From 0214c81c89bfbac29a31aadc6c2ee35d2228e9d4 Mon Sep 17 00:00:00 2001 From: justinsb Date: Sun, 15 Aug 2021 00:16:01 -0400 Subject: [PATCH] Update kopeio test to test kopeio networking also --- cmd/kops/integration_test.go | 4 +- ...asters.privatekopeio.example.com_user_data | 4 +- ..._nodes.privatekopeio.example.com_user_data | 3 +- ...cket_object_cluster-completed.spec_content | 4 +- ...ect_nodeupconfig-master-us-test-1a_content | 1 - ...3_bucket_object_nodeupconfig-nodes_content | 1 - ...opeio.example.com-addons-bootstrap_content | 6 +- ...addons-networking.kope.io-k8s-1.12_content | 122 ++++++++ ...m-addons-networking.weave-k8s-1.12_content | 285 ------------------ .../privatekopeio/in-v1alpha2.yaml | 2 +- .../privatekopeio/kubernetes.tf | 6 +- 11 files changed, 135 insertions(+), 303 deletions(-) create mode 100644 tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index 9f56f32cb9269..be002c4ae0d50 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -345,11 +345,13 @@ func TestPrivateCanal(t *testing.T) { runTestTerraformAWS(t) } +const kopeioNetworkingAddon = "networking.kope.io-k8s-1.12" + // TestPrivateKopeio runs the test on a configuration with private topology, kopeio networking func TestPrivateKopeio(t *testing.T) { newIntegrationTest("privatekopeio.example.com", "privatekopeio"). withPrivate(). - withAddons(weaveAddon). + withAddons(kopeioNetworkingAddon). runTestTerraformAWS(t) } diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index 435c732c471b0..2c0863be21187 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -217,7 +217,6 @@ kubelet: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nonMasqueradeCIDR: 100.64.0.0/10 podManifestPath: /etc/kubernetes/manifests masterKubelet: @@ -232,7 +231,6 @@ masterKubelet: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nonMasqueradeCIDR: 100.64.0.0/10 podManifestPath: /etc/kubernetes/manifests registerSchedulable: false @@ -244,7 +242,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/privatekopeio.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: Master -NodeupConfigHash: PKuaXMiLaQvL3+KG2VFOtmeeXcCxyEoG2dRIrN7Et10= +NodeupConfigHash: UIsuZJp+YDaoibHFWxR7EpINJgzHrW+JLLVOWWhYqLM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data index 2af29b4e302d9..e6c6d82be4931 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data @@ -151,7 +151,6 @@ kubelet: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nonMasqueradeCIDR: 100.64.0.0/10 podManifestPath: /etc/kubernetes/manifests @@ -162,7 +161,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/privatekopeio.example.com InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: QsL02v5F4dPm/SxOBAeABj9LKtggcSW+f9Ead/+989Q= +NodeupConfigHash: IE6Ri9HJ07gg3tR/oB6HIkQOksfwafZOeyBYO5rFHWY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content index c5d2ec44d6353..41360ef646d93 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content @@ -142,7 +142,6 @@ spec: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nonMasqueradeCIDR: 100.64.0.0/10 podManifestPath: /etc/kubernetes/manifests kubernetesApiAccess: @@ -161,14 +160,13 @@ spec: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nonMasqueradeCIDR: 100.64.0.0/10 podManifestPath: /etc/kubernetes/manifests registerSchedulable: false masterPublicName: api.privatekopeio.example.com networkCIDR: 172.20.0.0/16 networking: - weave: {} + kopeio: {} nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/privatekopeio.example.com/secrets diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content index 6d92b8b06cc81..75b345faf52ab 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content @@ -243,7 +243,6 @@ KubeletConfig: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: kops.k8s.io/kops-controller-pki: "" kubernetes.io/role: master diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content index ec6c86565ea07..83559845a450a 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content @@ -49,7 +49,6 @@ KubeletConfig: hostnameOverride: '@aws' kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: kubernetes.io/role: node node-role.kubernetes.io/node: "" diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content index 81ee6a4d81ab0..52d15c2402989 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content @@ -46,8 +46,8 @@ spec: selector: k8s-addon: storage-aws.addons.k8s.io - id: k8s-1.12 - manifest: networking.weave/k8s-1.12.yaml - manifestHash: 3f14f8869934001778849837c28217709bf4f1c593d3acdbde9cdf1d97ac47f3 - name: networking.weave + manifest: networking.kope.io/k8s-1.12.yaml + manifestHash: 294272eb01da2938395ff6425ac74690788b6f7ebe80327a83a77b2951b63968 + name: networking.kope.io selector: role.kubernetes.io/networking: "1" diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content new file mode 100644 index 0000000000000..ba2142907f097 --- /dev/null +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content @@ -0,0 +1,122 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: networking.kope.io + app.kubernetes.io/managed-by: kops + k8s-addon: networking.kope.io + role.kubernetes.io/networking: "1" + name: kopeio-networking-agent + namespace: kube-system +spec: + selector: + matchLabels: + name: kopeio-networking-agent + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", + "operator":"Exists"}]' + labels: + name: kopeio-networking-agent + spec: + containers: + - env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: kopeio/networking-agent:1.0.20181028 + name: networking-agent + resources: + limits: + memory: 100Mi + requests: + cpu: 50m + memory: 100Mi + securityContext: + privileged: true + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + hostIPC: true + hostNetwork: true + hostPID: true + priorityClassName: system-node-critical + serviceAccountName: kopeio-networking-agent + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /lib/modules + name: lib-modules + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: networking.kope.io + app.kubernetes.io/managed-by: kops + k8s-addon: networking.kope.io + role.kubernetes.io/networking: "1" + name: kopeio-networking-agent + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: networking.kope.io + app.kubernetes.io/managed-by: kops + k8s-addon: networking.kope.io + role.kubernetes.io/networking: "1" + name: kopeio:networking-agent +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: networking.kope.io + app.kubernetes.io/managed-by: kops + k8s-addon: networking.kope.io + role.kubernetes.io/networking: "1" + name: kopeio:networking-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kopeio:networking-agent +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: system:serviceaccount:kube-system:kopeio-networking-agent diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content deleted file mode 100644 index bfbf1f216baee..0000000000000 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - pods - - namespaces - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - networkpolicies - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: weave-net -subjects: -- kind: ServiceAccount - name: weave-net - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - weave-net - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: weave-net -subjects: -- kind: ServiceAccount - name: weave-net - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.weave - app.kubernetes.io/managed-by: kops - name: weave-net - role.kubernetes.io/networking: "1" - name: weave-net - namespace: kube-system -spec: - minReadySeconds: 5 - selector: - matchLabels: - name: weave-net - template: - metadata: - annotations: - prometheus.io/scrape: "true" - labels: - name: weave-net - spec: - containers: - - command: - - /home/weave/launch.sh - env: - - name: INIT_CONTAINER - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: IPALLOC_RANGE - value: 100.96.0.0/11 - image: weaveworks/weave-kube:2.8.1 - name: weave - ports: - - containerPort: 6782 - name: metrics - readinessProbe: - httpGet: - host: 127.0.0.1 - path: /status - port: 6784 - resources: - limits: - memory: 200Mi - requests: - cpu: 50m - memory: 200Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /weavedb - name: weavedb - - mountPath: /host/var/lib/dbus - name: dbus - readOnly: true - - mountPath: /host/etc/machine-id - name: cni-machine-id - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - env: - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: weaveworks/weave-npc:2.8.1 - name: weave-npc - ports: - - containerPort: 6781 - name: metrics - resources: - limits: - memory: 200Mi - requests: - cpu: 50m - memory: 200Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - hostPID: false - initContainers: - - command: - - /home/weave/init.sh - image: weaveworks/weave-kube:2.8.1 - name: weave-init - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/opt - name: cni-bin - - mountPath: /host/home - name: cni-bin2 - - mountPath: /host/etc - name: cni-conf - - mountPath: /lib/modules - name: lib-modules - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - priorityClassName: system-node-critical - restartPolicy: Always - securityContext: - seLinuxOptions: {} - serviceAccountName: weave-net - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - volumes: - - hostPath: - path: /var/lib/weave - name: weavedb - - hostPath: - path: /opt - name: cni-bin - - hostPath: - path: /home - name: cni-bin2 - - hostPath: - path: /etc - name: cni-conf - - hostPath: - path: /etc/machine-id - name: cni-machine-id - - hostPath: - path: /var/lib/dbus - name: dbus - - hostPath: - path: /lib/modules - name: lib-modules - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml index 1b2b5ad703bfd..1abfde7353a5a 100644 --- a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml @@ -26,7 +26,7 @@ spec: masterPublicName: api.privatekopeio.example.com networkCIDR: 172.20.0.0/16 networking: - weave: {} + kopeio: {} nonMasqueradeCIDR: 100.64.0.0/10 sshAccess: - 0.0.0.0/0 diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 03c95d15d0cf4..28a6d4f1f2d64 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -894,10 +894,10 @@ resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-limit-range-ad server_side_encryption = "AES256" } -resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-networking-weave-k8s-1-12" { +resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-networking-kope-io-k8s-1-12" { bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content") - key = "clusters.example.com/privatekopeio.example.com/addons/networking.weave/k8s-1.12.yaml" + content = file("${path.module}/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content") + key = "clusters.example.com/privatekopeio.example.com/addons/networking.kope.io/k8s-1.12.yaml" server_side_encryption = "AES256" }