mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-28 03:42:09 +00:00
6cc5b79507
Phase 1 of Issue #10840 AMD has deprecated SEV support on Kata Containers, and going forward, SNP will be the only AMD feature supported. As a first step in this deprecation process, we are removing the SEV CI workflow from the test suite to unblock the CI. Will be adding future commits to remove redundant SEV code paths. Signed-Off-By: Adithya Krishnan Kannan <AdithyaKrishnan.Kannan@amd.com>
304 lines
9.4 KiB
YAML
304 lines
9.4 KiB
YAML
name: CI | Run kata coco tests
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
tarball-suffix:
|
|
required: false
|
|
type: string
|
|
registry:
|
|
required: true
|
|
type: string
|
|
repo:
|
|
required: true
|
|
type: string
|
|
tag:
|
|
required: true
|
|
type: string
|
|
pr-number:
|
|
required: true
|
|
type: string
|
|
commit-hash:
|
|
required: false
|
|
type: string
|
|
target-branch:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
|
|
jobs:
|
|
run-k8s-tests-on-tdx:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-tdx
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: tdx
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
GH_PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
KUBERNETES: "vanilla"
|
|
USING_NFD: "true"
|
|
KBS: "true"
|
|
K8S_TEST_HOST_TYPE: "baremetal"
|
|
KBS_INGRESS: "nodeport"
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
|
AUTO_GENERATE_POLICY: "yes"
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx
|
|
|
|
- name: Uninstall previous `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Deploy CSI driver
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 100
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete kata-deploy
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx
|
|
|
|
- name: Delete Snapshotter
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
|
|
|
|
- name: Delete CoCo KBS
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
|
|
|
|
- name: Delete CSI driver
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
|
|
|
|
# AMD has deprecated SEV support on Kata and henceforth SNP will be the only feature supported for Kata Containers.
|
|
run-k8s-tests-sev-snp:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-snp
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: sev-snp
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
GH_PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
KUBECONFIG: /home/kata/.kube/config
|
|
KUBERNETES: "vanilla"
|
|
USING_NFD: "false"
|
|
KBS: "true"
|
|
KBS_INGRESS: "nodeport"
|
|
K8S_TEST_HOST_TYPE: "baremetal"
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
AUTO_GENERATE_POLICY: "yes"
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp
|
|
|
|
- name: Uninstall previous `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Deploy CSI driver
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 50
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete kata-deploy
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp
|
|
|
|
- name: Delete Snapshotter
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
|
|
|
|
- name: Delete CoCo KBS
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
|
|
|
|
- name: Delete CSI driver
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
|
|
|
|
# Generate jobs for testing CoCo on non-TEE environments
|
|
run-k8s-tests-coco-nontee:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-coco-dev
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
GH_PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
# Some tests rely on that variable to run (or not)
|
|
KBS: "true"
|
|
# Set the KBS ingress handler (empty string disables handling)
|
|
KBS_INGRESS: "aks"
|
|
KUBERNETES: "vanilla"
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
USING_NFD: "false"
|
|
AUTO_GENERATE_POLICY: "yes"
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts
|
|
|
|
- name: Download Azure CLI
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli
|
|
|
|
- name: Log into the Azure account
|
|
run: bash tests/integration/kubernetes/gha-run.sh login-azure
|
|
env:
|
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
|
|
- name: Create AKS cluster
|
|
uses: nick-fields/retry@v3
|
|
with:
|
|
timeout_minutes: 15
|
|
max_attempts: 20
|
|
retry_on: error
|
|
retry_wait_seconds: 10
|
|
command: bash tests/integration/kubernetes/gha-run.sh create-cluster
|
|
|
|
- name: Install `bats`
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-bats
|
|
|
|
- name: Install `kubectl`
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kubectl
|
|
|
|
- name: Download credentials for the Kubernetes CLI to use them
|
|
run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Deploy CSI driver
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 80
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete AKS cluster
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-cluster
|