kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove unused golden files from manyaddons test

This commit is contained in:
Ole Markus With 2021-07-06 08:28:02 +02:00
parent 118c9d7b61
commit 735d9a898c
12 changed files with 7 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kops/integration_test.go
View File

@ -434,7 +434,6 @@ func TestAWSLBController(t *testing.T) {
func TestManyAddons(t *testing.T) {
newIntegrationTest("minimal.example.com", "many-addons").
withOIDCDiscovery().
withAddons("aws-ebs-csi-driver.addons.k8s.io-k8s-1.17",
"aws-load-balancer-controller.addons.k8s.io-k8s-1.9",
"certmanager.io-k8s-1.16",

17
tests/integration/update_cluster/many-addons/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -1,17 +0,0 @@
{
"Statement": [
{
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
}
},
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com"
}
}
],
"Version": "2012-10-17"
}

17
tests/integration/update_cluster/many-addons/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy
View File

@ -1,17 +0,0 @@
{
"Statement": [
{
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller"
}
},
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com"
}
}
],
"Version": "2012-10-17"
}

158
tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -1,158 +0,0 @@
{
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeVolumesModifications",
"ec2:ModifyInstanceAttribute"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/kubernetes.io/cluster/minimal.example.com": "owned"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:DescribeAvailabilityZones",
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:RemoveTags"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/elbv2.k8s.aws/cluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeListenerCertificates",
"elasticloadbalancing:CreateRule"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}

34
tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy
View File

@ -1,34 +0,0 @@
{
"Statement": [
{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Action": [
"route53:GetChange"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Action": [
"route53:ListHostedZones"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}

6
tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
View File

@ -179,8 +179,8 @@ kubeAPIServer:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://discovery.example.com/minimal.example.com
serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 172.20.0.0/19
storageBackend: etcd3
kubeControllerManager:
@ -252,7 +252,7 @@ CloudProvider: aws
ConfigBase: memfs://clusters.example.com/minimal.example.com
InstanceGroupName: master-us-test-1a
InstanceGroupRole: Master
NodeupConfigHash: elF2pwZKEmkQTctfVkBsmt8290a/elh+NffnIeyCYBQ=
NodeupConfigHash: gCnvY+OMMVnG2kuJvvo1cVae4dzUl+rcZfd5XULISEs=
__EOF_KUBE_ENV

7
tests/integration/update_cluster/many-addons/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -102,8 +102,8 @@ spec:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://discovery.example.com/minimal.example.com
serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 172.20.0.0/19
storageBackend: etcd3
kubeControllerManager:
@ -201,9 +201,6 @@ spec:
nonMasqueradeCIDR: 172.20.0.0/16
podCIDR: 172.20.128.0/17
secretStore: memfs://clusters.example.com/minimal.example.com/secrets
serviceAccountIssuerDiscovery:
discoveryStore: memfs://discovery.example.com/minimal.example.com
enableAWSOIDCProvider: true
serviceClusterIPRange: 172.20.0.0/19
snapshotController:
enabled: true

18
tests/integration/update_cluster/many-addons/data/aws_s3_bucket_object_discovery.json_content
View File

@ -1,18 +0,0 @@
{
"issuer": "https://discovery.example.com/minimal.example.com",
"jwks_uri": "https://discovery.example.com/minimal.example.com/openid/v1/jwks",
"authorization_endpoint": "urn:kubernetes:programmatic_authorization",
"response_types_supported": [
"id_token"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"claims_supported": [
"sub",
"iss"
]
}

20
tests/integration/update_cluster/many-addons/data/aws_s3_bucket_object_keys.json_content
View File

@ -1,20 +0,0 @@
{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "3mNcULfgtWECYyZWY5ow1rOHjiRwEZHx28HQcRec3Ew",
"alg": "RS256",
"n": "2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy_C8Mxouxva_om9d7Sq8Ka55T7-w",
"e": "AQAB"
},
{
"use": "sig",
"kty": "RSA",
"kid": "G-cZ10iKJqrXhR15ivI7Lg2q_cuL0zN9ouL0vF67FLc",
"alg": "RS256",
"n": "o4Tridlsf4Yz3UAiup_scSTiG_OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboDq4cCuGLfdzaQdCQKPIsDuw",
"e": "AQAB"
}
]
}

4
tests/integration/update_cluster/many-addons/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content
View File

@ -38,8 +38,8 @@ APIServerConfig:
requestheaderUsernameHeaders:
- X-Remote-User
securePort: 443
serviceAccountIssuer: https://discovery.example.com/minimal.example.com
serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks
serviceAccountIssuer: https://api.internal.minimal.example.com
serviceAccountJWKSURI: https://api.internal.minimal.example.com/openid/v1/jwks
serviceClusterIPRange: 172.20.0.0/19
storageBackend: etcd3
ServiceAccountPublicKeys: |

3
tests/integration/update_cluster/many-addons/in-v1alpha2.yaml
View File

@ -40,9 +40,6 @@ spec:
enabled: true
enableSQSTerminationDraining: false
nonMasqueradeCIDR: 172.20.0.0/16
serviceAccountIssuerDiscovery:
discoveryStore: memfs://discovery.example.com/minimal.example.com
enableAWSOIDCProvider: true
snapshotController:
enabled: true
sshAccess:

25
tests/integration/update_cluster/many-addons/kubernetes.tf
View File

@ -245,17 +245,6 @@ resource "aws_iam_instance_profile" "nodes-minimal-example-com" {
}
}
resource "aws_iam_openid_connect_provider" "minimal-example-com" {
client_id_list = ["amazonaws.com"]
tags = {
"KubernetesCluster" = "minimal.example.com"
"Name" = "minimal.example.com"
"kubernetes.io/cluster/minimal.example.com" = "owned"
}
thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280", "a9d53002e97e00e043244f3d170d6f4c414104fd"]
url = "https://discovery.example.com/minimal.example.com"
}
resource "aws_iam_role" "masters-minimal-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.minimal.example.com_policy")
name = "masters.minimal.example.com"
@ -498,13 +487,6 @@ resource "aws_s3_bucket_object" "cluster-completed-spec" {
server_side_encryption = "AES256"
}
resource "aws_s3_bucket_object" "discovery-json" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_bucket_object_discovery.json_content")
key = "discovery.example.com/minimal.example.com/.well-known/openid-configuration"
server_side_encryption = "AES256"
}
resource "aws_s3_bucket_object" "etcd-cluster-spec-events" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_bucket_object_etcd-cluster-spec-events_content")
@ -519,13 +501,6 @@ resource "aws_s3_bucket_object" "etcd-cluster-spec-main" {
server_side_encryption = "AES256"
}
resource "aws_s3_bucket_object" "keys-json" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_bucket_object_keys.json_content")
key = "discovery.example.com/minimal.example.com/openid/v1/jwks"
server_side_encryption = "AES256"
}
resource "aws_s3_bucket_object" "kops-version-txt" {
bucket = "testingBucket"
content = file("${path.module}/data/aws_s3_bucket_object_kops-version.txt_content")