diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index e018f868de..eec750c857 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.1.17 +version: 1.1.18 appVersion: "v1.11.2" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 91f571607e..03a89513fc 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -116,7 +116,7 @@ readinessProbeTimeoutSeconds: 10 resources: requests: - cpu: 10m + cpu: 25m updateStrategy: type: RollingUpdate diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index a3b3972339..ae61d5dd45 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -214,7 +214,7 @@ spec: fieldPath: spec.nodeName resources: requests: - cpu: 10m + cpu: 25m securityContext: capabilities: add: diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 0c878c4194..86bce4376a 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -214,7 +214,7 @@ spec: fieldPath: spec.nodeName resources: requests: - cpu: 10m + cpu: 25m securityContext: capabilities: add: diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 040420d900..3a5c8a8085 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -214,7 +214,7 @@ spec: fieldPath: spec.nodeName resources: requests: - cpu: 10m + cpu: 25m securityContext: capabilities: add: diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 1c7cdf7448..72a7064fc3 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -214,7 +214,7 @@ spec: fieldPath: spec.nodeName resources: requests: - cpu: 10m + cpu: 25m securityContext: capabilities: add: diff --git a/config/master/manifests.jsonnet b/config/master/manifests.jsonnet index d531f599f3..8690442d24 100644 --- a/config/master/manifests.jsonnet +++ b/config/master/manifests.jsonnet @@ -155,10 +155,10 @@ local awsnode = { name: "aws-node", readinessProbe: { exec: { - command: ["/app/grpc-health-probe", "-addr=:50051", "-connect-timeout=2s", "-rpc-timeout=2s"], + command: ["/app/grpc-health-probe", "-addr=:50051", "-connect-timeout=5s", "-rpc-timeout=5s"], }, initialDelaySeconds: 1, - timeoutSeconds: 5, + timeoutSeconds: 10, }, livenessProbe: self.readinessProbe + { initialDelaySeconds: 60, @@ -196,7 +196,7 @@ local awsnode = { for kv in objectItems(self.env_) ], resources: { - requests: {cpu: "10m"}, + requests: {cpu: "25m"}, }, securityContext: { capabilities: {add: ["NET_ADMIN"]}, diff --git a/go.mod b/go.mod index 21ab04f74c..c690b97412 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/prometheus/client_model v0.2.0 github.com/prometheus/common v0.10.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.6.1 + github.com/stretchr/testify v1.8.0 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 go.uber.org/zap v1.15.0 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd @@ -75,7 +75,7 @@ require ( gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.20.1 // indirect k8s.io/component-base v0.20.2 // indirect k8s.io/klog/v2 v2.4.0 // indirect @@ -84,3 +84,7 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect sigs.k8s.io/yaml v1.2.0 // indirect ) + +replace ( + gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 => gopkg.in/yaml.v3 v3.0.1 +) diff --git a/go.sum b/go.sum index 23bd840250..a74e79af55 100644 --- a/go.sum +++ b/go.sum @@ -393,12 +393,15 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -729,8 +732,8 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/utils/eventrecorder/eventrecorder.go b/pkg/utils/eventrecorder/eventrecorder.go index c0668d16c1..9ebe831bc5 100644 --- a/pkg/utils/eventrecorder/eventrecorder.go +++ b/pkg/utils/eventrecorder/eventrecorder.go @@ -64,7 +64,6 @@ func InitEventRecorder(k8sClient client.Client) error { }) recorder.k8sClient = k8sClient eventRecorder = recorder - log.Infof("eventrecoder set:", eventRecorder.recorder) return nil } diff --git a/scripts/update-cni-images.sh b/scripts/update-cni-images.sh index 8415c785b9..2b7579d3d0 100755 --- a/scripts/update-cni-images.sh +++ b/scripts/update-cni-images.sh @@ -14,7 +14,7 @@ AWS_K8S_CNI_MANIFEST="$SCRIPTS_DIR/../config/master/aws-k8s-cni.yaml" MANIFEST_IMG_VERSION=`grep "image:" $AWS_K8S_CNI_MANIFEST | cut -d ":" -f3 | cut -d "\"" -f1 | head -1` # Replace the images in aws-k8s-cni.yaml with the tester images -echo "Replacing images in aws-k8s-cni manifest with \$AMAZON_K8S_CNI and \$AMAZON_K8S_CNI_INIT" +echo "Replacing images in aws-k8s-cni manifest with $AMAZON_K8S_CNI and $AMAZON_K8S_CNI_INIT" sed -i'.bak' "s,602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:$MANIFEST_IMG_VERSION,$AMAZON_K8S_CNI," "$AWS_K8S_CNI_MANIFEST" sed -i'.bak' "s,602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:$MANIFEST_IMG_VERSION,$AMAZON_K8S_CNI_INIT," "$AWS_K8S_CNI_MANIFEST" diff --git a/test/framework/resources/aws/services/iam.go b/test/framework/resources/aws/services/iam.go index 2a990faccc..d7d8d7e14e 100644 --- a/test/framework/resources/aws/services/iam.go +++ b/test/framework/resources/aws/services/iam.go @@ -37,6 +37,7 @@ type IAM interface { CreatePolicy(policyName string, policyDocument string) (*iam.CreatePolicyOutput, error) DeletePolicy(policyARN string) error GetInstanceProfile(instanceProfileName string) (*iam.GetInstanceProfileOutput, error) + ListPolicies(scope string) (*iam.ListPoliciesOutput, error) } type defaultIAM struct { @@ -84,6 +85,13 @@ func (d *defaultIAM) GetInstanceProfile(instanceProfileName string) (*iam.GetIns return d.IAMAPI.GetInstanceProfile(getInstanceProfileInput) } +func (d *defaultIAM) ListPolicies(scope string) (*iam.ListPoliciesOutput, error) { + listPolicyInput := &iam.ListPoliciesInput{ + Scope: aws.String(scope), + } + return d.IAMAPI.ListPolicies(listPolicyInput) +} + func NewIAM(session *session.Session) IAM { return &defaultIAM{ IAMAPI: iam.New(session), diff --git a/test/helm/charts/cni-metrics-helper/values.yaml b/test/helm/charts/cni-metrics-helper/values.yaml index 60591b6f37..ef5852f5a8 100644 --- a/test/helm/charts/cni-metrics-helper/values.yaml +++ b/test/helm/charts/cni-metrics-helper/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper pullPolicy: Always - tag: "v1.7.10" + tag: "v1.11.2" imagePullSecrets: [] nameOverride: "" @@ -56,7 +56,8 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -nodeSelector: {} +nodeSelector: + kubernetes.io/os: "linux" tolerations: [] diff --git a/test/integration/README.md b/test/integration/README.md index ad224b47f4..5502d07e94 100644 --- a/test/integration/README.md +++ b/test/integration/README.md @@ -38,6 +38,26 @@ ginkgo -v --failOnPending -- \ ``` ### cni-metrics-helper + +> #### Prerequisites: +> +> This test expects CNIMetricsHelperPolicy to be present in the test account. Create the policy with below permissions in the test account: + +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "cloudwatch:PutMetricData" + ], + "Resource": "*" + } + ] +} +``` + The CNI Metrics Helper Integration test uses helm to install the cni-metrics-helper. The helm charts are present in local test directory and if needed can be published to a repository. In order to test a custom image you need pass the following tags along with the tags discussed above. diff --git a/test/integration/ipamd/eni_ip_leak_test.go b/test/integration/ipamd/eni_ip_leak_test.go index 4446e0fc48..1c5947de0a 100644 --- a/test/integration/ipamd/eni_ip_leak_test.go +++ b/test/integration/ipamd/eni_ip_leak_test.go @@ -22,11 +22,6 @@ var numOfNodes int var _ = Describe("[CANARY] ENI/IP Leak Test", func() { Context("ENI/IP Released on Pod Deletion", func() { - BeforeEach(func() { - By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) - }) It("Verify that on Pod Deletion, ENI/IP State is restored", func() { // Set the WARM_ENI_TARGET to 0 to prevent all pods being scheduled on secondary ENI @@ -72,9 +67,6 @@ var _ = Describe("[CANARY] ENI/IP Leak Test", func() { }) AfterEach(func() { - By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) By("Restoring WARM ENI Target value") k8sUtils.RemoveVarFromDaemonSetAndWaitTillUpdated(f, "aws-node", "kube-system", diff --git a/test/integration/ipamd/eni_tag_test.go b/test/integration/ipamd/eni_tag_test.go index c8ab5a7e83..3bfa75fb90 100644 --- a/test/integration/ipamd/eni_tag_test.go +++ b/test/integration/ipamd/eni_tag_test.go @@ -39,9 +39,6 @@ var _ = Describe("test tags are created on Secondary ENI", func() { // sets the desired environment variables and gets the list of new ENIs created after setting // the environment variables JustBeforeEach(func() { - By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) // To re-initialize for each test case newENIs = []string{} @@ -84,9 +81,6 @@ var _ = Describe("test tags are created on Secondary ENI", func() { }) JustAfterEach(func() { - By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) envVarToRemove := map[string]struct{}{} for key, _ := range environmentVariables { diff --git a/test/integration/ipamd/introspection_test.go b/test/integration/ipamd/introspection_test.go index d31375a7be..178ee6b899 100644 --- a/test/integration/ipamd/introspection_test.go +++ b/test/integration/ipamd/introspection_test.go @@ -34,9 +34,6 @@ var _ = Describe("test Environment Variables for IPAMD Introspection ", func() { var curlJob *v1.Job JustBeforeEach(func() { - By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) // Initially the host networking job pod should succeed curlContainer = manifest.NewCurlContainer(). @@ -67,12 +64,6 @@ var _ = Describe("test Environment Variables for IPAMD Introspection ", func() { Expect(err).ToNot(HaveOccurred()) }) - JustAfterEach(func() { - By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) - }) - Context("when disabling introspection by setting DISABLE_INTROSPECTION to true", func() { It("introspection should not work anymore", func() { diff --git a/test/integration/ipamd/ipamd_suite_test.go b/test/integration/ipamd/ipamd_suite_test.go index 441302f4d6..c4b25b9e57 100644 --- a/test/integration/ipamd/ipamd_suite_test.go +++ b/test/integration/ipamd/ipamd_suite_test.go @@ -15,9 +15,11 @@ package ipamd import ( "testing" + "time" "github.com/aws/amazon-vpc-cni-k8s/test/framework" k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" + "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) @@ -30,6 +32,10 @@ func TestIPAMD(t *testing.T) { var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) + By("creating test namespace") + f.K8sResourceManagers.NamespaceManager(). + CreateNamespace(utils.DefaultTestNamespace) + nodeList, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal) Expect(err).ToNot(HaveOccurred()) @@ -43,4 +49,17 @@ var _ = BeforeSuite(func() { instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode) primaryInstance, err = f.CloudServices.EC2().DescribeInstance(instanceID) Expect(err).ToNot(HaveOccurred()) + + // Remove WARM_ENI_TARGET, WARM_IP_TARGET, MINIMUM_IP_TARGET and WARM_PREFIX_TARGET before running IPAMD tests + k8sUtils.RemoveVarFromDaemonSetAndWaitTillUpdated(f, "aws-node", "kube-system", + "aws-node", map[string]struct{}{"WARM_ENI_TARGET": {}, "WARM_IP_TARGET": {}, "MINIMUM_IP_TARGET": {}, "WARM_PREFIX_TARGET": {}}) + + // Allow reconciler to free up ENIs if any + time.Sleep(utils.PollIntervalLong) +}) + +var _ = AfterSuite(func() { + By("deleting test namespace") + f.K8sResourceManagers.NamespaceManager(). + DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) }) diff --git a/test/integration/ipamd/metrics_test.go b/test/integration/ipamd/metrics_test.go index facc6278ef..d967374956 100644 --- a/test/integration/ipamd/metrics_test.go +++ b/test/integration/ipamd/metrics_test.go @@ -32,18 +32,6 @@ var _ = Describe("test IPAMD metric environment variable", func() { // Job's output determines if the API is reachable or not var curlJob *v1.Job - JustBeforeEach(func() { - By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) - }) - - JustAfterEach(func() { - By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) - }) - Context("when metrics is disabled", func() { metricAddr := "127.0.0.1:61678/metrics" It("should not be accessible anymore", func() { diff --git a/test/integration/ipamd/warm_target_test_PD_enabled.go b/test/integration/ipamd/warm_target_test_PD_enabled.go index e115c588a7..7618ceac41 100644 --- a/test/integration/ipamd/warm_target_test_PD_enabled.go +++ b/test/integration/ipamd/warm_target_test_PD_enabled.go @@ -73,7 +73,6 @@ var _ = Describe("test warm target variables", func() { *primaryInstance.PrivateDnsName, pod.Status.PodIP, pod.Spec.NodeName)) if pod.Spec.NodeName == *primaryInstance.PrivateDnsName { assigned++ - break } } diff --git a/test/integration/metrics-helper/metric_helper_test.go b/test/integration/metrics-helper/metric_helper_test.go index b84c45d6a2..252d151dde 100644 --- a/test/integration/metrics-helper/metric_helper_test.go +++ b/test/integration/metrics-helper/metric_helper_test.go @@ -28,18 +28,6 @@ import ( var _ = Describe("test cni-metrics-helper publishes metrics", func() { - JustBeforeEach(func() { - By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) - }) - - JustAfterEach(func() { - By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) - }) - Context("when a metric is updated", func() { It("the updated metric is published to CW", func() { diff --git a/test/integration/metrics-helper/metrics_helper_suite_test.go b/test/integration/metrics-helper/metrics_helper_suite_test.go index e36d1218e1..8e8ea90f9e 100644 --- a/test/integration/metrics-helper/metrics_helper_suite_test.go +++ b/test/integration/metrics-helper/metrics_helper_suite_test.go @@ -14,13 +14,11 @@ package metrics_helper import ( - "encoding/json" "flag" "strings" "testing" "github.com/aws/amazon-vpc-cni-k8s/test/framework" - "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/aws/services" k8sUtil "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" @@ -54,7 +52,7 @@ const ( // Parse optional flags for setting the cni metrics helper image func init() { flag.StringVar(&imageRepository, "cni-metrics-helper-image-repo", "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper", "CNI Metrics Helper Image Repository") - flag.StringVar(&imageTag, "cni-metrics-helper-image-tag", "v1.7.10", "CNI Metrics Helper Image Tag") + flag.StringVar(&imageTag, "cni-metrics-helper-image-tag", "v1.11.2", "CNI Metrics Helper Image Tag") // Order in which we try fetch the keys and use it as CLUSTER_ID dimension clusterIDKeys = []string{ @@ -72,28 +70,11 @@ func TestCNIMetricsHelper(t *testing.T) { var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) - // Create a new policy with PutMetric Permission - policy := services.PolicyDocument{ - Version: "2012-10-17", - Statement: []services.StatementEntry{ - { - Effect: "Allow", - Action: []string{"cloudwatch:PutMetricData"}, - Resource: "*", - }, - }, - } - - b, err := json.Marshal(policy) - Expect(err).ToNot(HaveOccurred()) + By("creating test namespace") + f.K8sResourceManagers.NamespaceManager(). + CreateNamespace(utils.DefaultTestNamespace) - By("creating the CNIMetricsHelperPolicy policy") - createPolicyOutput, err := f.CloudServices.IAM(). - CreatePolicy("CNIMetricsHelperPolicy", string(b)) - Expect(err).ToNot(HaveOccurred()) - policyARN = *createPolicyOutput.Policy.Arn - - By("getting the node instance profile") + By("getting the node list") nodeList, err := f.K8sResourceManagers.NodeManager().GetAllNodes() Expect(err).ToNot(HaveOccurred()) Expect(len(nodeList.Items)).To(BeNumerically(">", 0)) @@ -133,9 +114,21 @@ var _ = BeforeSuite(func() { instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(instanceProfileRoleName) Expect(err).ToNot(HaveOccurred()) - By("attaching policy to the node IAM role") ngRoleName = *instanceProfileOutput.InstanceProfile.Roles[0].RoleName - By("attaching the node instance role") + By("attaching CNIMetricsHelperPolicy to the node IAM role") + + // We should ideally use the PathPrefix argument to list the policy, but this is returning an empty list. So workaround by listing local policies & filter + // SO issue: https://stackoverflow.com/questions/66287626/aws-cli-list-policies-to-find-a-policy-with-a-specific-name + policyList, err := f.CloudServices.IAM().ListPolicies("Local") + Expect(err).ToNot((HaveOccurred())) + + for _, item := range policyList.Policies { + if strings.Contains(*item.PolicyName, "CNIMetricsHelperPolicy") { + policyARN = *item.Arn + break + } + } + err = f.CloudServices.IAM().AttachRolePolicy(policyARN, ngRoleName) Expect(err).ToNot(HaveOccurred()) @@ -156,11 +149,11 @@ var _ = AfterSuite(func() { err = f.CloudServices.IAM().DetachRolePolicy(policyARN, ngRoleName) Expect(err).ToNot(HaveOccurred()) - By("deleting the CNIMetricsHelperPolicy policy") - err = f.CloudServices.IAM().DeletePolicy(policyARN) - Expect(err).ToNot(HaveOccurred()) - By("uninstalling cni-metrics-helper using helm") err := f.InstallationManager.UnInstallCNIMetricsHelper() Expect(err).ToNot(HaveOccurred()) + + By("deleting test namespace") + f.K8sResourceManagers.NamespaceManager(). + DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) })