Adding license header checker, added E2E testbed creation job

.prow.yaml

@@ -14,3 +14,51 @@ presubmits:
           args:
             - "--plugin-config=prow/config/plugins.yaml"
             - "--config-path=prow/config/config.yaml"
+  - name: e2e
+    annotations:
+    labels:
+    run_if_changed: 'E2E_instance.txt'
+    skip_report: false
+    decorate: true
+    cluster: default
+    extra_refs:
+      - org: nephio-project
+        repo: one-summit-22-workshop
+        path_alias: github.com/nephio-project/one-summit-22-workshop
+        base_ref: main
+    spec:
+      containers:
+        - image: "nephio/e2e:1"
+          command:
+            - "/bin/sh"
+          args:
+            - "-c"
+            - |
+              ls /home/prow/go/src/github.com/nephio-project/one-summit-22-workshop
+              cd e2e/terraform && terraform init && terraform plan && \
+              terraform apply -auto-approve && terraform destroy -auto-approve
+          volumeMounts:
+            - name: satoken
+              mountPath: /etc/satoken
+            - name: ssh-key-vol
+              mountPath: "/etc/ssh-key"
+          resources:
+            requests:
+              cpu: 2
+              memory: 2Gi
+      volumes:
+        - name: satoken
+          secret:
+            secretName: satoken
+            items:
+              - key: satoken
+                path: satoken
+        - name: ssh-key-vol
+          secret:
+            secretName: ssh-key-e2e
+            defaultMode: 256
+            items:
+              - key: id_rsa
+                path: id_rsa
+              - key: id_rsa.pub
+                path: id_rsa.pub

e2e/.gitignore

@@ -0,0 +1,4 @@
+terraform/.terraform.lock.hcl
+terraform/.terraform/
+terraform/terraform.tfstate
+terraform/terraform.tfstate.backup

e2e/README.md

@@ -0,0 +1,13 @@
+
+Create service account with rights to provision VMs, use key in JSON format. Create k8s secret from it:
+```
+kubectl create secret generic satoken --from-file=satoken=awesome-project-113111-18913905538b.json -n test-pods
+```
+Create ssh keypair:
+```
+ssh-keygen -t rsa -f ~/.ssh/gce_prow_lab -C ubuntu -b 2048
+```
+And make k8s secret out of it:
+```
+kubectl create secret generic ssh-key-e2e --from-file=id_rsa=/home/your_user/.ssh/gce_prow_lab --from-file=id_rsa.pub=/home/your_user/.ssh/gce_prow_lab.pub -n test-pods
+```

e2e/provision/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+log_path = deploy.log
+inventory = ./hosts.ini
+host_key_checking = False

e2e/provision/deploy_mk8s.yaml

@@ -0,0 +1,5 @@
+---
+- name: Deploy microk8s on host
+  hosts: all
+  roles:
+    - role: deploy_mk8s

e2e/provision/gce_run.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+sudo apt-get clean
+sudo apt-get update
+yes | sudo  NEEDRESTART_SUSPEND=1  DEBIAN_FRONTEND=noninteractive apt-get install python3.10-venv python3-pip -y
+
+python3 -m venv venv
+venv/bin/pip3 install ansible
+venv/bin/pip3 install jmespath
+venv/bin/ansible-galaxy collection install community.general
+venv/bin/ansible-galaxy collection install kubernetes.core
+
+cd /home/ubuntu/provision
+../venv/bin/ansible-playbook -e ansible_connection=local -e ansible_user=ubuntu -e os_user=ubuntu -e os_group=ubuntu deploy_mk8s.yaml

e2e/provision/hosts.ini

@@ -0,0 +1,2 @@
+[all]
+localhost ansible_user=ubuntu

e2e/provision/roles/deploy_mk8s/tasks/deploy_mk8s.yml

@@ -0,0 +1,114 @@
+- name: Set proxy
+  ansible.builtin.blockinfile:
+    path: /etc/environment
+    block: |
+      "{{ https_proxy }}"
+      "{{ http_proxy }}"
+      "{{ no_proxy }}"
+      "{{ https_proxy | upper }}"
+      "{{ http_proxy | upper }}"
+      "{{ no_proxy | upper }}"
+  when: proxy_enabled
+  become: true
+
+- name: Install microk8s
+  community.general.snap:
+    name: microk8s
+    classic: true
+    channel: "{{ microk8s_version }}"
+  become: true
+
+- name: Install kubectl
+  community.general.snap:
+    name: kubectl
+    classic: true
+    channel: "{{ kubectl_version }}"
+  become: true
+
+- name: Install make
+  ansible.builtin.apt:
+    name: make
+    state: present
+  become: true
+
+- name: Add user to microk8s group
+  ansible.builtin.user:
+    name: "{{ os_user }}"
+    groups: microk8s
+    append: true
+  become: true
+
+- name: Enable DNS addon in microk8s
+  ansible.builtin.command: microk8s enable dns
+  retries: 2
+  delay: 3
+  register: result_dns
+  until: result_dns.rc == 0
+  become: true
+  changed_when: "'Addon dns is already enabled.' not in result_dns.stdout"
+
+- name: Enable Storage addon in microk8s
+  ansible.builtin.command: microk8s enable storage
+  register: result_storage
+  become: true
+  changed_when: "'Addon storage is already enabled.' not in result_storage.stdout"
+
+- name: Increase max-pods value
+  ansible.builtin.lineinfile:
+    path: /var/snap/microk8s/current/args/kubelet
+    line: --max-pods=300
+    insertafter: EOF
+  become: true
+
+- name: Microk8s allow priviledged
+  ansible.builtin.lineinfile:
+    path: /var/snap/microk8s/current/args/kube-apiserver
+    line: --allow-privileged=true
+    insertafter: EOF
+  become: true
+
+- name: Restart microk8s services
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+  with_items:
+    - snap.microk8s.daemon-kubelet
+    - snap.microk8s.daemon-apiserver
+  become: true
+
+- name: Create kubectl config dir
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/.kube"
+    state: directory
+    mode: "0755"
+
+- name: Store kube config in variable
+  ansible.builtin.command:
+    cmd: microk8s.config
+  register: result_microk8sconfig
+  changed_when: "'token:' in result_microk8sconfig.stdout"
+  become: true
+
+- name: Copy a new kubectl config backing up the original if it differs
+  ansible.builtin.copy:
+    content: "{{ result_microk8sconfig.stdout }}"
+    dest: "{{ ansible_env.HOME }}/.kube/config"
+    owner: "{{ os_user }}"
+    group: "{{ os_group }}"
+    mode: "0600"
+    backup: true
+    remote_src: true
+  become: true
+
+- name: Download k9s
+  ansible.builtin.get_url:
+    url: https://github.com/derailed/k9s/releases/download/{{ k9s_version }}/k9s_Linux_amd64.tar.gz
+    dest: "{{ ansible_env.HOME }}"
+    mode: "700"
+
+- name: Deploy k9s
+  ansible.builtin.unarchive:
+    src: "{{ ansible_env.HOME }}/k9s_Linux_amd64.tar.gz"
+    dest: /usr/local/bin
+    remote_src: true
+  become: true

e2e/provision/roles/deploy_mk8s/tasks/main.yaml

@@ -0,0 +1,27 @@
+- name: Run playbook
+  block:
+    - name: "Including vars/defaults.yaml variables"
+      ansible.builtin.include_vars: "{{ playbook_dir }}/vars/defaults.yaml"
+      any_errors_fatal: true
+
+- name: Validating OS user is defined
+  ansible.builtin.assert:
+    that:
+      - "'os_user' in vars"
+    msg: "os_user is required and is not defined."
+
+- name: Validating OS group is defined
+  ansible.builtin.assert:
+    that:
+      - "'os_group' in vars"
+    msg: "os_group is required and is not defined."
+
+- name: Validating software versions are defined
+  ansible.builtin.assert:
+    that:
+      - "'microk8s_version' in vars"
+      - "'kubectl_version' in vars"
+    msg: "you have to define what versions of microk8s and kubectl you want to install"
+
+- name: Import playbook
+  ansible.builtin.import_tasks: tasks/deploy_mk8s.yml

e2e/provision/vars/defaults.yaml

@@ -0,0 +1,13 @@
+proxy_enabled: false
+https_proxy: https_proxy=http://squid.internal:3128
+http_proxy: http_proxy=http://squid.internal:3128
+no_proxy: no_proxy=10.1.0.0/16,10.152.183.0/24,127.0.0.1
+
+os_user: "ubuntu"
+os_group: "ubuntu"
+
+
+microk8s_version: 1.23/stable
+kubectl_version: 1.23/stable
+certmanager_version: v1.8.0
+k9s_version: v0.27.3

e2e/terraform/main.tf

@@ -0,0 +1,53 @@
+provider "google" {
+  project = var.project
+  region  = var.region
+  zone    = var.zone
+  credentials = "${file(var.credentials)}"
+}
+
+resource "google_compute_instance" "vm_instance" {
+  name         = "e2e-instance"
+  machine_type = var.instance
+  metadata = {
+  ssh-keys = "${var.ansible_user}:${file(var.ssh_pub_key)}"
+  }
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-2204-lts"
+    }
+  }
+
+  network_interface {
+    network = "default"
+    access_config {
+    }
+  }
+  provisioner "file" {
+    source      = "../provision"
+    destination = "/home/ubuntu/provision"
+    connection {
+    host        = self.network_interface[0].access_config[0].nat_ip
+    type        = "ssh"
+    private_key = "${file(var.ssh_prv_key)}"
+    user        = "${var.ansible_user}"
+    agent       = false
+  }
+
+  }
+
+  provisioner "remote-exec" {
+    connection {
+    host        = self.network_interface[0].access_config[0].nat_ip
+    type        = "ssh"
+    private_key = "${file(var.ssh_prv_key)}"
+    user        = "${var.ansible_user}"
+    agent       = false
+  }
+    inline = [
+               "chmod +x provision/gce_run.sh",
+               "provision/gce_run.sh"
+              ]
+  }
+
+}
+

e2e/terraform/output.tf

@@ -0,0 +1,4 @@
+output "instance_ips" {
+  value = "${join(" ", google_compute_instance.vm_instance.*.network_interface.0.access_config.0.nat_ip)}"
+  description = "The public IP address of the newly created instance"
+}

e2e/terraform/variables.tf

@@ -0,0 +1,31 @@
+variable "project" {
+    default = "pure-faculty-367518"
+}
+
+variable "region" {
+  default = "us-central1"
+}
+
+variable "zone" {
+    default = "us-central1-c"
+}
+
+variable "instance" {
+  default = "e2-standard-4"
+}
+
+variable "credentials" {
+  default = "/etc/satoken/satoken"
+}
+
+variable "ssh_prv_key" {
+  default = "/etc/ssh-key/id_rsa"
+}
+
+variable "ssh_pub_key" {
+  default = "/etc/ssh-key/id_rsa.pub"
+}
+
+variable "ansible_user" {
+  default = "ubuntu"
+}

images/e2e/Dockerfile

@@ -0,0 +1,6 @@
+FROM hashicorp/terraform:1.4.5
+RUN apk update && \
+    wget -c https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-427.0.0-linux-x86_64.tar.gz && \
+    tar xf /google-cloud-cli-427.0.0-linux-x86_64.tar.gz && \
+    apk add python3 && \
+    /google-cloud-sdk/install.sh -q

images/gotests/Dockerfile

@@ -3,4 +3,7 @@ FROM golang:1.20.3-alpine3.17
 RUN apk update && \
     apk add --no-cache make && \
     wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.52.2 && \
-    wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.15.0
+    wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.15.0 && \
+    go install github.com/google/addlicense@v1.1.1
+COPY checklicense.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/checklicense.sh

images/gotests/checklicense.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+echo "-------------------------------------"
+echo "Those files don't have license header"
+find . -type f -exec /go/bin/addlicense -check  {} \;
+echo "-------------------------------------"