From 521519d7455d1def6f64ad92b509af6cfb947918 Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Mon, 24 Apr 2023 11:34:34 -0500 Subject: [PATCH 1/2] gha: Add the ability to test qemu-sev With the changes proposed as part of this PR, a qemu-sev cluster will be created but no tests will be performed. GitHub Actions will only run the tests using the workflows that are part of the **target** branch, instead of the using the ones coming from the PR. No way to work around this for now. After this commit is merged, the tests (not the yaml files for the actions) will be altered in order for the checkout action to help in this case. Fixes: #6711 Signed-off-by: Ryan Savino --- tests/integration/kubernetes/run_kubernetes_tests.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh index db1e16633c..daddb756ab 100755 --- a/tests/integration/kubernetes/run_kubernetes_tests.sh +++ b/tests/integration/kubernetes/run_kubernetes_tests.sh @@ -54,6 +54,10 @@ else ) fi +if [ ${KATA_HYPERVISOR} == "qemu-sev" ]; then + exit 0 +fi + # we may need to skip a few test cases when running on non-x86_64 arch arch_config_file="${kubernetes_dir}/filter_out_per_arch/${TARGET_ARCH}.yaml" if [ -f "${arch_config_file}" ]; then From c849bdb0a5454e48135ad3e8a111c15b381cdd7b Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Mon, 24 Apr 2023 11:36:35 -0500 Subject: [PATCH 2/2] gha: Also run k8s tests on qemu-sev Added the k8s tests for qemu-sev Fixes: #6711 Signed-Off-By: Ryan Savino --- .github/workflows/ci-on-push.yaml | 8 +++ .github/workflows/run-k8s-tests-on-sev.yaml | 65 +++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 .github/workflows/run-k8s-tests-on-sev.yaml diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 6db1cda72f..8b1b6ef365 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -29,6 +29,14 @@ jobs: tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 secrets: inherit + run-k8s-tests-on-sev: + needs: publish-kata-deploy-payload-amd64 + uses: ./.github/workflows/run-k8s-tests-on-sev.yaml + with: + registry: ghcr.io + repo: ${{ github.repository_owner }}/kata-deploy-ci + tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + run-k8s-tests-on-tdx: needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-tdx.yaml diff --git a/.github/workflows/run-k8s-tests-on-sev.yaml b/.github/workflows/run-k8s-tests-on-sev.yaml new file mode 100644 index 0000000000..043b21cc11 --- /dev/null +++ b/.github/workflows/run-k8s-tests-on-sev.yaml @@ -0,0 +1,65 @@ +name: CI | Run kubernetes tests on SEV +on: + workflow_call: + inputs: + registry: + required: true + type: string + repo: + required: true + type: string + tag: + required: true + type: string + +jobs: + run-k8s-tests: + strategy: + fail-fast: false + matrix: + vmm: + - qemu-sev + runs-on: sev + env: + KUBECONFIG: /home/kata/.kube/config + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Deploy kata-deploy + run: | + sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}|g" tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + cat tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + cat tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml | grep "${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}" || die "Failed to setup the tests image" + + kubectl apply -f tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml + kubectl apply -k tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + kubectl -n kube-system wait --timeout=10m --for=condition=Ready -l name=kata-deploy pod + kubectl apply -f tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml + + - name: Run tests + timeout-minutes: 30 + run: | + pushd tests/integration/kubernetes + sed -i -e 's|runtimeClassName: kata|runtimeClassName: kata-${{ matrix.vmm }}|' runtimeclass_workloads/*.yaml + bash run_kubernetes_tests.sh + popd + env: + KATA_HYPERVISOR: ${{ matrix.vmm }} + + - name: Delete kata-deploy + if: always() + run: | + kubectl delete -k tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod + + sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}|g" tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + cat tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + cat tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml | grep "${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}" || die "Failed to setup the tests image" + kubectl apply -f tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + sleep 180s + + kubectl delete -f tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + kubectl delete -f tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml + kubectl delete -f tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml