Pr/learnitall/ci test

.github/images.json

@@ -0,0 +1,14 @@
+{
+    "include": [
+        {
+            "name": "cmapisrv-mock",
+            "context": "cmapisrv-mock",
+            "dockerfile": "./cmapisrv-mock/Dockerfile"
+        },
+        {
+            "name": "scale-utils",
+            "context": "egw-scale-utils",
+            "dockerfile": "./egw-scale-utils/Dockerfile"
+        }
+    ]
+}

.github/workflows/build.yaml

@@ -7,16 +7,52 @@ on:
       - main
 
 jobs:
+  generate-matrix:
+    name: Check code changes
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.generate-matrix.outputs.matrix }}
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          persist-credentials: false
+
+      - name: Check code changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        if: ${{ github.event_name == 'pull_request' }}
+        id: changes
+        with:
+          filters: |
+            cmapisrv-mock:
+              - 'cmapisrv-mock/**'
+            scale-utils:
+              - 'egw-scale-utils/**'
+
+      - name: Generate matrix
+        id: generate-matrix
+        run: |
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            echo "matrix=$(jq -c . ./.github/images.json)" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          jq -c '{"include": [ .include[] | select(any(.name == ${{ steps.changes.outputs.changes }}[]; .)) ]}' ./.github/images.json > /tmp/matrix.json
+
+          echo "Generated matrix"
+          cat /tmp/matrix.json
+
+          echo "matrix=$(jq -c '.' /tmp/matrix.json)" >> $GITHUB_OUTPUT
+
   build-and-push:
     name: Build and Push
     runs-on: ubuntu-latest
+    needs: generate-matrix
 
     strategy:
-      matrix:
-        include:
-          - name: cmapisrv-mock
-            context: cmapisrv-mock
-            dockerfile: ./cmapisrv-mock/Dockerfile
+      matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }}
 
     steps:
       - name: Set up Docker Buildx

.github/workflows/lint.yaml

@@ -12,6 +12,7 @@ jobs:
       matrix:
         include:
           - workdir: cmapisrv-mock
+          - workdir: egw-scale-utils
 
     steps:
       - name: Install Go

README.md

@@ -10,6 +10,7 @@ The project is organized as follows:
 * `./kustomize`: collection of [kustomize](https://kustomize.io/) templates for applying commonly used manifests.
 * `./scenarios`: implementation scripts for running benchmarks within different scenarios for some purpose.
 * `./cmapisrv-mock`: a component which mocks the behavior of the Cilium Cluster Mesh API Server for scalability testing purposes.
+* `./egw-scale-utils`: components for scale testing Cilium's Egress Gateway feature.
 
 ## toolkit
 
@@ -352,3 +353,7 @@ Profiles will be taken on nodes. Tests are run pod-to-pod.
 Performs the same tests as above, with options for enabling encryption in Cilium.
 One can specify installing Cilium with IPSec enabled, wireguard enabled, or no encryption enabled.
 
+### EGW masquerade delay
+
+Executes a small-scale scalability test in a kind cluster to determine the amount of time it takes for traffic egressing from a workload pod to be masqueraded through an EGW node.
+Used for testing the components within the `egw-scale-utils` directory.

egw-scale-utils/.dockerignore

@@ -0,0 +1,3 @@
+deploy/
+.gitignore
+.golangci.yaml

egw-scale-utils/.gitignore

@@ -0,0 +1,4 @@
+/egw-scale-utils
+/test/manifests/client-pod.yaml
+/test/manifests/external-target-pod.yaml
+/test/manifests/egw-policy.yaml

egw-scale-utils/.golangci.yaml

@@ -0,0 +1,135 @@
+# options for analysis running
+run:
+  # default concurrency is a available CPU number
+  concurrency: 4
+
+  # timeout for analysis, e.g. 30s, 5m, default is 1m
+  timeout: 20m
+
+  # exit code when at least one issue was found, default is 1
+  issues-exit-code: 1
+
+  # include test files or not, default is true
+  tests: true
+
+  # default is true. Enables skipping of directories:
+  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  skip-dirs-use-default: true
+
+  # which dirs to skip: they won't be analyzed;
+  # can use regexp here: generated.*, regexp is applied on full path;
+  # default value is empty list, but next dirs are always skipped independently
+  # from this option's value:
+  #   	vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  #  skip-dirs:
+  #    - ^test.*
+
+  # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
+  # If invoked with -mod=readonly, the go command is disallowed from the implicit
+  # automatic updating of go.mod described above. Instead, it fails when any changes
+  # to go.mod are needed. This setting is most useful to check that go.mod does
+  # not need updates, such as in a continuous integration and testing system.
+  # If invoked with -mod=vendor, the go command assumes that the vendor
+  # directory holds the correct copies of dependencies and ignores
+  # the dependency descriptions in go.mod.
+  modules-download-mode: readonly
+
+  # which files to skip: they will be analyzed, but issues from them
+  # won't be reported. Default value is empty list, but there is
+  # no need to include all autogenerated files, we confidently recognize
+  # autogenerated files. If it's not please let us know.
+  skip-files:
+  #  - ".*\\.my\\.go$"
+  #  - lib/bad.go
+
+# all available settings of specific linters
+linters-settings:
+  govet:
+    enable:
+      - nilness
+  goimports:
+    local-prefixes: github.com/cilium
+  staticcheck:
+    go: "1.20"
+  unused:
+    go: "1.20"
+  goheader:
+    values:
+      regexp:
+        PROJECT: 'Cilium|Hubble'
+    template: |-
+      SPDX-License-Identifier: Apache-2.0
+      Copyright Authors of {{ PROJECT }}
+  gosec:
+    includes:
+      - G402
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/miekg/dns:
+            recommendations:
+              - github.com/cilium/dns
+            reason: "use the cilium fork directly to avoid replace directives in go.mod, see https://github.com/cilium/cilium/pull/27582"
+        - gopkg.in/check.v1:
+            recommendations:
+              - testing
+              - github.com/stretchr/testify/assert
+            reason: "gocheck has been deprecated, see https://docs.cilium.io/en/latest/contributing/testing/unit/#migrating-tests-off-of-gopkg-in-check-v1"
+        - go.uber.org/multierr:
+            recommendations:
+              - errors
+            reason: "Go 1.20+ has support for combining multiple errors, see https://go.dev/doc/go1.20#errors"
+
+  stylecheck:
+    checks: ["ST1019"]
+
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - linters: [staticcheck]
+      text: "SA1019"                  # this is rule for deprecated method
+    - linters: [staticcheck]
+      text: "SA9003: empty branch"
+    - linters: [staticcheck]
+      text: "SA2001: empty critical section"
+    - linters: [goerr113]
+      text: "do not define dynamic errors, use wrapped static errors instead" # This rule to avoid opinionated check fmt.Errorf("text")
+    # Skip goimports check on generated files
+    - path: \\.(generated\\.deepcopy|pb)\\.go$
+      linters:
+        - goimports
+    # Skip goheader check on files imported and modified from upstream k8s
+    - path: "pkg/ipam/(cidrset|service)/.+\\.go"
+      linters:
+        - goheader
+
+linters:
+  disable-all: true
+  enable:
+    - goerr113
+    - gofmt
+    - goimports
+    - govet
+    - ineffassign
+    - misspell
+    - staticcheck
+    - stylecheck
+    - unused
+    - goheader
+    - gosec
+    - gomodguard
+    - gosimple
+
+# To enable later if makes sense
+#    - deadcode
+#    - errcheck
+#    - gocyclo
+#    - golint
+#    - gosec
+#    - gosimple
+#    - lll
+#    - maligned
+#    - misspell
+#    - prealloc
+#    - structcheck
+#    - typecheck

egw-scale-utils/Dockerfile

@@ -0,0 +1,13 @@
+ARG BASE_IMAGE=docker.io/library/alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
+ARG GOLANG_IMAGE=docker.io/library/golang:1.22.5@sha256:829eff99a4b2abffe68f6a3847337bf6455d69d17e49ec1a97dac78834754bd6
+
+FROM ${GOLANG_IMAGE} AS builder
+ADD . /go/src/github.com/cilium/scaffolding/egw-scale-utils
+WORKDIR /go/src/github.com/cilium/scaffolding/egw-scale-utils
+RUN make local
+
+FROM ${BASE_IMAGE}
+
+COPY --from=builder /go/src/github.com/cilium/scaffolding/egw-scale-utils/egw-scale-utils /usr/bin/egw-scale-utils
+
+ENTRYPOINT ["/usr/bin/egw-scale-utils"]

egw-scale-utils/Makefile

@@ -0,0 +1,22 @@
+DOCKER_IMAGE ?= quay.io/cilium/scale-utils:latest
+
+all: local
+
+docker-image:
+	docker buildx build --platform $(shell uname -m) -t $(DOCKER_IMAGE) . -f Dockerfile --load
+
+CLUSTER ?= kind
+docker-image-load: docker-image
+	kind load docker-image $(DOCKER_IMAGE) --name $(CLUSTER)
+
+docker-image-push: docker-image
+	docker push $(DOCKER_IMAGE)
+
+egw-scale-utils:
+	CGO_ENABLED=0 go build -o $@ *.go
+
+local: egw-scale-utils
+	strip egw-scale-utils
+
+clean:
+	rm -fr egw-scale-utils