Add native registry login tests for EKS, AKS and GKE #275
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jun 21, 2022
darkowlzz
force-pushed
the
cloud-e2e-test
branch
3 times, most recently
from
7804f22 to
ce83335
Compare
darkowlzz
changed the title
darkowlzz
force-pushed
the
cloud-e2e-test
branch
from
ce83335 to
640d2d9
Compare
|
Posting some results to provide an idea of what it looks like when run. With # AWS
export AWS_ACCESS_KEY_ID=<redacted>
export AWS_SECRET_ACCESS_KEY=<redacted>
export AWS_REGION=us-east-2
# Azure
export TF_VAR_azure_location=eastus
# GCP
export TF_VAR_gcp_project_id=<redacted>
# export TF_VAR_gcp_region=us-central1
# export TF_VAR_gcp_zone=us-central1-c
# Leave GCR region empty to use gcr.io. Else set it to `us`, `eu` or `asia`.
# export TF_VAR_gcr_region=and aws: $ make test-aws
make test PROVIDER_ARG="-provider aws"
make[1]: Entering directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration'
cp kustomization.yaml build/flux
cd build/flux && kustomize edit set image fluxcd/image-reflector-controller=fluxcd/image-reflector-controller
kustomize build build/flux > build/flux.yaml
go test -timeout 30m -v ./... -provider aws
2022/06/23 02:53:59 Terraform binary: /usr/bin/terraform
2022/06/23 02:53:59 Init Terraform
2022/06/23 02:54:05 Checking for an empty Terraform state
2022/06/23 02:54:07 Applying Terraform
2022/06/23 03:08:34 pushing test image z.dkr.ecr.us-east-2.amazonaws.com/flux-test-repo-peaceful-ghost:v0.1.0
2022/06/23 03:08:38 pushing test image z.dkr.ecr.us-east-2.amazonaws.com/flux-test-repo-peaceful-ghost:v0.1.2
2022/06/23 03:08:41 pushing test image z.dkr.ecr.us-east-2.amazonaws.com/flux-test-repo-peaceful-ghost:v0.1.3
2022/06/23 03:08:44 pushing test image z.dkr.ecr.us-east-2.amazonaws.com/flux-test-repo-peaceful-ghost:v0.1.4
2022/06/23 03:08:47 Installing flux
=== RUN TestImageRepositoryScan
=== RUN TestImageRepositoryScan/ecr
--- PASS: TestImageRepositoryScan (2.01s)
--- PASS: TestImageRepositoryScan/ecr (2.01s)
PASS
2022/06/23 03:09:20 Destroying environment...
ok github.com/fluxcd/image-reflector-controller/tests/integration 1592.611s
make[1]: Leaving directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration'azure: $ make test-azure
make test PROVIDER_ARG="-provider azure"
make[1]: Entering directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration'
cp kustomization.yaml build/flux
cd build/flux && kustomize edit set image fluxcd/image-reflector-controller=fluxcd/image-reflector-controller
kustomize build build/flux > build/flux.yaml
go test -timeout 30m -v ./... -provider azure
2022/06/23 03:23:50 Terraform binary: /usr/bin/terraform
2022/06/23 03:23:50 Init Terraform
2022/06/23 03:23:52 Checking for an empty Terraform state
2022/06/23 03:23:52 Applying Terraform
2022/06/23 03:29:34 pushing test image fluxtestrepomovingotick.azurecr.io/vynz8:v0.1.0
2022/06/23 03:29:38 pushing test image fluxtestrepomovingotick.azurecr.io/vynz8:v0.1.2
2022/06/23 03:29:40 pushing test image fluxtestrepomovingotick.azurecr.io/vynz8:v0.1.3
2022/06/23 03:29:42 pushing test image fluxtestrepomovingotick.azurecr.io/vynz8:v0.1.4
2022/06/23 03:29:45 Installing flux
=== RUN TestImageRepositoryScan
=== RUN TestImageRepositoryScan/acr
--- PASS: TestImageRepositoryScan (3.36s)
--- PASS: TestImageRepositoryScan/acr (3.36s)
PASS
2022/06/23 03:30:16 Destroying environment...
ok github.com/fluxcd/image-reflector-controller/tests/integration 749.433s
make[1]: Leaving directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration'gcp: $ make test-gcp
make test PROVIDER_ARG="-provider gcp"
make[1]: Entering directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration'
cp kustomization.yaml build/flux
cd build/flux && kustomize edit set image fluxcd/image-reflector-controller=fluxcd/image-reflector-controller
kustomize build build/flux > build/flux.yaml
go test -timeout 30m -v ./... -provider gcp
2022/06/23 03:39:18 Terraform binary: /usr/bin/terraform
2022/06/23 03:39:18 Init Terraform
2022/06/23 03:39:22 Checking for an empty Terraform state
2022/06/23 03:39:23 Applying Terraform
2022/06/23 03:44:37 pushing test image gcr.io/z/ik9ar:v0.1.0
2022/06/23 03:44:46 pushing test image gcr.io/z/ik9ar:v0.1.2
2022/06/23 03:44:54 pushing test image gcr.io/z/ik9ar:v0.1.3
2022/06/23 03:45:02 pushing test image gcr.io/z/ik9ar:v0.1.4
2022/06/23 03:45:10 pushing test image us-central1-docker.pkg.dev/z/flux-test-repo-helpful-kangaroo/8y697:v0.1.0
2022/06/23 03:45:19 pushing test image us-central1-docker.pkg.dev/z/flux-test-repo-helpful-kangaroo/8y697:v0.1.2
2022/06/23 03:45:26 pushing test image us-central1-docker.pkg.dev/z/flux-test-repo-helpful-kangaroo/8y697:v0.1.3
2022/06/23 03:45:32 pushing test image us-central1-docker.pkg.dev/z/flux-test-repo-helpful-kangaroo/8y697:v0.1.4
2022/06/23 03:45:38 Installing flux
=== RUN TestImageRepositoryScan
=== RUN TestImageRepositoryScan/gcr
=== RUN TestImageRepositoryScan/artifact_registry
--- PASS: TestImageRepositoryScan (9.11s)
--- PASS: TestImageRepositoryScan/gcr (8.29s)
--- PASS: TestImageRepositoryScan/artifact_registry (0.82s)
PASS
2022/06/23 03:46:17 Destroying environment...
ok github.com/fluxcd/image-reflector-controller/tests/integration 568.476s
make[1]: Leaving directory '/home/go/src/github.com/fluxcd/image-reflector-controller/tests/integration' |
darkowlzz
force-pushed
the
cloud-e2e-test
branch
from
640d2d9 to
780bf84
Compare
pjbgf
reviewed
Jun 28, 2022
pjbgf
reviewed
Jun 28, 2022
pjbgf
reviewed
Jun 28, 2022
pjbgf
reviewed
Jun 28, 2022
darkowlzz
force-pushed
the
cloud-e2e-test
branch
from
780bf84 to
3a2b472
Compare
pjbgf
reviewed
Jun 29, 2022
pjbgf
reviewed
Jun 29, 2022
|
This looks really good but I think some of these things would be good to share with the Azure E2E tests. Maybe we should move some of the packages to pkg instead? |
@phillebaba yes, that's the plan after getting these changes reviewed, accepted and merged here initially. |
phillebaba
reviewed
Jul 6, 2022
| role_based_access_control_enabled = true | ||
| network_profile { | ||
| network_plugin = "kubenet" | ||
| network_policy = "calico" |
There was a problem hiding this comment.
Any reason for choosing kubenet and calico for Azure CNI? Don't think it really matters but the default value when creating and AKS cluster is to use Azure CNI.
There was a problem hiding this comment.
Azure CNI does not work with Flux network policies, using Calico matches flux2 e2e tests.
phillebaba
approved these changes
Jul 6, 2022
tftestenv is similar to testenv but uses terraform to create test environment. It provides helpers to run terraform apply and destroy in the test context and a few other helpers for executing commands. Signed-off-by: Sunny <darkowlzz@protonmail.com>
Use tftestenv to create tests similar to the controller tests but with EKS cluster provisioned using terraform. The test setup is written similar to the usual controller test suite_test.go, providing flexibility in the test setup and execution. The structure tries to keep the infrastructure code separate from the test code such that the infrastructure provisioning tool can be easily replaced, without the need to change the actual tests. The go tests are also written similar to the usual controller tests, with a kube client from the tftestenv environment global variable. Terraform is automatically downloaded using the terraform-exec package. The test container images are generated using the go-containerregistry package and pushed to the test container image repository. Co-authored-by: Somtochi Onyekwere <somtochionyekwere@gmail.com> Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add azure as a new provider to provision infrastructure and test against. Unlike aws, azurerm terraform provider doesn't provide a way to natively configure the region/location. To work around that, a terraform variable `azure_location` is used, which can be configured by environment variable `TF_VAR_azure_location`, added in .env.sample. Unlike AWS ECR, Azure ACR requires creating a new container registry which creates dynamic repositories on push, similar to docker hub. The registry login code handles that and sets randomly generated repository names. Co-authored-by: Somtochi Onyekwere <somtochionyekwere@gmail.com> Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add GCP as a new provider to provision infrastructure and test against. GCP has Google Container Registry and Artifact Registry for storing images. The test setup provisions and pushes images to both and tests them both. The GKE node pool is configured with OAuth Scope to provide full access to the GCP APIs. Workload identity is not used to avoid increasing the complixity of the setup. Co-authored-by: Somtochi Onyekwere <somtochionyekwere@gmail.com> Signed-off-by: Sunny <darkowlzz@protonmail.com>
|
Rebased and verified that it works with go 1.18. |
hiddeco
approved these changes
Jul 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It introduces a new package
tftestenv. It is similar to testenv but usesterraform to create test environment. It provides helpers to run terraform
apply and destroy in the test context.
tftestenvis used to create tests similar to the controller tests but withcloud provider managed cluster provisioned using terraform. The test
setup is written similar to the usual controller test suite_test.go,
providing flexibility in the test setup and execution. The structure tries
to keep the infrastructure code separate from the test code such that
the infrastructure provisioning tool can be easily replaced, without the
need to change the actual tests.
The go tests are also written similar to the usual controller tests,
with a kube client from the tftestenv environment global variable.
Terraform is automatically downloaded using the terraform-exec package.
The test container images are generated using the go-containerregistry
package and pushed to the test container image repository.
tests/integration/README.mdcontains more details about the test setup and workflow.The terraform configurations for EKS is based on https://github.com/terraform-aws-modules/terraform-aws-eks/tree/6bb73bbdd469797cb067e9aa22ce2f31a7fb22be/examples/self_managed_node_group .
The terraform configurations for AKS is based on https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster .
The terraform configurations for GKE is based on the official GKE terraform provider examples https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster with Terraform Kubernetes Engine Auth Module to be able to easily retrieve the kubeconfig. Both GCR and Artifact Registry are tested.
Average test duration including provisioning and cleanup time:
We may be able to optimize some configurations to bring down the time of EKS and AKS in the future.
Part of #264.