Added API Server Connectivity Test.

orsenthil · Nov 25, 2023 · 0c0f341 · 0c0f341
1 parent 38a1fc7
commit 0c0f341
Show file tree

Hide file tree

Showing 2 changed files with 164 additions and 1 deletion.
diff --git a/test/framework/resources/k8s/manifest/container.go b/test/framework/resources/k8s/manifest/container.go
@@ -28,6 +28,7 @@ type Container struct {
 	probe           *v1.Probe
 	ports           []v1.ContainerPort
 	securityContext *v1.SecurityContext
+	Env             []v1.EnvVar
 }
 
 func NewBusyBoxContainerBuilder(testImageRegistry string) *Container {
@@ -101,6 +102,11 @@ func (w *Container) Command(cmd []string) *Container {
 	return w
 }
 
+func (w *Container) EnvVar(env []v1.EnvVar) *Container {
+	w.Env = env
+	return w
+}
+
 func (w *Container) Args(arg []string) *Container {
 	w.args = arg
 	return w
@@ -126,5 +132,6 @@ func (w *Container) Build() v1.Container {
 		LivenessProbe:   w.probe,
 		Ports:           w.ports,
 		SecurityContext: w.securityContext,
+		Env:             w.Env,
 	}
 }
diff --git a/test/integration/cni/pod_traffic_across_az_test.go b/test/integration/cni/pod_traffic_across_az_test.go
@@ -228,13 +228,163 @@ var _ = Describe("[STATIC_AZ] test pod networking", func() {
 
 })
 
+var _ = Describe("[STATIC_AZ] API Server Connectivity", func() {
+
+	var (
+		err        error
+		serverPort int
+		protocol   string
+
+		primaryNodeDaemonSet *v1.DaemonSet
+
+		// Map of Pods placed on primary/secondary ENI IP on primary node
+		interfaceToPodList common.InterfaceTypeToPodList
+
+		// Map of AZ name, string to pod IP, string
+		azName    string
+		azToPodIP map[string]string
+		azToPod   map[string]coreV1.Pod
+	)
+
+	JustBeforeEach(func() {
+		By("authorizing security group ingress on instance security group")
+		err = f.CloudServices.EC2().
+			AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
+		Expect(err).ToNot(HaveOccurred())
+
+		By("authorizing security group egress on instance security group")
+		err = f.CloudServices.EC2().
+			AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
+		Expect(err).ToNot(HaveOccurred())
+
+		serverContainer := manifest.
+			NewCurlContainer().
+			Command([]string{
+				"sleep",
+				"3600",
+			}).
+			EnvVar([]coreV1.EnvVar{
+				{
+					Name:  "APISERVER",
+					Value: "https://kubernetes.default.svc",
+				},
+			}).
+			Build()
+
+		By("creating a server DaemonSet on primary node")
+
+		primaryNodeDaemonSet = manifest.
+			NewDefaultDaemonsetBuilder().
+			Container(serverContainer).
+			PodLabel("role", "test").
+			Name("api-server-connectivity-daemonset").
+			Build()
+
+		_, err = f.K8sResourceManagers.DaemonSetManager().CreateAndWaitTillDaemonSetIsReady(primaryNodeDaemonSet, utils.DefaultDeploymentReadyTimeout)
+		Expect(err).ToNot(HaveOccurred())
+
+		By(fmt.Sprintf("getting the node with the node label key %s and value %s",
+			f.Options.NgNameLabelKey, f.Options.NgNameLabelVal))
+
+		nodes, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal)
+
+		Expect(err).ToNot(HaveOccurred())
+
+		azToPodIP = make(map[string]string)
+		azToPod = make(map[string]coreV1.Pod)
+
+		for i := range nodes.Items {
+			azName = nodes.Items[i].ObjectMeta.Labels["topology.kubernetes.io/zone"]
+			fmt.Println("AZ Name: ", azName)
+			interfaceToPodList = common.GetPodsOnPrimaryAndSecondaryInterface(nodes.Items[i], "role", "test", f)
+			if len(interfaceToPodList.PodsOnSecondaryENI) > 0 {
+				fmt.Println("Pod IP: ", interfaceToPodList.PodsOnSecondaryENI[0].Status.PodIP)
+				azToPodIP[azName] = interfaceToPodList.PodsOnSecondaryENI[0].Status.PodIP
+				azToPod[azName] = interfaceToPodList.PodsOnSecondaryENI[0]
+			}
+			if len(interfaceToPodList.PodsOnPrimaryENI) > 0 {
+				fmt.Println("Pod IP: ", interfaceToPodList.PodsOnPrimaryENI[0].Status.PodIP)
+				azToPodIP[azName] = interfaceToPodList.PodsOnPrimaryENI[0].Status.PodIP
+				azToPod[azName] = interfaceToPodList.PodsOnPrimaryENI[0]
+			}
+		}
+	})
+
+	JustAfterEach(func() {
+		By("revoking security group ingress on instance security group")
+		err = f.CloudServices.EC2().
+			RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
+		Expect(err).ToNot(HaveOccurred())
+
+		By("revoking security group egress on instance security group")
+		err = f.CloudServices.EC2().
+			RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0")
+		Expect(err).ToNot(HaveOccurred())
+
+		By("deleting the Daemonset.")
+	})
+
+	Context("when testing ICMP traffic", func() {
+		BeforeEach(func() {
+			protocol = "ICMP"
+			serverPort = 0
+		})
+
+		It("Should connect to the API Server", func() {
+			token_command := []string{
+				"cat",
+				"/var/run/secrets/kubernetes.io/serviceaccount/token",
+			}
+			token_value, stderr, err := RunCommandOnPod(azToPod["us-west-2a"], token_command)
+
+			if err != nil {
+				fmt.Println(err)
+				fmt.Println(stderr)
+			}
+
+			cacert_command := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+			bearer := fmt.Sprintf("Authorization: Bearer %s", token_value)
+			test_api_server_connectivity := []string{
+				"curl",
+				"--cacert",
+				cacert_command,
+				"--header",
+				bearer,
+				"-X",
+				"GET",
+				"https://kubernetes.default.svc/api",
+			}
+
+			for az1 := range azToPod {
+				fmt.Println("Testing API Server Connectivity from AZ \n", az1)
+
+				api_server_stdout, _, err := RunCommandOnPod(azToPod[az1], test_api_server_connectivity)
+
+				fmt.Println(api_server_stdout)
+
+				Expect(err).ToNot(HaveOccurred())
+
+				Expect(api_server_stdout).ToNot(BeEmpty())
+				Expect(api_server_stdout).To(ContainSubstring("APIVersions"))
+			}
+
+		})
+		BeforeEach(func() {
+			protocol = "ICMP"
+			serverPort = 0
+		})
+
+	})
+
+})
+
 func CheckConnectivityBetweenPods(azToPod map[string]coreV1.Pod, port int, testerExpectedStdOut string, testerExpectedStdErr string, getTestCommandFunc func(serverPod coreV1.Pod, port int) []string) {
 
 	By("checking connection on same node, primary to primary")
 
 	for az1 := range azToPod {
 		for az2 := range azToPod {
-			if az1 != az2 {
+			if az1 == az2 {
 				fmt.Printf("Testing Connectivity from Pod IP1 %s (%s) to Pod IP2 %s (%s) \n",
 					azToPod[az1].Status.PodIP, az1, azToPod[az2].Status.PodIP, az2)
 				testConnectivity(azToPod[az1], azToPod[az2], testerExpectedStdOut, testerExpectedStdErr, port, getTestCommandFunc)
@@ -243,6 +393,12 @@ func CheckConnectivityBetweenPods(azToPod map[string]coreV1.Pod, port int, teste
 	}
 }
 
+func RunCommandOnPod(receiverPod coreV1.Pod, command []string) (string, string, error) {
+	stdout, stderr, err := f.K8sResourceManagers.PodManager().
+		PodExec(receiverPod.Namespace, receiverPod.Name, command)
+	return stdout, stderr, err
+}
+
 func VerifyConnectivityForNegativeCase(azToPod map[string]coreV1.Pod, port int,
 	getTestCommandFunc func(receiverPod coreV1.Pod, port int) []string) {