Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test/e2e: fixes and improvements to AWS #1975

Merged
merged 5 commits into from
Sep 17, 2024
Merged

test/e2e: fixes and improvements to AWS #1975

merged 5 commits into from
Sep 17, 2024

Conversation

wainersm
Copy link
Member

@wainersm wainersm commented Aug 2, 2024

While trying to run the e2e tests for AWS I realized the framework was broke, hence sending the fixes. Also making one improvement (use of public IP) so one can test with an on-prem cluster (e.g. k8s running on your working station).

Tested as:

$ ./run_e2e.sh aws
go test -v -tags=aws -timeout 90m -count=1 -run TestAwsCreateSimplePod ./test/e2e
time="2024-08-02T11:47:38-03:00" level=info msg="Do setup"
time="2024-08-02T11:47:38-03:00" level=info msg="Container runtime: containerd"
time="2024-08-02T11:47:38-03:00" level=info msg="Cluster provisioning"
time="2024-08-02T11:47:38-03:00" level=info msg="Create AWS VPC on region us-east-1"
time="2024-08-02T11:47:39-03:00" level=info msg="VPC Id: vpc-0642848856fef21c1"
time="2024-08-02T11:47:39-03:00" level=info msg="Create subnet on VPC vpc-0642848856fef21c1"
time="2024-08-02T11:47:40-03:00" level=info msg="Subnet Id: subnet-015bfe7bf96bd7327"
time="2024-08-02T11:47:42-03:00" level=info msg="Create security group on VPC vpc-0642848856fef21c1"
time="2024-08-02T11:47:43-03:00" level=info msg="Security groupd Id: sg-030a49b0ba75c47e1"
time="2024-08-02T11:47:43-03:00" level=info msg="On-prem cluster type selected. Nothing to do."
time="2024-08-02T11:47:43-03:00" level=info msg="Podvm uploading"
time="2024-08-02T11:47:43-03:00" level=info msg="Convert qcow2 image to raw"
time="2024-08-02T11:47:47-03:00" level=info msg="Create bucket 'peer-pods-tests'"
time="2024-08-02T11:47:48-03:00" level=info msg="Create vmimport service role"
time="2024-08-02T11:47:49-03:00" level=info msg="Upload image /tmp/podvm.36750985.raw to S3 bucket 'peer-pods-tests'"
upload: ../../../../../../../../../../tmp/podvm.36750985.raw to s3://peer-pods-tests/podvm.36750985.raw

time="2024-08-02T12:07:36-03:00" level=info msg="Import disk snapshot for S3 key 'podvm.36750985.raw'"
time="2024-08-02T12:11:19-03:00" level=info msg="Register image with name: podvm-generic-ubuntu-amd64-v0.9.0-alpha.4.raw"
time="2024-08-02T12:11:20-03:00" level=info msg="New AMI ID: ami-0b23b5bd74843a9eb"
time="2024-08-02T12:11:20-03:00" level=info msg="Install Cloud API Adaptor"
time="2024-08-02T12:11:21-03:00" level=info msg="Deploy the Cloud API Adaptor"
time="2024-08-02T12:11:21-03:00" level=info msg="Install the controller manager"
Wait for the cc-operator-controller-manager deployment be available
time="2024-08-02T12:11:58-03:00" level=info msg="Customize the overlay yaml file"
time="2024-08-02T12:12:00-03:00" level=info msg="Install the cloud-api-adaptor"
Wait for the cc-operator-daemon-install DaemonSet be available
Wait for the pod cc-operator-daemon-install-zl2cs be ready
Wait for the cloud-api-adaptor-daemonset DaemonSet be available
Wait for the pod cloud-api-adaptor-daemonset-wlmx8 be ready
Wait for the kata-remote runtimeclass be created
time="2024-08-02T12:15:00-03:00" level=info msg="Installing peerpod-ctrl"
time="2024-08-02T12:15:01-03:00" level=info msg="Wait for the peerpod-ctrl deployment to be available"
time="2024-08-02T12:15:56-03:00" level=info msg="Creating namespace 'coco-pp-e2e-test-bf1f1fae'..."
time="2024-08-02T12:15:56-03:00" level=info msg="Wait for namespace 'coco-pp-e2e-test-bf1f1fae' be ready..."
time="2024-08-02T12:16:01-03:00" level=info msg="Wait for default serviceaccount in namespace 'coco-pp-e2e-test-bf1f1fae'..."
time="2024-08-02T12:16:01-03:00" level=info msg="default serviceAccount exists, namespace 'coco-pp-e2e-test-bf1f1fae' is ready for use"
=== RUN   TestAwsCreateSimplePod
=== RUN   TestAwsCreateSimplePod/SimplePeerPod_test
    assessment_runner.go:265: Waiting for containers in pod: simple-test are ready
=== RUN   TestAwsCreateSimplePod/SimplePeerPod_test/PodVM_is_created
=== NAME  TestAwsCreateSimplePod/SimplePeerPod_test
    assessment_runner.go:602: Deleting pod simple-test...
    assessment_runner.go:609: Pod simple-test has been successfully deleted within 60s
--- PASS: TestAwsCreateSimplePod (126.05s)
    --- PASS: TestAwsCreateSimplePod/SimplePeerPod_test (126.05s)
        --- PASS: TestAwsCreateSimplePod/SimplePeerPod_test/PodVM_is_created (1.00s)
PASS
ok      github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/test/e2e     1829.306s

with the aws.properties file:

#pause_image=
#vxlan_port=
#aws_region=us-east-1b
#aws_vpc_cidrblock=
#aws_vpc_id=""
#aws_vpc_subnet_id=""
#aws_vpc_sg_id=""
#aws_vpc_igw_id=
#aws_vpc_rt_id=
disablecvm="true"
#podvm_aws_ami_id="ami-0ed01e38aac50764d"
ssh_kp_name="xxxxxxxx"
#cluster_type="eks"

@wainersm
Copy link
Member Author

wainersm commented Aug 5, 2024

FYI @ldoktor

@wainersm
Copy link
Member Author

wainersm commented Aug 7, 2024

Updated with a fix to golangci-lint

@wainersm
test/e2e: allow to assign public IP to VMs in AWS
311afea 
The provisioner of AWS is able to create an EKS cluster or use an existing
(on-prem) one. For example, I can deploy CAA on k8s on my workstation and
configure to create peer pods in AWS. It will be required to configure
networking so that the instantiated VMs are reacheable by CAA; or we can
simply deploy VMs with public IP. This allow the creation of VMs public IP
assigned by passing the `use_public_ip` property to the test framework.

Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
@wainersm
test/e2e: increase snapshotter importer timeout for AWS
34672c8 
In order to upload the qcow2 image it is required to created a snapshotter
and wait it to finish. The current 3 minutes wait time hasn't been sufficient,
so increased to 10.

Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
@wainersm
test/provisioner: add SetKustomizeSecretGeneratorEnv() to kustomize
0ce386c 
This new function sets 'env' attribute to the secretGenerator of an
kustomization.yaml.

For example, SetKustomizeSecretGeneratorEnv("peer-pods-secret", "aws-cred.env")
creates the following secret generator:

  secretGenerator:
  - name: peer-pods-secret
    namespace: confidential-containers-system
    env: aws-cred.env

Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
@wainersm
test/e2e: ensure aws-cred.env file exists
6ae7578 
In order to install CAA for AWS it is required the
src/cloud-api-adaptor/install/overlays/aws/aws-cred.env file from
where the key ID and access key are read. The provisioner for AWS
should ensure that file exists, even if empty, otherwise it won't
be able to read the kustomization file initially. Before applying
the overlay, it will then write the (correct) credentials to the
file again.

Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
@wainersm
test/e2e: allow to disable CVM for AWS
33d0d4f 
Currently CAA will attempt to instantiate confidential VMs in AWS. If we
want it disabled then we must set DISABLECVM=true in kustomization.yaml.

This allows the e2e suite to disable CVM for AWS by pass the
`disablecvm=true` property to the test framework.

Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
@wainersm wainersm mentioned this pull request Aug 12, 2024
Open
bpradipt
bpradipt approved these changes Sep 5, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
Thanks @wainersm

stevenhorsman
stevenhorsman reviewed Sep 5, 2024
View reviewed changes
src/cloud-api-adaptor/test/provisioner/kustomize.go
@@ -170,6 +170,57 @@ func (kh *KustomizeOverlay) SetKustomizeSecretGeneratorLiteral(secretName string
return nil
}

// SetKustomizeSecretGeneratorEnvs updates the kustomization YAML by adding the `env` on the
// `sgName` SecretGenerator env file.
func (kh *KustomizeOverlay) SetKustomizeSecretGeneratorEnv(sgName string, file string) (err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a good opportunity for some refactoring as now SetKustomizeSecretGeneratorEnv, SetKustomizeSecretGeneratorLiteral and SetKustomizeSecretGeneratorFile have pretty similar code duplicated?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @stevenhorsman ! I looked at kustomize.go and it really have a bunch of duplicated code. I plan to refactor it but on a separated PR because I will need to re-run the tests. Is it okay for you?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that's fine

stevenhorsman
stevenhorsman approved these changes Sep 17, 2024
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks okay to me if the refactor comes later

@wainersm wainersm merged commit 4d1d6bb into confidential-containers:main Sep 17, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt approved these changes

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@mkulke mkulke Awaiting requested review from mkulke

@snir911 snir911 Awaiting requested review from snir911

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wainersm @bpradipt @stevenhorsman