diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 5e7256b7..02aa5c9e 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -7,13 +7,13 @@ jobs: REPOSITORY: ghcr.io/${{ github.repository }} steps: - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build container image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: push: false tags: ghcr.io/${{ github.repository }}:latest-amd64 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d128487..57b7da05 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,12 +14,12 @@ jobs: GO111MODULE: on steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Build env: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index abb3cb79..025fd307 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v2 diff --git a/.github/workflows/kind-e2e.yml b/.github/workflows/kind-e2e.yml index 45dee4c4..96311d71 100644 --- a/.github/workflows/kind-e2e.yml +++ b/.github/workflows/kind-e2e.yml @@ -11,7 +11,7 @@ jobs: run: sudo apt install bats - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup registry run: docker run -d --restart=always -p "5000:5000" --name "kind-registry" registry:2 @@ -48,7 +48,7 @@ jobs: ./e2e/bin/kind export logs /tmp/kind-logs - name: Upload logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 if: ${{ failure() }} with: name: kind-logs-e2e diff --git a/.github/workflows/push-master.yml b/.github/workflows/push-master.yml index 97c2716d..03a0174a 100644 --- a/.github/workflows/push-master.yml +++ b/.github/workflows/push-master.yml @@ -13,14 +13,14 @@ jobs: REPOSITORY: ghcr.io/${{ github.repository }} steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry if: github.repository_owner == 'k8snetworkplumbingwg' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -28,10 +28,9 @@ jobs: - name: Push to GitHub Container Registry if: github.repository_owner == 'k8snetworkplumbingwg' - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true - platform: linux/amd64 tags: | ghcr.io/${{ github.repository }}:latest ghcr.io/${{ github.repository }}:snapshot diff --git a/.github/workflows/push-release.yml b/.github/workflows/push-release.yml index 7fd0e458..4e73673c 100644 --- a/.github/workflows/push-release.yml +++ b/.github/workflows/push-release.yml @@ -12,14 +12,14 @@ jobs: REPOSITORY: ghcr.io/${{ github.repository }} steps: - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry if: github.repository_owner == 'k8snetworkplumbingwg' - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -27,27 +27,20 @@ jobs: - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 + uses: docker/metadata-action@v5 with: images: ${{ env.REPOSITORY }} - tag-latest: false + flavor: + latest=false - name: Push to GitHub Container Registry if: github.repository_owner == 'k8snetworkplumbingwg' - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: push: true tags: | - ghcr.io/${{ github.repository }}:stable-amd64 - ${{ steps.docker_meta.outputs.tags }}-amd64 - - - name: Create manifest for multi-arch images - if: github.repository_owner == 'k8snetworkplumbingwg' - run: | - docker manifest create ${{ env.REPOSITORY }}:stable ${{ env.REPOSITORY }}:stable-amd64 - docker manifest annotate ${{ env.REPOSITORY }}:stable ${{ env.REPOSITORY }}:stable-amd64 --arch amd64 - docker manifest push ${{ env.REPOSITORY }}:stable - docker manifest create ${{ steps.docker_meta.outputs.tags }} ${{ steps.docker_meta.outputs.tags }}-amd64 - docker manifest annotate ${{ steps.docker_meta.outputs.tags }} ${{ steps.docker_meta.outputs.tags }}-amd64 --arch amd64 - docker manifest push ${{ steps.docker_meta.outputs.tags }} - + ghcr.io/${{ github.repository }}:stable + ${{ steps.docker_meta.outputs.tags }} + platforms: linux/amd64 + sbom: false + provenance: false diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 99b060c8..1e3e850e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,12 +9,12 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Run Revive Action by pulling pre-built image uses: docker://morphy/revive-action:v2 diff --git a/e2e/get_tools.sh b/e2e/get_tools.sh index cc620f41..f91ec1db 100755 --- a/e2e/get_tools.sh +++ b/e2e/get_tools.sh @@ -5,7 +5,7 @@ if [ ! -d bin ]; then mkdir bin fi -curl -Lo ./bin/kind "https://github.com/kubernetes-sigs/kind/releases/download/v0.20.0/kind-$(uname)-amd64" +curl -Lo ./bin/kind "https://github.com/kubernetes-sigs/kind/releases/download/v0.22.0/kind-$(uname)-amd64" chmod +x ./bin/kind curl -Lo ./bin/kubectl https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl chmod +x ./bin/kubectl diff --git a/e2e/multi-network-policy-iptables-e2e.yml b/e2e/multi-network-policy-iptables-e2e.yml index dc8e4387..bf9b7908 100644 --- a/e2e/multi-network-policy-iptables-e2e.yml +++ b/e2e/multi-network-policy-iptables-e2e.yml @@ -122,7 +122,6 @@ spec: containers: - name: multi-networkpolicy image: localhost:5000/multus-networkpolicy-iptables:e2e - imagePullPolicy: Always command: ["/usr/bin/multi-networkpolicy-iptables"] args: - "--host-prefix=/host" diff --git a/e2e/setup_cluster.sh b/e2e/setup_cluster.sh index 961bcd60..d19c33f1 100755 --- a/e2e/setup_cluster.sh +++ b/e2e/setup_cluster.sh @@ -8,58 +8,23 @@ export PATH=./bin:${PATH} OCI_BIN="${OCI_BIN:-docker}" kind_network='kind' -reg_name='kind-registry' -reg_port='5000' -running="$($OCI_BIN inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" -if [ "${running}" != 'true' ]; then - $OCI_BIN run -d --restart=always -p "${reg_port}:5000" --name "${reg_name}" registry:2 -fi $OCI_BIN build -t localhost:5000/multus-networkpolicy-iptables:e2e -f ../Dockerfile .. -$OCI_BIN push localhost:5000/multus-networkpolicy-iptables:e2e - -reg_host="${reg_name}" -echo "Registry Host: ${reg_host}" # deploy cluster with kind cat < server" { diff --git a/e2e/tests/simple-v4-egress.bats b/e2e/tests/simple-v4-egress.bats index 55178e52..6d5a9111 100755 --- a/e2e/tests/simple-v4-egress.bats +++ b/e2e/tests/simple-v4-egress.bats @@ -24,7 +24,7 @@ setup() { @test "check generated iptables rules" { # wait for sync - sleep 3 + sleep 5 # check pod-server has multi-networkpolicy iptables rules for ingress run kubectl -n test-simple-v4-egress exec pod-server -- sh -c "iptables-save | grep MULTI-0-EGRESS" [ "$status" -eq "0" ] @@ -36,7 +36,7 @@ setup() { [ "$status" -eq "1" ] # wait for sync - sleep 3 + sleep 5 # check that iptables files in pod-iptables pod_name=$(kubectl -n kube-system get pod -o wide | grep 'kind-worker' | grep multi-net | cut -f 1 -d ' ') run kubectl -n kube-system exec ${pod_name} -- \ @@ -80,7 +80,7 @@ setup() { # enable multi-networkpolicy again kubectl -n kube-system patch daemonsets multi-networkpolicy-ds-amd64 --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]' - sleep 3 + sleep 5 kubectl -n kube-system wait --for=condition=ready -l app=multi-networkpolicy pod --timeout=${kubewait_timeout} } @@ -90,7 +90,7 @@ setup() { run kubectl -n test-simple-v4-egress wait --for=delete -l app=test-simple-v4-egress pod --timeout=${kubewait_timeout} [ "$status" -eq "0" ] - sleep 3 + sleep 5 # check that no iptables files in pod-iptables pod_name=$(kubectl -n kube-system get pod -o wide | grep 'kind-worker' | grep multi-net | cut -f 1 -d ' ') run kubectl -n kube-system exec ${pod_name} -- \ diff --git a/e2e/tests/simple-v4-ingress-list.bats b/e2e/tests/simple-v4-ingress-list.bats index 6d7600b8..1b5f1d92 100755 --- a/e2e/tests/simple-v4-ingress-list.bats +++ b/e2e/tests/simple-v4-ingress-list.bats @@ -23,7 +23,7 @@ setup() { [ "$status" -eq "0" ] # wait for sync - sleep 3 + sleep 5 } @test "test-simple-v4-ingress-list check client-a -> server" { diff --git a/e2e/tests/simple-v4-ingress.bats b/e2e/tests/simple-v4-ingress.bats index 1aee85fd..92ecda41 100755 --- a/e2e/tests/simple-v4-ingress.bats +++ b/e2e/tests/simple-v4-ingress.bats @@ -24,7 +24,7 @@ setup() { @test "check generated iptables rules" { # wait for sync - sleep 3 + sleep 5 # check pod-server has multi-networkpolicy iptables rules for ingress run kubectl -n test-simple-v4-ingress exec pod-server -- sh -c "iptables-save | grep MULTI-0-INGRESS" [ "$status" -eq "0" ] @@ -36,7 +36,7 @@ setup() { [ "$status" -eq "1" ] # wait for sync - sleep 3 + sleep 5 # check that iptables files in pod-iptables pod_name=$(kubectl -n kube-system get pod -o wide | grep 'kind-worker' | grep multi-net | cut -f 1 -d ' ') run kubectl -n kube-system exec ${pod_name} -- \ @@ -80,7 +80,7 @@ setup() { # enable multi-networkpolicy again kubectl -n kube-system patch daemonsets multi-networkpolicy-ds-amd64 --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]' - sleep 3 + sleep 5 kubectl -n kube-system wait --for=condition=ready -l app=multi-networkpolicy pod --timeout=${kubewait_timeout} } @@ -90,7 +90,7 @@ setup() { run kubectl -n test-simple-v4-ingress wait --for=delete -l app=test-simple-v4-ingress pod --timeout=${kubewait_timeout} [ "$status" -eq "0" ] - sleep 3 + sleep 5 # check that no iptables files in pod-iptables pod_name=$(kubectl -n kube-system get pod -o wide | grep 'kind-worker' | grep multi-net | cut -f 1 -d ' ') run kubectl -n kube-system exec ${pod_name} -- \ diff --git a/e2e/tests/simple-v6-ingress-list.bats b/e2e/tests/simple-v6-ingress-list.bats index 912ae857..a7758e49 100755 --- a/e2e/tests/simple-v6-ingress-list.bats +++ b/e2e/tests/simple-v6-ingress-list.bats @@ -24,7 +24,7 @@ setup() { [ "$status" -eq "0" ] # wait for sync - sleep 3 + sleep 5 } @test "test-simple-v6-ingress-list check client-a -> server" { diff --git a/e2e/tests/simple-v6-ingress.bats b/e2e/tests/simple-v6-ingress.bats index 5b8efaab..4effdb81 100755 --- a/e2e/tests/simple-v6-ingress.bats +++ b/e2e/tests/simple-v6-ingress.bats @@ -25,7 +25,7 @@ setup() { @test "check generated ip6tables rules" { # wait for sync - sleep 3 + sleep 5 # check pod-server has multi-networkpolicy ip6tables rules for ingress run kubectl -n test-simple-v6-ingress exec pod-server -- sh -c "ip6tables-save | grep MULTI-0-INGRESS" @@ -80,7 +80,7 @@ setup() { # enable multi-networkpolicy again kubectl -n kube-system patch daemonsets multi-networkpolicy-ds-amd64 --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]' - sleep 3 + sleep 5 kubectl -n kube-system wait --for=condition=ready -l app=multi-networkpolicy pod --timeout=${kubewait_timeout} } diff --git a/e2e/tests/stacked.bats b/e2e/tests/stacked.bats index 483b31f0..fe57b6e7 100755 --- a/e2e/tests/stacked.bats +++ b/e2e/tests/stacked.bats @@ -22,7 +22,7 @@ setup() { @test "check generated iptables rules" { # wait for sync - sleep 3 + sleep 5 run kubectl -n test-stacked exec pod-server -it -- sh -c "iptables-save | grep MULTI-0-INGRESS" [ "$status" -eq "0" ] run kubectl -n test-stacked exec pod-client-a -it -- sh -c "iptables-save | grep MULTI-0-INGRESS" diff --git a/e2e/update_image_on_cluster.sh b/e2e/update_image_on_cluster.sh index 823ff8c3..7b008167 100755 --- a/e2e/update_image_on_cluster.sh +++ b/e2e/update_image_on_cluster.sh @@ -7,7 +7,7 @@ OCI_BIN="${OCI_BIN:-docker}" IMAGE="localhost:5000/multus-networkpolicy-iptables:e2e" $OCI_BIN build -t ${IMAGE} ${E2E}/.. -$OCI_BIN push ${IMAGE} +kind load docker-image ${IMAGE} new_image_with_digest=`${OCI_BIN} inspect --format='{{index .RepoDigests 0}}' ${IMAGE}` kubectl set image -n kube-system ds/multi-networkpolicy-ds-amd64 multi-networkpolicy=${new_image_with_digest}