Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / bb2edbe8a69a04b0d72c5a565bdead5040959125 / . / metropolis / test / e2e / kubernetes_helpers.go
blob: 44fa6601cef05a0a88cbe5f4c81bd2a6ee5a6d9e [file] [log] [blame]
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]1// Copyright 2020 The Monogon Project Authors.
2//
3// SPDX-License-Identifier: Apache-2.0
4//
5// Licensed under the Apache License, Version 2.0 (the "License");
6// you may not use this file except in compliance with the License.
7// You may obtain a copy of the License at
8//
9// http://www.apache.org/licenses/LICENSE-2.0
10//
11// Unless required by applicable law or agreed to in writing, software
12// distributed under the License is distributed on an "AS IS" BASIS,
13// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14// See the License for the specific language governing permissions and
15// limitations under the License.
16
17package e2e
18
19import (
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]20 "crypto/x509"
21 "encoding/pem"
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]22 "fmt"
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]23
24 appsv1 "k8s.io/api/apps/v1"
25 corev1 "k8s.io/api/core/v1"
26 "k8s.io/apimachinery/pkg/api/resource"
27 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
28 "k8s.io/apimachinery/pkg/util/intstr"
29 "k8s.io/client-go/kubernetes"
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]30 "k8s.io/client-go/rest"
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]31
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]32 "source.monogon.dev/metropolis/test/launch/cluster"
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]33)
34
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]35// GetKubeClientSet gets a Kubernetes client set accessing the Metropolis
36// Kubernetes authenticating proxy using the cluster owner identity.
37// It currently has access to everything (i.e. the cluster-admin role)
38// via the owner-admin binding.
39func GetKubeClientSet(cluster *cluster.Cluster, port uint16) (kubernetes.Interface, error) {
40 pkcs8Key, err := x509.MarshalPKCS8PrivateKey(cluster.Owner.PrivateKey)
41 if err != nil {
42 // We explicitly pass an Ed25519 private key in, so this can't happen
43 panic(err)
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]44 }
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]45 var clientConfig = rest.Config{
46 Host: fmt.Sprintf("localhost:%v", port),
47 TLSClientConfig: rest.TLSClientConfig{
48 ServerName: "kubernetes.default.svc.cluster.local",
49 Insecure: true,
50 CertData: pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cluster.Owner.Certificate[0]}),
51 KeyData: pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8Key}),
52 },
53 }
54 return kubernetes.NewForConfig(&clientConfig)
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]55}
56
Serge Bazanski216fe7b2021-05-21 18:36:16 +0200[diff] [blame]57// makeTestDeploymentSpec generates a Deployment spec for a single pod running
58// NGINX with a readiness probe. This allows verifying that the control plane
59// is capable of scheduling simple pods and that kubelet works, its runtime is
60// set up well enough to run a simple container and the network to the pod can
61// pass readiness probe traffic.
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]62func makeTestDeploymentSpec(name string) *appsv1.Deployment {
63 return &appsv1.Deployment{
64 ObjectMeta: metav1.ObjectMeta{Name: name},
65 Spec: appsv1.DeploymentSpec{
66 Selector: &metav1.LabelSelector{MatchLabels: map[string]string{
67 "name": name,
68 }},
69 Template: corev1.PodTemplateSpec{
70 ObjectMeta: metav1.ObjectMeta{
71 Labels: map[string]string{
72 "name": name,
73 },
74 },
75 Spec: corev1.PodSpec{
76 Containers: []corev1.Container{
77 {
78 Name: "test",
79 // TODO(phab/T793): Build and preseed our own container images
80 Image: "nginx:alpine",
81 ReadinessProbe: &corev1.Probe{
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]82 ProbeHandler: corev1.ProbeHandler{
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]83 HTTPGet: &corev1.HTTPGetAction{Port: intstr.FromInt(80)},
84 },
85 },
86 },
87 },
88 },
89 },
90 },
91 }
92}
93
94// makeTestStatefulSet generates a StatefulSet spec
Lorenz Brun37050122021-03-30 14:00:27 +0200[diff] [blame]95func makeTestStatefulSet(name string, volumeMode corev1.PersistentVolumeMode) *appsv1.StatefulSet {
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]96 return &appsv1.StatefulSet{
97 ObjectMeta: metav1.ObjectMeta{Name: name},
98 Spec: appsv1.StatefulSetSpec{
99 Selector: &metav1.LabelSelector{MatchLabels: map[string]string{
100 "name": name,
101 }},
102 VolumeClaimTemplates: []corev1.PersistentVolumeClaim{
103 {
104 ObjectMeta: metav1.ObjectMeta{Name: "www"},
105 Spec: corev1.PersistentVolumeClaimSpec{
106 AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
107 Resources: corev1.ResourceRequirements{
108 Requests: map[corev1.ResourceName]resource.Quantity{corev1.ResourceStorage: resource.MustParse("50Mi")},
109 },
Lorenz Brun37050122021-03-30 14:00:27 +0200[diff] [blame]110 VolumeMode: &volumeMode,
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]111 },
112 },
113 },
114 Template: corev1.PodTemplateSpec{
115 ObjectMeta: metav1.ObjectMeta{
116 Labels: map[string]string{
117 "name": name,
118 },
119 },
120 Spec: corev1.PodSpec{
121 Containers: []corev1.Container{
122 {
123 Name: "test",
124 Image: "nginx:alpine",
125 ReadinessProbe: &corev1.Probe{
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]126 ProbeHandler: corev1.ProbeHandler{
Lorenz Brunfc5dbc62020-05-28 12:18:07 +0200[diff] [blame]127 HTTPGet: &corev1.HTTPGetAction{Port: intstr.FromInt(80)},
128 },
129 },
130 },
131 },
132 },
133 },
134 },
135 }
136}