Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds an E2E test for using peered VPCs and an internal ELB #3285

Merged
merged 1 commit into from Mar 10, 2022
Merged

Adds an E2E test for using peered VPCs and an internal ELB #3285

merged 1 commit into from Mar 10, 2022

Conversation

josh-ferrell
Copy link

@josh-ferrell josh-ferrell commented Mar 7, 2022
edited by sedefsavas

What type of PR is this?
/kind feature

What this PR does / why we need it:
Creates an E2E test for creating clusters in peered VPCs and creating a workload cluster using an internal ELB.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #3249

Special notes for your reviewer:

Checklist:

  • squashed commits
  • includes documentation
  • adds unit tests
  • adds or updates e2e tests

Release note:

Adds an E2E test that validates clusters in peered VPCs and cluster creation using an internal ELB.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority labels Mar 7, 2022
@k8s-ci-robot
Copy link
Contributor

@josh-ferrell: This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 7, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @josh-ferrell. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added do-not-merge/contains-merge-commits size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Mar 7, 2022
@sedefsavas
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 7, 2022
@josh-ferrell
Copy link
Author

/test pull-cluster-api-provider-aws-e2e

@josh-ferrell josh-ferrell force-pushed the e2e_internal_elb_peering branch 2 times, most recently from 4509d18 to 2236dad Compare March 7, 2022 22:09
@josh-ferrell
Copy link
Author

/test pull-cluster-api-provider-aws-e2e

@josh-ferrell josh-ferrell changed the title Adds an E2E test for using peered VPCs and an internal ELB WIP: Adds an E2E test for using peered VPCs and an internal ELB Mar 7, 2022
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 7, 2022
@josh-ferrell josh-ferrell force-pushed the e2e_internal_elb_peering branch 2 times, most recently from 4138740 to 7eb2a16 Compare March 8, 2022 03:32
@josh-ferrell
Copy link
Author

/test pull-cluster-api-provider-aws-e2e

@josh-ferrell
Copy link
Author

/test pull-cluster-api-provider-aws-test

E2E for peered VPCs and internal ELB
0659828 
testing

Fix gci lint issue

Change to test assertions
@josh-ferrell josh-ferrell changed the title WIP: Adds an E2E test for using peered VPCs and an internal ELB Adds an E2E test for using peered VPCs and an internal ELB Mar 8, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 8, 2022
@josh-ferrell
Copy link
Author

/test pull-cluster-api-provider-aws-e2e

@josh-ferrell
Copy link
Author

@sedefsavas @Ankitasw Let me know if you have any feedback on this test.

@josh-ferrell josh-ferrell mentioned this pull request Mar 8, 2022
Closed
9 tasks
@Ankitasw
Copy link
Member

Ankitasw commented Mar 9, 2022

@josh-ferrell thank you for the PR.
Personally, I have never worked with peering VPC, so I would let @sedefsavas give feedback here.

@josh-ferrell
Copy link
Author

@sedefsavas when you get a free moment will you review this PR?

@sedefsavas
Copy link
Contributor

This is a great way to do both internal ELB and peering validation at the same time!

One question, instead of creating management cluster's infra, could we have used the ones auto-generated? In that case, we need to do some SDK calls to get the IDs and then do the peering with the workload cluster. Not asking to change the way it is, just curious.

Also, have you confirmed in your local that DeleteInfrastructure() is not leaving any resource behind? Not sure if we have the clean up logic in boskos for everything created here.

@sedefsavas
Copy link
Contributor

It would be great to have a documentation for deployment in internet-restricted environments, possibly with a diagram of the scenario tested here. Do you want to open an issue for this?

@sedefsavas
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 10, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sedefsavas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2022
@sedefsavas sedefsavas added this to the v1.4.0 milestone Mar 10, 2022
@k8s-ci-robot k8s-ci-robot merged commit c64de9a into kubernetes-sigs:main Mar 10, 2022
@k8s-ci-robot k8s-ci-robot modified the milestones: v1.4.0, v1.x Mar 10, 2022
@josh-ferrell
Copy link
Author

It would be great to have a documentation for deployment in internet-restricted environments, possibly with a diagram of the scenario tested here. Do you want to open an issue for this?

Technically the workload isn't Internet restricted egress wise, the API server is just on the internal ELB. I've been thinking we need to architect and document a validated airgapped deployment if we don't have one already. I can open an issue to do so.

@josh-ferrell
Copy link
Author

This is a great way to do both internal ELB and peering validation at the same time!

One question, instead of creating management cluster's infra, could we have used the ones auto-generated? In that case, we need to do some SDK calls to get the IDs and then do the peering with the workload cluster. Not asking to change the way it is, just curious.

Also, have you confirmed in your local that DeleteInfrastructure() is not leaving any resource behind? Not sure if we have the clean up logic in boskos for everything created here.

I hadn't thought about using the CAPA created infrastructure to peer but I'm also still learning the SDK so it's now on my list to look into.

DeleteInfrastructure took some time to get consistent but I think we're well covered. I could add some additional validation and probably will when refactoring the security groups test to use the same setup.

@josh-ferrell josh-ferrell deleted the e2e_internal_elb_peering branch March 29, 2022 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ankitasw Ankitasw Awaiting requested review from Ankitasw

@sedefsavas sedefsavas Awaiting requested review from sedefsavas

Assignees

@sedefsavas sedefsavas

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create E2E tests for managed infrastructure
4 participants
@josh-ferrell @k8s-ci-robot @sedefsavas @Ankitasw