simple plugin for clusterstacks-provided kaas (#916)

Signed-off-by: Matthias Büchse <[email protected]>

Author: mbuechse

.zuul.d/config.yaml

@@ -5,7 +5,8 @@
     merge-mode: "squash-merge"
     periodic-daily:
       jobs:
-        - scs-check-all
+        - scs-check-iaas
+        - scs-check-kaas
     periodic-hourly:
       jobs:
         - scs-check-scs2-main
@@ -30,16 +31,31 @@
     nodeset: pod-fedora-40
     vars:
       preset: default
+      iaas: true
+      kaas: false
+      do_provision: false
+      do_cleanup: true
     pre-run:
      - playbooks/pre.yaml
      - playbooks/pre_cloud.yaml
     run: playbooks/compliance_check.yaml
+    post-run:
+     - playbooks/post_cloud.yaml
 - job:
     name: scs-check-scs2-main
     parent: scs-check-scs2
     branches: main
 - job:
-    name: scs-check-all
+    name: scs-check-iaas
     parent: scs-check-scs2-main
     vars:
-      preset: all
+      preset: iaas
+- job:
+    name: scs-check-kaas
+    parent: scs-check-scs2-main
+    vars:
+      preset: kaas
+      iaas: false
+      kaas: true
+      do_provision: true
+      do_cleanup: false

.zuul.d/secure.yaml

@@ -321,3 +321,24 @@
           PHOVS1umROCJJi/5T78EA4ukDdFN/zdEktGauSDqUVRPASodV8Q3qvN6PgskPh1dQgxwB
           Po9R1405It3aQtBiXnT+38eKAd1nTJkaRlC03VgbeV+XrjMI1YsMQDAt+YhMKSfys1ZhB
           n6Dw+nc3Qi21G/CnY45rFUMLGTzevukKuHeiApf+eX4PdNQ1LPkUGrHdNnqkj8=
+      syself_token: !encrypted/pkcs1-oaep
+        - OYvAtbkl4/Bno5I21On7w7JkTlDhWZWKKOlHbVGcg4jBS4BW/HkPDsijnEjKsCgmf5fP6
+          5FAAZe6POtdQqiIjzeMvJ6bipPvltXhvAjxOGSvVkVd045z2DVbGb2yjUkmlLa+vZ6CAP
+          0h8XcD01Vw5L8lezCNFwFGPSF8JAV7E2FZz9k5Z3wkdySZvYXkrdn0Upw/W9GL/hCBhWv
+          vY6ayENTYvMvs6lTlxK6Rnlz2AwDxALLE77gJNsuEPqB6Q2+QknDzzs+QNyZaoJ9WDN/K
+          Euj/LnIND1MyrfqqtaRAYeBzraMmrMoPoCEK202IMggNTg2OeGjCYU1NbPGlb8WY/Ezi9
+          GLXdfKcLON3yfPBzJMzueIOftBfnNWe0x0tP7nLmgbxYj53PMWXIy1DBoc7xXaOGaIYk2
+          J+eFloe0UYCHMDIhP6FDTdkzgOw4nqYUR5sTPkVlwhSwHBAgoecNUJRyN3qbZjUry/kAv
+          7hJj5+arabNJuVhSOjQk8wh5l+3RMYDAXREiPrniwdzYziaJvJjh4x1dF6cT9v87O/GYs
+          fwhHJkm3AP2iUGKMDeC4RNmfco9uWJlUCUwe0yzqOtfF7ZRQQFOaYRZxA0zhUfCddHQWG
+          SAuS+u9sJA9Nr1rv0KqLT4t6htPabA5XkMDEDHno+4cbLy/7wy+7nI7Jh24/Eg=
+        - vHkhX+jXNfeuZeTRO8F/NUV2B1Tx6sNy9x9Ko84EBiQ/dsg1mNqpYuJ1PRXwU6XocrEgp
+          FH2+t5Hc5Uv/+ucNGT90VbmFu0MVRIVSxNSKykZWqgSx+ja2jMCXDQTT2qSBmzq6Aq+fn
+          cLVMlMUG90xgqEbuV1tehDV6p9r+CLUrbHsvh3ktfTOMZXe9LyutuU42lEoX+xYPPyUQ4
+          dnVPGzMAOnrEMiSeOjo2jL/102nYjCUBvbFs0rU+vXiy7gsm4LTV8liSewNHqdvSfDnm5
+          U2t7R65RMppGztXslwnLRxRUAGUgMwne8LHKdokPry/aQpwYVBaYfRciC2k7ph8CcnbPZ
+          Imq9WekTFubKTPPCDJ7qJp2zXu+RwxpuKCjZBOtsXw6ChbaagwzBxUk5zUIR3s56JKyjH
+          WePIXTxyfpQVxP/PhLc7U659ooI/TflUyEUKyy0RlKVEvNINQcUSeoQHwWMCQPlWLbYPE
+          uUgvW2Lghmg0+upQ1OfAV24lRryyUcpSYZ6yfohTgJsIMdy7r/Hn5GDnpZn2Um8rHkWxC
+          rk7h2aWsD5IifYyt43ZHZdEdBX99NW+TMawXNZRevlmjoqgR4RGjo0Hxi4zSaqkNPHm/T
+          YJcPPaJvKONZzrL3d+AWnhp6x/wi2uOBTFkrg8VmnZDiFf5YCZu/XMHYT5cjd0=

Tests/config.toml

@@ -12,7 +12,7 @@ subjects = [
 ]
 
 
-[presets.all]
+[presets.iaas]
 scopes = [
     "scs-compatible-iaas",
 ]
@@ -34,14 +34,26 @@ subjects = [
 workers = 4
 
 
+[presets.kaas]
+scopes = [
+    "scs-compatible-kaas",
+]
+subjects = [
+    "syself-1.32",
+    "syself-1.31",
+    "syself-1.30",
+]
+workers = 4
+
+
 [presets.kaas-dev]
 scopes = [
     "scs-compatible-kaas",
 ]
 subjects = [
-    "kind-current",
-    "kind-current-1",
-    "kind-current-2",
+    "kind-1.32",
+    "kind-1.31",
+    "kind-1.30",
 ]
 workers = 1  # better restrict this with clusters running on local machine
 
@@ -58,29 +70,7 @@ spec = "./scs-compatible-kaas.yaml"
 # (this is the only mapping declaration that supports using Python string interpolation)
 [subjects._.mapping]
 os_cloud = "{subject}"
+# NOTE: this subject_root cannot be deviated from when using scs-test-runner.py
 subject_root = "{subject}"
 # NOTE: this kubeconfig cannot be deviated from when using scs-test-runner.py
 kubeconfig = "{subject}/kubeconfig.yaml"
-
-
-[subjects._.kubernetes_setup]
-clusterspec         = "kaas/clusterspec.yaml"
-
-
-[subjects.kind-current.kubernetes_setup]
-kube_plugin         = "kind"
-kube_plugin_config  = "kaas/kind_config.yaml"
-clusterspec_cluster = "current-k8s-release"
-
-
-[subjects.kind-current-1.kubernetes_setup]
-kube_plugin         = "kind"
-kube_plugin_config  = "kaas/kind_config.yaml"
-clusterspec_cluster = "current-k8s-release-1"
-
-
-[subjects.kind-current-2.kubernetes_setup]
-kube_plugin         = "kind"
-kube_plugin_config  = "kaas/kind_config.yaml"
-clusterspec_cluster = "current-k8s-release-2"
-

Tests/kaas/clusterspec.yaml

@@ -0,0 +1,53 @@
+"""helper functions for ClusterStacks plugin"""
+import base64
+import os
+
+from kubernetes.client import Configuration, CoreV1Api, CustomObjectsApi
+
+
+def setup_client_config(client_config: Configuration, kubeconfig, cwd='.'):
+    """transfer authentication data from kubeconfig to client_config, creating file `ca.crt`s"""
+    token = kubeconfig['users'][0]['user']['token']
+    client_config.api_key['authorization'] = 'Bearer {}'.format(token)
+    client_config.host = kubeconfig['clusters'][0]['cluster']['server']
+    client_config.ssl_ca_cert = os.path.abspath(os.path.join(cwd, 'ca.crt'))
+    with open(client_config.ssl_ca_cert, "wb") as fileobj:
+        fileobj.write(base64.standard_b64decode(
+            kubeconfig['clusters'][0]['cluster']['certificate-authority-data'].encode()
+        ))
+
+
+def create_cr(api_instance: CustomObjectsApi, namespace, resource_dict):
+    """mimic `kubectl apply` (rather create) with a custom resource"""
+    group, ver = resource_dict['apiVersion'].split('/', 1)
+    plural = resource_dict['kind'].lower() + 's'
+    return api_instance.create_namespaced_custom_object(
+        group, ver, namespace, plural, resource_dict, field_manager='plugin_clusterstacks',
+    )
+
+
+def get_clusterstackreleases(api_instance: CustomObjectsApi, namespace):
+    """mimic `kubectl get clusterstackreleases`"""
+    return api_instance.list_namespaced_custom_object(
+        'clusterstack.x-k8s.io', 'v1alpha1', namespace, 'clusterstackreleases',
+    )['items']
+
+
+def get_secret_data(api_instance: CoreV1Api, namespace, secret):
+    """mimic `kubectl get secrets NAME -o=jsonpath='{.data.value}' | base64 -d  > kubeconfig.yaml`"""
+    res = api_instance.read_namespaced_secret(secret, namespace)
+    return base64.standard_b64decode(res.data['value'].encode())
+
+
+def get_cluster_status(api_instance: CustomObjectsApi, namespace, name):
+    return api_instance.get_namespaced_custom_object_status(
+        'cluster.x-k8s.io', 'v1beta1', namespace, 'clusters', name
+    )
+
+
+def delete_cluster(api_instance: CustomObjectsApi, namespace, name):
+    """mimic `kubectl delete cluster`"""
+    # beware: do not fiddle with propagation policy here, as this may lead to severe problems
+    return api_instance.delete_namespaced_custom_object(
+        'cluster.x-k8s.io', 'v1beta1', namespace, 'clusters', name,
+    )

Tests/kaas/plugin/__init__.py

@@ -1,54 +1,36 @@
-
-
 class KubernetesClusterPlugin():
     """
-    An abstract base class for custom Kubernetes cluster provider plugins.
-    It represents an interface class from which the api provider-specific
-    plugins must be derived as child classes
-
-    To implement fill the methods `create_cluster` and `delete_cluster` with
-    api provider-specific functionalities for creating and deleting clusters.
-    The `create_cluster` method must ensure that the kubeconfigfile is provided
-    at the position in the file system defined by the parameter
-    `kubeconfig_filepath`
+    An abstract base class for writing Kubernetes cluster provider plugins.
 
-    - Implement `create_cluster` and `delete_cluster` methods
-    - Create `__init__(self, config_file)` method to handle api specific
-      configurations.
+    - Implement the methods `create_cluster` and `delete_cluster`.
+    - Create the method `__init__(self, config, basepath, cwd)` to
+      handle API-specific configuration.
 
     Example:
         .. code:: python
+          import os.path
 
           from interface import KubernetesClusterPlugin
           from apiX_library import cluster_api_class as ClusterAPI
 
           class PluginX(KubernetesClusterPlugin):
 
-              def __init__(self, config_file):
-                  self.config = config_file
+              def __init__(self, config, basepath, cwd):
+                  self.config = config
+                  self.basepath = basepath  # find other config files here
+                  self.cwd = cwd  # create new files here
 
-              def create_cluster(self, cluster_name, version, kubeconfig_filepath):
-                  self.cluster = ClusterAPI(name=cluster_name, image=cluster_image, kubeconfig_filepath)
-                  self.cluster.create(self.config)
+              def create_cluster(self):
+                  kubeconfig_path = os.path.join(self.cwd, 'kubeconfig.yaml')
+                  ClusterAPI(name=self.config['name']).create(kubeconfig_path)
 
               def delete_cluster(self, cluster_name):
-                  self.cluster = ClusterAPI(cluster_name)
-                  self.cluster.delete()
+                  ClusterAPI(name=self.config['name']).delete()
         ..
     """
 
-    def create_cluster(self, cluster_name, version, kubeconfig_filepath):
-        """
-        This method is to be called to create a k8s cluster
-        :param: cluster_name:
-        :param: version:
-        :param: kubeconfig_filepath:
-        """
+    def create_cluster(self):
         raise NotImplementedError
 
-    def delete_cluster(self, cluster_name):
-        """
-        This method is to be called in order to unprovision a cluster
-        :param: cluster_name:
-        """
+    def delete_cluster(self):
         raise NotImplementedError