Skip to content

Commit

Permalink
add fw test, add script and run 2 tests in parallel
Browse files Browse the repository at this point in the history
  • Loading branch information
@rahulait
rahulait committed Dec 10, 2024
1 parent 2bb0985 commit 7a1d0a9
Show file tree
Hide file tree
Showing 18 changed files with 225 additions and 243 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ e2e-test:
KUBECONFIG=$(KUBECONFIG_PATH) \
REGION=$(LINODE_REGION) \
LINODE_TOKEN=$(LINODE_TOKEN) \
chainsaw test e2e/test
chainsaw test e2e/test --parallel 2

#####################################################################
# OS / ARCH
Expand Down
123 changes: 123 additions & 0 deletions e2e/test/fw-use-specified-nb/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: fw-use-specified-nb
spec:
bindings:
- name: fwname
value: (join('-', ['ccm-fwtest', env('CLUSTER_NAME')]))
namespace: "fw-use-specified-nb"
steps:
- name: Check if CCM is deployed
try:
- assert:
file: ../assert-ccm-resources.yaml
- name: Create firewall, Create pods and services
try:
- script:
env:
- name: FWLABEL
value: ($fwname)
content: |
set -e
create_fw=$(curl -s --write-out "%{http_code}\n" --output /dev/null --request POST \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "accept: application/json" \
"https://api.linode.com/v4/networking/firewalls" \
--data "
{
\"label\": \"$FWLABEL\",
\"rules\": {
\"inbound\": [{
\"action\": \"ACCEPT\",
\"label\": \"inbound-rule123\",
\"description\": \"inbound rule123\",
\"ports\": \"4321\",
\"protocol\": \"TCP\",
\"addresses\": {
\"ipv4\": [\"0.0.0.0/0\"]
}
}],
\"inbound_policy\": \"ACCEPT\",
\"outbound_policy\": \"ACCEPT\"
}
}
"
)
if [[ $create_fw == "200" ]]; then
echo "fw created"
fi
check:
($error == null): true
(contains($stdout, 'fw created')): true
- apply:
file: create-pods-services.yaml
catch:
- describe:
apiVersion: v1
kind: Pod
- describe:
apiVersion: v1
kind: Service
- name: Check that loadbalancer ip is assigned
try:
- assert:
resource:
apiVersion: v1
kind: Service
metadata:
name: svc-test
status:
(loadBalancer.ingress[0].ip != null): true
- name: Annotate service with nodebalancer id
try:
- script:
env:
- name: FWLABEL
value: ($fwname)
content: |
set -e
re='^[0-9]+$'
fwid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"label\": \"$FWLABEL\"}" \
"https://api.linode.com/v4/networking/firewalls" | jq .data[].id)
if ! [[ $fwid =~ $re ]]; then
echo "Firewall id [$fwid] is incorrect, failed to fetch firewall"
exit 1
fi
kubectl annotate svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-firewall-id=$fwid
sleep 5
for i in {1..10}; do
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
fwconfig=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
"https://api.linode.com/v4/networking/firewalls/$fwid")
fw_attached_to_nb=$(echo $fwconfig | jq ".entities[] | select(.id == $nbid) | .id == $nbid")
if [[ $fw_attached_to_nb == "true" ]]; then
echo "Conditions met"
break
fi
sleep 10
done
curl -s -X DELETE \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
"https://api.linode.com/v4/networking/firewalls/$fwid"
check:
(contains($stdout, 'Conditions met')): true
48 changes: 48 additions & 0 deletions e2e/test/fw-use-specified-nb/create-pods-services.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: fw-use-specified-nb
name: test
spec:
replicas: 1
selector:
matchLabels:
app: fw-use-specified-nb
template:
metadata:
labels:
app: fw-use-specified-nb
spec:
containers:
- image: appscode/test-server:2.3
name: test
ports:
- name: http-1
containerPort: 8080
protocol: TCP
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
---
apiVersion: v1
kind: Service
metadata:
annotations:
name: svc-test
labels:
app: fw-use-specified-nb
spec:
type: LoadBalancer
selector:
app: fw-use-specified-nb
ports:
- name: http-1
protocol: TCP
port: 80
targetPort: 8080
sessionAffinity: None
28 changes: 2 additions & 26 deletions e2e/test/lb-created-with-new-nb-id/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,8 @@ spec:
content: |
set -e
re='^[0-9]+$'
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $expectedId ]]; then
echo "Condition met"
Expand Down Expand Up @@ -110,18 +97,7 @@ spec:
kubectl annotate --overwrite svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-nodebalancer-id=$nbid
for i in {1..10}; do
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid2=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid2 =~ $re ]]; then
echo "Nodebalancer id [$nbid2] is incorrect, failed to fetch nodebalancer"
exit 1
fi
nbid2=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $nbid2 ]]; then
echo "Condition met"
Expand Down
15 changes: 1 addition & 14 deletions e2e/test/lb-created-with-specified-nb-id/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,8 @@ spec:
content: |
set -e
re='^[0-9]+$'
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $expectedId ]]; then
echo "Condition met"
Expand Down
17 changes: 2 additions & 15 deletions e2e/test/lb-delete-svc-no-nb/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,8 @@ spec:
content: |
set -e
re='^[0-9]+$'
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $expectedId ]]; then
echo "Condition met"
Expand Down Expand Up @@ -119,7 +106,7 @@ spec:
fi
# Delete service and make sure its deleted
kubectl delete svc svc-test -n $NAMESPACE --timeout=60s
kubectl --timeout=60s delete svc svc-test -n $NAMESPACE
for i in {1..10}; do
if kubectl get svc svc-test -n $NAMESPACE > /dev/null 2>&1; then
Expand Down
28 changes: 2 additions & 26 deletions e2e/test/lb-delete-svc-use-new-nbid/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,8 @@ spec:
content: |
set -e
re='^[0-9]+$'
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $expectedId ]]; then
echo "Condition met"
Expand Down Expand Up @@ -110,18 +97,7 @@ spec:
kubectl annotate --overwrite svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-nodebalancer-id=$nbid
for i in {1..10}; do
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid2=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid2 =~ $re ]]; then
echo "Nodebalancer id [$nbid2] is incorrect, failed to fetch nodebalancer"
exit 1
fi
nbid2=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $nbid2 ]]; then
echo "Condition met"
Expand Down
15 changes: 1 addition & 14 deletions e2e/test/lb-delete-svc-use-specified-nb/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,8 @@ spec:
content: |
set -e
re='^[0-9]+$'
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
if [[ $nbid == $expectedId ]]; then
echo "Condition met"
Expand Down
15 changes: 1 addition & 14 deletions e2e/test/lb-http-body-health-check/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,7 @@ spec:
content: |
set -e
re='^[0-9]+$'
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect, doesn't meet regex requirements"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
for i in {1..10}; do
nbconfig=$(curl -s \
Expand Down
15 changes: 1 addition & 14 deletions e2e/test/lb-http-status-health-check/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,7 @@ spec:
content: |
set -e
re='^[0-9]+$'
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
nbid=$(curl -s \
-H "Authorization: Bearer $LINODE_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
if ! [[ $nbid =~ $re ]]; then
echo "Nodebalancer id [$nbid] is incorrect, doesn't meet regex requirements"
exit 1
fi
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
for i in {1..10}; do
nbconfig=$(curl -s \
Expand Down
Loading

0 comments on commit 7a1d0a9

Please sign in to comment.