Merge branch 'master' into sort

README.md

@@ -1,36 +1,47 @@
-# Multi-tenancy
+# Kubernetes Working Group for Multi-Tenancy
 
-A working place for multi-tenancy related proposals and prototypes.
+This is a working place for multi-tenancy related proposals and prototypes. To
+join our biweekly meetings, Slack, mailing list, [please visit our community
+page](https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md).
 
-## Community, discussion, contribution, and support
+## Projects
 
-Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/).
+This repo contains the following projects:
 
-You can reach the maintainers of this project at:
+* **[Benchmarks](benchmarks/):** a set of benchmarks (i.e., compliance
+  tests) to determine if your clusters are well-configured for multitenancy.
+* **[Hierararchical namespaces (aka HNC)](incubator/hnc/):** allows
+  namespaces to own each other, policy propagation between related namespaces,
+  and delegated namespace creation.
+* **[Tenant Operator](tenant/):** an opinionated solution to manage tenants
+  within a cluster.
+* **[Virtual clusters](incubator/virtualcluster):** run multiple virtualized
+  cluster on a single underlying cluster, allowing for hard(er) multitenancy.
 
-- [Slack channel](https://kubernetes.slack.com/messages/wg-multitenancy)
-- [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-wg-multitenancy)
+As these projects mature, they may be adopted by a SIG and moved to their own
+repos.
 
-## Join this repo 
+## Resources
 
-File a request at https://github.com/kubernetes/org to be added to @kubernetes-sigs, using the [Template](https://github.com/kubernetes/org/issues/new?template=membership.md&title=REQUEST%3A%20New%20membership%20for%20%3Cyour-GH-handle%3E).
+The [docs](docs/)  directory contains any documents written in markdown. Some
+draft docs which need collaboration are Google docs for better collaboration
+experience. The [links](docs/links.md) file contains links to all presentations,
+wg-multitenancy minutes, and other docs not directly related to the projects
+above.
 
-Once you've been a member, when you are ready to become a reviewer of other people's code, file a PR on our [OWNERS file](https://github.com/kubernetes-sigs/multi-tenancy/blob/master/OWNERS) and an approver will need to approve you.
+## Join this repo
 
-Once you've been a reviewer, you can request to become an approver by filling a PR on our OWNERS file and another approver will need to approve you.
+File a request at https://github.com/kubernetes/org to be added to
+@kubernetes-sigs, using the
+[Template](https://github.com/kubernetes/org/issues/new?template=membership.md&title=REQUEST%3A%20New%20membership%20for%20%3Cyour-GH-handle%3E).
 
-### Docs directory
+Once you've been a member, when you are ready to become a reviewer of other
+people's code, file a PR on our [OWNERS
+file](https://github.com/kubernetes-sigs/multi-tenancy/blob/master/OWNERS) and
+an approver will need to approve you.
 
-The `docs` directory contains any documents written in markdown.
-Some draft docs which need collaboration are Google docs for better collaboration experience.
-The [Links](docs/links.md) file contains links to all relevant draft Google docs.
-
-### Incubator directory 
-
-The `incubator` directory includes several projects that are actively being incubated within the multi-tenancy working group. This includes the "Hierarchical Namespace" project and the "Virtual Cluster" Project. Additional projects may be added.
-
-- ["Hierarchical Namespace" project design doc](https://docs.google.com/document/d/10MZfFfbQMm33CBboMq2bfrEtXkJQQT4-UH4DDXZRrKY/edit)
-- ["Virtual Cluster" project design doc](https://docs.google.com/document/d/1QAWtYdRZGseSar_KgyfiIisL7JTGMHCfqB_Legfa39w/edit#)
+Once you've been a reviewer, you can request to become an approver by filling a
+PR on our OWNERS file and another approver will need to approve you.
 
 ### [Deprecated] PoC directory
 

benchmarks/kubectl-mtb/Makefile

@@ -47,9 +47,12 @@ endif
 	fi
 
 kind-test:
-	go test ./test/benchmarks/... -v -count=1	
+	go test ./test/benchmarks/... -v -count=1 -coverprofile=coverage.out		
 
 kind-delete:
 	kind delete cluster --name $(KIND_PROFILE)
 
-unit-tests: kind-create kind-test kind-delete
+unit-tests: kind-create kind-test kind-delete
+
+coverage: 
+	go tool cover -html=coverage.out

benchmarks/kubectl-mtb/go.mod

@@ -19,6 +19,7 @@ require (
 	k8s.io/apimachinery v0.18.3
 	k8s.io/cli-runtime v0.18.3
 	k8s.io/client-go v0.18.3
+	k8s.io/klog v1.0.0
 	k8s.io/kubectl v0.0.0
 	k8s.io/kubernetes v1.18.3
 	sigs.k8s.io/controller-runtime v0.6.0

benchmarks/kubectl-mtb/go.sum

@@ -1487,14 +1487,16 @@ sigs.k8s.io/multi-tenancy v0.0.0-20200710135948-2d1071532987 h1:tJTZBwaG1ryvKEM9
 sigs.k8s.io/multi-tenancy v0.0.0-20200710152148-20515322b4e5 h1:zNaPpPazyROkh3h19JUmxlcfTUqFQ7ZxlX/g1p0jl0A=
 sigs.k8s.io/multi-tenancy v0.0.0-20200713220920-829ca66edf83 h1:Wu4A0FA9gXUxB+BOb/LzqU8S8EUdZE92s0YU5WXtLcM=
 sigs.k8s.io/multi-tenancy v0.0.0-20200714035720-9254d886f1e8 h1:2jvDW9Ut25bjFIsVPj66RNohUl+e3xmlXeKtDM3XLkg=
-sigs.k8s.io/multi-tenancy v0.0.0-20200726013016-97a38fedf0b1 h1:y8ONNC+S0jkxria4hGCq+HXVxbSXK72kKkyR4WK2vfw=
 sigs.k8s.io/multi-tenancy v0.0.0-20200724204617-6364dbba69da h1:HOR9N89EJFKSyQmD3/x36+FxkYIGMEg/8a4N+IiCUG8=
+sigs.k8s.io/multi-tenancy v0.0.0-20200726013016-97a38fedf0b1 h1:y8ONNC+S0jkxria4hGCq+HXVxbSXK72kKkyR4WK2vfw=
+sigs.k8s.io/multi-tenancy v0.0.0-20200801023540-26dab8a69fdf h1:dDCjPiT9NuwVCDq2vrolp4NuMXxxmHnTIL33gS+LgzQ=
 sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200707060558-ea14282f3be6 h1:V4K5fPHAgNnYTFmhKlU4cp03o7/nuZbbVqFnEHvcyHk=
 sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200710152148-20515322b4e5 h1:h21E7xB6JQ19Hy5ypObM90L4xScjwiNQxrOACXJ409w=
 sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200713220920-829ca66edf83 h1:nmcpLotBZVRnlvDDd3q9b2J9VuW2rfkCRBl+1x/0rfk=
 sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200714035720-9254d886f1e8 h1:tLrFy2wLP0LJSQORg9FslngBnoADSEn+uYju2W3eOjk=
-sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200726013016-97a38fedf0b1 h1:6shszoTBt41BnJeg6gGyF5phNzfX0CMKJy/Mn71Oz/M=
 sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200724204617-6364dbba69da h1:sZgkCMXKgOF4Diom1+CeyUNmrtu+9BPV+CV3nMzAfJM=
+sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200726013016-97a38fedf0b1 h1:6shszoTBt41BnJeg6gGyF5phNzfX0CMKJy/Mn71Oz/M=
+sigs.k8s.io/multi-tenancy/benchmarks v0.0.0-20200801023540-26dab8a69fdf h1:vcFCmxTMwNH1679Jpdb7Wir0mcMJKyzdaDr0q68nhR0=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=

benchmarks/kubectl-mtb/internal/kubectl-mtb/run.go

@@ -28,14 +28,10 @@ import (
 	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/internal/reporter"
 	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/pkg/benchmark"
 	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/test"
+	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/types"
 )
 
-var (
-	tenant          string
-	tenantNamespace string
-	k8sClient       *kubernetes.Clientset
-	tenantClient    *kubernetes.Clientset
-)
+var benchmarkRunOptions = types.RunOptions{}
 
 var runCmd = &cobra.Command{
 	Use:   "run <resource>",
@@ -65,23 +61,22 @@ var runCmd = &cobra.Command{
 
 func initConfig() error {
 	kubecfgFlags := genericclioptions.NewConfigFlags(false)
-
 	config, err := kubecfgFlags.ToRESTConfig()
 	if err != nil {
 		return err
 	}
 
 	// create the K8s clientset
-	k8sClient, err = kubernetes.NewForConfig(config)
+	benchmarkRunOptions.KClient, err = kubernetes.NewForConfig(config)
 	if err != nil {
 		return err
 	}
 
 	tenantConfig := config
-	tenantConfig.Impersonate.UserName = tenant
+	tenantConfig.Impersonate.UserName = benchmarkRunOptions.Tenant
 
 	// create the tenant clientset
-	tenantClient, err = kubernetes.NewForConfig(tenantConfig)
+	benchmarkRunOptions.TClient, err = kubernetes.NewForConfig(tenantConfig)
 	if err != nil {
 		return err
 	}
@@ -126,13 +121,13 @@ func removeBenchmarksWithIDs(ids []string) {
 
 // Validation of the flag inputs
 func validateFlags(cmd *cobra.Command) error {
-	tenant, _ = cmd.Flags().GetString("as")
-	if tenant == "" {
+	benchmarkRunOptions.Tenant, _ = cmd.Flags().GetString("as")
+	if benchmarkRunOptions.Tenant == "" {
 		return fmt.Errorf("username must be set via --as")
 	}
 
-	tenantNamespace, _ = cmd.Flags().GetString("namespace")
-	if tenantNamespace == "" {
+	benchmarkRunOptions.TenantNamespace, _ = cmd.Flags().GetString("namespace")
+	if benchmarkRunOptions.TenantNamespace == "" {
 		return fmt.Errorf("tenant namespace must be set via --namespace or -n")
 	}
 
@@ -141,7 +136,7 @@ func validateFlags(cmd *cobra.Command) error {
 		return err
 	}
 
-	_, err = k8sClient.CoreV1().Namespaces().Get(context.TODO(), tenantNamespace, metav1.GetOptions{})
+	_, err = benchmarkRunOptions.KClient.CoreV1().Namespaces().Get(context.TODO(), benchmarkRunOptions.TenantNamespace, metav1.GetOptions{})
 	if err != nil {
 		return fmt.Errorf("tenantnamespace is not a valid namespace")
 	}
@@ -151,6 +146,8 @@ func validateFlags(cmd *cobra.Command) error {
 
 func runTests(cmd *cobra.Command, args []string) error {
 
+	benchmarkRunOptions.Label, _ = cmd.Flags().GetString("labels")
+
 	// Get reporters from the user
 	reporterFlag, _ := cmd.Flags().GetString("out")
 	reporters := strings.Split(reporterFlag, ",")
@@ -167,7 +164,7 @@ func runTests(cmd *cobra.Command, args []string) error {
 	suiteSummary := &reporter.SuiteSummary{
 		Suite:                test.BenchmarkSuite,
 		NumberOfTotalTests:   len(benchmarks),
-		TenantAdminNamespace: tenantNamespace,
+		TenantAdminNamespace: benchmarkRunOptions.TenantNamespace,
 	}
 
 	suiteStartTime := time.Now()
@@ -187,7 +184,7 @@ func runTests(cmd *cobra.Command, args []string) error {
 		startTest := time.Now()
 
 		//Run Prerun
-		err = b.PreRun(tenantNamespace, k8sClient, tenantClient)
+		err = b.PreRun(benchmarkRunOptions)
 		if err != nil {
 			suiteSummary.NumberOfFailedValidations++
 			ts.Validation = false
@@ -197,7 +194,7 @@ func runTests(cmd *cobra.Command, args []string) error {
 
 		// Check PreRun status
 		if ts.Validation {
-			err = b.Run(tenantNamespace, k8sClient, tenantClient)
+			err = b.Run(benchmarkRunOptions)
 			if err != nil {
 				suiteSummary.NumberOfFailedTests++
 				ts.Test = false
@@ -208,6 +205,16 @@ func runTests(cmd *cobra.Command, args []string) error {
 				b.Status = "Pass"
 			}
 		}
+
+		// Check Run status
+		if ts.Test {
+			if b.PostRun != nil {
+				err = b.PostRun(benchmarkRunOptions)
+				if err != nil {
+					fmt.Print(err.Error())
+				}
+			}
+		}
 		elapsed := time.Since(startTest)
 		ts.RunTime = elapsed
 		reportTestWillRun(ts, reportersArray)
@@ -226,6 +233,7 @@ func newRunCmd() *cobra.Command {
 	runCmd.Flags().String("as", "", "(required) user name to impersonate")
 	runCmd.Flags().StringP("out", "o", "default", "(optional) output reporters (default, policyreport)")
 	runCmd.Flags().StringP("skip", "s", "", "(optional) benchmark IDs to skip")
+	runCmd.Flags().StringP("labels", "l", "", "(optional) labels")
 
 	return runCmd
 }