | ||
uses: ./.github/actions/install-dependencies | ||
- uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
role-to-assume: ${{ secrets.OSS_ROLE_ARN }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
role-duration-seconds: 14400 | ||
- name: Run performance tests | ||
env: | ||
RUN_PERFORMANCE_TESTS: true | ||
KUBERNETES_VERSION: 1.27 | ||
NODES_CAPACITY: 10 | ||
INSTANCE_TYPE: c5.xlarge | ||
CNI_ADDON_VERSION: v1.13.3-eksbuild.1 | ||
CNI_ADDON_CONFIGURATION: "" | ||
IP_FAMILY: ${{ matrix.ip-family }} | ||
run: | | ||
./scripts/run-tests.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
## Integration Test scripts | ||
|
||
This package contains shell scripts and libraries used for running e2e integration tests. | ||
|
||
### run-test.sh | ||
|
||
`run-test.sh` can run various integration test suites against the current revision in the invoking directory. | ||
|
||
#### Tests | ||
The following tests are valid to run, and setting the respective environment variable to true will run them: | ||
1. Conformance Tests - `RUN_CONFORMANCE_TESTS` | ||
2. Performance Tests - `RUN_PERFORMANCE_TESTS` | ||
|
||
|
||
#### Conformance tests | ||
This runs the upstream cyclonus test suite for testing network policy | ||
|
||
|
||
#### Performance tests | ||
This for now runs the upstream cyclonus tests and only collects the memory metrics during the run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
|
||
function check_path_cleanup(){ | ||
|
||
local worker_nodes=$(kubectl get nodes -o custom-columns=NAME:.metadata.name --no-headers) | ||
for node in $worker_nodes | ||
do | ||
export NODE=$node | ||
envsubst '$NODE' < ${DIR}/test/check-cleanup-pod.yaml > ${DIR}/test/check-cleanup-pod-$node.yaml | ||
kubectl apply -f ${DIR}/test/check-cleanup-pod-$node.yaml | ||
rm -rf ${DIR}/test/check-cleanup-pod-$node.yaml | ||
done | ||
sleep 20 | ||
|
||
for node in $worker_nodes | ||
do | ||
if [[ $(kubectl get pods $node -ojsonpath="{.status.phase}") == "Failed" ]]; then | ||
echo "BPF files not cleaned up on $node.. $(kubectl logs $node)" | ||
exit 1 | ||
fi | ||
kubectl delete pods $node | ||
done | ||
|
||
echo "BPF files were cleaned up from the nodes" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
function install_cloudwatch_agent(){ | ||
|
||
local perf_cluster_name="" | ||
if [[ $IP_FAMILY == "IPv4" ]]; then | ||
perf_cluster_name="eks-network-policy-perf-v4" | ||
else | ||
perf_cluster_name="eks-network-policy-perf-v6" | ||
fi | ||
|
||
echo "Create IAM Service Account for CW agent" | ||
kubectl create ns $CW_NAMESPACE | ||
|
||
eksctl create iamserviceaccount \ | ||
--cluster $CLUSTER_NAME \ | ||
--name cloudwatch-agent \ | ||
--namespace $CW_NAMESPACE \ | ||
--attach-policy-arn $CW_POLICY_ARN \ | ||
--approve | ||
|
||
echo "Install Cloudwatch Agent DS" | ||
kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-serviceaccount.yaml | ||
|
||
echo '{ "logs": { "metrics_collected": { "kubernetes": { "metrics_collection_interval": 30, "cluster_name": "'${perf_cluster_name}'" }},"force_flush_interval": 5 }}' | jq > cwagentconfig.json | ||
kubectl create cm -n $CW_NAMESPACE cwagentconfig --from-file cwagentconfig.json | ||
kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cwagent/cwagent-daemonset.yaml | ||
|
||
# Allow CW agent to startup and push initial logs | ||
sleep 60 | ||
} | ||
|
||
function uninstall_cloudwatch_agent(){ | ||
|
||
eksctl delete iamserviceaccount \ | ||
--cluster $CLUSTER_NAME \ | ||
--name cloudwatch-agent \ | ||
--namespace $CW_NAMESPACE || echo " IAM Service Account role not found" | ||
|
||
rm -rf cwagentconfig.json || echo "CW agent config not found" | ||
kubectl delete namespace $CW_NAMESPACE || echo "No namespace: $CW_NAMESPACE found" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
|
||
|
||
function set_cluster_defaults(){ | ||
|
||
CLUSTER_NAME=network-policy-${RANDOM} | ||
: "${AWS_REGION:=us-west-2}" | ||
: "${AMI_FAMILY:=AmazonLinux2}" | ||
: "${NODEGROUP_TYPE:=linux}" | ||
: "${NODES_CAPACITY:=3}" | ||
: "${INSTANCE_TYPE:=t3.large}" | ||
: "${KUBERNETES_VERSION:=1.27}" | ||
: "${IP_FAMILY:=IPv4}" | ||
: "${CNI_ADDON_VERSION:=v1.14.0-eksbuild.3}" | ||
: "${CNI_ADDON_CONFIGURATION:=""}" | ||
: "${CW_NAMESPACE:=amazon-cloudwatch}" | ||
: "${CW_POLICY_ARN:=arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy}" | ||
: "${NETWORK_POLICY_NS:=netpol-test}" | ||
: "${ENDPOINT_URL:=""}" | ||
} | ||
|
||
function create_cluster(){ | ||
|
||
cat <<EOF > eks-cluster.yaml | ||
apiVersion: eksctl.io/v1alpha5 | ||
iam: | ||
withOIDC: true | ||
addons: | ||
- name: vpc-cni | ||
version: ${CNI_ADDON_VERSION} | ||
configurationValues: ${CNI_ADDON_CONFIGURATION} | ||
- name: coredns | ||
- name: kube-proxy | ||
kind: ClusterConfig | ||
kubernetesNetworkConfig: | ||
ipFamily: ${IP_FAMILY} | ||
managedNodeGroups: | ||
- amiFamily: ${AMI_FAMILY} | ||
desiredCapacity: ${NODES_CAPACITY} | ||
instanceType: ${INSTANCE_TYPE} | ||
labels: | ||
alpha.eksctl.io/cluster-name: ${CLUSTER_NAME} | ||
alpha.eksctl.io/nodegroup-name: ${CLUSTER_NAME}-${NODEGROUP_TYPE}-nodes | ||
maxSize: ${NODES_CAPACITY} | ||
minSize: 1 | ||
name: ${CLUSTER_NAME}-${NODEGROUP_TYPE} | ||
tags: | ||
alpha.eksctl.io/nodegroup-name: ${CLUSTER_NAME}-${NODEGROUP_TYPE}-nodes | ||
alpha.eksctl.io/nodegroup-type: managed | ||
metadata: | ||
name: ${CLUSTER_NAME} | ||
region: ${AWS_REGION} | ||
version: "${KUBERNETES_VERSION}" | ||
EOF | ||
|
||
eksctl create cluster -f ./eks-cluster.yaml | ||
} | ||
|
||
function delete_cluster(){ | ||
|
||
eksctl delete cluster -f ./eks-cluster.yaml | ||
rm -rf ./eks-cluster.yaml | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
|
||
function install_network_policy_mao(){ | ||
|
||
local options=" --no-cli-pager" | ||
if [[ ! -z $ENDPOINT_URL ]]; then | ||
options+=" --endpoint-url $ENDPOINT_URL" | ||
fi | ||
|
||
if [[ ! -z $CNI_ADDON_CONFIGURATION ]]; then | ||
options+=" --configuration $CNI_ADDON_CONFIGURATION" | ||
fi | ||
|
||
aws eks create-addon \ | ||
--addon-name vpc-cni \ | ||
--addon-version $CNI_ADDON_VERSION \ | ||
--resolve-conflicts overwrite \ | ||
--cluster-name ${CLUSTER_NAME} $options | ||
|
||
local status="" | ||
local retries=30 | ||
local try=0 | ||
while [[ $status != "ACTIVE" && $try -lt $retries ]] | ||
do | ||
status=$(aws eks describe-addon \ | ||
--addon-name vpc-cni \ | ||
--cluster-name ${CLUSTER_NAME} $options | jq -r '.addon.status') | ||
echo "Addon status - $status" | ||
try=$((try+1)) | ||
sleep 10 | ||
done | ||
|
||
if [[ $status != "ACTIVE" ]]; then | ||
local err_message=$(aws eks describe-addon \ | ||
--addon-name vpc-cni \ | ||
--cluster-name ${CLUSTER_NAME} $options | jq -r '.addon.health') | ||
echo $err_message | ||
exit 1 | ||
fi | ||
|
||
echo "Addon installed Successfully" | ||
} | ||
|
||
function install_network_policy_helm(){ | ||
|
||
echo "Installing Network Policy using VPC-CNI helm chart" | ||
helm repo add eks https://aws.github.io/eks-charts | ||
|
||
if [[ $IP_FAMILY == "IPv4" ]]; then | ||
ENABLE_IPv4=true | ||
ENABLE_IPv6=false | ||
ENABLE_PREFIX_DELEGATION=false | ||
else | ||
ENABLE_IPv4=false | ||
ENABLE_IPv6=true | ||
ENABLE_PREFIX_DELEGATION=true | ||
fi | ||
|
||
helm upgrade --install aws-vpc-cni eks/aws-vpc-cni --wait --timeout 300 \ | ||
--namespace kube-system \ | ||
--set enableNetworkPolicy=true \ | ||
--set originalMatchLabels=true \ | ||
--set init.env.ENABLE_IPv6=$ENABLE_IPv6 \ | ||
--set image.env.ENABLE_IPv6=$ENABLE_IPv6 \ | ||
--set nodeAgent.enableIpv6=$ENABLE_IPv6 \ | ||
--set image.env.ENABLE_PREFIX_DELEGATION=$ENABLE_PREFIX_DELEGATION \ | ||
--set image.env.ENABLE_IPv4=$ENABLE_IPv4 | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
function run_cyclonus_tests(){ | ||
|
||
kubectl create ns $NETWORK_POLICY_NS | ||
kubectl create clusterrolebinding cyclonus --clusterrole=cluster-admin --serviceaccount=$NETWORK_POLICY_NS:cyclonus | ||
kubectl create sa cyclonus -n $NETWORK_POLICY_NS | ||
|
||
kubectl apply -f ${DIR}/test/cyclonus-config.yaml -n $NETWORK_POLICY_NS | ||
|
||
kubectl wait --for=condition=complete --timeout=240m -n $NETWORK_POLICY_NS job.batch/cyclonus || echo "Job timed out after 4 hrs" | ||
kubectl logs -n $NETWORK_POLICY_NS job/cyclonus > ${DIR}/results.log | ||
|
||
} | ||
|
||
function run_performance_tests(){ | ||
run_cyclonus_tests | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#! /bin/bash | ||
|
||
set -Eeuox pipefail | ||
|
||
DIR=$(cd "$(dirname "$0")"; pwd) | ||
|
||
source ${DIR}/lib/cleanup.sh | ||
source ${DIR}/lib/cloudwatch.sh | ||
source ${DIR}/lib/cluster.sh | ||
source ${DIR}/lib/network-policy.sh | ||
source ${DIR}/lib/tests.sh | ||
|
||
: "${RUN_PERFORMANCE_TESTS:=false}" | ||
: "${RUN_CONFORMANCE_TESTS:=false}" | ||
|
||
cleanup() { | ||
|
||
if [[ $RUN_PERFORMANCE_TESTS == "true" ]]; then | ||
uninstall_cloudwatch_agent | ||
fi | ||
|
||
delete_cluster | ||
} | ||
|
||
trap cleanup EXIT | ||
|
||
set_cluster_defaults | ||
create_cluster | ||
|
||
if [[ $RUN_PERFORMANCE_TESTS == "true" ]]; then | ||
echo "Runnning Performance tests" | ||
install_cloudwatch_agent | ||
run_performance_tests | ||
elif [[ $RUN_CONFORMANCE_TESTS == "true" ]]; then | ||
echo "Running Conformance tests" | ||
run_cyclonus_tests | ||
fi | ||
|
||
check_path_cleanup |
Oops, something went wrong.