Install calico for tests

[hansinikarunarathne]

Pull Request Template for Kubeflow manifests Issues

✏️ A brief description of the changes

• Disabled the default CNI
• Added calico installation script
• Added calico installation step for all the tests

Note: Now we can create network policies and manage them with the help of calico. (Examples: https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md)

🐛 If this PR is related to an issue, please put the link to the issue here.

#2718

✅ Contributor checklist

• Make sure you have tested with kustomize. See Installation Prerequisites
• All the commits have been signed-off (To pass the DCO check)
• Submit the Contributor License Agreements (To pass the cla/google check)

---

You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

[juliusvonkohout]

@AndersBennedsgaard can you review this PR?

[AndersBennedsgaard]

No reason to change the file modes and leaving the git work tree in a "dirty" state. You could just run chmod +x ./tests/gh-actions/install_calico.sh, commit that to the repository (like what is done with the other scripts in tests/gh-actions/), and use

run: ./tests/gh-actions/install_calico.sh

As an alternative, you can skip the chmod +x entirely, and just run the Bash script using bash:

run: |
  bash ./tests/gh-actions/install_calico.sh

I personally prefer this, since I am not a fan of committing executables in git repositories, but I guess that the former is the preferred way in Kubeflow 🤷‍♂️

[AndersBennedsgaard]

This does not ensure that Calico is in a running state. This only ensures that the Tigera operator is.
Also: you should generally speaking not wait for Pods to be ready, but instead wait for the controlling Deployment, DaemonSet, StatefulSet, etc. to report that it is ready.

I got the following to work on my machine:

Suggested change

	kubectl wait --for=condition=Ready pods --all --namespace=tigera-operator --timeout 300s
	kubectl rollout status deployment -n tigera-operator tigera-operator --timeout 60s
	# TODO: use 'kubectl wait --for=create namespace/calico-system' when https://github.com/kubernetes/kubernetes/pull/125868 is released
	echo 'Waiting for namespace "calico-system" to be created'
	start=$(date +%s)
	while [ -z "$(kubectl get ns calico-system 2>/dev/null)" ]; do
	sleep 1
	now=$(date +%s)
	[ $((now - start)) -le 60 ] || { echo "timeout waiting for calico-system namespace" && exit 1; }
	done
	kubectl rollout status deployment -n calico-system calico-typha --timeout 60s
	kubectl rollout status deployment -n calico-system calico-kube-controllers --timeout 60s
	kubectl rollout status daemonset -n calico-system calico-node --timeout 60s
	kubectl rollout status daemonset -n calico-system csi-node-driver --timeout 60s

[hansinikarunarathne]

#2718 (comment) . Based on this comment, we can close this PR. Let me know if you have any concerns. @juliusvonkohout

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from juliusvonkohout. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hansinikarunarathne]

@juliusvonkohout , When I commit to this, each time different tests fail. Do you know any reason for this?

[hansinikarunarathne]

I add the calico plugging to enable networkpolicies . Let me know any concerns you guys have?

[hansinikarunarathne]

We can close this PR.