htwkmooc/poseidon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add cni/secure-bridge to isolate host network

Browse Source
This commit is contained in:
Sebastian Serth
2022-09-09 00:35:37 +02:00
parent 1df9701a74
commit d372e37d1a
7 changed files with 191 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/ci.yml vendored
View File

@ -9,6 +9,7 @@ on:
env:
GO_VERSION: 1.19
NOMAD_VERSION: 1.3.5
CNI_VERSION: 1.1.1
jobs:
compile:
@ -141,10 +142,12 @@ jobs:
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
run: date +%s > ~/.cache/go-build/trim.txt
continue-on-error: true
- name: Cache Nomad binary
- name: Cache Nomad and CNI binaries
uses: actions/cache@v2
with:
path: ${{ github.workspace }}/nomad
path: |
${{ github.workspace }}/nomad
${{ github.workspace }}/cni/bin
key: ${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
restore-keys: |
${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
@ -155,8 +158,18 @@ jobs:
wget -q "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS"
grep "nomad_${NOMAD_VERSION}_linux_amd64.zip" nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c -
unzip nomad_${NOMAD_VERSION}_linux_amd64.zip
- name: Download CNI binaries
run: |
if [[ -f ./cni/bin ]]; then exit 0; fi
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz"
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256"
grep "cni-plugins-linux-amd64-v${CNI_VERSION}.tgz" cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256 | sha256sum -c -
mkdir -p ./cni/bin
tar zxvf cni-plugins-linux-amd64-v${CNI_VERSION}.tgz -C ./cni/bin
- name: Set Nomad Config
run: echo "server { default_scheduler_config { memory_oversubscription_enabled = true } }" > e2e-config.hcl
run: |
cp ./docs/resources/secure-bridge.conflist ./cni/secure-bridge.conflist
echo "server { default_scheduler_config { memory_oversubscription_enabled = true } }, client { cni_path = \"${{ github.workspace }}/cni/bin\", cni_config_dir = \"${{ github.workspace }}/cni\" }" > e2e-config.hcl
- name: Download Poseidon binary
uses: actions/download-artifact@v2
with: