Azure
diff --git a/‎.github/dependabot.yaml
+7 b/‎.github/dependabot.yaml
+7
diff --git a/‎.pipelines/cni/cilium/cilium-overlay-load-test-template.yaml
+1-1 b/‎.pipelines/cni/cilium/cilium-overlay-load-test-template.yaml
+1-1
diff --git a/‎.pipelines/cni/k8s-e2e/k8s-e2e-job-template.yaml
+15 b/‎.pipelines/cni/k8s-e2e/k8s-e2e-job-template.yaml
+15
diff --git a/‎.pipelines/networkobservability/pipeline.yaml
+145 b/‎.pipelines/networkobservability/pipeline.yaml
+145
diff --git a/‎.pipelines/npm/npm-cni-integration-test.yaml
+11-7 b/‎.pipelines/npm/npm-cni-integration-test.yaml
+11-7
diff --git a/‎.pipelines/singletenancy/cilium-overlay/cilium-overlay-e2e-step-template.yaml
+1-1 b/‎.pipelines/singletenancy/cilium-overlay/cilium-overlay-e2e-step-template.yaml
+1-1
diff --git a/‎Makefile
+2-2 b/‎Makefile
+2-2
@@ -10,6 +10,7 @@ updates:
   commit-message:
     prefix: "ci"
   labels: [ "ci", "dependencies" ]
+  open-pull-requests-limit: 10
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
@@ -19,6 +20,7 @@ updates:
   commit-message:
     prefix: "ci"
   labels: [ "ci", "dependencies" ]
+  open-pull-requests-limit: 10
 - package-ecosystem: "gomod"
   directory: "/"
   schedule:
@@ -27,6 +29,7 @@ updates:
     - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
+  open-pull-requests-limit: 10
 - package-ecosystem: "gomod"
   directory: "/azure-ipam"
   schedule:
@@ -35,6 +38,7 @@ updates:
     - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
+  open-pull-requests-limit: 10
 - package-ecosystem: "gomod"
   directory: "/build/tools"
   schedule:
@@ -43,15 +47,18 @@ updates:
     - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
+  open-pull-requests-limit: 10
 - package-ecosystem: "gomod"
   directory: "/dropgz"
   schedule:
     interval: "daily"
   commit-message:
     prefix: "deps"
+  open-pull-requests-limit: 10
 - package-ecosystem: "gomod"
   directory: "/zapai"
   schedule:
     interval: "daily"
   commit-message:
     prefix: "deps"
+  open-pull-requests-limit: 10
@@ -14,7 +14,7 @@ parameters:
 # CONTROL_CNI either contains 'cniv1' or 'all'. It is not case sensitive
 stages:
   - stage: create_${{ parameters.name }}
-    condition: and( succeeded(), or( contains(variables.CONTROL_CNI, 'cilium') , contains(variables.CONTROL_CNI, 'all') ) )
+    condition: and( succeeded(), and( or( contains(variables.CONTROL_CNI, 'cilium') , contains(variables.CONTROL_CNI, 'all') ), or( contains(variables.CONTROL_OS, 'linux'), contains(variables.CONTROL_OS, 'all') ) ) )
     variables:
       commitID: $[ stagedependencies.setup.env.outputs['SetEnvVars.commitID'] ]
     dependsOn:
 
@@ -34,6 +34,21 @@ jobs:
             tar -xvzf kubernetes-test-linux-amd64.tar.gz --strip-components=3 kubernetes/test/bin/ginkgo kubernetes/test/bin/e2e.test
 
         displayName: "Setup Environment"
+      - ${{ if contains(parameters.os, 'windows') }}:
+        - script: |
+            set -e
+            kubectl apply -f test/integration/manifests/load/privileged-daemonset-windows.yaml
+            kubectl rollout status -n kube-system ds privileged-daemonset
+
+            kubectl get pod -n kube-system -l app=privileged-daemonset,os=windows -owide
+            pods=`kubectl get pod -n kube-system -l app=privileged-daemonset,os=windows --no-headers | awk '{print $1}'`
+            for pod in $pods; do
+              kubectl exec -i -n kube-system $pod -- powershell "Restart-Service kubeproxy"
+              kubectl exec -i -n kube-system $pod -- powershell "Get-Service kubeproxy"
+            done
+          name: kubeproxy
+          displayName: Restart Kubeproxy on Windows nodes
+          retryCountOnTaskFailure: 3
       - ${{ if eq(parameters.datapath, true) }}:
         - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
 
@@ -0,0 +1,145 @@
+pr: none
+trigger: none
+
+schedules:
+- cron: '0 0 * * *'
+  displayName: Daily midnight Cilium with Hubble
+  branches:
+    include:
+    - master
+
+variables:
+  clustername: ciliumhubble-$(Build.SourceBranchName)-$(Build.BuildId)
+  cilium_version: v1.14.4
+
+stages:
+  - stage: createCluster
+    pool:
+        name: $(BUILD_POOL_NAME_DEFAULT)
+    displayName: "create cluster"
+    jobs:
+      - template: ../templates/create-cluster.yaml
+        parameters:
+          name: cilium_overlay_hubble
+          displayName: Cilium on AKS Overlay with Hubble Enabled
+          clusterType: overlay-byocni-nokubeproxy-up
+          clusterName: $(clustername)
+          vmSize: Standard_B2ms
+          k8sVersion: ""
+          region: $(REGION_AKS_CLUSTER_TEST)
+  - stage: setupCluster
+    pool:
+        name: $(BUILD_POOL_NAME_DEFAULT)
+    jobs:
+      - job: "ciliuminstall"
+        steps:
+        - bash: |
+            go version
+            go env
+            mkdir -p '$(GOBIN)'
+            mkdir -p '$(GOPATH)/pkg'
+            mkdir -p '$(modulePath)'
+            echo '##vso[task.prependpath]$(GOBIN)'
+            echo '##vso[task.prependpath]$(GOROOT)/bin'
+          name: "GoEnv"
+          displayName: "Set up the Go environment"
+
+        - task: KubectlInstaller@0
+          inputs:
+              kubectlVersion: latest
+
+        - task: AzureCLI@1
+          inputs:
+              azureSubscription: $(BUILD_VALIDATIONS_SERVICE_CONNECTION)
+              scriptLocation: "inlineScript"
+              scriptType: "bash"
+              addSpnToEnvironment: true
+              inlineScript: |
+                set -e
+                make -C ./hack/aks set-kubeconf AZCLI=az CLUSTER=$(clustername)
+          name: "setupkubeconf"
+          displayName: "Set up kubeconfig"
+
+        - script: |
+              CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
+              CLI_ARCH=amd64
+              if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
+              curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+              sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
+              sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
+              rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+          name: "installCiliumCLI"
+          displayName: "Install Cilium CLI"
+
+        - task: AzureCLI@1
+          inputs:
+            azureSubscription: $(BUILD_VALIDATIONS_SERVICE_CONNECTION)
+            scriptLocation: "inlineScript"
+            scriptType: "bash"
+            addSpnToEnvironment: true
+            inlineScript: |
+              kubectl apply -f test/integration/manifests/cilium/$(cilium_version)/cilium-config/cilium-config-hubble.yaml
+              kubectl apply -f test/integration/manifests/cilium/$(cilium_version)/cilium-agent/files
+              kubectl apply -f test/integration/manifests/cilium/$(cilium_version)/cilium-operator/files
+              envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/$(cilium_version)/cilium-agent/templates/daemonset.tpl | kubectl apply -f -
+              envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/$(cilium_version)/cilium-operator/templates/deployment.tpl | kubectl apply -f -
+              # Use different file directories for nightly and current cilium version
+          name: "installCilium"
+          displayName: "Install Cilium on AKS Overlay"
+
+        - script: |
+            echo "Start Azilium E2E Tests on Overlay Cluster"
+            if [ "$CILIUM_VERSION_TAG" = "cilium-nightly-pipeline" ]
+            then
+                CNS=$(CNS_VERSION) IPAM=$(AZURE_IPAM_VERSION) && echo "Running nightly"
+            else
+                CNS=$(make cns-version) IPAM=$(make azure-ipam-version)
+            fi
+            sudo -E env "PATH=$PATH" make test-integration AZURE_IPAM_VERSION=${IPAM} CNS_VERSION=${CNS} INSTALL_CNS=true INSTALL_OVERLAY=true
+          retryCountOnTaskFailure: 3
+          name: "aziliumTest"
+          displayName: "Install Azure-CNS and Run Azilium E2E on AKS Overlay"
+          enabled: true
+
+        - script: |
+              cilium status --wait --wait-duration 5m
+          name: waitforhealthy
+          displayName: "Wait for healthy cilium pods"
+
+        - script: |
+            kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=5m
+          name: waitforallpodsrunning
+          displayName: "Wait for all pods to be running"
+          retryCountOnTaskFailure: 3
+
+        - script: |
+              echo "Run Cilium Connectivity Tests"
+              cilium status
+              cilium connectivity test --connect-timeout 4s --request-timeout 30s --test '!pod-to-pod-encryption,!node-to-node-encryption'
+          retryCountOnTaskFailure: 3
+          name: "ciliumConnectivityTests"
+          displayName: "Run Cilium Connectivity Tests"
+          enabled: true
+
+        - script: |
+            kubectl apply -f test/integration/manifests/cilium/$(cilium_version)/hubble/hubble-peer-svc.yaml
+            kubectl get pods -Aowide
+            echo "verify Hubble metrics endpoint is usable"
+            go test ./test/integration/networkobservability -tags=networkobservability
+          retryCountOnTaskFailure: 3
+          name: "HubbleConnectivityTests"
+          displayName: "Run Hubble Connectivity Tests"
+          
+  - stage: deleteCluster
+    condition: always()
+    dependsOn: 
+     - createCluster
+     - setupCluster
+    jobs:
+      - job: delete
+        steps:
+        - template: ../templates/delete-cluster.yaml
+          parameters:
+            name: cilium_overlay_e2e
+            clusterName: $(clustername)
+            region: $(REGION_AKS_CLUSTER_TEST)
@@ -16,6 +16,7 @@ jobs:
     displayName: "NPM k8s E2E"
     dependsOn: ${{ parameters.dependsOn }}
     condition: and( and( not(canceled()), not(failed()) ), ${{ or(contains(parameters.os_version, '2022'), eq(parameters.os, 'linux') ) }} , or( contains(variables.CONTROL_SCENARIO, 'npm') , contains(variables.CONTROL_SCENARIO, 'all') ) )
+    timeoutInMinutes: 180 # This is for testing windows, due to the 3m between the 14 tests -> results in 42m of wasted time
     pool:
       name: $(BUILD_POOL_NAME_DEFAULT)
       demands:
@@ -120,15 +121,17 @@ jobs:
           --ginkgo.focus="$focus" \
           --ginkgo.skip="NetworkPolicyLegacy|SCTP" \
           --kubeconfig=$HOME/.kube/config
-
-          # Untaint Linux (system) nodes once testing is complete
-          if ${{ lower(eq(parameters.os, 'windows')) }}
-          then
-            kubectl taint nodes -l kubernetes.azure.com/mode=system node-role.kubernetes.io/control-plane:NoSchedule-
-          fi
         displayName: "Run Kubernetes e2e.test"
         continueOnError: ${{ parameters.continueOnError }}
 
+      - ${{ if eq(parameters.os, 'windows') }}:
+        - bash: |
+            # Untaint Linux (system) nodes once testing is complete
+            kubectl taint nodes -l kubernetes.azure.com/mode=system node-role.kubernetes.io/control-plane:NoSchedule-
+
+          displayName: Untaint Linux Nodes
+          condition: always()
+
       - bash: |
           npmLogs=$(System.DefaultWorkingDirectory)/${{ parameters.clusterName }}_npmLogs_Attempt_#$(System.StageAttempt)
           mkdir -p $npmLogs
@@ -137,9 +140,10 @@ jobs:
           npmPodList=`kubectl get pods -n kube-system | grep npm | awk '{print $1}'`
           # capture all logs
           for npmPod in $npmPodList; do
-              kubectl logs -n kube-system $npmPod > $npmLogs/$npmPod-logs.txt
+            kubectl logs -n kube-system $npmPod > $npmLogs/$npmPod-logs.txt
           done
         displayName: Generate NPM pod logs
+        retryCountOnTaskFailure: 3
         condition: always()
 
       - publish: $(System.DefaultWorkingDirectory)/${{ parameters.clusterName }}_npmLogs_Attempt_#$(System.StageAttempt)
 
@@ -133,7 +133,7 @@ steps:
           kubectl rollout status ds cilium -n kube-system --timeout=3m
           kubectl get pods -Aowide
           echo "verify Hubble metrics endpoint is usable"
-          go test ./test/integration/networkobservability -count=1 -v -tags=networkobservability
+          go test ./test/integration/networkobservability -tags=networkobservability
         retryCountOnTaskFailure: 3
         name: "HubbleConnectivityTests"
         displayName: "Run Hubble Connectivity Tests"
 
@@ -785,9 +785,9 @@ test-integration: ## run all integration tests.
 
 test-load: ## run all load tests
 	AZURE_IPAM_VERSION=$(AZURE_IPAM_VERSION) \
-		CNI_VERSION=$(CNI_VERSION) 
+		CNI_VERSION=$(CNI_VERSION)
 		CNS_VERSION=$(CNS_VERSION) \
-		go test -timeout 30m -race -tags=load ./test/integration/load...
+		go test -timeout 30m -race -tags=load ./test/integration/load... -v
 
 test-validate-state:
 	cd test/integration/load && go test -mod=readonly -count=1 -timeout 30m -tags load -run ^TestValidateState