From 93fd5c03e128f9f2bb4290cb0fe49cb7e8258bcf Mon Sep 17 00:00:00 2001
From: Michi Mutsuzaki <michi@isovalent.com>
Date: Mon, 24 Jun 2024 21:03:07 +0000
Subject: [PATCH] gke: Run cilium-cli inside a container

Update gke.yaml to run cilium-cli inside a container instead of using
cilium-cli-test-job-chart.

Ref: #2623
Ref: #2627
Ref: cilium/design-cfps#9

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
---
 .github/in-cluster-test-scripts/gke.sh | 31 ------------
 .github/workflows/gke.yaml             | 65 +++++++++++---------------
 2 files changed, 26 insertions(+), 70 deletions(-)
 delete mode 100644 .github/in-cluster-test-scripts/gke.sh

diff --git a/.github/in-cluster-test-scripts/gke.sh b/.github/in-cluster-test-scripts/gke.sh
deleted file mode 100644
index 8bde50ca60..0000000000
--- a/.github/in-cluster-test-scripts/gke.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-set -x
-set -e
-
-# Install Cilium
-cilium install \
-  --version "${CILIUM_VERSION}" \
-  --set cluster.name="${CLUSTER_NAME}" \
-  --set bpf.monitorAggregation=none \
-  --set ipv4NativeRoutingCIDR="${CLUSTER_CIDR}" \
-  --set loadBalancer.l7.backend=envoy \
-  --set tls.secretsBackend=k8s
-
-# Enable Relay
-cilium hubble enable
-
-# Wait for cilium and hubble relay to be ready
-# NB: necessary to work against occassional flakes due to https://github.com/cilium/cilium-cli/issues/918
-cilium status --wait
-
-# Port forward Relay
-cilium hubble port-forward&
-sleep 10s
-[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
-
-# Run connectivity test
-cilium connectivity test --debug --all-flows --collect-sysdump-on-failure --external-target google.com.
-
-# Run performance test
-cilium connectivity perf --duration 1s
diff --git a/.github/workflows/gke.yaml b/.github/workflows/gke.yaml
index 4982f52a96..8596e6d9e4 100644
--- a/.github/workflows/gke.yaml
+++ b/.github/workflows/gke.yaml
@@ -127,55 +127,42 @@ jobs:
         run: |
           gcloud container clusters get-credentials ${{ env.clusterName }} --zone ${{ env.zone }}
 
-      - name: Create gcloud-free kubeconfig and load it in configmap
-        run: |
-          .github/get-kubeconfig.sh
-          kubectl create configmap cilium-cli-kubeconfig -n kube-system --from-file kubeconfig
+      - name: Install Cilium CLI
+        uses: ./
+        with:
+          skip-build: 'true'
+          image-tag: ${{ steps.vars.outputs.sha }}
 
-      - name: Load test script in configmap
+      - name: Run test
         run: |
-          kubectl create configmap cilium-cli-test-script -n kube-system --from-file=in-cluster-test-script.sh=.github/in-cluster-test-scripts/gke.sh
+          cilium install \
+          --version "${{ env.cilium_version }}" \
+          --set cluster.name="${{ env.clusterName }}" \
+          --set bpf.monitorAggregation=none \
+          --set loadBalancer.l7.backend=envoy \
+          --set tls.secretsBackend=k8s
 
-      - name: Create cilium-cli job
-        run: |
-          helm install .github/cilium-cli-test-job-chart \
-            --generate-name \
-            --set tag=${{ steps.vars.outputs.sha }} \
-            --set cilium_version=${{ env.cilium_version }} \
-            --set cluster_name=${{ env.clusterName }} \
-            --set cluster_cidr=${{ steps.cluster.outputs.cluster_cidr }}
-
-      - name: Wait for test job
-        env:
-          timeout: 45m
-        run: |
-          # Background wait for job to complete or timeout
-          kubectl -n kube-system wait job/cilium-cli --for=condition=complete --timeout=${{ env.timeout }} &
-          complete_pid=$!
+          # Enable Relay
+          cilium hubble enable
 
-          # Background wait for job to fail
-          (kubectl -n kube-system wait job/cilium-cli --for=condition=failed --timeout=${{ env.timeout }} && exit 1) &
-          failed_pid=$!
+          # Wait for cilium and hubble relay to be ready
+          # NB: necessary to work against occassional flakes due to https://github.com/cilium/cilium-cli/issues/918
+          cilium status --wait
 
-          # Active wait for whichever background process ends first
-          wait -n $complete_pid $failed_pid
-          EXIT_CODE=$?
+          # Port forward Relay
+          cilium hubble port-forward&
+          sleep 10s
+          [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]
 
-          # Retrieve job logs
-          kubectl logs --timestamps -n kube-system job/cilium-cli
-          exit ${EXIT_CODE}
-        shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently
+          # Run connectivity test
+          cilium connectivity test --all-flows --collect-sysdump-on-failure --external-target google.com.
+
+          # Run performance test
+          cilium connectivity perf --duration 1s
 
       - name: Post-test information gathering
         if: ${{ !success() }}
         run: |
-          echo "=== Install latest stable CLI ==="
-          curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
-          sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
-          sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/bin
-          rm cilium-linux-amd64.tar.gz{,.sha256sum}
-          cilium version
-
           echo "=== Retrieve cluster state ==="
           kubectl get pods --all-namespaces -o wide
           cilium status