Merge pull request #8760 from geojaz/gce_tests_lifecycle

Gce tests lifecycle
2020-03-17 02:52:22 -07:00 · 2020-03-17 02:52:22 -07:00 · 81a5640e29
parent 68c237076e 31285f921b
commit 81a5640e29
6 changed files with 579 additions and 3 deletions
--- a/cmd/kops/integration_test.go
+++ b/cmd/kops/integration_test.go
@ -57,6 +57,11 @@ func TestMinimal(t *testing.T) {
 	runTestAWS(t, "minimal.example.com", "minimal", "v1alpha2", false, 1, true, false, nil, true, false)
 }

+// TestMinimalGCE runs tests on a minimal GCE configuration
+func TestMinimalGCE(t *testing.T) {
+	runTestGCE(t, "minimal-gce.example.com", "minimal_gce", nil, "v1alpha2", false, 1, true)
+}
+
 // TestRestrictAccess runs the test on a simple SG configuration, similar to kops create cluster minimal.example.com --ssh-access=$(IPS) --admin-access=$(IPS) --master-count=3
 func TestRestrictAccess(t *testing.T) {
 	runTestAWS(t, "restrictaccess.example.com", "restrict_access", "v1alpha2", false, 1, true, false, nil, true, false)
@ -71,7 +76,7 @@ func TestHA(t *testing.T) {
 // TestHighAvailabilityGCE runs the test on a simple HA GCE configuration, similar to kops create cluster ha-gce.example.com
 // --zones us-test1-a,us-test1-b,us-test1-c --master-count=3
 func TestHighAvailabilityGCE(t *testing.T) {
-	runTestGCE(t, "ha-gce.example.com", "ha_gce", "v1alpha2", false, 3, true)
+	runTestGCE(t, "ha-gce.example.com", "ha_gce", nil, "v1alpha2", false, 3, true)
 }

 // TestComplex runs the test on a more complex configuration, intended to hit more of the edge cases
@ -517,7 +522,7 @@ func runTestPhase(t *testing.T, clusterName string, srcDir string, version strin
 	runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames, tfFileName, "", &phase, nil, sshKey)
 }

-func runTestGCE(t *testing.T, clusterName string, srcDir string, version string, private bool, zones int, sshKey bool) {
+func runTestGCE(t *testing.T, clusterName string, srcDir string, lifecycleOverrides []string, version string, private bool, zones int, sshKey bool) {
 	featureflag.ParseFlags("+AlphaAllowGCE")

 	h := testutils.NewIntegrationTestHarness(t)
@ -543,7 +548,7 @@ func runTestGCE(t *testing.T, clusterName string, srcDir string, version string,
 		expectedFilenames = append(expectedFilenames, prefix+"kops-k8s-io-instance-group-name")
 	}

-	runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames, "", "", nil, nil, sshKey)
+	runTest(t, h, clusterName, srcDir, version, private, zones, expectedFilenames, "", "", nil, lifecycleOverrides, sshKey)
 }

 func runTestCloudformation(t *testing.T, clusterName string, srcDir string, version string, private bool, lifecycleOverrides []string, sshKey bool) {
--- a/tests/integration/minimal_gce/expected-v1alpha2.yaml
+++ b/tests/integration/minimal_gce/expected-v1alpha2.yaml
@ -0,0 +1,97 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  name: minimal-gce.example.com
+spec:
+  api:
+    dns: {}
+  authorization:
+    rbac: {}
+  channel: stable
+  cloudProvider: gce
+  configBase: memfs://tests/ha-gce.example.com
+  containerRuntime: docker
+  etcdClusters:
+  - cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    memoryRequest: 100Mi
+    name: main
+  - cpuRequest: 100m
+    etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    memoryRequest: 100Mi
+    name: events
+  iam:
+    allowContainerRegistry: true
+    legacy: false
+  kubelet:
+    anonymousAuth: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  kubernetesVersion: v1.16.0
+  masterPublicName: api.minimal-gce.example.com
+  networking:
+    kubenet: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  project: testproject
+  sshAccess:
+  - 0.0.0.0/0
+  subnets:
+  - name: us-test1
+    region: us-test1
+    type: Public
+  topology:
+    dns:
+      type: Public
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  labels:
+    kops.k8s.io/cluster: minimal-gce.example.com
+  name: master-us-test1-a
+spec:
+  image: cos-cloud/cos-stable-65-10323-99-0
+  machineType: n1-standard-1
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    cloud.google.com/metadata-proxy-ready: "true"
+    kops.k8s.io/instancegroup: master-us-test1-a
+  role: Master
+  subnets:
+  - us-test1
+  zones:
+  - us-test1-a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  labels:
+    kops.k8s.io/cluster: minimal-gce.example.com
+  name: nodes
+spec:
+  image: cos-cloud/cos-stable-65-10323-99-0
+  machineType: n1-standard-2
+  maxSize: 2
+  minSize: 2
+  nodeLabels:
+    cloud.google.com/metadata-proxy-ready: "true"
+    kops.k8s.io/instancegroup: nodes
+  role: Node
+  subnets:
+  - us-test1
+  zones:
+  - us-test1-a
--- a/tests/integration/minimal_gce/options.yaml
+++ b/tests/integration/minimal_gce/options.yaml
@ -0,0 +1,5 @@
+ClusterName: minimal-gce.example.com
+Zones:
+- us-test1-a
+Cloud: gce
+KubernetesVersion: v1.16.0
--- a/tests/integration/update_cluster/minimal_gce/id_rsa.pub
+++ b/tests/integration/update_cluster/minimal_gce/id_rsa.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==
--- a/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml
+++ b/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml
@ -0,0 +1,83 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  name: minimal-gce.example.com
+spec:
+  api:
+    dns: {}
+  authorization:
+    alwaysAllow: {}
+  channel: stable
+  cloudProvider: gce
+  configBase: memfs://tests/minimal-gce.example.com
+  etcdClusters:
+  - etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: "1"
+    name: main
+  - etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: "1"
+    name: events
+  iam:
+    legacy: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  kubernetesVersion: v1.14.0
+  masterPublicName: api.minimal-gce.example.com
+  networking:
+    kubenet: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  project: testproject
+  sshAccess:
+  - 0.0.0.0/0
+  subnets:
+  - name: us-test1
+    region: us-test1
+    type: Public
+  topology:
+    dns:
+      type: Public
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  labels:
+    kops.k8s.io/cluster: minimal-gce.example.com
+  name: master-us-test1-a
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-1
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-test1
+  zones:
+  - us-test1-a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  labels:
+    kops.k8s.io/cluster: minimal-gce.example.com
+  name: nodes
+spec:
+  image: cos-cloud/cos-stable-57-9202-64-0
+  machineType: n1-standard-2
+  maxSize: 2
+  minSize: 2
+  role: Node
+  subnets:
+  - us-test1
+  zones:
+  - us-test1-a
--- a/tests/integration/update_cluster/minimal_gce/kubernetes.tf
+++ b/tests/integration/update_cluster/minimal_gce/kubernetes.tf
@ -0,0 +1,385 @@
+locals = {
+  cluster_name = "minimal-gce.example.com"
+  project      = "us-test1"
+  region       = "us-test1"
+}
+
+output "cluster_name" {
+  value = "minimal-gce.example.com"
+}
+
+output "project" {
+  value = "us-test1"
+}
+
+output "region" {
+  value = "us-test1"
+}
+
+provider "google" {
+  project = "us-test1"
+  region  = "us-test1"
+  version = ">= 3.0.0"
+}
+
+resource "google_compute_disk" "d1-etcd-events-minimal-gce-example-com" {
+  name = "d1-etcd-events-minimal-gce-example-com"
+  type = "pd-ssd"
+  size = 20
+  zone = "us-test1-a"
+
+  labels = {
+    k8s-io-cluster-name = "minimal-gce-example-com"
+    k8s-io-etcd-events  = "1-2f1"
+    k8s-io-role-master  = "master"
+  }
+}
+
+resource "google_compute_disk" "d1-etcd-main-minimal-gce-example-com" {
+  name = "d1-etcd-main-minimal-gce-example-com"
+  type = "pd-ssd"
+  size = 20
+  zone = "us-test1-a"
+
+  labels = {
+    k8s-io-cluster-name = "minimal-gce-example-com"
+    k8s-io-etcd-main    = "1-2f1"
+    k8s-io-role-master  = "master"
+  }
+}
+
+resource "google_compute_firewall" "cidr-to-master-minimal-gce-example-com" {
+  name    = "cidr-to-master-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["443"]
+  }
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["4194"]
+  }
+
+  source_ranges = ["100.64.0.0/10"]
+  target_tags   = ["minimal-gce-example-com-k8s-io-role-master"]
+}
+
+resource "google_compute_firewall" "cidr-to-node-minimal-gce-example-com" {
+  name    = "cidr-to-node-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+  }
+
+  allow = {
+    protocol = "udp"
+  }
+
+  allow = {
+    protocol = "icmp"
+  }
+
+  allow = {
+    protocol = "esp"
+  }
+
+  allow = {
+    protocol = "ah"
+  }
+
+  allow = {
+    protocol = "sctp"
+  }
+
+  source_ranges = ["100.64.0.0/10"]
+  target_tags   = ["minimal-gce-example-com-k8s-io-role-node"]
+}
+
+resource "google_compute_firewall" "kubernetes-master-https-minimal-gce-example-com" {
+  name    = "kubernetes-master-https-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["443"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["minimal-gce-example-com-k8s-io-role-master"]
+}
+
+resource "google_compute_firewall" "master-to-master-minimal-gce-example-com" {
+  name    = "master-to-master-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+  }
+
+  allow = {
+    protocol = "udp"
+  }
+
+  allow = {
+    protocol = "icmp"
+  }
+
+  allow = {
+    protocol = "esp"
+  }
+
+  allow = {
+    protocol = "ah"
+  }
+
+  allow = {
+    protocol = "sctp"
+  }
+
+  source_tags = ["minimal-gce-example-com-k8s-io-role-master"]
+  target_tags = ["minimal-gce-example-com-k8s-io-role-master"]
+}
+
+resource "google_compute_firewall" "master-to-node-minimal-gce-example-com" {
+  name    = "master-to-node-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+  }
+
+  allow = {
+    protocol = "udp"
+  }
+
+  allow = {
+    protocol = "icmp"
+  }
+
+  allow = {
+    protocol = "esp"
+  }
+
+  allow = {
+    protocol = "ah"
+  }
+
+  allow = {
+    protocol = "sctp"
+  }
+
+  source_tags = ["minimal-gce-example-com-k8s-io-role-master"]
+  target_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+}
+
+resource "google_compute_firewall" "node-to-master-minimal-gce-example-com" {
+  name    = "node-to-master-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["443"]
+  }
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["4194"]
+  }
+
+  source_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+  target_tags = ["minimal-gce-example-com-k8s-io-role-master"]
+}
+
+resource "google_compute_firewall" "node-to-node-minimal-gce-example-com" {
+  name    = "node-to-node-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+  }
+
+  allow = {
+    protocol = "udp"
+  }
+
+  allow = {
+    protocol = "icmp"
+  }
+
+  allow = {
+    protocol = "esp"
+  }
+
+  allow = {
+    protocol = "ah"
+  }
+
+  allow = {
+    protocol = "sctp"
+  }
+
+  source_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+  target_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+}
+
+resource "google_compute_firewall" "nodeport-external-to-node-minimal-gce-example-com" {
+  name    = "nodeport-external-to-node-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["30000-32767"]
+  }
+
+  allow = {
+    protocol = "udp"
+    ports    = ["30000-32767"]
+  }
+
+  source_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+  target_tags = ["minimal-gce-example-com-k8s-io-role-node"]
+}
+
+resource "google_compute_firewall" "ssh-external-to-master-minimal-gce-example-com" {
+  name    = "ssh-external-to-master-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["minimal-gce-example-com-k8s-io-role-master"]
+}
+
+resource "google_compute_firewall" "ssh-external-to-node-minimal-gce-example-com" {
+  name    = "ssh-external-to-node-minimal-gce-example-com"
+  network = "${google_compute_network.default.name}"
+
+  allow = {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["minimal-gce-example-com-k8s-io-role-node"]
+}
+
+resource "google_compute_instance_group_manager" "a-master-us-test1-a-minimal-gce-example-com" {
+  name               = "a-master-us-test1-a-minimal-gce-example-com"
+  zone               = "us-test1-a"
+  base_instance_name = "master-us-test1-a"
+
+  version = {
+    instance_template = "${google_compute_instance_template.master-us-test1-a-minimal-gce-example-com.self_link}"
+  }
+
+  target_size = 1
+}
+
+resource "google_compute_instance_group_manager" "a-nodes-minimal-gce-example-com" {
+  name               = "a-nodes-minimal-gce-example-com"
+  zone               = "us-test1-a"
+  base_instance_name = "nodes"
+
+  version = {
+    instance_template = "${google_compute_instance_template.nodes-minimal-gce-example-com.self_link}"
+  }
+
+  target_size = 2
+}
+
+resource "google_compute_instance_template" "master-us-test1-a-minimal-gce-example-com" {
+  can_ip_forward = true
+  machine_type   = "n1-standard-1"
+
+  service_account = {
+    scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
+  }
+
+  scheduling = {
+    automatic_restart   = true
+    on_host_maintenance = "MIGRATE"
+    preemptible         = false
+  }
+
+  disk = {
+    auto_delete  = true
+    device_name  = "persistent-disks-0"
+    type         = "PERSISTENT"
+    boot         = true
+    source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-57-9202-64-0"
+    mode         = "READ_WRITE"
+    disk_type    = "pd-standard"
+    disk_size_gb = 64
+  }
+
+  network_interface = {
+    network       = "${google_compute_network.default.name}"
+    access_config = {}
+  }
+
+  metadata = {
+    cluster-name                    = "${file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_cluster-name")}"
+    kops-k8s-io-instance-group-name = "${file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_kops-k8s-io-instance-group-name")}"
+    ssh-keys                        = "${file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_ssh-keys")}"
+    startup-script                  = "${file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script")}"
+  }
+
+  tags        = ["minimal-gce-example-com-k8s-io-role-master"]
+  name_prefix = "master-us-test1-a-minimal-do16cp-"
+}
+
+resource "google_compute_instance_template" "nodes-minimal-gce-example-com" {
+  can_ip_forward = true
+  machine_type   = "n1-standard-2"
+
+  service_account = {
+    scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_only"]
+  }
+
+  scheduling = {
+    automatic_restart   = true
+    on_host_maintenance = "MIGRATE"
+    preemptible         = false
+  }
+
+  disk = {
+    auto_delete  = true
+    device_name  = "persistent-disks-0"
+    type         = "PERSISTENT"
+    boot         = true
+    source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-57-9202-64-0"
+    mode         = "READ_WRITE"
+    disk_type    = "pd-standard"
+    disk_size_gb = 128
+  }
+
+  network_interface = {
+    network       = "${google_compute_network.default.name}"
+    access_config = {}
+  }
+
+  metadata = {
+    cluster-name                    = "${file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_cluster-name")}"
+    kops-k8s-io-instance-group-name = "${file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_kops-k8s-io-instance-group-name")}"
+    ssh-keys                        = "${file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_ssh-keys")}"
+    startup-script                  = "${file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script")}"
+  }
+
+  tags        = ["minimal-gce-example-com-k8s-io-role-node"]
+  name_prefix = "nodes-minimal-gce-example-com-"
+}
+
+resource "google_compute_network" "default" {
+  name                    = "default"
+  auto_create_subnetworks = true
+}
+
+terraform = {
+  required_version = ">= 0.9.3"
+}
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==`