Add multi-tenancy test based on ClusterClass

Winnie Kwon · Winnie Kwon · commit ccb2cca09f50 · 2022-04-13T08:11:38.000-07:00
Also, renamed unmanaged_CAPI_quick_test_cluster_class.go to
unmanaged_CAPI_quick_clusterclass_test.go as there are linter rules that
applies to test files and the assumption is that test files end with `_test.go`.
diff --git a/test/e2e/data/e2e_conf.yaml b/test/e2e/data/e2e_conf.yaml
@@ -229,6 +229,8 @@ providers:
           - sourcePath: "./infrastructure-aws/generated/cluster-template-peered-remote.yaml"
           - sourcePath: "./infrastructure-aws/generated/cluster-template-internal-elb.yaml"
           - sourcePath: "./infrastructure-aws/kustomize_sources/topology/clusterclass-quick-start.yaml"
+          - sourcePath: "./infrastructure-aws/generated/cluster-template-nested-multitenancy-clusterclass.yaml"
+          - sourcePath: "./infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/clusterclass-multi-tenancy.yaml"
           - sourcePath: "./shared/v1beta1_provider/metadata.yaml"
           - sourcePath: "./infrastructure-aws/generated/cluster-template-ignition.yaml"
         replacements:
diff --git a/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/cluster-template.yaml b/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/cluster-template.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  labels:
+    cni: ${CLUSTER_NAME}-crs-0
+  name: "${CLUSTER_NAME}"
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks: ["192.168.0.0/16"]
+  topology:
+    class: "multi-tenancy"
+    version: "${KUBERNETES_VERSION}"
+    controlPlane:
+      replicas: ${CONTROL_PLANE_MACHINE_COUNT}
+    workers:
+      machineDeployments:
+      - class: "default-worker"
+        name: "md-0"
+        replicas: ${WORKER_MACHINE_COUNT}
+    variables:
+    - name: region
+      value: ${AWS_REGION}
+    - name: sshKeyName
+      value: ${AWS_SSH_KEY_NAME}
+    - name: controlPlaneMachineType
+      value: ${AWS_CONTROL_PLANE_MACHINE_TYPE}
+    - name: workerMachineType
+      value: ${AWS_NODE_MACHINE_TYPE}
+    - name: bastionEnabled
+      value: true
+    - name: vpcAZUsageLimit
+      value: 1
+    - name: identityRef
+      value:
+        kind: AWSClusterRoleIdentity
+        name: "${MULTI_TENANCY_NESTED_IDENTITY_NAME}"
+---
+apiVersion: v1
+data: ${CNI_RESOURCES}
+kind: ConfigMap
+metadata:
+  name: cni-${CLUSTER_NAME}-crs-0
+---
+apiVersion: addons.cluster.x-k8s.io/v1beta1
+kind: ClusterResourceSet
+metadata:
+  name: ${CLUSTER_NAME}-crs-0
+spec:
+  clusterSelector:
+    matchLabels:
+      cni: ${CLUSTER_NAME}-crs-0
+  resources:
+  - kind: ConfigMap
+    name: cni-${CLUSTER_NAME}-crs-0
+  strategy: ApplyOnce
diff --git a/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/clusterclass-multi-tenancy.yaml b/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/clusterclass-multi-tenancy.yaml
@@ -0,0 +1,214 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: ClusterClass
+metadata:
+  name: multi-tenancy
+spec:
+  controlPlane:
+    ref:
+      apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+      kind: KubeadmControlPlaneTemplate
+      name: multi-tenancy-control-plane
+    machineInfrastructure:
+      ref:
+        kind: AWSMachineTemplate
+        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        name: multi-tenancy-control-plane
+  infrastructure:
+    ref:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      kind: AWSClusterTemplate
+      name: multi-tenancy
+  workers:
+    machineDeployments:
+    - class: default-worker
+      template:
+        bootstrap:
+          ref:
+            apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+            kind: KubeadmConfigTemplate
+            name: multi-tenancy-worker-bootstraptemplate
+        infrastructure:
+          ref:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: AWSMachineTemplate
+            name: multi-tenancy-worker-machinetemplate
+  variables:
+    - name: region
+      required: true
+      schema:
+        openAPIV3Schema:
+          type: string
+          default: us-east-1
+    - name: sshKeyName
+      required: true
+      schema:
+        openAPIV3Schema:
+          type: string
+          default: default
+    - name: controlPlaneMachineType
+      required: true
+      schema:
+        openAPIV3Schema:
+          type: string
+          default: t3.large
+    - name: workerMachineType
+      required: true
+      schema:
+        openAPIV3Schema:
+          type: string
+          default: t3.large
+    - name: bastionEnabled
+      required: false
+      schema:
+        openAPIV3Schema:
+          type: boolean
+    - name: vpcAZUsageLimit
+      required: false
+      schema:
+        openAPIV3Schema:
+          type: integer
+    - name: identityRef
+      required: false
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            kind:
+              type: string
+            name:
+              type: string
+          required:
+          - kind
+          - name
+  patches:
+    - name: awsClusterTemplateGeneral
+      definitions:
+        - selector:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: AWSClusterTemplate
+            matchResources:
+              infrastructureCluster: true
+          jsonPatches:
+            - op: add
+              path: "/spec/template/spec/region"
+              valueFrom:
+                variable: region
+            - op: add
+              path: "/spec/template/spec/sshKeyName"
+              valueFrom:
+                variable: sshKeyName
+            - op: replace
+              path: "/spec/template/spec/bastion/enabled"
+              valueFrom:
+                variable: bastionEnabled
+            - op: replace
+              path: "/spec/template/spec/network/vpc/availabilityZoneUsageLimit"
+              valueFrom:
+                variable: vpcAZUsageLimit
+            - op: replace
+              path: "/spec/template/spec/identityRef"
+              valueFrom:
+                variable: identityRef
+    - name: awsMachineTemplateControlPlane
+      definitions:
+        - selector:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: AWSMachineTemplate
+            matchResources:
+              controlPlane: true
+          jsonPatches:
+            - op: replace
+              path: "/spec/template/spec/instanceType"
+              valueFrom:
+                variable: controlPlaneMachineType
+            - op: add
+              path: "/spec/template/spec/sshKeyName"
+              valueFrom:
+                variable: sshKeyName
+    - name: awsMachineTemplateWorker
+      definitions:
+        - selector:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: AWSMachineTemplate
+            matchResources:
+              machineDeploymentClass:
+                names:
+                  - default-worker
+          jsonPatches:
+            - op: replace
+              path: "/spec/template/spec/instanceType"
+              valueFrom:
+                variable: workerMachineType
+            - op: add
+              path: "/spec/template/spec/sshKeyName"
+              valueFrom:
+                variable: sshKeyName
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSClusterTemplate
+metadata:
+  name: multi-tenancy
+spec:
+  template:
+    spec: {}
+---
+kind: KubeadmControlPlaneTemplate
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+metadata:
+  name: multi-tenancy-control-plane
+spec:
+  template:
+    spec:
+      kubeadmConfigSpec:
+        clusterConfiguration:
+          apiServer:
+            extraArgs:
+              cloud-provider: aws
+          controllerManager:
+            extraArgs:
+              cloud-provider: aws
+        initConfiguration:
+          nodeRegistration:
+            name: '{{ ds.meta_data.local_hostname }}'
+            kubeletExtraArgs:
+              cloud-provider: aws
+        joinConfiguration:
+          nodeRegistration:
+            name: '{{ ds.meta_data.local_hostname }}'
+            kubeletExtraArgs:
+              cloud-provider: aws
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSMachineTemplate
+metadata:
+  name: multi-tenancy-control-plane
+spec:
+  template:
+    spec:
+      # instanceType is a required field (OpenAPI schema).
+      instanceType: REPLACEME
+      iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io"
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSMachineTemplate
+metadata:
+  name: multi-tenancy-worker-machinetemplate
+spec:
+  template:
+    spec:
+      # instanceType is a required field (OpenAPI schema).
+      instanceType: REPLACEME
+      iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io"
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfigTemplate
+metadata:
+  name: "multi-tenancy-worker-bootstraptemplate"
+spec:
+  template:
+    spec:
+      joinConfiguration:
+        nodeRegistration:
+          name: '{{ ds.meta_data.local_hostname }}'
+          kubeletExtraArgs:
+            cloud-provider: aws
diff --git a/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/kustomization.yaml b/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster-template.yaml
+  - role.yaml
diff --git a/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/role.yaml b/test/e2e/data/infrastructure-aws/kustomize_sources/nested-multitenancy-clusterclass/role.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSClusterRoleIdentity
+metadata:
+  name: "${MULTI_TENANCY_JUMP_IDENTITY_NAME}"
+spec:
+  roleARN: "${MULTI_TENANCY_JUMP_ROLE_ARN}"
+  durationSeconds: 900
+  sessionName: "${MULTI_TENANCY_JUMP_IDENTITY_NAME}-session"
+  sourceIdentityRef:
+    kind: AWSClusterControllerIdentity
+    name: "default"
+  allowedNamespaces: {}
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSClusterRoleIdentity
+metadata:
+  name: "${MULTI_TENANCY_NESTED_IDENTITY_NAME}"
+spec:
+  roleARN: "${MULTI_TENANCY_NESTED_ROLE_ARN}"
+  sessionName: "${MULTI_TENANCY_NESTED_IDENTITY_NAME}-session"
+  sourceIdentityRef:
+    kind: AWSClusterRoleIdentity
+    name: "${MULTI_TENANCY_JUMP_IDENTITY_NAME}"
+  allowedNamespaces: {}
diff --git a/test/e2e/shared/defaults.go b/test/e2e/shared/defaults.go
@@ -35,31 +35,32 @@ import (
 
 // Constants.
 const (
-	DefaultSSHKeyPairName        = "cluster-api-provider-aws-sigs-k8s-io"
-	AMIPrefix                    = "capa-ami-ubuntu-18.04-"
-	DefaultImageLookupOrg        = "258751437250"
-	KubernetesVersion            = "KUBERNETES_VERSION"
-	KubernetesVersionManagement  = "KUBERNETES_VERSION_MANAGEMENT"
-	CNIPath                      = "CNI"
-	CNIResources                 = "CNI_RESOURCES"
-	AwsNodeMachineType           = "AWS_NODE_MACHINE_TYPE"
-	AwsAvailabilityZone1         = "AWS_AVAILABILITY_ZONE_1"
-	AwsAvailabilityZone2         = "AWS_AVAILABILITY_ZONE_2"
-	MultiAzFlavor                = "multi-az"
-	LimitAzFlavor                = "limit-az"
-	SpotInstancesFlavor          = "spot-instances"
-	SSMFlavor                    = "ssm"
-	UpgradeToMain                = "upgrade-to-main"
-	ExternalCloudProvider        = "external-cloud-provider"
-	SimpleMultitenancyFlavor     = "simple-multitenancy"
-	NestedMultitenancyFlavor     = "nested-multitenancy"
-	KCPScaleInFlavor             = "kcp-scale-in"
-	IgnitionFlavor               = "ignition"
-	StorageClassOutTreeZoneLabel = "topology.ebs.csi.aws.com/zone"
-	GPUFlavor                    = "gpu"
-	InstanceVcpu                 = "AWS_MACHINE_TYPE_VCPU_USAGE"
-	PreCSIKubernetesVer          = "PRE_1_23_KUBERNETES_VERSION"
-	PostCSIKubernetesVer         = "POST_1_23_KUBERNETES_VERSION"
+	DefaultSSHKeyPairName                = "cluster-api-provider-aws-sigs-k8s-io"
+	AMIPrefix                            = "capa-ami-ubuntu-18.04-"
+	DefaultImageLookupOrg                = "258751437250"
+	KubernetesVersion                    = "KUBERNETES_VERSION"
+	KubernetesVersionManagement          = "KUBERNETES_VERSION_MANAGEMENT"
+	CNIPath                              = "CNI"
+	CNIResources                         = "CNI_RESOURCES"
+	AwsNodeMachineType                   = "AWS_NODE_MACHINE_TYPE"
+	AwsAvailabilityZone1                 = "AWS_AVAILABILITY_ZONE_1"
+	AwsAvailabilityZone2                 = "AWS_AVAILABILITY_ZONE_2"
+	MultiAzFlavor                        = "multi-az"
+	LimitAzFlavor                        = "limit-az"
+	SpotInstancesFlavor                  = "spot-instances"
+	SSMFlavor                            = "ssm"
+	UpgradeToMain                        = "upgrade-to-main"
+	ExternalCloudProvider                = "external-cloud-provider"
+	SimpleMultitenancyFlavor             = "simple-multitenancy"
+	NestedMultitenancyFlavor             = "nested-multitenancy"
+	NestedMultitenancyClusterClassFlavor = "nested-multitenancy-clusterclass"
+	KCPScaleInFlavor                     = "kcp-scale-in"
+	IgnitionFlavor                       = "ignition"
+	StorageClassOutTreeZoneLabel         = "topology.ebs.csi.aws.com/zone"
+	GPUFlavor                            = "gpu"
+	InstanceVcpu                         = "AWS_MACHINE_TYPE_VCPU_USAGE"
+	PreCSIKubernetesVer                  = "PRE_1_23_KUBERNETES_VERSION"
+	PostCSIKubernetesVer                 = "POST_1_23_KUBERNETES_VERSION"
 )
 
 var ResourceQuotaFilePath = "/tmp/capa-e2e-resource-usage.lock"
diff --git a/test/e2e/suites/unmanaged/helpers_test.go b/test/e2e/suites/unmanaged/helpers_test.go
@@ -76,12 +76,21 @@ type statefulSetInfo struct {
 
 // GetClusterByName returns a Cluster object given his name.
 func GetAWSClusterByName(ctx context.Context, namespace, name string) (*infrav1.AWSCluster, error) {
-	awsCluster := &infrav1.AWSCluster{}
+	cluster := &clusterv1.Cluster{}
 	key := crclient.ObjectKey{
 		Namespace: namespace,
 		Name:      name,
 	}
-	err := e2eCtx.Environment.BootstrapClusterProxy.GetClient().Get(ctx, key, awsCluster)
+	if err := e2eCtx.Environment.BootstrapClusterProxy.GetClient().Get(ctx, key, cluster); err != nil {
+		return nil, err
+	}
+
+	awsCluster := &infrav1.AWSCluster{}
+	awsClusterKey := crclient.ObjectKey{
+		Namespace: namespace,
+		Name:      cluster.Spec.InfrastructureRef.Name,
+	}
+	err := e2eCtx.Environment.BootstrapClusterProxy.GetClient().Get(ctx, awsClusterKey, awsCluster)
 	return awsCluster, err
 }
 
diff --git a/test/e2e/suites/unmanaged/unmanaged_CAPI_quick_clusterclass_test.go b/test/e2e/suites/unmanaged/unmanaged_CAPI_quick_clusterclass_test.go
diff --git a/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go b/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go
