add jobs for kube-network-policies

config/jobs/kubernetes-sigs/kube-network-policies/OWNERS

@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+- bentheelder
+- aojea
+approvers:
+- bentheelder
+- aojea

config/jobs/kubernetes-sigs/kube-network-policies/kube-network-policies-periodic.yaml

@@ -0,0 +1,100 @@
+periodics:
+- interval: 24h
+  name: ci-kubernetes-kube-network-policies-conformance-parallel
+  cluster: k8s-infra-prow-build
+  labels:
+    preset-service-account: "true"
+    preset-dind-enabled: "true"
+    preset-kind-volume-mounts: "true"
+  decorate: true
+  extra_refs:
+  - org: kubernetes-sigs
+    repo: kube-network-policies
+    base_ref: main
+    path_alias: sigs.k8s.io/kube-network-policies
+  - org: kubernetes
+    repo: kubernetes
+    base_ref: master
+    path_alias: k8s.io/kubernetes
+  spec:
+    containers:
+    - image: gcr.io/k8s-staging-test-infra/krte:v20240705-131cd74733-master
+      env:
+      - name: KUBE_PROXY_MODE
+        value: "nftables"
+      - name: "PARALLEL"
+        value: "true"
+      - name: LABEL_FILTER
+        value: "!Slow && !Disruptive && !Flaky && Feature: containsAny NetworkPolicy || Conformance"
+      command:
+        - wrapper.sh
+        - bash
+        - -c
+        - curl -sSL https://kind.sigs.k8s.io/dl/latest/linux-amd64.tgz | tar xvfz - -C "${PATH%%:*}/" && $GOPATH/src/sigs.k8s.io/kube-network-policies/hack/ci/e2e.sh
+      # we need privileged mode in order to do docker in docker
+      securityContext:
+        privileged: true
+      resources:
+        limits:
+          cpu: "4"
+          memory: 9000Mi
+        requests:
+          cpu: "4"
+          memory: 9000Mi
+  annotations:
+    testgrid-dashboards: sig-testing-kind
+    testgrid-tab-name: kube-network-policies conformance, master (dev) [non-serial]
+    testgrid-alert-email: bentheelder@google.com,antonio.ojea.garcia@gmail.com
+# conformance test against kubernetes master branch with `kind` ipv6
+- interval: 24h
+  name: ci-kubernetes-kube-network-policies-conformance-parallel-ipv6
+  cluster: k8s-infra-prow-build
+  labels:
+    preset-service-account: "true"
+    preset-dind-enabled: "true"
+    preset-kind-volume-mounts: "true"
+  decorate: true
+  extra_refs:
+  - org: kubernetes-sigs
+    repo: kube-network-policies
+    base_ref: main
+    path_alias: sigs.k8s.io/kube-network-policies
+  - org: kubernetes
+    repo: kubernetes
+    base_ref: master
+    path_alias: k8s.io/kubernetes
+  spec:
+    containers:
+    - image: gcr.io/k8s-staging-test-infra/krte:v20240705-131cd74733-master
+      env:
+      # enable IPV6 in bootstrap image
+      - name: "DOCKER_IN_DOCKER_IPV6_ENABLED"
+        value: "true"
+      # tell kind CI script to use ipv6
+      - name: "IP_FAMILY"
+        value: "ipv6"
+      - name: KUBE_PROXY_MODE
+        value: "nftables"
+      - name: "PARALLEL"
+        value: "true"
+      - name: LABEL_FILTER
+        value: "!Slow && !Disruptive && !Flaky && Feature: containsAny NetworkPolicy || Conformance"
+      command:
+        - wrapper.sh
+        - bash
+        - -c
+        - curl -sSL https://kind.sigs.k8s.io/dl/latest/linux-amd64.tgz | tar xvfz - -C "${PATH%%:*}/" && $GOPATH/src/sigs.k8s.io/kube-network-policies/hack/ci/e2e.sh
+      # we need privileged mode in order to do docker in docker
+      securityContext:
+        privileged: true
+      resources:
+        limits:
+          cpu: "4"
+          memory: 9000Mi
+        requests:
+          cpu: "4"
+          memory: 9000Mi
+  annotations:
+    testgrid-dashboards: sig-testing-kind
+    testgrid-tab-name: kube-network-policies (IPv6), master (dev) [non-serial]
+    testgrid-alert-email: bentheelder@google.com,antonio.ojea.garcia@gmail.com

config/jobs/kubernetes-sigs/kube-network-policies/kube-network-policies-presubmits.yaml

@@ -0,0 +1,101 @@
+# sigs.k8s.io/kube-network-policies presubmits
+presubmits:
+  kubernetes-sigs/kube-network-policies:
+  - name: pull-kube-network-policies-nftables
+    cluster: k8s-infra-prow-build
+    labels:
+      preset-service-account: "true"
+      preset-dind-enabled: "true"
+      preset-kind-volume-mounts: "true"
+    always_run: true
+    optional: true
+    decorate: true
+    extra_refs:
+    - org: kubernetes
+      repo: kubernetes
+      base_ref: master
+      path_alias: k8s.io/kubernetes
+    path_alias: sigs.k8s.io/kube-network-policies
+    decoration_config:
+      timeout: 40m
+    spec:
+      containers:
+      - image: gcr.io/k8s-staging-test-infra/krte:v20240705-131cd74733-master
+        env:
+        - name: KUBE_PROXY_MODE
+          value: "nftables"
+        - name: "PARALLEL"
+          value: "true"
+        - name: LABEL_FILTER
+          value: "!Slow && !Disruptive && !Flaky && Feature: containsAny NetworkPolicy"
+        command:
+        - wrapper.sh
+        - bash
+        - -c
+        - curl -sSL https://kind.sigs.k8s.io/dl/latest/linux-amd64.tgz | tar xvfz - -C "${PATH%%:*}/" && $GOPATH/src/sigs.k8s.io/kube-network-policies/hack/ci/e2e.sh
+        # we need privileged mode in order to do docker in docker
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "4"
+            memory: 9000Mi
+          requests:
+            cpu: "4"
+            memory: 9000Mi
+    annotations:
+      testgrid-dashboards: sig-testing-kind
+      testgrid-tab-name: pull-kube-network-policies conformance, master (dev) [non-serial]
+      testgrid-alert-email: bentheelder@google.com,antonio.ojea.garcia@gmail.com
+  - name: pull-kube-network-policies-nftables-ipv6
+    cluster: k8s-infra-prow-build
+    labels:
+      preset-service-account: "true"
+      preset-dind-enabled: "true"
+      preset-kind-volume-mounts: "true"
+    always_run: true
+    optional: true
+    decorate: true
+    extra_refs:
+    - org: kubernetes
+      repo: kubernetes
+      base_ref: master
+      path_alias: k8s.io/kubernetes
+    path_alias: sigs.k8s.io/kube-network-policies
+    decoration_config:
+      timeout: 40m
+    spec:
+      containers:
+      - image: gcr.io/k8s-staging-test-infra/krte:v20240705-131cd74733-master
+        env:
+        # enable IPV6 in bootstrap image
+        - name: "DOCKER_IN_DOCKER_IPV6_ENABLED"
+          value: "true"
+        # tell kind CI script to use ipv6
+        - name: "IP_FAMILY"
+          value: "ipv6"
+        - name: KUBE_PROXY_MODE
+          value: "nftables"
+        - name: "PARALLEL"
+          value: "true"
+        - name: LABEL_FILTER
+          value: "!Slow && !Disruptive && !Flaky && Feature: containsAny NetworkPolicy"
+        command:
+        - wrapper.sh
+        - bash
+        - -c
+        - curl -sSL https://kind.sigs.k8s.io/dl/latest/linux-amd64.tgz | tar xvfz - -C "${PATH%%:*}/" && $GOPATH/src/sigs.k8s.io/kube-network-policies/hack/ci/e2e.sh
+        # we need privileged mode in order to do docker in docker
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "4"
+            memory: 9000Mi
+          requests:
+            cpu: "4"
+            memory: 9000Mi
+    annotations:
+      testgrid-dashboards: sig-testing-kind
+      testgrid-tab-name: pull-kube-network-policies-ipv6 conformance, master (dev) [non-serial]
+      testgrid-alert-email: bentheelder@google.com,antonio.ojea.garcia@gmail.com