-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test/e2e: fixes and improvements to AWS #1975
test/e2e: fixes and improvements to AWS #1975
Conversation
FYI @ldoktor |
d4e61c2
to
cecc06a
Compare
Updated with a fix to golangci-lint |
The provisioner of AWS is able to create an EKS cluster or use an existing (on-prem) one. For example, I can deploy CAA on k8s on my workstation and configure to create peer pods in AWS. It will be required to configure networking so that the instantiated VMs are reacheable by CAA; or we can simply deploy VMs with public IP. This allow the creation of VMs public IP assigned by passing the `use_public_ip` property to the test framework. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
In order to upload the qcow2 image it is required to created a snapshotter and wait it to finish. The current 3 minutes wait time hasn't been sufficient, so increased to 10. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
This new function sets 'env' attribute to the secretGenerator of an kustomization.yaml. For example, SetKustomizeSecretGeneratorEnv("peer-pods-secret", "aws-cred.env") creates the following secret generator: secretGenerator: - name: peer-pods-secret namespace: confidential-containers-system env: aws-cred.env Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
In order to install CAA for AWS it is required the src/cloud-api-adaptor/install/overlays/aws/aws-cred.env file from where the key ID and access key are read. The provisioner for AWS should ensure that file exists, even if empty, otherwise it won't be able to read the kustomization file initially. Before applying the overlay, it will then write the (correct) credentials to the file again. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
Currently CAA will attempt to instantiate confidential VMs in AWS. If we want it disabled then we must set DISABLECVM=true in kustomization.yaml. This allows the e2e suite to disable CVM for AWS by pass the `disablecvm=true` property to the test framework. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
cecc06a
to
33d0d4f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Thanks @wainersm
@@ -170,6 +170,57 @@ func (kh *KustomizeOverlay) SetKustomizeSecretGeneratorLiteral(secretName string | |||
return nil | |||
} | |||
|
|||
// SetKustomizeSecretGeneratorEnvs updates the kustomization YAML by adding the `env` on the | |||
// `sgName` SecretGenerator env file. | |||
func (kh *KustomizeOverlay) SetKustomizeSecretGeneratorEnv(sgName string, file string) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a good opportunity for some refactoring as now SetKustomizeSecretGeneratorEnv
, SetKustomizeSecretGeneratorLiteral
and SetKustomizeSecretGeneratorFile
have pretty similar code duplicated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @stevenhorsman ! I looked at kustomize.go and it really have a bunch of duplicated code. I plan to refactor it but on a separated PR because I will need to re-run the tests. Is it okay for you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that's fine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks okay to me if the refactor comes later
While trying to run the e2e tests for AWS I realized the framework was broke, hence sending the fixes. Also making one improvement (use of public IP) so one can test with an on-prem cluster (e.g. k8s running on your working station).
Tested as:
with the aws.properties file: