Merge pull request #981 from shiftstack/upstream-tests

✨Enhancements for running E2E tests locally

Author: k8s-ci-robot

Containerfile

@@ -0,0 +1,61 @@
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Containerfile for podman
+#
+# Ideally we would just use Dockerfile to avoid maintaining 2 files. However,
+# the Dockerfile is currently using some features [1] that podman doesn't
+# support.  We should aim to re-merge these files eventually. In the meantime
+# we need to keep them consistent.
+#
+# [1] * RUN --mount=type=...
+#     * podman can't pull dockerfile:1.1-experimental: unsupported docker v2s2
+#         media type: "application/vnd.oci.image.layer.v1.tar+gzip"
+
+# Build the manager binary
+FROM golang:1.16.0 as builder
+WORKDIR /workspace
+
+# Run this with docker build --build_arg goproxy=$(go env GOPROXY) to override the goproxy
+ARG goproxy=https://proxy.golang.org
+ENV GOPROXY=$goproxy
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# Cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the sources
+COPY ./ ./
+
+# Build
+ARG package=.
+ARG ARCH
+ARG ldflags
+
+# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
+    go build -ldflags "${ldflags} -extldflags '-static'" \
+    -o manager ${package}
+
+# Production image
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
+USER 65532
+ENTRYPOINT ["/manager"]

Dockerfile

@@ -34,11 +34,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # Copy the sources
 COPY ./ ./
 
-# Cache the go build into the the Go’s compiler cache folder so we take benefits of compiler caching across docker build calls
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg/mod \
-    go build .
-
 # Build
 ARG package=.
 ARG ARCH

Makefile

@@ -57,6 +57,13 @@ PATH := $(abspath $(TOOLS_BIN_DIR)):$(PATH)
 DOCKER_CLI_EXPERIMENTAL=enabled
 DOCKER_BUILDKIT=1
 
+PODMAN ?= 0
+ifeq ($(PODMAN), 1)
+	CONTAINERFILE ?= Containerfile
+else
+	CONTAINERFILE ?= Dockerfile
+endif
+
 # Release variables
 
 STAGING_REGISTRY := gcr.io/k8s-staging-capi-openstack
@@ -76,6 +83,7 @@ ALL_ARCH ?= amd64 arm arm64 ppc64le s390x
 # main controller
 IMAGE_NAME ?= capi-openstack-controller
 CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
+CONTROLLER_IMG_TAG ?= $(CONTROLLER_IMG)-$(ARCH):$(TAG)
 CONTROLLER_ORIGINAL_IMG := gcr.io/k8s-staging-capi-openstack/capi-openstack-controller
 CONTROLLER_NAME := capo-controller-manager
 MANIFEST_FILE := infrastructure-components
@@ -99,6 +107,9 @@ LDFLAGS := $(shell source ./hack/version.sh; version::ldflags)
 ## Testing
 ## --------------------------------------
 
+# The number of ginkgo tests to run concurrently
+E2E_GINKGO_PARALLEL=2
+
 E2E_ARGS ?=
 
 $(ARTIFACTS):
@@ -113,12 +124,21 @@ test: ## Run tests
 # E2E_GINKGO_ARGS="-stream -focus='default'" E2E_ARGS="-use-existing-cluster='true'" make test-e2e
 E2E_GINKGO_ARGS ?= -stream
 .PHONY: test-e2e ## Run e2e tests using clusterctl
-test-e2e: $(GINKGO) $(KIND) $(KUSTOMIZE) e2e-image ## Run e2e tests
-	time $(GINKGO) -trace -progress -v -tags=e2e --nodes=2 $(E2E_GINKGO_ARGS) ./test/e2e/suites/e2e/... -- -config-path="$(E2E_CONF_PATH)" -artifacts-folder="$(ARTIFACTS)" --data-folder="$(E2E_DATA_DIR)" $(E2E_ARGS)
+test-e2e: $(GINKGO) $(KIND) $(KUSTOMIZE) e2e-image test-e2e-image-prerequisites ## Run e2e tests
+	time $(GINKGO) -trace -progress -v -tags=e2e --nodes=$(E2E_GINKGO_PARALLEL) $(E2E_GINKGO_ARGS) ./test/e2e/suites/e2e/... -- -config-path="$(E2E_CONF_PATH)" -artifacts-folder="$(ARTIFACTS)" --data-folder="$(E2E_DATA_DIR)" $(E2E_ARGS)
 
 .PHONY: e2e-image
-e2e-image: docker-pull-prerequisites
-	docker build -f Dockerfile --tag="gcr.io/k8s-staging-capi-openstack/capi-openstack-controller:e2e" .
+e2e-image: CONTROLLER_IMG_TAG = "gcr.io/k8s-staging-capi-openstack/capi-openstack-controller:e2e"
+e2e-image: docker-build
+
+# Pull all the images references in test/e2e/data/e2e_conf.yaml
+test-e2e-image-prerequisites:
+	docker pull gcr.io/k8s-staging-cluster-api/cluster-api-controller:v0.4.0
+	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:v0.4.0
+	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v0.4.0
+	docker pull quay.io/jetstack/cert-manager-cainjector:v1.1.0
+	docker pull quay.io/jetstack/cert-manager-webhook:v1.1.0
+	docker pull quay.io/jetstack/cert-manager-controller:v1.1.0
 
 CONFORMANCE_E2E_ARGS ?= -kubetest.config-file=$(KUBETEST_CONF_PATH)
 CONFORMANCE_E2E_ARGS += $(E2E_ARGS)
@@ -207,15 +227,15 @@ generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc.
 
 .PHONY: docker-build
 docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager
-	docker build --build-arg goproxy=$(GOPROXY) --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CONTROLLER_IMG)-$(ARCH):$(TAG)
+	docker build -f $(CONTAINERFILE) --build-arg goproxy=$(GOPROXY) --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CONTROLLER_IMG_TAG)
 
 .PHONY: docker-push
 docker-push: ## Push the docker image
-	docker push $(CONTROLLER_IMG)-$(ARCH):$(TAG)
+	docker push $(CONTROLLER_IMG_TAG)
 
 .PHONY: docker-pull-prerequisites
 docker-pull-prerequisites:
-	docker pull docker.io/docker/dockerfile:1.1-experimental
+	[ "$(PODMAN)" -eq 0 ] && docker pull docker.io/docker/dockerfile:1.1-experimental
 	docker pull docker.io/library/golang:$(GOLANG_VERSION)
 	docker pull gcr.io/distroless/static:latest
 

docs/book/src/clusteropenstack/configuration.md

@@ -133,7 +133,7 @@ When running CAPO with `--v=6` the gophercloud client logs its requests to the O
 
 ## External network
 
-External network is automatically found, but you can specify the external network explicitly by `spec.externalNetworkId` of `OpenStackCluster`.
+If there is only a single external network it will be detected automatically. If there is more than one external network you can specify which one the cluster should use by setting the environment variable `OPENSTACK_EXTERNAL_NETWORK_ID`.
 
 The public network id can be obtained by using command,
 

templates/cluster-template-external-cloud-provider.yaml

@@ -31,6 +31,7 @@ spec:
   nodeCidr: 10.6.0.0/24
   dnsNameservers:
   - ${OPENSTACK_DNS_NAMESERVERS}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

templates/cluster-template-without-lb.yaml

@@ -30,6 +30,7 @@ spec:
   nodeCidr: 10.6.0.0/24
   dnsNameservers:
   - ${OPENSTACK_DNS_NAMESERVERS}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

templates/cluster-template.yaml

@@ -31,6 +31,7 @@ spec:
   nodeCidr: 10.6.0.0/24
   dnsNameservers:
   - ${OPENSTACK_DNS_NAMESERVERS}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

test/e2e/data/e2e_conf.yaml

@@ -108,6 +108,7 @@ variables:
   OPENSTACK_IMAGE_NAME: "ubuntu-2004-kube-v1.18.15"
   OPENSTACK_NODE_MACHINE_FLAVOR: "m1.small"
   OPENSTACK_SSH_KEY_NAME: "cluster-api-provider-openstack-sigs-k8s-io"
+  OPENSTACK_EXTERNAL_NETWORK_ID: ""
   CONFORMANCE_WORKER_MACHINE_COUNT: "5"
   CONFORMANCE_CONTROL_PLANE_MACHINE_COUNT: "1"
 

test/e2e/data/infrastructure-openstack/cluster-template-external-cloud-provider.yaml

@@ -40,6 +40,7 @@ spec:
       flavor: ${OPENSTACK_BASTION_MACHINE_FLAVOR}
       image: ${OPENSTACK_BASTION_IMAGE_NAME}
       sshKeyName: ${OPENSTACK_SSH_KEY_NAME}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

test/e2e/data/infrastructure-openstack/cluster-template-without-lb.yaml

@@ -38,6 +38,7 @@ spec:
       flavor: ${OPENSTACK_BASTION_MACHINE_FLAVOR}
       image: ${OPENSTACK_BASTION_IMAGE_NAME}
       sshKeyName: ${OPENSTACK_SSH_KEY_NAME}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

test/e2e/data/infrastructure-openstack/cluster-template.yaml

@@ -39,6 +39,7 @@ spec:
       flavor: ${OPENSTACK_BASTION_MACHINE_FLAVOR}
       image: ${OPENSTACK_BASTION_IMAGE_NAME}
       sshKeyName: ${OPENSTACK_SSH_KEY_NAME}
+  externalNetworkId: ${OPENSTACK_EXTERNAL_NETWORK_ID}
 ---
 kind: KubeadmControlPlane
 apiVersion: controlplane.cluster.x-k8s.io/v1alpha4

test/e2e/shared/openstack.go

@@ -228,6 +228,8 @@ type AuthOpts struct {
 	TenantName string `ini:"tenant-name"`
 	DomainID   string `ini:"domain-id"`
 	DomainName string `ini:"domain-name"`
+
+	// In-tree cloud provider will fail to start if these are present
 	// TenantDomainID   string `ini:"tenant-domain-id"`
 	// TenantDomainName string `ini:"tenant-domain-name"`
 	// UserDomainID     string `ini:"user-domain-id"`
@@ -251,18 +253,45 @@ func getEncodedOpenStackCloudYAML(cloudYAML string) string {
 func getEncodedOpenStackCloudProviderConf(cloudYAML, cloudName string) string {
 	clouds := getParsedOpenStackCloudYAML(cloudYAML)
 	cloud := clouds.Clouds[cloudName]
+
+	authopts := AuthOpts{
+		AuthURL:    cloud.AuthInfo.AuthURL,
+		UserID:     cloud.AuthInfo.UserID,
+		Username:   cloud.AuthInfo.Username,
+		Password:   cloud.AuthInfo.Password,
+		TenantID:   cloud.AuthInfo.ProjectID,
+		TenantName: cloud.AuthInfo.ProjectName,
+		Region:     cloud.RegionName,
+	}
+
+	// In-tree OpenStack cloud provider does not support
+	// {Tenant,User}Domain{ID,Name}, but external cloud provider does.
+	// Here we manually set Domain{ID,Name} depending on the most specific config available
+	switch {
+	case cloud.AuthInfo.UserDomainID != "":
+		authopts.DomainID = cloud.AuthInfo.UserDomainID
+	case cloud.AuthInfo.UserDomainName != "":
+		authopts.DomainName = cloud.AuthInfo.UserDomainName
+	case cloud.AuthInfo.ProjectDomainID != "":
+		authopts.DomainID = cloud.AuthInfo.UserDomainID
+	case cloud.AuthInfo.ProjectDomainName != "":
+		authopts.DomainName = cloud.AuthInfo.ProjectDomainName
+	case cloud.AuthInfo.DomainID != "":
+		authopts.DomainID = cloud.AuthInfo.DomainID
+	case cloud.AuthInfo.DomainName != "":
+		authopts.DomainName = cloud.AuthInfo.DomainName
+	}
+
+	// Regardless of the path to a CA cert specified in the input
+	// clouds.yaml, we will deploy the cert to /etc/certs/cacert in the
+	// target cluster as specified in KubeadmControlPlane and KubeadmConfig
+	// for the control plane and workers respectively in the E2E cluster templates.
+	if cloud.CACertFile != "" {
+		authopts.CAFile = "/etc/certs/cacert"
+	}
+
 	cloudProviderConf := &Config{
-		Global: AuthOpts{
-			AuthURL:    cloud.AuthInfo.AuthURL,
-			UserID:     cloud.AuthInfo.UserID,
-			Username:   cloud.AuthInfo.Username,
-			Password:   cloud.AuthInfo.Password,
-			TenantID:   cloud.AuthInfo.ProjectID,
-			TenantName: cloud.AuthInfo.ProjectName,
-			DomainID:   cloud.AuthInfo.DomainID,
-			DomainName: cloud.AuthInfo.DomainName,
-			Region:     cloud.RegionName,
-		},
+		Global: authopts,
 	}
 
 	cfg := ini.Empty()