Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Unit test for openshift/machine-api-operator/pull/725
- Loading branch information
Showing
3 changed files
with
283 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package framework | ||
|
||
import ( | ||
"context" | ||
|
||
corev1 "k8s.io/api/core/v1" | ||
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client" | ||
) | ||
|
||
func GetPods(client runtimeclient.Client, selector map[string]string) (*corev1.PodList, error) { | ||
pods := &corev1.PodList{} | ||
err := client.List(context.TODO(), pods, runtimeclient.MatchingLabels(selector)) | ||
return pods, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,217 @@ | ||
package framework | ||
|
||
import ( | ||
"context" | ||
"errors" | ||
|
||
configv1 "github.com/openshift/api/config/v1" | ||
mapiv1beta1 "github.com/openshift/machine-api-operator/pkg/apis/machine/v1beta1" | ||
appsv1 "k8s.io/api/apps/v1" | ||
corev1 "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/util/wait" | ||
"k8s.io/klog/v2" | ||
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client" | ||
) | ||
|
||
const squidConf = `acl localnet src 192.168.0.0/16 # RFC1918 possible internal network | ||
acl crcnet src 10.88.0.0/16 # RFC1918 possible internal network | ||
acl SSL_ports port 443 | ||
acl Safe_ports port 80 # http | ||
acl Safe_ports port 21 # ftp | ||
acl Safe_ports port 443 # https | ||
acl Safe_ports port 70 # gopher | ||
acl Safe_ports port 210 # wais | ||
acl Safe_ports port 1025-65535 # unregistered ports | ||
acl Safe_ports port 280 # http-mgmt | ||
acl Safe_ports port 488 # gss-http | ||
acl Safe_ports port 591 # filemaker | ||
acl Safe_ports port 777 # multiling http | ||
acl CONNECT method CONNECT | ||
http_access deny !Safe_ports | ||
http_access deny CONNECT !SSL_ports | ||
http_access allow localhost manager | ||
http_access deny manager | ||
acl mysubnet src 192.168.0.0/16 | ||
http_access allow localhost localnet crcnet | ||
http_access allow all | ||
http_port 80 | ||
coredump_dir /var/spool/squid | ||
refresh_pattern ^ftp: 1440 20% 10080 | ||
refresh_pattern ^gopher: 1440 0% 1440 | ||
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | ||
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 | ||
refresh_pattern . 0 20% 4320` | ||
|
||
// CreateProxyMachineSet creates a machineset that results in a single node being spun up. This node will not be in the worker MCP. | ||
func CreateProxyMachineSet(client runtimeclient.Client) (*mapiv1beta1.MachineSet, error) { | ||
machineSetParams := BuildMachineSetParams(client, 1) | ||
machineSetParams.Labels["proxy-host"] = "" | ||
machineSetParams.Labels["node-role.kubernetes.io/proxy"] = "" | ||
machineSet, err := CreateMachineSet(client, machineSetParams) | ||
if err != nil { | ||
return nil, err | ||
} | ||
WaitForMachineSet(client, machineSet.GetName()) | ||
|
||
nodes, err := GetNodesFromMachineSet(client, machineSet) | ||
if len(nodes) == 0 { | ||
return nil, errors.New("No nodes found in machineset") | ||
} | ||
node := nodes[0] | ||
delete(node.Labels, "node-role.kubernetes.io/worker") | ||
err = client.Update(context.Background(), node) | ||
return machineSet, err | ||
} | ||
|
||
// DeployClusterProxy Deploys an HTTP proxy to the proxy node | ||
func DeployClusterProxy(c runtimeclient.Client) (*appsv1.Deployment, error) { | ||
configMap := corev1.ConfigMap{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "squid-conf", | ||
Namespace: "default", | ||
}, | ||
Data: map[string]string{ | ||
"squid.conf": squidConf, | ||
}, | ||
} | ||
|
||
c.Create(context.Background(), &configMap) | ||
|
||
deployment := &appsv1.Deployment{ | ||
TypeMeta: metav1.TypeMeta{}, | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "squid-proxy", | ||
Namespace: "default", | ||
Labels: map[string]string{ | ||
"app": "squid", | ||
}, | ||
}, | ||
Spec: appsv1.DeploymentSpec{ | ||
Selector: &metav1.LabelSelector{ | ||
MatchLabels: map[string]string{ | ||
"app": "squid", | ||
}, | ||
}, | ||
Template: corev1.PodTemplateSpec{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "squid-proxy", | ||
Namespace: "default", | ||
Labels: map[string]string{ | ||
"app": "squid", | ||
}, | ||
}, | ||
Spec: corev1.PodSpec{ | ||
Volumes: []corev1.Volume{ | ||
{ | ||
Name: "conf", | ||
VolumeSource: corev1.VolumeSource{ | ||
ConfigMap: &corev1.ConfigMapVolumeSource{ | ||
LocalObjectReference: corev1.LocalObjectReference{ | ||
Name: "squid-conf", | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
Containers: []corev1.Container{ | ||
{ | ||
Name: "squid", | ||
Image: "sameersbn/squid:3.5.27-2", | ||
Ports: []corev1.ContainerPort{ | ||
{ | ||
ContainerPort: 80, | ||
}, | ||
}, | ||
VolumeMounts: []corev1.VolumeMount{ | ||
{ | ||
Name: "conf", | ||
ReadOnly: false, | ||
MountPath: "/etc/squid/squid.conf", | ||
SubPath: "squid.conf", | ||
}, | ||
}, | ||
SecurityContext: &corev1.SecurityContext{}, | ||
}, | ||
}, | ||
NodeSelector: map[string]string{ | ||
"proxy-host": "", | ||
}, | ||
HostNetwork: true, | ||
}, | ||
}, | ||
Strategy: appsv1.DeploymentStrategy{ | ||
Type: "Recreate", | ||
}, | ||
Paused: false, | ||
}, | ||
} | ||
c.Create(context.Background(), deployment) | ||
IsDeploymentAvailable(c, deployment.Name, "default") | ||
return deployment, nil | ||
} | ||
|
||
// DestroyClusterProxy destroys the HTTP proxy and associated configmap | ||
func DestroyClusterProxy(c runtimeclient.Client) error { | ||
configMap := &corev1.ConfigMap{ | ||
TypeMeta: metav1.TypeMeta{}, | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "squid-conf", | ||
Namespace: "default", | ||
}, | ||
} | ||
c.Delete(context.Background(), configMap) | ||
|
||
return DeleteDeployment(c, &appsv1.Deployment{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "squid-proxy", | ||
Namespace: "default", | ||
}, | ||
}) | ||
} | ||
|
||
// WaitForProxyInjectionSync waits for the deployment to sync with the state of the cluster-proxy | ||
func WaitForProxyInjectionSync(c runtimeclient.Client, name, namespace string, shouldBePresent bool) bool { | ||
if err := wait.PollImmediate(RetryMedium, WaitLong, func() (bool, error) { | ||
deployment, err := GetDeployment(c, name, namespace) | ||
if err != nil { | ||
return false, nil | ||
} | ||
hasHttpProxy := false | ||
hasHttpsProxy := false | ||
hasNoProxy := false | ||
for _, container := range deployment.Spec.Template.Spec.Containers { | ||
for _, envVar := range container.Env { | ||
switch envVar.Name { | ||
case "NO_PROXY": | ||
hasNoProxy = true | ||
case "HTTPS_PROXY": | ||
hasHttpsProxy = true | ||
case "HTTP_PROXY": | ||
hasHttpProxy = true | ||
} | ||
} | ||
} | ||
return (hasHttpProxy && | ||
hasHttpsProxy && | ||
hasNoProxy) == shouldBePresent, nil | ||
}); err != nil { | ||
klog.Errorf("Error checking isDeploymentAvailable: %v", err) | ||
return false | ||
} | ||
return true | ||
} | ||
|
||
// GetClusterProxy fetches the global cluster proxy object. | ||
func GetClusterProxy(c runtimeclient.Client) (*configv1.Proxy, error) { | ||
proxy := &configv1.Proxy{} | ||
proxyName := runtimeclient.ObjectKey{ | ||
Name: GlobalInfrastuctureName, | ||
} | ||
|
||
if err := c.Get(context.Background(), proxyName, proxy); err != nil { | ||
return nil, err | ||
} | ||
|
||
return proxy, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters