kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/pkg/model/awsmodel/autoscalinggroup_test.go

202 lines
6.0 KiB
Go
Raw Blame History

/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package awsmodel
import (
"fmt"
"testing"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/model"
"k8s.io/kops/pkg/model/iam"
"k8s.io/kops/pkg/testutils"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
)
const (
sshPublicKeyEntry = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCySdqIU+FhCWl3BNrAvPaOe5VfL2aCARUWwy91ZP+T7LBwFa9lhdttfjp/VX1D1/PVwntn2EhN079m8c2kfdmiZ/iCHqrLyIGSd+BOiCz0lT47znvANSfxYjLUuKrWWWeaXqerJkOsAD4PHchRLbZGPdbfoBKwtb/WT4GMRQmb9vmiaZYjsfdPPM9KkWI9ECoWFGjGehA8D+iYIPR711kRacb1xdYmnjHqxAZHFsb5L8wDWIeAyhy49cBD+lbzTiioq2xWLorXuFmXh6Do89PgzvHeyCLY6816f/kCX6wIFts8A2eaEHFL4rAOsuh6qHmSxGCR9peSyuRW8DxV725x justin@test"
)
func buildMinimalCluster() *kops.Cluster {
return testutils.BuildMinimalCluster("testcluster.test.com")
}
func buildNodeInstanceGroup(subnets ...string) *kops.InstanceGroup {
g := &kops.InstanceGroup{}
g.ObjectMeta.Name = "nodes"
g.Spec.Role = kops.InstanceGroupRoleNode
g.Spec.Subnets = subnets
return g
}
// Tests that RootVolumeOptimization flag gets added to the awstasks
func TestRootVolumeOptimizationFlag(t *testing.T) {
cluster := buildMinimalCluster()
ig := buildNodeInstanceGroup("subnet-us-mock-1a")
ig.Spec.RootVolumeOptimization = fi.Bool(true)
k := [][]byte{}
k = append(k, []byte(sshPublicKeyEntry))
igs := []*kops.InstanceGroup{}
igs = append(igs, ig)
b := AutoscalingGroupModelBuilder{
AWSModelContext: &AWSModelContext{
KopsModelContext: &model.KopsModelContext{
IAMModelContext: iam.IAMModelContext{Cluster: cluster},
SSHPublicKeys: k,
InstanceGroups: igs,
},
},
}
c := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}
b.Build(c)
lc := c.Tasks["LaunchTemplate/nodes.testcluster.test.com"].(*awstasks.LaunchTemplate)
if *lc.RootVolumeOptimization == false {
t.Fatalf("RootVolumeOptimization was expected to be true, but was false")
}
}
func TestAPIServerAdditionalSecurityGroupsWithNLB(t *testing.T) {
const sgIDAPIServer = "sg-01234567890abcdef"
cluster := buildMinimalCluster()
cluster.Spec.API = &kops.AccessSpec{
LoadBalancer: &kops.LoadBalancerAccessSpec{
Class: kops.LoadBalancerClassNetwork,
AdditionalSecurityGroups: []string{sgIDAPIServer},
},
}
const (
roleBastion = iota
roleMaster
roleNode
_roleCount
)
igs := make([]*kops.InstanceGroup, _roleCount)
// NB: (*AutoscalingGroupModelBuilder).buildLaunchConfigurationTask expects there to be at least
// one subnet specified in each InstanceGroup.
subnets := []string{cluster.Spec.Subnets[0].Name}
igs[roleBastion] = &kops.InstanceGroup{
ObjectMeta: v1.ObjectMeta{
Name: "bastion1",
},
Spec: kops.InstanceGroupSpec{
Role: kops.InstanceGroupRoleBastion,
Subnets: subnets,
AdditionalSecurityGroups: []string{"sg-1234567890abcdef0"},
},
}
igs[roleMaster] = &kops.InstanceGroup{
ObjectMeta: v1.ObjectMeta{
Name: "master1",
},
Spec: kops.InstanceGroupSpec{
Role: kops.InstanceGroupRoleMaster,
Subnets: subnets,
AdditionalSecurityGroups: []string{"sg-234567890abcdef01"},
},
}
igs[roleNode] = &kops.InstanceGroup{
ObjectMeta: v1.ObjectMeta{
Name: "node1",
},
Spec: kops.InstanceGroupSpec{
Role: kops.InstanceGroupRoleNode,
Subnets: subnets,
AdditionalSecurityGroups: []string{"sg-34567890abcdef012"},
},
}
b := AutoscalingGroupModelBuilder{
AWSModelContext: &AWSModelContext{
KopsModelContext: &model.KopsModelContext{
IAMModelContext: iam.IAMModelContext{Cluster: cluster},
SSHPublicKeys: [][]byte{[]byte(sshPublicKeyEntry)},
InstanceGroups: igs,
},
},
}
c := &fi.ModelBuilderContext{
Tasks: make(map[string]fi.Task),
}
b.Build(c)
hasSecurityGroup := func(lt *awstasks.LaunchTemplate, id string) bool {
for _, sg := range lt.SecurityGroups {
if sg.ID != nil && *sg.ID == id {
return true
}
}
return false
}
hasDesignatedSecurityGroup := func(lt *awstasks.LaunchTemplate) bool {
return hasSecurityGroup(lt, sgIDAPIServer)
}
launchTemplateForGroup := func(t *testing.T, ig *kops.InstanceGroup) *awstasks.LaunchTemplate {
t.Helper()
subdomain := ig.Name
if ig.Spec.Role == kops.InstanceGroupRoleMaster {
subdomain = ig.Name + ".masters"
}
task, ok := c.Tasks[fmt.Sprintf("LaunchTemplate/%s.%s", subdomain, cluster.Name)]
if !ok {
t.Fatalf("No task available in model build context for InstanceGroup %q", ig.Name)
}
if task == nil {
t.Fatalf("Task pointer in model build context for InstanceGroup %q is nil", ig.Name)
}
return task.(*awstasks.LaunchTemplate)
}
tests := []struct {
ig *kops.InstanceGroup
expectHasSG bool
}{
{igs[roleBastion], false},
{igs[roleMaster], true},
{igs[roleNode], false},
}
for _, test := range tests {
role := test.ig.Spec.Role
t.Run(string(role), func(t *testing.T) {
lt := launchTemplateForGroup(t, test.ig)
if want, got := test.expectHasSG, hasDesignatedSecurityGroup(lt); got != want {
t.Errorf("%q (role %q): launch template includes API server security group: want %t, got %t", test.ig.Name, role, want, got)
}
for _, sg := range test.ig.Spec.AdditionalSecurityGroups {
if want, got := true, hasSecurityGroup(lt, sg); got != want {
t.Errorf("%q (role %q): launch template includes additional security group %q: want %t, got %t", test.ig.Name, role, sg, want, got)
}
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink