kubernetes-sigs
diff --git a/‎e2e/main_test.go
Lines changed: 104 additions & 0 deletions b/‎e2e/main_test.go
Lines changed: 104 additions & 0 deletions
diff --git a/‎e2e/singleserver_singleagent_test.go
Lines changed: 130 additions & 0 deletions b/‎e2e/singleserver_singleagent_test.go
Lines changed: 130 additions & 0 deletions
diff --git a/‎e2e/templates/agent/clusterrole.yaml
Lines changed: 10 additions & 0 deletions b/‎e2e/templates/agent/clusterrole.yaml
Lines changed: 10 additions & 0 deletions
diff --git a/‎e2e/templates/agent/clusterrolebinding.yaml
Lines changed: 14 additions & 0 deletions b/‎e2e/templates/agent/clusterrolebinding.yaml
Lines changed: 14 additions & 0 deletions
diff --git a/‎e2e/templates/agent/deployment.yaml
Lines changed: 69 additions & 0 deletions b/‎e2e/templates/agent/deployment.yaml
Lines changed: 69 additions & 0 deletions
diff --git a/‎e2e/templates/server/clusterrolebinding.yaml
Lines changed: 14 additions & 0 deletions b/‎e2e/templates/server/clusterrolebinding.yaml
Lines changed: 14 additions & 0 deletions
@@ -0,0 +1,104 @@
+package e2e
+
+import (
+	"context"
+	"flag"
+	"log"
+	"os"
+	"testing"
+
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/e2e-framework/pkg/env"
+	"sigs.k8s.io/e2e-framework/pkg/envconf"
+	"sigs.k8s.io/e2e-framework/pkg/envfuncs"
+	"sigs.k8s.io/e2e-framework/support/kind"
+)
+
+var (
+	testenv     env.Environment
+	agentImage  = flag.String("agent-image", "", "The proxy agent's docker image.")
+	serverImage = flag.String("server-image", "", "The proxy server's docker image.")
+)
+
+func TestMain(m *testing.M) {
+	flag.Parse()
+	if *agentImage == "" {
+		log.Fatalf("must provide agent image with -agent-image")
+	}
+	if *serverImage == "" {
+		log.Fatalf("must provide server image with -server-image")
+	}
+
+	scheme.AddToScheme(scheme.Scheme)
+
+	testenv = env.New()
+	kindClusterName := "kind-test"
+	kindCluster := kind.NewCluster(kindClusterName)
+
+	testenv.Setup(
+		envfuncs.CreateCluster(kindCluster, kindClusterName),
+		envfuncs.LoadImageToCluster(kindClusterName, *agentImage),
+		envfuncs.LoadImageToCluster(kindClusterName, *serverImage),
+		func(ctx context.Context, cfg *envconf.Config) (context.Context, error) {
+			client := cfg.Client()
+
+			// Render agent RBAC templates.
+			agentServiceAccount, _, err := renderAgentTemplate("serviceaccount.yaml", struct{}{})
+			if err != nil {
+				return nil, err
+			}
+			agentClusterRole, _, err := renderAgentTemplate("clusterrole.yaml", struct{}{})
+			if err != nil {
+				return nil, err
+			}
+			agentClusterRoleBinding, _, err := renderAgentTemplate("clusterrolebinding.yaml", struct{}{})
+			if err != nil {
+				return ctx, err
+			}
+
+			// Submit agent RBAC templates to k8s.
+			err = client.Resources().Create(ctx, agentServiceAccount)
+			if err != nil {
+				return ctx, err
+			}
+			err = client.Resources().Create(ctx, agentClusterRole)
+			if err != nil {
+				return ctx, err
+			}
+			err = client.Resources().Create(ctx, agentClusterRoleBinding)
+			if err != nil {
+				return ctx, err
+			}
+
+			// Render server RBAC and Service templates.
+			serverClusterRoleBinding, _, err := renderServerTemplate("clusterrolebinding.yaml", struct{}{})
+			if err != nil {
+				return ctx, err
+			}
+			serverService, _, err := renderServerTemplate("service.yaml", struct{}{})
+			if err != nil {
+				return ctx, err
+			}
+
+			// Submit server templates to k8s.
+			err = client.Resources().Create(ctx, serverClusterRoleBinding)
+			if err != nil {
+				return ctx, err
+			}
+			err = client.Resources().Create(ctx, serverService)
+			if err != nil {
+				return ctx, err
+			}
+
+			return ctx, nil
+		},
+	)
+
+	testenv.Finish(envfuncs.DestroyCluster(kindClusterName))
+
+	os.Exit(testenv.Run(m))
+}
+
+func TestSingleAgentAndServer(t *testing.T) {
+
+}
@@ -0,0 +1,130 @@
+package e2e
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/prometheus/common/expfmt"
+	"sigs.k8s.io/e2e-framework/klient/wait"
+	"sigs.k8s.io/e2e-framework/klient/wait/conditions"
+	"sigs.k8s.io/e2e-framework/pkg/envconf"
+	"sigs.k8s.io/e2e-framework/pkg/features"
+)
+
+func TestSingleServer_SingleAgent_StaticCount(t *testing.T) {
+	serviceHost := "konnectivity-server.kube-system.svc.cluster.local"
+	adminPort := 8093
+
+	serverDeploymentCfg := DeploymentConfig{
+		Replicas: 1,
+		Image:    *serverImage,
+		Args: []KeyValue{
+			{Key: "log-file", Value: "/var/log/konnectivity-server.log"},
+			{Key: "logtostderr", Value: "true"},
+			{Key: "log-file-max-size", Value: "0"},
+			{Key: "uds-name", Value: "/etc/kubernetes/konnectivity-server/konnectivity-server.socket"},
+			{Key: "delete-existing-uds-file"},
+			{Key: "cluster-cert", Value: "/etc/kubernetes/pki/apiserver.crt"},
+			{Key: "cluster-key", Value: "/etc/kubernetes/pki/apiserver.key"},
+			{Key: "server-port", Value: "8090"},
+			{Key: "agent-port", Value: "8091"},
+			{Key: "health-port", Value: "8092"},
+			{Key: "admin-port", Value: strconv.Itoa(adminPort)},
+			{Key: "keepalive-time", Value: "1h"},
+			{Key: "mode", Value: "grpc"},
+			{Key: "agent-namespace", Value: "kube-system"},
+			{Key: "agent-service-account", Value: "konnectivity-agent"},
+			{Key: "kubeconfig", Value: "/etc/kubernetes/admin.conf"},
+			{Key: "authentication-audience", Value: "system:konnectivity-server"},
+			{Key: "server-count", Value: "1"},
+		},
+	}
+	serverDeployment, _, err := renderServerTemplate("deployment.yaml", serverDeploymentCfg)
+	if err != nil {
+		t.Fatalf("could not render server deployment: %v", err)
+	}
+
+	agentDeploymentCfg := DeploymentConfig{
+		Replicas: 1,
+		Image:    *agentImage,
+		Args: []KeyValue{
+			{Key: "logtostderr", Value: "true"},
+			{Key: "ca-cert", Value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},
+			{Key: "proxy-server-host", Value: serviceHost},
+			{Key: "proxy-server-port", Value: "8091"},
+			{Key: "sync-interval", Value: "1s"},
+			{Key: "sync-interval-cap", Value: "10s"},
+			{Key: "sync-forever"},
+			{Key: "probe-interval", Value: "1s"},
+			{Key: "service-account-token-path", Value: "/var/run/secrets/tokens/konnectivity-agent-token"},
+			{Key: "server-count", Value: "1"},
+		},
+	}
+	agentDeployment, _, err := renderAgentTemplate("deployment.yaml", agentDeploymentCfg)
+	if err != nil {
+		t.Fatalf("could not render agent deployment: %v", err)
+	}
+
+	feature := features.New("konnectivity server and agent deployment with single replica for each")
+	feature.Setup(func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+		client := cfg.Client()
+		err := client.Resources().Create(ctx, serverDeployment)
+		if err != nil {
+			t.Fatalf("could not create server deployment: %v", err)
+		}
+
+		err = client.Resources().Create(ctx, agentDeployment)
+		if err != nil {
+			t.Fatalf("could not create agent deployment: %v", err)
+		}
+
+		err = wait.For(
+			conditions.New(client.Resources()).DeploymentAvailable(agentDeployment.GetName(), agentDeployment.GetNamespace()),
+			wait.WithTimeout(1*time.Minute),
+			wait.WithInterval(10*time.Second),
+		)
+		if err != nil {
+			t.Fatalf("waiting for agent deployment failed: %v", err)
+		}
+
+		err = wait.For(
+			conditions.New(client.Resources()).DeploymentAvailable(serverDeployment.GetName(), serverDeployment.GetNamespace()),
+			wait.WithTimeout(1*time.Minute),
+			wait.WithInterval(10*time.Second),
+		)
+		if err != nil {
+			t.Fatalf("waiting for server deployment failed: %v", err)
+		}
+
+		return ctx
+	})
+	feature.Assess("konnectivity server has a connected client", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+		resp, err := http.Get(fmt.Sprintf("%v:%v/metrics", serviceHost, adminPort))
+		if err != nil {
+			t.Fatalf("could not read server metrics: %v", err)
+		}
+
+		metricsParser := &expfmt.TextParser{}
+		metricsFamilies, err := metricsParser.TextToMetricFamilies(resp.Body)
+		defer resp.Body.Close()
+		if err != nil {
+			t.Fatalf("could not parse server metrics: %v", err)
+		}
+
+		connectionsMetric, exists := metricsFamilies["konnectivity_network_proxy_server_ready_backend_connections"]
+		if !exists {
+			t.Fatalf("couldn't find number of ready backend connections in metrics: %v", metricsFamilies)
+		}
+
+		numConnections := int(connectionsMetric.GetMetric()[0].GetGauge().GetValue())
+		if numConnections != 1 {
+			t.Errorf("incorrect number of connected agents (want: 1, got: %v)", numConnections)
+		}
+
+		return ctx
+	})
+}
@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:konnectivity-agent
+  labels:
+    kubernetes.io/cluster-service: "true"
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list"]
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/rbacv1
+kind: ClusterRoleBinding
+metadata:
+  name: system:konnectivity-agent
+  labels:
+    kubernetes.io/cluster-service: "true"
+subjects:
+- kind: ServiceAccount
+  name: konnectivity-agent
+  namespace:  kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:konnectivity-agent
+  apiGroup: rbac.authorization.k8s.io
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: konnectivity-agent
+  namespace: kube-system
+  name: konnectivity-agent
+spec:
+  replicas: {{ .Replicas }}
+  selector:
+    matchLabels:
+      k8s-app: konnectivity-agent
+  template:
+    metadata:
+      labels:
+        k8s-app: konnectivity-agent
+    spec:
+      containers:
+      - name: konnectivity-agent-container
+        image: {{ .Image }}
+        resources:
+          requests:
+            cpu: 50m
+          limits:
+            memory: 30Mi
+        command: [ "/proxy-agent"]
+        args: [
+          {{ range .Args }}
+          "--{{ .Key }}{{if ne .Value ""}}={{ .Value }}{{ end }}",
+          {{ end }}
+          ]
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: HOST_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.hostIP
+        livenessProbe:
+          httpGet:
+            scheme: HTTP
+            port: 8093
+            path: /healthz
+          initialDelaySeconds: 15
+          timeoutSeconds: 15
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            port: 8093
+            path: /readyz
+          initialDelaySeconds: 15
+          timeoutSeconds: 15
+        volumeMounts:
+          - mountPath: /var/run/secrets/tokens
+            name: konnectivity-agent-token
+      serviceAccountName: konnectivity-agent
+      volumes:
+      - name: konnectivity-agent-token
+        projected:
+          sources:
+          - serviceAccountToken:
+              path: konnectivity-agent-token
+              audience: system:konnectivity-server
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:konnectivity-server
+  labels:
+    kubernetes.io/cluster-service: "true"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: system:konnectivity-server