Add ssm test based on ClusterClass

Author: Winnie Kwon

test/e2e/data/infrastructure-aws/kustomize_sources/topology/cluster-template.yaml

@@ -13,21 +13,25 @@ spec:
     class: "quick-start"
     version: "${KUBERNETES_VERSION}"
     controlPlane:
-      replicas: ${CONTROL_PLANE_MACHINE_COUNT}
+      replicas: "${CONTROL_PLANE_MACHINE_COUNT}"
     workers:
       machineDeployments:
       - class: "default-worker"
         name: "md-0"
-        replicas: ${WORKER_MACHINE_COUNT}
+        replicas: "${WORKER_MACHINE_COUNT}"
     variables:
     - name: region
-      value: ${AWS_REGION}
+      value: "${AWS_REGION}"
     - name: sshKeyName
-      value: ${AWS_SSH_KEY_NAME}
+      value: "${AWS_SSH_KEY_NAME}"
     - name: controlPlaneMachineType
-      value: ${AWS_CONTROL_PLANE_MACHINE_TYPE}
+      value: "${AWS_CONTROL_PLANE_MACHINE_TYPE}"
     - name: workerMachineType
-      value: ${AWS_NODE_MACHINE_TYPE}
+      value: "${AWS_NODE_MACHINE_TYPE}"
+    - name: secureSecretsBackend
+      value: "ssm-parameter-store"
+    - name: healthCheckProtocol
+      value: "TCP"
 ---
 apiVersion: v1
 data: ${CNI_RESOURCES}

test/e2e/data/infrastructure-aws/kustomize_sources/topology/clusterclass-quick-start.yaml

@@ -57,78 +57,115 @@ spec:
       openAPIV3Schema:
         type: string
         default: t3.large
+  - name: secureSecretsBackend
+    required: false
+    schema:
+      openAPIV3Schema:
+        type: string
+        default: secrets-manager
+  - name: healthCheckProtocol
+    required: false
+    schema:
+      openAPIV3Schema:
+        type: string
+        default: SSL
   patches:
-  - name: region
+  - name: awsClusterTemplateGeneral
     definitions:
-    - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-        kind: AWSClusterTemplate
-        matchResources:
-          infrastructureCluster: true
-      jsonPatches:
-      - op: add
-        path: /spec/template/spec/region
-        valueFrom:
-          variable: region
-  - name: sshKeyName
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSClusterTemplate
+          matchResources:
+            infrastructureCluster: true
+        jsonPatches:
+          - op: add
+            path: "/spec/template/spec/region"
+            valueFrom:
+              variable: region
+          - op: add
+            path: "/spec/template/spec/sshKeyName"
+            valueFrom:
+              variable: sshKeyName
+  - name: awsMachineTemplateControlPlane
     definitions:
-    - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-        kind: AWSClusterTemplate
-        matchResources:
-          infrastructureCluster: true
-      jsonPatches:
-      - op: add
-        path: /spec/template/spec/sshKeyName
-        valueFrom:
-          variable: sshKeyName
-    - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-        kind: AWSMachineTemplate
-        matchResources:
-          controlPlane: true
-          machineDeploymentClass:
-            names:
-            - default-worker
-      jsonPatches:
-      - op: add
-        path: /spec/template/spec/sshKeyName
-        valueFrom:
-          variable: sshKeyName
-  - name: controlPlaneMachineType
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSMachineTemplate
+          matchResources:
+            controlPlane: true
+        jsonPatches:
+          - op: replace
+            path: "/spec/template/spec/instanceType"
+            valueFrom:
+              variable: controlPlaneMachineType
+          - op: add
+            path: "/spec/template/spec/sshKeyName"
+            valueFrom:
+              variable: sshKeyName
+  - name: awsMachineTemplateWorker
     definitions:
-    - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-        kind: AWSMachineTemplate
-        matchResources:
-          controlPlane: true
-      jsonPatches:
-      - op: replace
-        path: /spec/template/spec/instanceType
-        valueFrom:
-          variable: controlPlaneMachineType
-  - name: workerMachineType
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSMachineTemplate
+          matchResources:
+            machineDeploymentClass:
+              names:
+                - default-worker
+        jsonPatches:
+          - op: replace
+            path: "/spec/template/spec/instanceType"
+            valueFrom:
+              variable: workerMachineType
+          - op: add
+            path: "/spec/template/spec/sshKeyName"
+            valueFrom:
+              variable: sshKeyName
+  - name: secureSecretsBackend
+    enabledIf: '{{if .secureSecretsBackend }}true{{end}}'
     definitions:
-    - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-        kind: AWSMachineTemplate
-        matchResources:
-          machineDeploymentClass:
-            names:
-            - default-worker
-      jsonPatches:
-      - op: replace
-        path: /spec/template/spec/instanceType
-        valueFrom:
-          variable: workerMachineType
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSMachineTemplate
+          matchResources:
+            controlPlane: true
+        jsonPatches:
+          - op: add
+            path: "/spec/template/spec/cloudInit/secureSecretsBackend"
+            valueFrom:
+              variable: secureSecretsBackend
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSMachineTemplate
+          matchResources:
+            machineDeploymentClass:
+              names:
+                - default-worker
+        jsonPatches:
+          - op: add
+            path: "/spec/template/spec/cloudInit/secureSecretsBackend"
+            valueFrom:
+              variable: secureSecretsBackend
+  - name: healthCheckProtocol
+    enabledIf: '{{if .healthCheckProtocol }}true{{end}}'
+    definitions:
+      - selector:
+          apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+          kind: AWSClusterTemplate
+          matchResources:
+            infrastructureCluster: true
+        jsonPatches:
+          - op: add
+            path: "/spec/template/spec/controlPlaneLoadBalancer/healthCheckProtocol"
+            valueFrom:
+              variable: healthCheckProtocol
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AWSClusterTemplate
 metadata:
   name: quick-start
 spec:
   template:
-    spec: { }
+    spec: {}
 ---
 kind: KubeadmControlPlaneTemplate
 apiVersion: controlplane.cluster.x-k8s.io/v1beta1
@@ -166,6 +203,7 @@ spec:
       # instanceType is a required field (OpenAPI schema).
       instanceType: REPLACEME
       iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io"
+      cloudInit: {}
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AWSMachineTemplate
@@ -177,11 +215,12 @@ spec:
       # instanceType is a required field (OpenAPI schema).
       instanceType: REPLACEME
       iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io"
+      cloudInit: {}
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
-  name: "quick-start-worker-bootstraptemplate"
+  name: quick-start-worker-bootstraptemplate
 spec:
   template:
     spec:

test/e2e/shared/defaults.go

@@ -49,6 +49,7 @@ const (
 	LimitAzFlavor                        = "limit-az"
 	SpotInstancesFlavor                  = "spot-instances"
 	SSMFlavor                            = "ssm"
+	TopologyFlavor                       = "topology"
 	UpgradeToMain                        = "upgrade-to-main"
 	ExternalCloudProvider                = "external-cloud-provider"
 	SimpleMultitenancyFlavor             = "simple-multitenancy"

test/e2e/suites/unmanaged/unmanaged_CAPI_quick_clusterclass_test.go

@@ -61,7 +61,7 @@ var _ = ginkgo.Context("[unmanaged] [Cluster API Framework] [smoke] [PR-Blocking
 				BootstrapClusterProxy: e2eCtx.Environment.BootstrapClusterProxy,
 				ArtifactFolder:        e2eCtx.Settings.ArtifactFolder,
 				SkipCleanup:           e2eCtx.Settings.SkipCleanup,
-				Flavor:                pointer.String("topology"),
+				Flavor:                pointer.String(shared.TopologyFlavor),
 			}
 		})
 		ginkgo.AfterEach(func() {

test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go

@@ -33,6 +33,7 @@ import (
 
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-aws/test/e2e/shared"
+	"sigs.k8s.io/cluster-api/test/framework"
 	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
 	"sigs.k8s.io/cluster-api/util"
 )
@@ -90,4 +91,38 @@ var _ = ginkgo.Context("[unmanaged] [functional] [ClusterClass]", func() {
 			ginkgo.By("PASSED!")
 		})
 	})
+
+	ginkgo.Describe("Workload cluster with AWS SSM Parameter as the Secret Backend [ClusterClass]", func() {
+		ginkgo.It("should be creatable and deletable", func() {
+			specName := "functional-test-ssm-parameter-store-clusterclass"
+			requiredResources = &shared.TestResource{EC2Normal: 2 * e2eCtx.Settings.InstanceVCPU, IGW: 1, NGW: 1, VPC: 1, ClassicLB: 1, EIP: 3}
+			requiredResources.WriteRequestedResources(e2eCtx, specName)
+			Expect(shared.AcquireResources(requiredResources, config.GinkgoConfig.ParallelNode, flock.New(shared.ResourceQuotaFilePath))).To(Succeed())
+			defer shared.ReleaseResources(requiredResources, config.GinkgoConfig.ParallelNode, flock.New(shared.ResourceQuotaFilePath))
+			namespace := shared.SetupSpecNamespace(ctx, specName, e2eCtx)
+			defer shared.DumpSpecResourcesAndCleanup(ctx, "", namespace, e2eCtx)
+
+			ginkgo.By("Creating a cluster")
+			clusterName := fmt.Sprintf("cluster-%s", util.RandomString(6))
+			configCluster := defaultConfigCluster(clusterName, namespace.Name)
+			configCluster.ControlPlaneMachineCount = pointer.Int64Ptr(1)
+			configCluster.WorkerMachineCount = pointer.Int64Ptr(1)
+			configCluster.Flavor = shared.TopologyFlavor
+			_, md, _ := createCluster(ctx, configCluster, result)
+
+			workerMachines := framework.GetMachinesByMachineDeployments(ctx, framework.GetMachinesByMachineDeploymentsInput{
+				Lister:            e2eCtx.Environment.BootstrapClusterProxy.GetClient(),
+				ClusterName:       clusterName,
+				Namespace:         namespace.Name,
+				MachineDeployment: *md[0],
+			})
+			controlPlaneMachines := framework.GetControlPlaneMachinesByCluster(ctx, framework.GetControlPlaneMachinesByClusterInput{
+				Lister:      e2eCtx.Environment.BootstrapClusterProxy.GetClient(),
+				ClusterName: clusterName,
+				Namespace:   namespace.Name,
+			})
+			Expect(len(workerMachines)).To(Equal(1))
+			Expect(len(controlPlaneMachines)).To(Equal(1))
+		})
+	})
 })