Implement end-to-end EKS integration test (#154)

Author: fredjywang

.github/.codecov.yml

@@ -24,5 +24,5 @@ ignore:
   - "config/**/*"
   - "pkg/apis/**/*"
   - "mocks/**/*"
-  - "integration/scenarios/**/*"
+  - "integration/shared/scenarios/**/*"
   - "pkg/common/logger.go"

.github/workflows/integration-test.yml

@@ -26,10 +26,10 @@ jobs:
       - name: Set up env
         run: source ~/.bashrc
       - name: Start clean
-        run: make integration-cleanup
+        run: make kind-integration-cleanup
       - name: Set up cluster
-        run: make integration-setup
+        run: make kind-integration-setup
       - name: Run tests
-        run: make integration-run
+        run: make kind-integration-run
       - name: Clean up clusters
-        run: make integration-cleanup
+        run: make kind-integration-cleanup

CONTRIBUTING.md

@@ -173,15 +173,15 @@ You must first push a Docker image containing the changes to a Docker repository
 If you are deploying to cluster using kustomize templates from the `config` directory, you will need to override the image URI away from `ghcr.io/aws/aws-cloud-map-mcs-controller-for-k8s` in order to use your own docker images.
 
 
-## Integration testing
+## Local integration testing
 The end-to-end integration test suite can be run locally to validate controller core functionality. This will provision a local Kind cluster and build and run the AWS Cloud Map MCS Controller for K8s. The test will verify service endpoints sync with AWS Cloud Map. If successful, the suite will then de-provision the local test cluster and delete AWS Cloud Map namespace `aws-cloud-map-mcs-e2e` along with test service and service instance resources:
 ```sh
-make integration-suite
+make kind-integration-suite
 ```
 
 If integration test suite fails for some reason, you can perform a cleanup:
 ```sh
-make integration-cleanup
+make kind-integration-cleanup
 ```
 
 ## Build and push docker image to ECR

Makefile

@@ -79,20 +79,36 @@ test-setup: ## setup test environment
 	test -f ${ENVTEST_ASSETS_DIR}/setup-envtest.sh || curl -sSLo ${ENVTEST_ASSETS_DIR}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.8.3/hack/setup-envtest.sh
 	source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR)
 
-integration-suite: ## Provision and run integration tests with cleanup
-	make integration-setup && \
-	make integration-run && \
-	make integration-cleanup
+kind-integration-suite: ## Provision and run integration tests with cleanup
+	make kind-integration-setup && \
+	make kind-integration-run && \
+	make kind-integration-cleanup
 
-integration-setup: build kind test-setup ## Setup the integration test using kind clusters
-	@./integration/scripts/setup-kind.sh
+kind-integration-setup: build kind test-setup ## Setup the integration test using kind clusters
+	@./integration/kind-test/scripts/setup-kind.sh
 
-integration-run: ## Run the integration test controller
-	@./integration/scripts/run-tests.sh
+kind-integration-run: ## Run the integration test controller
+	@./integration/kind-test/scripts/run-tests.sh
 
-integration-cleanup: kind  ## Cleanup integration test resources in Cloud Map and local kind cluster
-	@./integration/scripts/cleanup-cloudmap.sh
-	@./integration/scripts/cleanup-kind.sh
+kind-integration-cleanup: kind  ## Cleanup integration test resources in Cloud Map and local kind cluster
+	@./integration/kind-test/scripts/cleanup-kind.sh
+
+eks-integration-suite: ## Provision and run EKS integration tests with cleanup
+	make eks-integration-setup && \
+	make eks-integration-run && \
+	make eks-integration-cleanup
+
+eks-integration-setup: build test-setup ## Setup the integration test using EKS clusters
+	@./integration/eks-test/scripts/eks-setup.sh
+
+eks-integration-run: ## Run the integration test controller
+	@./integration/eks-test/scripts/eks-run-tests.sh
+
+eks-integration-cleanup:  ## Cleanup integration test resources in Cloud Map and EKS cluster
+	@./integration/eks-test/scripts/eks-cleanup.sh
+
+eks-test:
+	@./integration/eks-test/scripts/eks-test.sh
 
 ##@ Build
 

integration/eks-test/configs/client-hello.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: client-hello
+  namespace: aws-cloud-map-mcs-eks-e2e
+spec:
+  containers:
+    - command:
+        - sleep
+        - "1d"
+      image: alpine
+      name: client-hello

integration/eks-test/configs/coredns-clusterrole.yaml

@@ -0,0 +1,58 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    eks.amazonaws.com/component: coredns
+    k8s-app: kube-dns
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  - pods
+  - namespaces
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - multicluster.x-k8s.io
+  resources:
+  - serviceimports
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - multicluster.x-k8s.io
+  resources:
+  - serviceexports
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch

integration/eks-test/configs/coredns-configmap.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        multicluster clusterset.local
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+kind: ConfigMap
+metadata:
+  annotations:
+  labels:
+    eks.amazonaws.com/component: coredns
+    k8s-app: kube-dns
+  name: coredns
+  namespace: kube-system

integration/eks-test/configs/coredns-deployment.yaml

@@ -0,0 +1,137 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    eks.amazonaws.com/component: coredns
+    k8s-app: kube-dns
+    kubernetes.io/name: CoreDNS
+  name: coredns
+  namespace: kube-system
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 2
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      eks.amazonaws.com/component: coredns
+      k8s-app: kube-dns
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        eks.amazonaws.com/compute-type: ec2
+      creationTimestamp: null
+      labels:
+        eks.amazonaws.com/component: coredns
+        k8s-app: kube-dns
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: beta.kubernetes.io/os
+                operator: In
+                values:
+                - linux
+              - key: beta.kubernetes.io/arch
+                operator: In
+                values:
+                - amd64
+                - arm64
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - kube-dns
+              topologyKey: kubernetes.io/hostname
+            weight: 100
+      containers:
+      - args:
+        - -conf
+        - /etc/coredns/Corefile
+        image: ghcr.io/aws/aws-cloud-map-mcs-controller-for-k8s/coredns-multicluster/coredns:v1.8.6
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: coredns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9153
+          name: metrics
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources:
+          limits:
+            memory: 170Mi
+          requests:
+            cpu: 100m
+            memory: 70Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /etc/coredns
+          name: config-volume
+          readOnly: true
+        - mountPath: /tmp
+          name: tmp
+      dnsPolicy: Default
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: coredns
+      serviceAccountName: coredns
+      terminationGracePeriodSeconds: 30
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - key: CriticalAddonsOnly
+        operator: Exists
+      volumes:
+      - emptyDir: {}
+        name: tmp
+      - configMap:
+          defaultMode: 420
+          items:
+          - key: Corefile
+            path: Corefile
+          name: coredns
+        name: config-volume

integration/eks-test/configs/eksctl-cluster.yaml

@@ -0,0 +1,18 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+metadata:
+  name: $CLUSTER_NAME
+  region: $AWS_REGION
+  version: "1.22"
+vpc:
+  cidr: $VPC_CIDR
+  autoAllocateIPv6: false
+  clusterEndpoints:
+    publicAccess: true
+    privateAccess: true
+managedNodeGroups:
+- name: $NODEGROUP_NAME
+  instanceType: t3.small
+  minSize: 1
+  maxSize: 10
+  desiredCapacity: 1

integration/eks-test/configs/nginx-deployment.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: aws-cloud-map-mcs-eks-e2e
+  name: nginx-demo
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginxdemos/hello:plain-text
+          ports:
+            - containerPort: 80