Kindnet network policies #116
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: VM | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- 'site/**' | |
permissions: | |
contents: read | |
jobs: | |
vm: | |
# Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc. | |
name: "VM (Fedora)" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
provider: [docker, podman] | |
rootless: ["rootful", "rootless"] | |
env: | |
KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}" | |
ROOTLESS: "${{ matrix.rootless }}" | |
HELPER: "./hack/ci/vagrant-helper.sh" | |
JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}" | |
steps: | |
- name: Check out code | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
# https://github.com/containerd/containerd/blob/420503072e58f27a7192ddea4e6e41dced911cb9/.github/workflows/ci.yml#L569-L581 | |
- name: Set up vagrant | |
run: | | |
# Canonical's Vagrant 2.2.19 dpkg cannot download Fedora 38 image: https://bugs.launchpad.net/vagrant/+bug/2017828 | |
# So we have to install Vagrant >= 2.3.1 from the upstream: https://github.com/opencontainers/runc/blob/v1.1.8/.cirrus.yml#L41-L49 | |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
sudo apt-get update | |
sudo apt-get install -y vagrant virtualbox | |
- name: Boot Fedora | |
run: | | |
ln -sf ./hack/ci/Vagrantfile ./Vagrantfile | |
# Retry if it fails (download.fedoraproject.org returns 404 sometimes) | |
# Spend up to 10 seconds on this | |
for i in {1..4}; do | |
if vagrant up; then | |
break | |
fi | |
vagrant destroy -f | |
sleep $i | |
done | |
- name: Set up Rootless Docker | |
if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }} | |
run: | | |
# Disable the rootful daemon | |
"$HELPER" sudo systemctl disable --now docker | |
# Install the systemd unit | |
"$HELPER" dockerd-rootless-setuptool.sh install | |
# Modify the client config to use the rootless daemon by default | |
"$HELPER" docker context use rootless | |
- name: Set up Rootless Podman | |
if: ${{ matrix.provider == 'podman' && matrix.rootless == 'rootless' }} | |
run: | | |
# Restart the user session to ensure the cgroup delegation | |
# ref: https://github.com/kubernetes-sigs/kind/pull/2754#issuecomment-1124027063 | |
"$HELPER" sudo loginctl terminate-user vagrant || true | |
# We have modprobe ip6_tables in Vagrantfile, but it seems we have to modprobe it once again | |
"$HELPER" sudo modprobe ip6_tables | |
- name: Show provider info | |
run: | | |
"$HELPER" "$KIND_EXPERIMENTAL_PROVIDER" info | |
"$HELPER" "$KIND_EXPERIMENTAL_PROVIDER" version | |
- name: Create a cluster | |
run: | | |
"$HELPER" kind create cluster -v7 --wait 10m --retain | |
- name: Get Cluster status | |
run: | | |
"$HELPER" kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns | |
"$HELPER" kubectl get nodes -o wide | |
"$HELPER" kubectl get pods -A | |
- name: Export logs | |
if: always() | |
run: | | |
"$HELPER" kind export logs /tmp/kind/logs | |
mkdir -p /tmp/kind/logs | |
"$HELPER" tar cC /tmp/kind/logs . | tar xC /tmp/kind/logs | |
- name: Upload logs | |
if: always() | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }} | |
path: /tmp/kind/logs |