Merge remote-tracking branch 'origin/tormath1/kubeadm' into krnowak/k…

…8s-1.25
flatcar · Aug 31, 2022 · 9cc084d · 9cc084d
2 parents d569e78 + 6e68db3
commit 9cc084d
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -50,6 +50,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Fixed
 - Fix version check in kubeadm tests ([#353](https://github.com/flatcar-linux/mantle/pull/353))
 - Make Calico testing in kubeadm tests more reliable ([#359](https://github.com/flatcar-linux/mantle/pull/359))
+- Fix running tests on Equinix Metal s3.xlarge.x86 instanes ([#364](https://github.com/flatcar-linux/mantle/pull/364))
 
 ## [0.18.0] - 12/01/2022
 ### Security

diff --git a/kola/tests/kubeadm/kubeadm.go b/kola/tests/kubeadm/kubeadm.go
@@ -54,8 +54,12 @@ var (
 					_ = c.MustSSH(controller, "/opt/bin/cilium uninstall")
 					version := params["CiliumVersion"].(string)
 					cidr := params["PodSubnet"].(string)
-					cmd := fmt.Sprintf("/opt/bin/cilium install --config enable-endpoint-routes=true --config cluster-pool-ipv4-cidr=%s --version=%s --encryption=ipsec --wait --wait-duration 1m", cidr, version)
-					_ = c.MustSSH(controller, cmd)
+					cmd := fmt.Sprintf("/opt/bin/cilium install --config enable-endpoint-routes=true --config cluster-pool-ipv4-cidr=%s --version=%s --encryption=ipsec --wait-duration=1s --rollback=false", cidr, version)
+					_, _ = c.SSH(controller, cmd)
+					patch := `/opt/bin/kubectl --namespace kube-system patch daemonset/cilium -p '{"spec":{"template":{"spec":{"containers":[{"name":"cilium-agent","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}],"initContainers":[{"name":"mount-cgroup","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"apply-sysctl-overwrites","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"clean-cilium-state","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}]}}}}'`
+					_ = c.MustSSH(controller, patch)
+					status := "/opt/bin/cilium status --wait --wait-duration 1m"
+					_ = c.MustSSH(controller, status)
 				},
 			},
 		},
@@ -104,8 +108,8 @@ var (
 		},
 		"v1.24.1": map[string]interface{}{
 			"FlannelVersion":   "v0.18.1",
-			"CiliumVersion":    "1.11.5",
-			"CiliumCLIVersion": "v0.10.7",
+			"CiliumVersion":    "1.12.1",
+			"CiliumCLIVersion": "v0.12.2",
 			"CNIVersion":       "v1.1.1",
 			"CRIctlVersion":    "v1.24.2",
 			"ReleaseVersion":   "v0.13.0",
@@ -129,8 +133,8 @@ var (
 		},
 		"v1.23.4": map[string]interface{}{
 			"FlannelVersion":   "v0.16.3",
-			"CiliumVersion":    "1.11.2",
-			"CiliumCLIVersion": "v0.10.2",
+			"CiliumVersion":    "1.12.1",
+			"CiliumCLIVersion": "v0.12.2",
 			"CNIVersion":       "v1.0.1",
 			"CRIctlVersion":    "v1.22.0",
 			"ReleaseVersion":   "v0.4.0",
@@ -154,8 +158,8 @@ var (
 		},
 		"v1.22.7": map[string]interface{}{
 			"FlannelVersion":   "v0.16.3",
-			"CiliumVersion":    "1.11.2",
-			"CiliumCLIVersion": "v0.10.2",
+			"CiliumVersion":    "1.12.1",
+			"CiliumCLIVersion": "v0.12.2",
 			"CNIVersion":       "v1.0.1",
 			"CRIctlVersion":    "v1.22.0",
 			"ReleaseVersion":   "v0.4.0",
@@ -213,7 +217,7 @@ func init() {
 					major = 3140
 				}
 
-				if CNI == "flannel" {
+				if CNI == "flannel" || CNI == "cilium" {
 					flags = append(flags, register.NoEnableSelinux)
 				}
 

diff --git a/kola/tests/kubeadm/templates.go b/kola/tests/kubeadm/templates.go
@@ -401,6 +401,7 @@ EOF
         --config enable-endpoint-routes=true \
         --config cluster-pool-ipv4-cidr={{ .PodSubnet }} \
         --version={{ .CiliumVersion }} 2>&1 | iconv --from-code utf-8 --to-code ascii//TRANSLIT
+    kubectl --namespace kube-system patch daemonset/cilium -p '{"spec":{"template":{"spec":{"containers":[{"name":"cilium-agent","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}],"initContainers":[{"name":"mount-cgroup","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"apply-sysctl-overwrites","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"clean-cilium-state","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}]}}}}'
     # --wait will wait for status to report success
     /opt/bin/cilium status --wait 2>&1 | iconv --from-code utf-8 --to-code ascii//TRANSLIT
 {{ end }}

diff --git a/kola/tests/kubeadm/testdata/master-cilium-script.sh b/kola/tests/kubeadm/testdata/master-cilium-script.sh
@@ -91,6 +91,7 @@ EOF
         --config enable-endpoint-routes=true \
         --config cluster-pool-ipv4-cidr=192.168.0.0/17 \
         --version=v0.11.1 2>&1 | iconv --from-code utf-8 --to-code ascii//TRANSLIT
+    kubectl --namespace kube-system patch daemonset/cilium -p '{"spec":{"template":{"spec":{"containers":[{"name":"cilium-agent","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}],"initContainers":[{"name":"mount-cgroup","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"apply-sysctl-overwrites","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}},{"name":"clean-cilium-state","securityContext":{"seLinuxOptions":{"level":"s0","type":"unconfined_t"}}}]}}}}'
     # --wait will wait for status to report success
     /opt/bin/cilium status --wait 2>&1 | iconv --from-code utf-8 --to-code ascii//TRANSLIT
 

diff --git a/platform/api/equinixmetal/api.go b/platform/api/equinixmetal/api.go
@@ -294,36 +294,38 @@ func (a *API) CreateOrUpdateDevice(hostname string, conf *conf.Conf, console Con
 	if err != nil {
 		return nil, fmt.Errorf("couldn't create device: %v", err)
 	}
+	destroyDevice := true
 	deviceID := device.ID
+	defer func() {
+		if destroyDevice {
+			a.DeleteDevice(deviceID)
+		}
+	}()
 
 	plog.Debugf("Created device: %q", deviceID)
 
 	if console != nil {
 		err := a.startConsole(deviceID, device.Facility.Code, console)
 		consoleStarted = true
 		if err != nil {
-			a.DeleteDevice(deviceID)
 			return nil, err
 		}
 	}
 
 	device, err = a.waitForActive(deviceID)
 	if err != nil {
-		a.DeleteDevice(deviceID)
 		return nil, err
 	}
 
 	ipAddress := a.GetDeviceAddress(device, 4, true)
 	if ipAddress == "" {
-		a.DeleteDevice(deviceID)
 		return nil, fmt.Errorf("no public IP address found for %v", deviceID)
 	}
 
 	plog.Debugf("Device active: %q", deviceID)
 
 	err = waitForInstall(ipAddress)
 	if err != nil {
-		a.DeleteDevice(deviceID)
 		return nil, fmt.Errorf("timed out waiting for flatcar-install: %v", err)
 	}
 
@@ -338,6 +340,7 @@ func (a *API) CreateOrUpdateDevice(hostname string, conf *conf.Conf, console Con
 
 	plog.Debugf("Finished installation of device: %q", deviceID)
 
+	destroyDevice = false
 	return device, nil
 }
 
@@ -441,7 +444,9 @@ ExecStart=/usr/bin/curl --retry-delay 1 --retry 120 --retry-connrefused --retry-
 
 ExecStartPre=-/bin/bash -c 'lvchange -an /dev/mapper/*'
 ExecStartPre=-/bin/bash -c 'shopt -s nullglob; for disk in /dev/*d? /dev/nvme?n1; do wipefs --all --force $${disk}; done'
-ExecStart=/usr/bin/flatcar-install -s -f image.bin.bz2 %v /userdata
+# 259 is a major number of NVMe devices. They need to be excluded, because
+# the boot agent can't boot from them.
+ExecStart=/usr/bin/flatcar-install -s -e 259 -f image.bin.bz2 %v /userdata
 
 ExecStart=/usr/bin/systemctl --no-block isolate reboot.target