Merge pull request #3648 from richardcase/1718_gc_add_e2e

feat: external load balancer garbage collection (part 4) - e2e tests

Author: k8s-ci-robot

Makefile

@@ -412,6 +412,14 @@ test-e2e: $(GINKGO) $(KIND) $(SSM_PLUGIN) $(KUSTOMIZE) generate-test-flavors e2e
 test-e2e-eks: generate-test-flavors  $(GINKGO) $(KIND) $(SSM_PLUGIN) $(KUSTOMIZE) e2e-image ## Run eks e2e tests
 	time $(GINKGO) -tags=e2e $(GINKGO_ARGS) ./test/e2e/suites/managed/... -- -config-path="$(E2E_EKS_CONF_PATH)" --source-template="$(EKS_SOURCE_TEMPLATE)" $(E2E_ARGS) $(EKS_E2E_ARGS)
 
+.PHONY: test-e2e-gc ## Run garbage collection e2e tests using clusterctl
+test-e2e-gc: generate-test-flavors  $(GINKGO) $(KIND) $(SSM_PLUGIN) $(KUSTOMIZE) e2e-image ## Run eks e2e tests
+	time $(GINKGO) -tags=e2e -focus="$(GINKGO_FOCUS)" -skip="$(GINKGO_SKIP)" $(GINKGO_ARGS) -p ./test/e2e/suites/gc_unmanaged/... -- -config-path="$(E2E_CONF_PATH)" $(E2E_ARGS)
+
+.PHONY: test-e2e-eks-gc ## Run EKS garbage collection e2e tests using clusterctl
+test-e2e-eks-gc: generate-test-flavors  $(GINKGO) $(KIND) $(SSM_PLUGIN) $(KUSTOMIZE) e2e-image ## Run eks e2e tests
+	time $(GINKGO) -tags=e2e -focus="$(GINKGO_FOCUS)" -skip="$(GINKGO_SKIP)" $(GINKGO_ARGS) ./test/e2e/suites/gc_managed/... -- -config-path="$(E2E_EKS_CONF_PATH)" --source-template="$(EKS_SOURCE_TEMPLATE)" $(E2E_ARGS) $(EKS_E2E_ARGS)
+
 
 CONFORMANCE_E2E_ARGS ?= -kubetest.config-file=$(KUBETEST_CONF_PATH)
 CONFORMANCE_E2E_ARGS += $(E2E_ARGS)
@@ -435,6 +443,8 @@ compile-e2e: ## Test e2e compilation
 	go test -c -o /dev/null -tags=e2e ./test/e2e/suites/unmanaged
 	go test -c -o /dev/null -tags=e2e ./test/e2e/suites/conformance
 	go test -c -o /dev/null -tags=e2e ./test/e2e/suites/managed
+	go test -c -o /dev/null -tags=e2e ./test/e2e/suites/gc_managed
+	go test -c -o /dev/null -tags=e2e ./test/e2e/suites/gc_unmanaged
 
 
 .PHONY: docker-pull-e2e-preloads

pkg/cloud/services/gc/service.go

@@ -60,9 +60,9 @@ func NewService(clusterScope cloud.ClusterScoper, opts ...ServiceOption) *Servic
 
 func addDefaultCleanupFuncs(s *Service) {
 	s.cleanupFuncs = []ResourceCleanupFunc{
-		s.deleteSecurityGroups,
 		s.deleteLoadBalancers,
 		s.deleteTargetGroups,
+		s.deleteSecurityGroups,
 	}
 }
 

scripts/ci-e2e-eks-gc.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################################################################################
+# usage: e2e.sh
+#  This program runs the e2e tests.
+#
+# ENVIRONMENT VARIABLES
+#  JANITOR_ENABLED
+#    Set to 1 to run the aws-janitor command after running the e2e tests.
+################################################################################
+
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${REPO_ROOT}" || exit 1
+
+# shellcheck source=../hack/ensure-go.sh
+source "${REPO_ROOT}/hack/ensure-go.sh"
+# shellcheck source=../hack/ensure-kind.sh
+source "${REPO_ROOT}/hack/ensure-kind.sh"
+# shellcheck source=../hack/ensure-kubectl.sh
+source "${REPO_ROOT}/hack/ensure-kubectl.sh"
+
+ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
+mkdir -p "$ARTIFACTS/logs/"
+
+# our exit handler (trap)
+cleanup() {
+  # stop boskos heartbeat
+  [[ -z ${HEART_BEAT_PID:-} ]] || kill -9 "${HEART_BEAT_PID}"
+}
+trap cleanup EXIT
+
+#Install requests module explicitly for HTTP calls
+python3 -m pip install requests
+
+# If BOSKOS_HOST is set then acquire an AWS account from Boskos.
+if [ -n "${BOSKOS_HOST:-}" ]; then
+  # Check out the account from Boskos and store the produced environment
+  # variables in a temporary file.
+  account_env_var_file="$(mktemp)"
+  python3 hack/boskos.py --get 1>"${account_env_var_file}"
+  checkout_account_status="${?}"
+
+  # If the checkout process was a success then load the account's
+  # environment variables into this process.
+  # shellcheck disable=SC1090
+  [ "${checkout_account_status}" = "0" ] && . "${account_env_var_file}"
+
+  # Always remove the account environment variable file. It contains
+  # sensitive information.
+  rm -f "${account_env_var_file}"
+
+  if [ ! "${checkout_account_status}" = "0" ]; then
+    echo "error getting account from boskos" 1>&2
+    exit "${checkout_account_status}"
+  fi
+
+  # run the heart beat process to tell boskos that we are still
+  # using the checked out account periodically
+  python3 -u hack/boskos.py --heartbeat >>$ARTIFACTS/logs/boskos.log 2>&1 &
+  HEART_BEAT_PID=$(echo $!)
+fi
+
+# Prevent a disallowed AWS key from being used.
+if grep -iqF "$(echo "${AWS_ACCESS_KEY_ID-}" |
+  { md5sum 2>/dev/null || md5; } |
+  awk '{print $1}')" hack/e2e-aws-disallowed.txt; then
+  echo "The provided AWS key is not allowed" 1>&2
+  exit 1
+fi
+
+EXP_EXTERNAL_RESOURCE_GC="true" GC_WORKLOAD="../../data/gcworkload.yaml" make test-e2e-eks-gc ARTIFACTS=$ARTIFACTS
+
+test_status="${?}"
+
+# If Boskos is being used then release the AWS account back to Boskos.
+[ -z "${BOSKOS_HOST:-}" ] || python3 -u hack/boskos.py --release
+
+# The janitor is typically not run as part of the e2e process, but rather
+# in a parallel process via a service on the same cluster that runs Prow and
+# Boskos.
+#
+# However, setting JANITOR_ENABLED=1 tells this program to run the janitor
+# after the e2e test is executed.
+if [ "${JANITOR_ENABLED:-0}" = "1" ]; then
+  if ! command -v aws-janitor >/dev/null 2>&1; then
+    echo "skipping janitor; aws-janitor not found" 1>&2
+  else
+    aws-janitor -all -v 2
+  fi
+else
+  echo "skipping janitor; JANITOR_ENABLED=${JANITOR_ENABLED:-0}" 1>&2
+fi
+
+exit "${test_status}"

scripts/ci-e2e-gc.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################################################################################
+# usage: e2e.sh
+#  This program runs the e2e tests.
+#
+# ENVIRONMENT VARIABLES
+#  JANITOR_ENABLED
+#    Set to 1 to run the aws-janitor command after running the e2e tests.
+################################################################################
+
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${REPO_ROOT}" || exit 1
+
+# shellcheck source=../hack/ensure-go.sh
+source "${REPO_ROOT}/hack/ensure-go.sh"
+# shellcheck source=../hack/ensure-kind.sh
+source "${REPO_ROOT}/hack/ensure-kind.sh"
+# shellcheck source=../hack/ensure-kubectl.sh
+source "${REPO_ROOT}/hack/ensure-kubectl.sh"
+
+ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
+mkdir -p "$ARTIFACTS/logs/"
+
+# our exit handler (trap)
+cleanup() {
+  # stop boskos heartbeat
+  [[ -z ${HEART_BEAT_PID:-} ]] || kill -9 "${HEART_BEAT_PID}"
+}
+trap cleanup EXIT
+
+#Install requests module explicitly for HTTP calls
+python3 -m pip install requests
+
+# If BOSKOS_HOST is set then acquire an AWS account from Boskos.
+if [ -n "${BOSKOS_HOST:-}" ]; then
+  # Check out the account from Boskos and store the produced environment
+  # variables in a temporary file.
+  account_env_var_file="$(mktemp)"
+  python3 hack/boskos.py --get 1>"${account_env_var_file}"
+  checkout_account_status="${?}"
+
+  # If the checkout process was a success then load the account's
+  # environment variables into this process.
+  # shellcheck disable=SC1090
+  [ "${checkout_account_status}" = "0" ] && . "${account_env_var_file}"
+
+  # Always remove the account environment variable file. It contains
+  # sensitive information.
+  rm -f "${account_env_var_file}"
+
+  if [ ! "${checkout_account_status}" = "0" ]; then
+    echo "error getting account from boskos" 1>&2
+    exit "${checkout_account_status}"
+  fi
+
+  # run the heart beat process to tell boskos that we are still
+  # using the checked out account periodically
+  python3 -u hack/boskos.py --heartbeat >>$ARTIFACTS/logs/boskos.log 2>&1 &
+  HEART_BEAT_PID=$(echo $!)
+fi
+
+# Prevent a disallowed AWS key from being used.
+if grep -iqF "$(echo "${AWS_ACCESS_KEY_ID-}" |
+  { md5sum 2>/dev/null || md5; } |
+  awk '{print $1}')" hack/e2e-aws-disallowed.txt; then
+  echo "The provided AWS key is not allowed" 1>&2
+  exit 1
+fi
+
+EXP_EXTERNAL_RESOURCE_GC="true" GC_WORKLOAD="../../data/gcworkload.yaml" make test-e2e-gc ARTIFACTS=$ARTIFACTS
+
+test_status="${?}"
+
+# If Boskos is being used then release the AWS account back to Boskos.
+[ -z "${BOSKOS_HOST:-}" ] || python3 -u hack/boskos.py --release
+
+# The janitor is typically not run as part of the e2e process, but rather
+# in a parallel process via a service on the same cluster that runs Prow and
+# Boskos.
+#
+# However, setting JANITOR_ENABLED=1 tells this program to run the janitor
+# after the e2e test is executed.
+if [ "${JANITOR_ENABLED:-0}" = "1" ]; then
+  if ! command -v aws-janitor >/dev/null 2>&1; then
+    echo "skipping janitor; aws-janitor not found" 1>&2
+  else
+    aws-janitor -all -v 2
+  fi
+else
+  echo "skipping janitor; JANITOR_ENABLED=${JANITOR_ENABLED:-0}" 1>&2
+fi
+
+exit "${test_status}"

test/e2e/data/e2e_conf.yaml

@@ -197,6 +197,7 @@ variables:
   MULTI_TENANCY_ROLE_NAME: "multi-tenancy-role"
   MULTI_TENANCY_NESTED_ROLE_NAME: "multi-tenancy-nested-role"
   IP_FAMILY: "IPv4"
+  CAPA_LOGLEVEL: "4"
   # Enabling the feature flags by setting the env variables.
   EXP_CLUSTER_RESOURCE_SET: "true"
   EXP_MACHINE_POOL: "true"
@@ -226,3 +227,5 @@ intervals:
   default/wait-machine-pool-upgrade: [ "50m", "10s" ]
   default/wait-create-identity: ["1m", "10s"]
   default/wait-job: ["10m", "10s"]
+  default/wait-deployment-ready: ["5m", "10s"]
+  default/wait-loadbalancer-ready: ["5m", "30s"]

test/e2e/data/e2e_eks_conf.yaml

@@ -188,6 +188,7 @@ variables:
   CONFORMANCE_CI_ARTIFACTS_KUBERNETES_VERSION: "1.22.9"
   AUTO_CONTROLLER_IDENTITY_CREATOR: "false"
   IP_FAMILY: "IPv4"
+  CAPA_LOGLEVEL: "4"
 
 intervals:
   default/wait-cluster: ["30m", "10s"]
@@ -204,3 +205,5 @@ intervals:
   default/wait-control-plane-upgrade: ["35m", "30s"]
   default/wait-addon-status: ["10m", "30s"]
   default/wait-create-identity: ["1m", "10s"]
+  default/wait-deployment-ready: ["5m", "10s"]
+  default/wait-loadbalancer-ready: ["5m", "30s"]