aws: Switch integration test from Public DNS to None DNS

2022-10-25 21:11:36 +03:00 · 2022-10-25 21:11:36 +03:00 · 72d3669b07
parent edb44610f7
commit 72d3669b07
7 changed files with 41 additions and 202 deletions
--- a/cmd/kops/integration_test.go
+++ b/cmd/kops/integration_test.go
@ -280,7 +280,6 @@ func TestMinimal_NoneDNS(t *testing.T) {
 	newIntegrationTest("minimal.example.com", "minimal-dns-none").
 		withAddons(
 			awsEBSCSIAddon,
-			dnsControllerAddon,
 			awsCCMAddon,
 		).
 		runTestTerraformAWS(t)
--- a/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy
+++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy
@ -64,36 +64,6 @@
        "arn:aws-test:s3:::placeholder-write-bucket"
      ]
    },
-    {
-      "Action": [
-        "route53:ChangeResourceRecordSets",
-        "route53:ListResourceRecordSets",
-        "route53:GetHostedZone"
-      ],
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO"
-      ]
-    },
-    {
-      "Action": [
-        "route53:GetChange"
-      ],
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:route53:::change/*"
-      ]
-    },
-    {
-      "Action": [
-        "route53:ListHostedZones",
-        "route53:ListTagsForResource"
-      ],
-      "Effect": "Allow",
-      "Resource": [
-        "*"
-      ]
-    },
    {
      "Action": "ec2:CreateTags",
      "Condition": {
--- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content
+++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content
@ -34,7 +34,6 @@ spec:
    runc:
      version: 1.1.4
    version: 1.6.9
-  dnsZone: Z1AFAKE1ZON3YO
  docker:
    skipInstall: true
  etcdClusters:
@ -58,8 +57,6 @@ spec:
    memoryRequest: 100Mi
    name: events
    version: 3.5.4
-  externalDns:
-    provider: dns-controller
  iam:
    allowContainerRegistry: true
    legacy: false
@ -214,6 +211,6 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
    nodes: public
--- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
+++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
@ -32,13 +32,6 @@ spec:
    selector:
      k8s-addon: limit-range.addons.k8s.io
    version: 9.99.0
-  - id: k8s-1.12
-    manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml
-    manifestHash: 6c8f01b2470d323965dfb22d410f322e0b429f7acc3831f41a763ec072dfc69b
-    name: dns-controller.addons.k8s.io
-    selector:
-      k8s-addon: dns-controller.addons.k8s.io
-    version: 9.99.0
  - id: v1.15.0
    manifest: storage-aws.addons.k8s.io/v1.15.0.yaml
    manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200
--- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content
+++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content
@ -1,138 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: dns-controller.addons.k8s.io
-    app.kubernetes.io/managed-by: kops
-    k8s-addon: dns-controller.addons.k8s.io
-    k8s-app: dns-controller
-    version: v1.26.0-alpha.1
-  name: dns-controller
-  namespace: kube-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: dns-controller
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        k8s-addon: dns-controller.addons.k8s.io
-        k8s-app: dns-controller
-        kops.k8s.io/managed-by: kops
-        version: v1.26.0-alpha.1
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: node-role.kubernetes.io/control-plane
-                operator: Exists
-            - matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: Exists
-      containers:
-      - args:
-        - --watch-ingress=false
-        - --dns=aws-route53
-        - --zone=*/Z1AFAKE1ZON3YO
-        - --internal-ipv4
-        - --zone=*/*
-        - -v=2
-        command: null
-        env:
-        - name: KUBERNETES_SERVICE_HOST
-          value: 127.0.0.1
-        image: registry.k8s.io/kops/dns-controller:1.26.0-alpha.1
-        name: dns-controller
-        resources:
-          requests:
-            cpu: 50m
-            memory: 50Mi
-        securityContext:
-          runAsNonRoot: true
-      dnsPolicy: Default
-      hostNetwork: true
-      nodeSelector: null
-      priorityClassName: system-cluster-critical
-      serviceAccount: dns-controller
-      tolerations:
-      - key: node.cloudprovider.kubernetes.io/uninitialized
-        operator: Exists
-      - key: node.kubernetes.io/not-ready
-        operator: Exists
-      - key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: dns-controller.addons.k8s.io
-    app.kubernetes.io/managed-by: kops
-    k8s-addon: dns-controller.addons.k8s.io
-  name: dns-controller
-  namespace: kube-system
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: dns-controller.addons.k8s.io
-    app.kubernetes.io/managed-by: kops
-    k8s-addon: dns-controller.addons.k8s.io
-  name: kops:dns-controller
-rules:
- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  - services
-  - pods
-  - ingress
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs:
-  - get
-  - list
-  - watch
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: dns-controller.addons.k8s.io
-    app.kubernetes.io/managed-by: kops
-    k8s-addon: dns-controller.addons.k8s.io
-  name: kops:dns-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kops:dns-controller
-subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: system:serviceaccount:kube-system:dns-controller
--- a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml
+++ b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml
@ -52,7 +52,7 @@ spec:
    zone: us-test-1a
  topology:
    dns:
-      type: Public
+      type: None
    masters: public
    nodes: public

--- a/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf
+++ b/tests/integration/update_cluster/minimal-dns-none/kubernetes.tf
@ -142,7 +142,7 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com"
    propagate_at_launch = true
    value               = "owned"
  }
-  target_group_arns   = [aws_lb_target_group.tcp-minimal-example-com-5905t8.id]
+  target_group_arns   = [aws_lb_target_group.kops-controller-minimal-e-uvauf3.id, aws_lb_target_group.tcp-minimal-example-com-5905t8.id]
  vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id]
 }

@ -456,7 +456,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" {
 }

 resource "aws_lb" "api-minimal-example-com" {
-  enable_cross_zone_load_balancing = false
+  enable_cross_zone_load_balancing = true
  internal                         = false
  load_balancer_type               = "network"
  name                             = "api-minimal-example-com-gecgf7"
@ -470,6 +470,16 @@ resource "aws_lb" "api-minimal-example-com" {
  }
 }

+resource "aws_lb_listener" "api-minimal-example-com-3988" {
+  default_action {
+    target_group_arn = aws_lb_target_group.kops-controller-minimal-e-uvauf3.id
+    type             = "forward"
+  }
+  load_balancer_arn = aws_lb.api-minimal-example-com.id
+  port              = 3988
+  protocol          = "TCP"
+}
+
 resource "aws_lb_listener" "api-minimal-example-com-443" {
  default_action {
    target_group_arn = aws_lb_target_group.tcp-minimal-example-com-5905t8.id
@ -480,6 +490,24 @@ resource "aws_lb_listener" "api-minimal-example-com-443" {
  protocol          = "TCP"
 }

+resource "aws_lb_target_group" "kops-controller-minimal-e-uvauf3" {
+  health_check {
+    healthy_threshold   = 2
+    interval            = 10
+    protocol            = "TCP"
+    unhealthy_threshold = 2
+  }
+  name     = "kops-controller-minimal-e-uvauf3"
+  port     = 3988
+  protocol = "TCP"
+  tags = {
+    "KubernetesCluster"                         = "minimal.example.com"
+    "Name"                                      = "kops-controller-minimal-e-uvauf3"
+    "kubernetes.io/cluster/minimal.example.com" = "owned"
+  }
+  vpc_id = aws_vpc.minimal-example-com.id
+}
+
 resource "aws_lb_target_group" "tcp-minimal-example-com-5905t8" {
  health_check {
    healthy_threshold   = 2
@ -510,17 +538,6 @@ resource "aws_route" "route-__--0" {
  route_table_id              = aws_route_table.minimal-example-com.id
 }

-resource "aws_route53_record" "api-minimal-example-com" {
-  alias {
-    evaluate_target_health = false
-    name                   = aws_lb.api-minimal-example-com.dns_name
-    zone_id                = aws_lb.api-minimal-example-com.zone_id
-  }
-  name    = "api.minimal.example.com"
-  type    = "A"
-  zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
-}
-
 resource "aws_route_table" "minimal-example-com" {
  tags = {
    "KubernetesCluster"                         = "minimal.example.com"
@ -624,14 +641,6 @@ resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1
  server_side_encryption = "AES256"
 }

-resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" {
-  bucket                 = "testingBucket"
-  content                = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content")
-  key                    = "tests/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml"
-  provider               = aws.files
-  server_side_encryption = "AES256"
-}
-
 resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" {
  bucket                 = "testingBucket"
  content                = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content")
@ -893,6 +902,15 @@ resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" {
  type              = "ingress"
 }

+resource "aws_security_group_rule" "kops-controller-lb-to-master" {
+  cidr_blocks       = ["172.20.0.0/16"]
+  from_port         = 3988
+  protocol          = "tcp"
+  security_group_id = aws_security_group.masters-minimal-example-com.id
+  to_port           = 3988
+  type              = "ingress"
+}
+
 resource "aws_subnet" "us-test-1a-minimal-example-com" {
  availability_zone                           = "us-test-1a"
  cidr_block                                  = "172.20.32.0/19"