Skip to content

Commit

Permalink
separate applying calico rules to a job; add job to apply cfw to any …
Browse files Browse the repository at this point in the history 
…remaining instances
  • Loading branch information
@ykim-akamai
ykim-akamai committed Oct 24, 2024
1 parent 89e7b7a commit b64b7a1
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 16 deletions.
57 changes: 57 additions & 0 deletions .github/workflows/e2e-suite-windows.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,3 +103,60 @@ jobs:
conclusion: process.env.conclusion
});
return result;
apply-calico-rules:
runs-on: ubuntu-latest
needs: [integration_tests]
if: ${{ success() || failure() }}

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: 'recursive'

- name: Download kubectl and calicoctl for LKE clusters
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://github.com/projectcalico/calico/releases/download/v3.25.0/calicoctl-linux-amd64"
chmod +x calicoctl-linux-amd64 kubectl
mv calicoctl-linux-amd64 /usr/local/bin/calicoctl
mv kubectl /usr/local/bin/kubectl
- name: Apply Calico Rules to LKE
run: |
cd e2e_scripts/cloud_security_scripts/lke_calico_rules/ && ./lke_calico_rules_e2e.sh
env:
LINODE_TOKEN: ${{ secrets.LINODE_TOKEN_2 }}

add-fw-to-remaining-instances:
runs-on: ubuntu-latest
needs: [integration_tests]
if: ${{ success() || failure() }}

steps:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'

- name: Install Linode CLI
run: |
pip install linode-cli
- name: Create Firewall and Attach to Instances
run: |
FIREWALL_ID=$(linode-cli firewalls create --label "e2e-fw-$(date +%s)" --rules.inbound_policy "DROP" --rules.outbound_policy "ACCEPT" --text --format=id --no-headers)
echo "Created Firewall with ID: $FIREWALL_ID"
for instance_id in $(linode-cli linodes list --format "id" --text --no-header); do
echo "Attaching firewall to instance: $instance_id"
if linode-cli firewalls device-create "$FIREWALL_ID" --id "$instance_id" --type linode; then
echo "Firewall attached to instance $instance_id successfully."
else
echo "An error occurred while attaching firewall to instance $instance_id. Skipping..."
fi
done
env:
LINODE_CLI_TOKEN: ${{ secrets.LINODE_TOKEN_2 }}
82 changes: 66 additions & 16 deletions .github/workflows/e2e-suite.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,14 +91,6 @@ jobs:
pip install certifi -U && \
pip install .[obj,dev]
- name: Download kubectl and calicoctl for LKE clusters
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://github.com/projectcalico/calico/releases/download/v3.25.0/calicoctl-linux-amd64"
chmod +x calicoctl-linux-amd64 kubectl
mv calicoctl-linux-amd64 /usr/local/bin/calicoctl
mv kubectl /usr/local/bin/kubectl
- name: Install Package
run: make install
env:
Expand All @@ -117,13 +109,6 @@ jobs:
env:
LINODE_CLI_TOKEN: ${{ env.LINODE_CLI_TOKEN }}

- name: Apply Calico Rules to LKE
if: always()
run: |
cd scripts && ./lke_calico_rules_e2e.sh
env:
LINODE_TOKEN: ${{ env.LINODE_CLI_TOKEN }}

- name: Upload test results
if: always()
run: |
Expand Down Expand Up @@ -168,10 +153,75 @@ jobs:
});
return result;
apply-calico-rules:
runs-on: ubuntu-latest
needs: [integration_tests]
if: ${{ success() || failure() }}

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: 'recursive'

- name: Set LINODE_CLI_TOKEN
run: |
echo "LINODE_CLI_TOKEN=${{ secrets[inputs.use_minimal_test_account == 'true' && 'MINIMAL_LINODE_TOKEN' || 'LINODE_TOKEN'] }}" >> $GITHUB_ENV
- name: Download kubectl and calicoctl for LKE clusters
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://github.com/projectcalico/calico/releases/download/v3.25.0/calicoctl-linux-amd64"
chmod +x calicoctl-linux-amd64 kubectl
mv calicoctl-linux-amd64 /usr/local/bin/calicoctl
mv kubectl /usr/local/bin/kubectl
- name: Apply Calico Rules to LKE
run: |
cd e2e_scripts/cloud_security_scripts/lke_calico_rules/ && ./lke_calico_rules_e2e.sh
env:
LINODE_TOKEN: ${{ env.LINODE_CLI_TOKEN }}

add-fw-to-remaining-instances:
runs-on: ubuntu-latest
needs: [integration_tests]
if: ${{ success() || failure() }}

steps:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'

- name: Install Linode CLI
run: |
pip install linode-cli
- name: Set LINODE_CLI_TOKEN
run: |
echo "LINODE_CLI_TOKEN=${{ secrets[inputs.use_minimal_test_account == 'true' && 'MINIMAL_LINODE_TOKEN' || 'LINODE_TOKEN'] }}" >> $GITHUB_ENV
- name: Create Firewall and Attach to Instances
run: |
FIREWALL_ID=$(linode-cli firewalls create --label "e2e-fw-$(date +%s)" --rules.inbound_policy "DROP" --rules.outbound_policy "ACCEPT" --text --format=id --no-headers)
echo "Created Firewall with ID: $FIREWALL_ID"
for instance_id in $(linode-cli linodes list --format "id" --text --no-header); do
echo "Attaching firewall to instance: $instance_id"
if linode-cli firewalls device-create "$FIREWALL_ID" --id "$instance_id" --type linode; then
echo "Firewall attached to instance $instance_id successfully."
else
echo "An error occurred while attaching firewall to instance $instance_id. Skipping..."
fi
done
env:
LINODE_CLI_TOKEN: ${{ env.LINODE_CLI_TOKEN }}

notify-slack:
runs-on: ubuntu-latest
needs: [integration_tests]
if: always() && github.repository == 'linode/linode-cli' # Run even if integration tests fail and only on main repository
if: ${{ (success() || failure()) && github.repository == 'linode/linode-cli' }} # Run even if integration tests fail and only on main repository

steps:
- name: Notify Slack
Expand Down

0 comments on commit b64b7a1

Please sign in to comment.