Add integration test for transit gateway support

kubernetes · Feb 28, 2021 · 2ebd448 · 2ebd448
1 parent 577df0a
commit 2ebd448
Show file tree

Hide file tree

Showing 5 changed files with 253 additions and 15 deletions.
diff --git a/cloudmock/aws/mockec2/routetable.go b/cloudmock/aws/mockec2/routetable.go
@@ -164,6 +164,7 @@ func (m *MockEC2) CreateRoute(request *ec2.CreateRouteInput) (*ec2.CreateRouteOu
 		InstanceId:                  request.InstanceId,
 		NatGatewayId:                request.NatGatewayId,
 		NetworkInterfaceId:          request.NetworkInterfaceId,
+		TransitGatewayId:            request.TransitGatewayId,
 		VpcPeeringConnectionId:      request.VpcPeeringConnectionId,
 	}
 

diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json
@@ -596,6 +596,50 @@
         ]
       }
     },
+    "AWSEC2RouteTableprivateustest1acomplexexamplecom": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "AWSEC2VPCcomplexexamplecom"
+        },
+        "Tags": [
+          {
+            "Key": "KubernetesCluster",
+            "Value": "complex.example.com"
+          },
+          {
+            "Key": "Name",
+            "Value": "private-us-test-1a.complex.example.com"
+          },
+          {
+            "Key": "Owner",
+            "Value": "John Doe"
+          },
+          {
+            "Key": "foo/bar",
+            "Value": "fib+baz"
+          },
+          {
+            "Key": "kubernetes.io/cluster/complex.example.com",
+            "Value": "owned"
+          },
+          {
+            "Key": "kubernetes.io/kops/role",
+            "Value": "private-us-test-1a"
+          }
+        ]
+      }
+    },
+    "AWSEC2Routeprivateustest1a00000": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "AWSEC2RouteTableprivateustest1acomplexexamplecom"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "TransitGatewayId": "tgw-123456"
+      }
+    },
     "AWSEC2SecurityGroupEgressfrommasterscomplexexamplecomegressall0to000000": {
       "Type": "AWS::EC2::SecurityGroupEgress",
       "Properties": {
@@ -1018,6 +1062,28 @@
         ]
       }
     },
+    "AWSEC2SubnetRouteTableAssociationprivateuseast1aprivatecomplexexamplecom": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "AWSEC2Subnetuseast1aprivatecomplexexamplecom"
+        },
+        "RouteTableId": {
+          "Ref": "AWSEC2RouteTableprivateustest1acomplexexamplecom"
+        }
+      }
+    },
+    "AWSEC2SubnetRouteTableAssociationuseast1autilitycomplexexamplecom": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "AWSEC2Subnetuseast1autilitycomplexexamplecom"
+        },
+        "RouteTableId": {
+          "Ref": "AWSEC2RouteTablecomplexexamplecom"
+        }
+      }
+    },
     "AWSEC2SubnetRouteTableAssociationustest1acomplexexamplecom": {
       "Type": "AWS::EC2::SubnetRouteTableAssociation",
       "Properties": {
@@ -1029,6 +1095,86 @@
         }
       }
     },
+    "AWSEC2Subnetuseast1aprivatecomplexexamplecom": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "AWSEC2VPCcomplexexamplecom"
+        },
+        "CidrBlock": "172.20.64.0/19",
+        "AvailabilityZone": "us-test-1a",
+        "Tags": [
+          {
+            "Key": "KubernetesCluster",
+            "Value": "complex.example.com"
+          },
+          {
+            "Key": "Name",
+            "Value": "us-east-1a-private.complex.example.com"
+          },
+          {
+            "Key": "Owner",
+            "Value": "John Doe"
+          },
+          {
+            "Key": "SubnetType",
+            "Value": "Private"
+          },
+          {
+            "Key": "foo/bar",
+            "Value": "fib+baz"
+          },
+          {
+            "Key": "kubernetes.io/cluster/complex.example.com",
+            "Value": "owned"
+          },
+          {
+            "Key": "kubernetes.io/role/internal-elb",
+            "Value": "1"
+          }
+        ]
+      }
+    },
+    "AWSEC2Subnetuseast1autilitycomplexexamplecom": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "AWSEC2VPCcomplexexamplecom"
+        },
+        "CidrBlock": "172.20.96.0/19",
+        "AvailabilityZone": "us-test-1a",
+        "Tags": [
+          {
+            "Key": "KubernetesCluster",
+            "Value": "complex.example.com"
+          },
+          {
+            "Key": "Name",
+            "Value": "us-east-1a-utility.complex.example.com"
+          },
+          {
+            "Key": "Owner",
+            "Value": "John Doe"
+          },
+          {
+            "Key": "SubnetType",
+            "Value": "Utility"
+          },
+          {
+            "Key": "foo/bar",
+            "Value": "fib+baz"
+          },
+          {
+            "Key": "kubernetes.io/cluster/complex.example.com",
+            "Value": "owned"
+          },
+          {
+            "Key": "kubernetes.io/role/elb",
+            "Value": "1"
+          }
+        ]
+      }
+    },
     "AWSEC2Subnetustest1acomplexexamplecom": {
       "Type": "AWS::EC2::Subnet",
       "Properties": {

diff --git a/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml
@@ -71,6 +71,15 @@ spec:
     name: us-test-1a
     type: Public
     zone: us-test-1a
+  - cidr: 172.20.64.0/19
+    name: us-east-1a-private
+    type: Private
+    zone: us-test-1a
+    egress: tgw-123456
+  - cidr: 172.20.96.0/19
+    name: us-east-1a-utility
+    type: Utility
+    zone: us-test-1a
 
 ---
 

diff --git a/tests/integration/update_cluster/complex/in-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-v1alpha2.yaml
@@ -71,6 +71,15 @@ spec:
     name: us-test-1a
     type: Public
     zone: us-test-1a
+  - cidr: 172.20.64.0/19
+    name: us-east-1a-private
+    type: Private
+    zone: us-test-1a
+    egress: tgw-123456
+  - cidr: 172.20.96.0/19
+    name: us-east-1a-utility
+    type: Utility
+    zone: us-test-1a
 
 ---
 

diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf
@@ -1,19 +1,22 @@
 locals {
-  cluster_name                 = "complex.example.com"
-  master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-complex-example-com.id]
-  master_security_group_ids    = [aws_security_group.masters-complex-example-com.id, "sg-exampleid5", "sg-exampleid6"]
-  masters_role_arn             = aws_iam_role.masters-complex-example-com.arn
-  masters_role_name            = aws_iam_role.masters-complex-example-com.name
-  node_autoscaling_group_ids   = [aws_autoscaling_group.nodes-complex-example-com.id]
-  node_security_group_ids      = [aws_security_group.nodes-complex-example-com.id, "sg-exampleid3", "sg-exampleid4"]
-  node_subnet_ids              = [aws_subnet.us-test-1a-complex-example-com.id]
-  nodes_role_arn               = aws_iam_role.nodes-complex-example-com.arn
-  nodes_role_name              = aws_iam_role.nodes-complex-example-com.name
-  region                       = "us-test-1"
-  route_table_public_id        = aws_route_table.complex-example-com.id
-  subnet_us-test-1a_id         = aws_subnet.us-test-1a-complex-example-com.id
-  vpc_cidr_block               = aws_vpc.complex-example-com.cidr_block
-  vpc_id                       = aws_vpc.complex-example-com.id
+  cluster_name                      = "complex.example.com"
+  master_autoscaling_group_ids      = [aws_autoscaling_group.master-us-test-1a-masters-complex-example-com.id]
+  master_security_group_ids         = [aws_security_group.masters-complex-example-com.id, "sg-exampleid5", "sg-exampleid6"]
+  masters_role_arn                  = aws_iam_role.masters-complex-example-com.arn
+  masters_role_name                 = aws_iam_role.masters-complex-example-com.name
+  node_autoscaling_group_ids        = [aws_autoscaling_group.nodes-complex-example-com.id]
+  node_security_group_ids           = [aws_security_group.nodes-complex-example-com.id, "sg-exampleid3", "sg-exampleid4"]
+  node_subnet_ids                   = [aws_subnet.us-test-1a-complex-example-com.id]
+  nodes_role_arn                    = aws_iam_role.nodes-complex-example-com.arn
+  nodes_role_name                   = aws_iam_role.nodes-complex-example-com.name
+  region                            = "us-test-1"
+  route_table_private-us-test-1a_id = aws_route_table.private-us-test-1a-complex-example-com.id
+  route_table_public_id             = aws_route_table.complex-example-com.id
+  subnet_us-east-1a-private_id      = aws_subnet.us-east-1a-private-complex-example-com.id
+  subnet_us-east-1a-utility_id      = aws_subnet.us-east-1a-utility-complex-example-com.id
+  subnet_us-test-1a_id              = aws_subnet.us-test-1a-complex-example-com.id
+  vpc_cidr_block                    = aws_vpc.complex-example-com.cidr_block
+  vpc_id                            = aws_vpc.complex-example-com.id
 }
 
 output "cluster_name" {
@@ -60,10 +63,22 @@ output "region" {
   value = "us-test-1"
 }
 
+output "route_table_private-us-test-1a_id" {
+  value = aws_route_table.private-us-test-1a-complex-example-com.id
+}
+
 output "route_table_public_id" {
   value = aws_route_table.complex-example-com.id
 }
 
+output "subnet_us-east-1a-private_id" {
+  value = aws_subnet.us-east-1a-private-complex-example-com.id
+}
+
+output "subnet_us-east-1a-utility_id" {
+  value = aws_subnet.us-east-1a-utility-complex-example-com.id
+}
+
 output "subnet_us-test-1a_id" {
   value = aws_subnet.us-test-1a-complex-example-com.id
 }
@@ -564,6 +579,16 @@ resource "aws_route53_record" "api-complex-example-com" {
   zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
 }
 
+resource "aws_route_table_association" "private-us-east-1a-private-complex-example-com" {
+  route_table_id = aws_route_table.private-us-test-1a-complex-example-com.id
+  subnet_id      = aws_subnet.us-east-1a-private-complex-example-com.id
+}
+
+resource "aws_route_table_association" "us-east-1a-utility-complex-example-com" {
+  route_table_id = aws_route_table.complex-example-com.id
+  subnet_id      = aws_subnet.us-east-1a-utility-complex-example-com.id
+}
+
 resource "aws_route_table_association" "us-test-1a-complex-example-com" {
   route_table_id = aws_route_table.complex-example-com.id
   subnet_id      = aws_subnet.us-test-1a-complex-example-com.id
@@ -581,12 +606,30 @@ resource "aws_route_table" "complex-example-com" {
   vpc_id = aws_vpc.complex-example-com.id
 }
 
+resource "aws_route_table" "private-us-test-1a-complex-example-com" {
+  tags = {
+    "KubernetesCluster"                         = "complex.example.com"
+    "Name"                                      = "private-us-test-1a.complex.example.com"
+    "Owner"                                     = "John Doe"
+    "foo/bar"                                   = "fib+baz"
+    "kubernetes.io/cluster/complex.example.com" = "owned"
+    "kubernetes.io/kops/role"                   = "private-us-test-1a"
+  }
+  vpc_id = aws_vpc.complex-example-com.id
+}
+
 resource "aws_route" "route-0-0-0-0--0" {
   destination_cidr_block = "0.0.0.0/0"
   gateway_id             = aws_internet_gateway.complex-example-com.id
   route_table_id         = aws_route_table.complex-example-com.id
 }
 
+resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  route_table_id         = aws_route_table.private-us-test-1a-complex-example-com.id
+  transit_gateway_id     = "tgw-123456"
+}
+
 resource "aws_security_group_rule" "from-1-1-1-0--24-ingress-tcp-443to443-masters-complex-example-com" {
   cidr_blocks       = ["1.1.1.0/24"]
   from_port         = 443
@@ -860,6 +903,36 @@ resource "aws_security_group" "nodes-complex-example-com" {
   vpc_id = aws_vpc.complex-example-com.id
 }
 
+resource "aws_subnet" "us-east-1a-private-complex-example-com" {
+  availability_zone = "us-test-1a"
+  cidr_block        = "172.20.64.0/19"
+  tags = {
+    "KubernetesCluster"                         = "complex.example.com"
+    "Name"                                      = "us-east-1a-private.complex.example.com"
+    "Owner"                                     = "John Doe"
+    "SubnetType"                                = "Private"
+    "foo/bar"                                   = "fib+baz"
+    "kubernetes.io/cluster/complex.example.com" = "owned"
+    "kubernetes.io/role/internal-elb"           = "1"
+  }
+  vpc_id = aws_vpc.complex-example-com.id
+}
+
+resource "aws_subnet" "us-east-1a-utility-complex-example-com" {
+  availability_zone = "us-test-1a"
+  cidr_block        = "172.20.96.0/19"
+  tags = {
+    "KubernetesCluster"                         = "complex.example.com"
+    "Name"                                      = "us-east-1a-utility.complex.example.com"
+    "Owner"                                     = "John Doe"
+    "SubnetType"                                = "Utility"
+    "foo/bar"                                   = "fib+baz"
+    "kubernetes.io/cluster/complex.example.com" = "owned"
+    "kubernetes.io/role/elb"                    = "1"
+  }
+  vpc_id = aws_vpc.complex-example-com.id
+}
+
 resource "aws_subnet" "us-test-1a-complex-example-com" {
   availability_zone = "us-test-1a"
   cidr_block        = "172.20.32.0/19"