Add new CI lane and Proxy server to it.

Signed-off-by: Satyajit Bulage <[email protected]>

.github/scripts/squid.conf

@@ -0,0 +1,82 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
+acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
+acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl SSL_ports port 6443
+acl SSL_ports port 22
+acl SSL_ports port 2376
+
+acl Safe_ports port 22      # ssh
+acl Safe_ports port 2376    # docker port
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl Safe_ports port 6443        # k8s
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally -deny- allow all other access to this proxy
+http_access allow all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/cache/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/cache/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
+
+debug_options ALL,1 11,3 20,3

.github/workflows/master-e2e.yaml

@@ -244,15 +244,24 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 16
+      - name: Authenticate to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.credentials }}
+      - name: Setup gcloud
+        uses: google-github-actions/setup-gcloud@v2
       - name: Install proxy
         if: ${{ inputs.proxy == 'rancher' }}
         run: |
-          docker run -d --name squid_proxy -v $(pwd)/.github/scripts/squid.conf:/etc/squid/squid.conf -p 3128:3128 wernight/squid
+          docker run -d --name squid_proxy -v $(pwd)/.github/scripts/squid.conf:/etc/squid/squid.conf -p 3128:3128 ubuntu/squid
+          echo "PROXY_HOST=$(gcloud compute instances describe ${{ needs.create-runner.outputs.runner }} \
+            --format='get(networkInterfaces[0].accessConfigs[0].natIP)' --zone ${{ inputs.zone }}):3128" >> ${GITHUB_ENV}
       - name: Install prerequisite components
         env:
           PUBLIC_DNS: ${{ needs.create-runner.outputs.public_dns }}
           PUBLIC_DOMAIN: bc.googleusercontent.com
           PROXY: ${{ inputs.proxy }}
+          PROXY_HOST: ${{ env.PROXY_HOST }}
         run: cd tests && make e2e-install-rancher
       - name: Extract component versions/informations
         id: component
@@ -312,6 +321,11 @@ jobs:
             # QASE_RUN_ID is empty string already
           fi
           cd tests && make start-cypress-tests
+      - name: Proxy Logs
+        env:
+          PROXY: ${{ inputs.proxy }}
+        shell: bash
+        run: cd tests && make e2e-proxy-logs
       - name: Upload Cypress screenshots (Basics)
         if: failure() 
         uses: actions/upload-artifact@v4

.github/workflows/ui-rm_head_2.7.yaml

@@ -1,28 +1,32 @@
 # This workflow calls the master E2E workflow with custom variables
-name: UI-RM_head_2.7
+name: UI-RM_Upgrade_Proxy
 run-name: ${{ github.event_name == 'workflow_dispatch' && format('`{0}` on `{1}` - `{2}` destroy={3}', inputs.rancher_version, inputs.upstream_cluster_version, inputs.grep_test_by_tag, inputs.destroy_runner) || github.workflow }}
 
 on:
   workflow_dispatch:
     inputs:
       qase_run_id:
-        description: Qase run ID where the results will be reported
-        default: auto
+        description: Qase run ID where the results will be reported. (Please update with custom run ID.)
+        default: none
         type: string
       destroy_runner:
         description: Destroy the auto-generated self-hosted runner
         default: true
         type: boolean
       rancher_version:
-        description: Rancher version channel/version/head_version latest/latest, latest/2.7.10[-rc2], prime/2.7.12, prime/devel/2.7, prime-optimus/2.7.13-rc4
-        default: latest/devel/2.7
+        description: Rancher version channel/version/head_version latest/2.9.x[-rc1], prime/2.9.x, prime/devel/2.9, alpha/2.x.x-alphaX, prime-optimus-alpha/2.x.x-alphaX
+        default: latest/devel/2.9
         type: string
         required: true
       upstream_cluster_version:
         description: K3s upstream cluster version where to install Rancher
-        default: v1.26.10+k3s2
+        default: 'v1.28.8+k3s1'
         type: string
         required: true
+      proxy:
+        description: Creates proxy server and pass proxy server address to Rancher.
+        default: rancher
+        type: string
       grep_test_by_tag:
         description: Grep tags. For multiple selection separate with spaces. Keep always @login
         required: false
@@ -51,8 +55,10 @@ jobs:
       test_description: "CI/Manual - UI - Deployment test with Standard K3s"
       cluster_name: cluster-k3s
       # WARNING, VALUES BELOW ARE HARDCODED FOR RUNS SCHEDULED BY CRON
-      destroy_runner: ${{ github.event_name == 'schedule' && true || inputs.destroy_runner }}
-      upstream_cluster_version: ${{ inputs.upstream_cluster_version || 'v1.26.10+k3s2' }}
-      rancher_version: ${{ inputs.rancher_version || 'latest/devel/2.7' }}
-      qase_run_id: ${{ inputs.qase_run_id || 'auto' }}
-      grep_test_by_tag: ${{ inputs.grep_test_by_tag || '@login @p0 @p1 @rbac' }}
+      destroy_runner: ${{ inputs.destroy_runner }}
+      upstream_cluster_version: ${{ inputs.upstream_cluster_version }}
+      rancher_version: ${{ inputs.rancher_version }}
+      # QASE RUN ID, 'auto' WILL CREATE RANDOM RUN ID.
+      qase_run_id: ${{ inputs.qase_run_id }}
+      grep_test_by_tag: ${{ inputs.grep_test_by_tag }}
+      proxy: ${{ inputs.proxy }}

tests/Makefile

@@ -14,5 +14,8 @@ publish-qase-run: deps
 e2e-install-rancher: deps
 	ginkgo --label-filter install -r -v ./e2e
 
+e2e-proxy-logs: deps
+	ginkgo --label-filter logs -r -v ./e2e
+
 start-cypress-tests:
 	@./scripts/start-cypress-tests

tests/e2e/install_test.go

@@ -85,9 +85,23 @@ var _ = Describe("E2E - Install Rancher Manager", Label("install"), func() {
 				return tools.GetFileFromURL("https://get.k3s.io", fileName, true)
 			}, tools.SetTimeout(2*time.Minute), 10*time.Second).ShouldNot(HaveOccurred())
 
+			// Default environment variables
+			envVars := os.Environ()
+
+			// Only set proxy environment variables if proxyHost is provided
+			if proxyHost != "" {
+				envVars = append(envVars,
+					"HTTP_PROXY="+proxyHost,
+					"HTTPS_PROXY="+proxyHost,
+					"NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16",
+				)
+			}
+
 			// Set command and arguments
 			installCmd := exec.Command("sh", fileName)
+
 			// installCmd.Env = append(os.Environ(), "INSTALL_K3S_EXEC=--disable metrics-server")
+			installCmd.Env = envVars
 
 			// Retry in case of (sporadic) failure...
 			count := 1
@@ -142,10 +156,18 @@ var _ = Describe("E2E - Install Rancher Manager", Label("install"), func() {
 				"upgrade", "--install", "cert-manager", "jetstack/cert-manager",
 				"--namespace", "cert-manager",
 				"--create-namespace",
-				"--set", "installCRDs=true",
+				"--set", "crds.enabled=true",
 				"--wait", "--wait-for-jobs",
 			}
 
+			// Update flags based on Proxy Host availability
+			if proxyHost != "" {
+				flags = append(flags,
+					"--set", "proxy="+proxyHost,
+					"--set", "noProxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local",
+				)
+			}
+
 			RunHelmCmdWithRetry(flags...)
 
 			checkList := [][]string{
@@ -159,7 +181,7 @@ var _ = Describe("E2E - Install Rancher Manager", Label("install"), func() {
 		})
 
 		By("Installing Rancher Manager", func() {
-			err := rancher.DeployRancherManager(rancherHostname, rancherChannel, rancherVersion, rancherHeadVersion, "none", "none")
+			err := rancher.DeployRancherManager(rancherHostname, rancherChannel, rancherVersion, rancherHeadVersion, "none", proxy)
 			Expect(err).To(Not(HaveOccurred()))
 
 			// Wait for all pods to be started

tests/e2e/suite_test.go

@@ -44,6 +44,7 @@ var (
 	rancherVersion       string
 	dsClusterCountStr    string
 	proxy                string
+	proxyHost            string
 )
 
 /**
@@ -79,8 +80,9 @@ var _ = BeforeSuite(func() {
 	// Convert k3s version to a tag usable by k3d
 	k8sDownstreamVersion = strings.Replace(k8sDownstreamVersion, "+", "-", 1)
 
-	// Proxy server
+	// Proxy server information
 	proxy = os.Getenv("PROXY")
+	proxyHost = os.Getenv("PROXY_HOST")
 
 	// Extract Rancher Manager channel/version to install
 	if rancherVersion != "" {

tests/scripts/start-cypress-tests

@@ -15,7 +15,6 @@ docker run --init -v $PWD:/workdir -w /workdir              \
     -e RANCHER_PASSWORD=$RANCHER_PASSWORD                   \
     -e RANCHER_URL=$RANCHER_URL                             \
     -e RANCHER_USER=$RANCHER_USER                           \
-    -e PROXY=$PROXY                                         \
     -e GITLAB_PRIVATE_USER=$GITLAB_PRIVATE_USER             \
     -e GITLAB_PRIVATE_PWD=$GITLAB_PRIVATE_PWD               \
     -e BITBUCKET_PRIVATE_USER=$BITBUCKET_PRIVATE_USER       \