Merge pull request #12157 from justinsb/kopeio_test_networking_also

Update kopeio test to test kopeio networking also
2021-08-14 23:01:46 -07:00 · 2021-08-14 23:01:46 -07:00 · bd58b66c31
parent 1b6a02084a 0214c81c89
commit bd58b66c31
11 changed files with 135 additions and 303 deletions
--- a/cmd/kops/integration_test.go
+++ b/cmd/kops/integration_test.go
@ -345,11 +345,13 @@ func TestPrivateCanal(t *testing.T) {
 		runTestTerraformAWS(t)
 }

+const kopeioNetworkingAddon = "networking.kope.io-k8s-1.12"
+
 // TestPrivateKopeio runs the test on a configuration with private topology, kopeio networking
 func TestPrivateKopeio(t *testing.T) {
 	newIntegrationTest("privatekopeio.example.com", "privatekopeio").
 		withPrivate().
-		withAddons(weaveAddon).
+		withAddons(kopeioNetworkingAddon).
 		runTestTerraformAWS(t)
 }

--- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data
@ -217,7 +217,6 @@ kubelet:
  hostnameOverride: '@aws'
  kubeconfigPath: /var/lib/kubelet/kubeconfig
  logLevel: 2
-  networkPluginName: cni
  nonMasqueradeCIDR: 100.64.0.0/10
  podManifestPath: /etc/kubernetes/manifests
 masterKubelet:
@ -232,7 +231,6 @@ masterKubelet:
  hostnameOverride: '@aws'
  kubeconfigPath: /var/lib/kubelet/kubeconfig
  logLevel: 2
-  networkPluginName: cni
  nonMasqueradeCIDR: 100.64.0.0/10
  podManifestPath: /etc/kubernetes/manifests
  registerSchedulable: false
@ -244,7 +242,7 @@ CloudProvider: aws
 ConfigBase: memfs://clusters.example.com/privatekopeio.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: Master
-NodeupConfigHash: PKuaXMiLaQvL3+KG2VFOtmeeXcCxyEoG2dRIrN7Et10=
+NodeupConfigHash: UIsuZJp+YDaoibHFWxR7EpINJgzHrW+JLLVOWWhYqLM=

 __EOF_KUBE_ENV

--- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data
@ -151,7 +151,6 @@ kubelet:
  hostnameOverride: '@aws'
  kubeconfigPath: /var/lib/kubelet/kubeconfig
  logLevel: 2
-  networkPluginName: cni
  nonMasqueradeCIDR: 100.64.0.0/10
  podManifestPath: /etc/kubernetes/manifests

@ -162,7 +161,7 @@ CloudProvider: aws
 ConfigBase: memfs://clusters.example.com/privatekopeio.example.com
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: QsL02v5F4dPm/SxOBAeABj9LKtggcSW+f9Ead/+989Q=
+NodeupConfigHash: IE6Ri9HJ07gg3tR/oB6HIkQOksfwafZOeyBYO5rFHWY=

 __EOF_KUBE_ENV

--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_cluster-completed.spec_content
@ -142,7 +142,6 @@ spec:
    hostnameOverride: '@aws'
    kubeconfigPath: /var/lib/kubelet/kubeconfig
    logLevel: 2
-    networkPluginName: cni
    nonMasqueradeCIDR: 100.64.0.0/10
    podManifestPath: /etc/kubernetes/manifests
  kubernetesApiAccess:
@ -161,14 +160,13 @@ spec:
    hostnameOverride: '@aws'
    kubeconfigPath: /var/lib/kubelet/kubeconfig
    logLevel: 2
-    networkPluginName: cni
    nonMasqueradeCIDR: 100.64.0.0/10
    podManifestPath: /etc/kubernetes/manifests
    registerSchedulable: false
  masterPublicName: api.privatekopeio.example.com
  networkCIDR: 172.20.0.0/16
  networking:
-    weave: {}
+    kopeio: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  podCIDR: 100.96.0.0/11
  secretStore: memfs://clusters.example.com/privatekopeio.example.com/secrets
--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-master-us-test-1a_content
@ -243,7 +243,6 @@ KubeletConfig:
  hostnameOverride: '@aws'
  kubeconfigPath: /var/lib/kubelet/kubeconfig
  logLevel: 2
-  networkPluginName: cni
  nodeLabels:
    kops.k8s.io/kops-controller-pki: ""
    kubernetes.io/role: master
--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_nodeupconfig-nodes_content
@ -49,7 +49,6 @@ KubeletConfig:
  hostnameOverride: '@aws'
  kubeconfigPath: /var/lib/kubelet/kubeconfig
  logLevel: 2
-  networkPluginName: cni
  nodeLabels:
    kubernetes.io/role: node
    node-role.kubernetes.io/node: ""
--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-bootstrap_content
@ -46,8 +46,8 @@ spec:
    selector:
      k8s-addon: storage-aws.addons.k8s.io
  - id: k8s-1.12
-    manifest: networking.weave/k8s-1.12.yaml
-    manifestHash: 3f14f8869934001778849837c28217709bf4f1c593d3acdbde9cdf1d97ac47f3
-    name: networking.weave
+    manifest: networking.kope.io/k8s-1.12.yaml
+    manifestHash: 294272eb01da2938395ff6425ac74690788b6f7ebe80327a83a77b2951b63968
+    name: networking.kope.io
    selector:
      role.kubernetes.io/networking: "1"
--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content
@ -0,0 +1,122 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: networking.kope.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: networking.kope.io
+    role.kubernetes.io/networking: "1"
+  name: kopeio-networking-agent
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: kopeio-networking-agent
+  template:
+    metadata:
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ""
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly",
+          "operator":"Exists"}]'
+      labels:
+        name: kopeio-networking-agent
+    spec:
+      containers:
+      - env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        image: kopeio/networking-agent:1.0.20181028
+        name: networking-agent
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            cpu: 50m
+            memory: 100Mi
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
+      hostIPC: true
+      hostNetwork: true
+      hostPID: true
+      priorityClassName: system-node-critical
+      serviceAccountName: kopeio-networking-agent
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+      volumes:
+      - hostPath:
+          path: /lib/modules
+        name: lib-modules
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: networking.kope.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: networking.kope.io
+    role.kubernetes.io/networking: "1"
+  name: kopeio-networking-agent
+  namespace: kube-system
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: networking.kope.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: networking.kope.io
+    role.kubernetes.io/networking: "1"
+  name: kopeio:networking-agent
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: networking.kope.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: networking.kope.io
+    role.kubernetes.io/networking: "1"
+  name: kopeio:networking-agent
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kopeio:networking-agent
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: system:serviceaccount:kube-system:kopeio-networking-agent
--- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content
+++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content
@ -1,285 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-rules:
- apiGroups:
-  - ""
-  resources:
-  - pods
-  - namespaces
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - extensions
-  resources:
-  - networkpolicies
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - networking.k8s.io
-  resources:
-  - networkpolicies
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
-  - update
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: weave-net
-subjects:
- kind: ServiceAccount
-  name: weave-net
-  namespace: kube-system
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - weave-net
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-
---
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: weave-net
-subjects:
- kind: ServiceAccount
-  name: weave-net
-  namespace: kube-system
-
---
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  creationTimestamp: null
-  labels:
-    addon.kops.k8s.io/name: networking.weave
-    app.kubernetes.io/managed-by: kops
-    name: weave-net
-    role.kubernetes.io/networking: "1"
-  name: weave-net
-  namespace: kube-system
-spec:
-  minReadySeconds: 5
-  selector:
-    matchLabels:
-      name: weave-net
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        name: weave-net
-    spec:
-      containers:
-      - command:
-        - /home/weave/launch.sh
-        env:
-        - name: INIT_CONTAINER
-          value: "true"
-        - name: HOSTNAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: spec.nodeName
-        - name: IPALLOC_RANGE
-          value: 100.96.0.0/11
-        image: weaveworks/weave-kube:2.8.1
-        name: weave
-        ports:
-        - containerPort: 6782
-          name: metrics
-        readinessProbe:
-          httpGet:
-            host: 127.0.0.1
-            path: /status
-            port: 6784
-        resources:
-          limits:
-            memory: 200Mi
-          requests:
-            cpu: 50m
-            memory: 200Mi
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /weavedb
-          name: weavedb
-        - mountPath: /host/var/lib/dbus
-          name: dbus
-          readOnly: true
-        - mountPath: /host/etc/machine-id
-          name: cni-machine-id
-          readOnly: true
-        - mountPath: /run/xtables.lock
-          name: xtables-lock
-          readOnly: false
-      - env:
-        - name: HOSTNAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: spec.nodeName
-        image: weaveworks/weave-npc:2.8.1
-        name: weave-npc
-        ports:
-        - containerPort: 6781
-          name: metrics
-        resources:
-          limits:
-            memory: 200Mi
-          requests:
-            cpu: 50m
-            memory: 200Mi
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /run/xtables.lock
-          name: xtables-lock
-          readOnly: false
-      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
-      hostPID: false
-      initContainers:
-      - command:
-        - /home/weave/init.sh
-        image: weaveworks/weave-kube:2.8.1
-        name: weave-init
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /host/opt
-          name: cni-bin
-        - mountPath: /host/home
-          name: cni-bin2
-        - mountPath: /host/etc
-          name: cni-conf
-        - mountPath: /lib/modules
-          name: lib-modules
-        - mountPath: /run/xtables.lock
-          name: xtables-lock
-          readOnly: false
-      priorityClassName: system-node-critical
-      restartPolicy: Always
-      securityContext:
-        seLinuxOptions: {}
-      serviceAccountName: weave-net
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
-      - effect: NoExecute
-        operator: Exists
-      volumes:
-      - hostPath:
-          path: /var/lib/weave
-        name: weavedb
-      - hostPath:
-          path: /opt
-        name: cni-bin
-      - hostPath:
-          path: /home
-        name: cni-bin2
-      - hostPath:
-          path: /etc
-        name: cni-conf
-      - hostPath:
-          path: /etc/machine-id
-        name: cni-machine-id
-      - hostPath:
-          path: /var/lib/dbus
-        name: dbus
-      - hostPath:
-          path: /lib/modules
-        name: lib-modules
-      - hostPath:
-          path: /run/xtables.lock
-          type: FileOrCreate
-        name: xtables-lock
-  updateStrategy:
-    type: RollingUpdate
--- a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml
+++ b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml
@ -26,7 +26,7 @@ spec:
  masterPublicName: api.privatekopeio.example.com
  networkCIDR: 172.20.0.0/16
  networking:
-    weave: {}
+    kopeio: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  sshAccess:
  - 0.0.0.0/0
--- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf
+++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf
@ -894,10 +894,10 @@ resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-limit-range-ad
  server_side_encryption = "AES256"
 }

-resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-networking-weave-k8s-1-12" {
+resource "aws_s3_bucket_object" "privatekopeio-example-com-addons-networking-kope-io-k8s-1-12" {
  bucket                 = "testingBucket"
-  content                = file("${path.module}/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.weave-k8s-1.12_content")
-  key                    = "clusters.example.com/privatekopeio.example.com/addons/networking.weave/k8s-1.12.yaml"
+  content                = file("${path.module}/data/aws_s3_bucket_object_privatekopeio.example.com-addons-networking.kope.io-k8s-1.12_content")
+  key                    = "clusters.example.com/privatekopeio.example.com/addons/networking.kope.io/k8s-1.12.yaml"
  server_side_encryption = "AES256"
 }