Injecting toxiproxy between CAPC and ACS

Author: jweite-amazon

Makefile

@@ -236,7 +236,7 @@ tilt-up: cluster-api kind-cluster cluster-api/tilt-settings.json manifests ## Se
 
 .PHONY: kind-cluster
 kind-cluster: cluster-api ## Create a kind cluster with a local Docker repository.
-	-./cluster-api/hack/kind-install-for-capd.sh
+	./cluster-api/hack/kind-install-for-capd.sh
 
 cluster-api: ## Clone cluster-api repository for tilt use.
 	git clone --branch v1.0.0 --depth 1 https://github.com/kubernetes-sigs/cluster-api.git

test/e2e/deploy_app_toxi.go

@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"sigs.k8s.io/cluster-api-provider-cloudstack-staging/test/e2e/helpers"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
 	"sigs.k8s.io/cluster-api/util"
@@ -35,20 +36,23 @@ import (
 // DeployAppToxiSpec implements a test that verifies that an app deployed to the workload cluster works.
 func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput) {
 	var (
-		specName                  = "deploy-app-toxi"
-		input                     CommonSpecInput
-		namespace                 *corev1.Namespace
-		cancelWatches             context.CancelFunc
-		clusterResources          *clusterctl.ApplyClusterTemplateAndWaitResult
-		toxicName                 string
-		toxiProxyContext          *helpers.ToxiProxyContext = nil
-		appName                                             = "httpd"
-		appManifestPath                                     = "data/fixture/sample-application.yaml"
-		expectedHtmlPath                                    = "data/fixture/expected-webpage.html"
-		appDeploymentReadyTimeout                           = 180
-		appPort                                             = 8080
-		appDefaultHtmlPath                                  = "/"
-		expectedHtml                                        = ""
+		specName                         = "deploy-app-toxi"
+		input                            CommonSpecInput
+		namespace                        *corev1.Namespace
+		cancelWatches                    context.CancelFunc
+		clusterResources                 *clusterctl.ApplyClusterTemplateAndWaitResult
+		bootstrapClusterToxicName        string
+		cloudStackToxicName              string
+		bootstrapClusterToxiProxyContext *helpers.ToxiProxyContext
+		cloudStackToxiProxyContext       *helpers.ToxiProxyContext
+		appName                          = "httpd"
+		appManifestPath                  = "data/fixture/sample-application.yaml"
+		expectedHtmlPath                 = "data/fixture/expected-webpage.html"
+		appDeploymentReadyTimeout        = 180
+		appPort                          = 8080
+		appDefaultHtmlPath               = "/"
+		expectedHtml                     = ""
+		clusterName                      = fmt.Sprintf("%s-%s", specName, util.RandomString(6))
 	)
 
 	BeforeEach(func() {
@@ -63,15 +67,25 @@ func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput)
 		Expect(os.MkdirAll(input.ArtifactFolder, 0750)).To(Succeed(), "Invalid argument. input.ArtifactFolder can't be created for %s spec", specName)
 		Expect(input.E2EConfig.Variables).To(HaveKey(KubernetesVersion))
 
-		// Setup a toxiProxy for this test.
-		toxiProxyContext = helpers.SetupForToxiProxyTesting(input.BootstrapClusterProxy)
-		const TOXIC_LATENCY_MS = 100
-		const TOXIC_JITTER_MS = 100
-		const TOXIC_TOXICITY = 1
-		toxicName = toxiProxyContext.AddLatencyToxic(TOXIC_LATENCY_MS, TOXIC_JITTER_MS, TOXIC_TOXICITY, false)
-
-		// Setup a Namespace where to host objects for this spec and create a watcher for the namespace events.
-		namespace, cancelWatches = setupSpecNamespace(ctx, specName, toxiProxyContext.ClusterProxy, input.ArtifactFolder)
+		// Set up a toxiProxy for bootstrap server.
+		bootstrapClusterToxiProxyContext = helpers.SetupForToxiProxyTestingBootstrapCluster(input.BootstrapClusterProxy, clusterName)
+		const ToxicLatencyMs = 100
+		const ToxicJitterMs = 100
+		const ToxicToxicity = 1
+		bootstrapClusterToxicName = bootstrapClusterToxiProxyContext.AddLatencyToxic(ToxicLatencyMs, ToxicJitterMs, ToxicToxicity, false)
+
+		// Set up a toxiProxy for CloudStack
+		cloudStackToxiProxyContext = helpers.SetupForToxiProxyTestingACS(
+			ctx,
+			clusterName,
+			input.BootstrapClusterProxy,
+			input.E2EConfig,
+			input.ClusterctlConfigPath,
+		)
+		cloudStackToxicName = cloudStackToxiProxyContext.AddLatencyToxic(ToxicLatencyMs, ToxicJitterMs, ToxicToxicity, false)
+
+		// Set up a Namespace to host objects for this spec and create a watcher for the namespace events.
+		namespace, cancelWatches = setupSpecNamespace(ctx, specName, bootstrapClusterToxiProxyContext.ClusterProxy, input.ArtifactFolder)
 		clusterResources = new(clusterctl.ApplyClusterTemplateAndWaitResult)
 
 		fileContent, err := os.ReadFile(expectedHtmlPath)
@@ -87,15 +101,14 @@ func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput)
 			flavor = *input.Flavor
 		}
 		namespace := namespace.Name
-		clusterName := fmt.Sprintf("%s-%s", specName, util.RandomString(6))
 
 		clusterctl.ApplyClusterTemplateAndWait(ctx, clusterctl.ApplyClusterTemplateAndWaitInput{
-			ClusterProxy:    toxiProxyContext.ClusterProxy,
+			ClusterProxy:    bootstrapClusterToxiProxyContext.ClusterProxy,
 			CNIManifestPath: input.E2EConfig.GetVariable(CNIPath),
 			ConfigCluster: clusterctl.ConfigClusterInput{
-				LogFolder:                filepath.Join(input.ArtifactFolder, "clusters", toxiProxyContext.ClusterProxy.GetName()),
-				ClusterctlConfigPath:     input.ClusterctlConfigPath,
-				KubeconfigPath:           toxiProxyContext.ClusterProxy.GetKubeconfigPath(),
+				LogFolder:                filepath.Join(input.ArtifactFolder, "clusters", bootstrapClusterToxiProxyContext.ClusterProxy.GetName()),
+				ClusterctlConfigPath:     cloudStackToxiProxyContext.ConfigPath,
+				KubeconfigPath:           bootstrapClusterToxiProxyContext.ClusterProxy.GetKubeconfigPath(),
 				InfrastructureProvider:   clusterctl.DefaultInfrastructureProvider,
 				Flavor:                   flavor,
 				Namespace:                namespace,
@@ -109,7 +122,7 @@ func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput)
 			WaitForMachineDeployments:    input.E2EConfig.GetIntervals(specName, "wait-worker-nodes"),
 		}, clusterResources)
 
-		workloadClusterProxy := toxiProxyContext.ClusterProxy.GetWorkloadCluster(ctx, namespace, clusterName)
+		workloadClusterProxy := bootstrapClusterToxiProxyContext.ClusterProxy.GetWorkloadCluster(ctx, namespace, clusterName)
 		workloadKubeconfigPath := workloadClusterProxy.GetKubeconfigPath()
 
 		appManifestAbsolutePath, _ := filepath.Abs(appManifestPath)
@@ -139,10 +152,25 @@ func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput)
 
 	AfterEach(func() {
 		// Dumps all the resources in the spec namespace, then cleanups the cluster object and the spec namespace itself.
-		dumpSpecResourcesAndCleanup(ctx, specName, toxiProxyContext.ClusterProxy, input.ArtifactFolder, namespace, cancelWatches, clusterResources.Cluster, input.E2EConfig.GetIntervals, input.SkipCleanup)
+		dumpSpecResourcesAndCleanup(ctx, specName, bootstrapClusterToxiProxyContext.ClusterProxy, input.ArtifactFolder, namespace, cancelWatches, clusterResources.Cluster, input.E2EConfig.GetIntervals, input.SkipCleanup)
+
+		// Tear down the ToxiProxies
+		cloudStackToxiProxyContext.RemoveToxic(cloudStackToxicName)
+		helpers.TearDownToxiProxyACS(ctx, input.BootstrapClusterProxy, cloudStackToxiProxyContext)
 
-		// Tear down the proxy
-		toxiProxyContext.RemoveToxic(toxicName)
-		helpers.TearDownToxiProxy(toxiProxyContext)
+		bootstrapClusterToxiProxyContext.RemoveToxic(bootstrapClusterToxicName)
+		helpers.TearDownToxiProxyBootstrap(bootstrapClusterToxiProxyContext)
 	})
 }
+
+func getFailureDomainEndpointSecret(ctx context.Context) corev1.Secret {
+	fdEndpointSecretObjectKey := client.ObjectKey{
+		Namespace: input.E2EConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAMESPACE"),
+		Name:      input.E2EConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAME"),
+	}
+	fdEndpointSecret := corev1.Secret{}
+	err := input.BootstrapClusterProxy.GetClient().Get(ctx, fdEndpointSecretObjectKey, &fdEndpointSecret)
+	Expect(err).To(BeNil())
+
+	return fdEndpointSecret
+}

test/e2e/e2e_suite_test.go

@@ -105,7 +105,7 @@ func TestE2E(t *testing.T) {
 var _ = SynchronizedBeforeSuite(func() []byte {
 	// Before all ParallelNodes.
 
-	if (os.Getenv("PAUSE_FOR_DEBUGGER_ATTACH") == "true") {
+	if os.Getenv("PAUSE_FOR_DEBUGGER_ATTACH") == "true" {
 		By("Pausing 15s so you have a chance to attach a debugger to this process...")
 		time.Sleep(15 * time.Second)
 	}

test/e2e/helpers/toxiProxy.go

@@ -5,12 +5,15 @@ import (
 	"fmt"
 	toxiproxyapi "github.com/Shopify/toxiproxy/v2/client"
 	. "github.com/onsi/gomega"
-	"math/rand"
+	corev1 "k8s.io/api/core/v1"
+	"net"
 	"os"
 	"path"
 	"regexp"
 	"sigs.k8s.io/cluster-api/test/framework"
+	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
 	"sigs.k8s.io/cluster-api/test/framework/exec"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strconv"
 	"strings"
 )
@@ -40,11 +43,13 @@ func ToxiProxyServerKill(ctx context.Context) error {
 
 type ToxiProxyContext struct {
 	KubeconfigPath string
+	Secret         corev1.Secret
 	ClusterProxy   framework.ClusterProxy
 	ToxiProxy      *toxiproxyapi.Proxy
+	ConfigPath     string
 }
 
-func SetupForToxiProxyTesting(bootstrapClusterProxy framework.ClusterProxy) *ToxiProxyContext {
+func SetupForToxiProxyTestingBootstrapCluster(bootstrapClusterProxy framework.ClusterProxy, clusterName string) *ToxiProxyContext {
 	// Read/parse the actual kubeconfig for the cluster
 	kubeConfig := NewKubeconfig()
 	unproxiedKubeconfigPath := bootstrapClusterProxy.GetKubeconfigPath()
@@ -56,21 +61,14 @@ func SetupForToxiProxyTesting(bootstrapClusterProxy framework.ClusterProxy) *Tox
 	Expect(err).To(BeNil())
 
 	// Decompose server url into protocol, address and port
-	serverRegex := regexp.MustCompilePOSIX("(https?)://([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+):([0-9]*)")
-	urlComponents := serverRegex.FindStringSubmatch(server)
-	Expect(len(urlComponents)).To(Equal(4))
-	protocol := urlComponents[1]
-	address := urlComponents[2]
-	port, err := strconv.Atoi(urlComponents[3])
-	Expect(err).To(BeNil())
+	protocol, address, port, _ := parseUrl(server)
 
 	// Format into the needed addresses/URL form
 	actualBootstrapClusterAddress := fmt.Sprintf("%v:%v", address, port)
 
 	// Create the toxiProxy for this test
 	toxiProxyClient := toxiproxyapi.NewClient("127.0.0.1:8474")
-	randomTestId := rand.Intn(65535)
-	toxiProxyName := fmt.Sprintf("deploy_app_toxi_test_%#x", randomTestId)
+	toxiProxyName := fmt.Sprintf("deploy_app_toxi_test_%v_bootstrap", clusterName)
 	proxy, err := toxiProxyClient.CreateProxy(toxiProxyName, "127.0.0.1:0", actualBootstrapClusterAddress)
 	Expect(err).To(BeNil())
 
@@ -84,7 +82,7 @@ func SetupForToxiProxyTesting(bootstrapClusterProxy framework.ClusterProxy) *Tox
 	// Write the modified kubeconfig using a new name.
 	extension := path.Ext(unproxiedKubeconfigPath)
 	baseWithoutExtension := strings.TrimSuffix(path.Base(unproxiedKubeconfigPath), extension)
-	toxiProxyKubeconfigFileName := fmt.Sprintf("toxiProxy_%v_%#x%v", baseWithoutExtension, randomTestId, extension)
+	toxiProxyKubeconfigFileName := fmt.Sprintf("toxiProxy_%v_%v%v", baseWithoutExtension, clusterName, extension)
 	toxiProxyKubeconfigPath := path.Join("/tmp", toxiProxyKubeconfigFileName)
 	err = kubeConfig.Save(toxiProxyKubeconfigPath)
 	Expect(err).To(BeNil())
@@ -104,7 +102,7 @@ func SetupForToxiProxyTesting(bootstrapClusterProxy framework.ClusterProxy) *Tox
 	}
 }
 
-func TearDownToxiProxy(toxiProxyContext *ToxiProxyContext) {
+func TearDownToxiProxyBootstrap(toxiProxyContext *ToxiProxyContext) {
 	// Tear down the proxy
 	err := toxiProxyContext.ToxiProxy.Delete()
 	Expect(err).To(BeNil())
@@ -134,3 +132,123 @@ func (tp *ToxiProxyContext) AddLatencyToxic(latencyMs int, jitterMs int, toxicit
 
 	return toxicName
 }
+
+func SetupForToxiProxyTestingACS(ctx context.Context, clusterName string, clusterProxy framework.ClusterProxy, e2eConfig *clusterctl.E2EConfig, configPath string) *ToxiProxyContext {
+	// Get the cloud-config secret that CAPC will use to access CloudStack
+	fdEndpointSecretObjectKey := client.ObjectKey{
+		Namespace: e2eConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAMESPACE"),
+		Name:      e2eConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAME"),
+	}
+	fdEndpointSecret := corev1.Secret{}
+	err := clusterProxy.GetClient().Get(ctx, fdEndpointSecretObjectKey, &fdEndpointSecret)
+	Expect(err).To(BeNil())
+
+	// Extract and parse the URL for CloudStack from the secret
+	cloudstackUrl := string(fdEndpointSecret.Data["api-url"])
+	protocol, address, port, path := parseUrl(cloudstackUrl)
+	upstreamAddress := fmt.Sprintf("%v:%v", address, port)
+
+	// Create the CloudStack toxiProxy for this test
+	toxiProxyClient := toxiproxyapi.NewClient("127.0.0.1:8474")
+	toxiProxyName := fmt.Sprintf("%v_cloudstack", clusterName)
+
+	// Formulate the proxy listen address.
+	// CAPC can't route to the actual host's localhost.  We have to use a real host IP address for the proxy listen address.
+	hostIP := getOutboundIP()
+	proxyAddress := fmt.Sprintf("%v:0", hostIP)
+	proxy, err := toxiProxyClient.CreateProxy(toxiProxyName, proxyAddress, upstreamAddress)
+	Expect(err).To(BeNil())
+
+	// Retrieve the actual listen address (having the toxiproxy-assigned port #).
+	toxiProxyUrl := fmt.Sprintf("%v://%v%v", protocol, proxy.Listen, path)
+
+	// Create a new cloud-config secret using the proxy listen address
+	toxiProxyFdEndpointSecret := corev1.Secret{}
+	toxiProxyFdEndpointSecret.Type = fdEndpointSecret.Type
+	toxiProxyFdEndpointSecret.Namespace = fdEndpointSecret.Namespace
+	toxiProxyFdEndpointSecret.Name = fdEndpointSecret.Name + "-toxiproxy"
+	toxiProxyFdEndpointSecret.Data = make(map[string][]byte)
+	toxiProxyFdEndpointSecret.Data["api-key"] = fdEndpointSecret.Data["api-key"]
+	toxiProxyFdEndpointSecret.Data["secret-key"] = fdEndpointSecret.Data["secret-key"]
+	toxiProxyFdEndpointSecret.Data["verify-ssl"] = fdEndpointSecret.Data["verify-ssl"]
+	toxiProxyFdEndpointSecret.Data["api-url"] = []byte(toxiProxyUrl)
+
+	err = clusterProxy.GetClient().Create(ctx, &toxiProxyFdEndpointSecret)
+	Expect(err).To(BeNil())
+
+	// Override the test config to use this alternate cloud-config secret
+	e2eConfig.Variables["CLOUDSTACK_FD1_SECRET_NAME"] = toxiProxyFdEndpointSecret.Name
+
+	// Overriding e2e config file into a new temp copy, so as not to inadvertently override the other e2e tests.
+	newConfigFilePath := fmt.Sprintf("/tmp/%v.yaml", toxiProxyName)
+	editConfigFile(newConfigFilePath, configPath, "CLOUDSTACK_FD1_SECRET_NAME", toxiProxyFdEndpointSecret.Name)
+
+	// Return a context
+	return &ToxiProxyContext{
+		Secret:     toxiProxyFdEndpointSecret,
+		ToxiProxy:  proxy,
+		ConfigPath: newConfigFilePath,
+	}
+}
+
+func TearDownToxiProxyACS(ctx context.Context, clusterProxy framework.ClusterProxy, toxiProxyContext *ToxiProxyContext) {
+	// Tear down the proxy
+	err := toxiProxyContext.ToxiProxy.Delete()
+	Expect(err).To(BeNil())
+
+	// Delete the secret
+	err = clusterProxy.GetClient().Delete(ctx, &toxiProxyContext.Secret)
+	Expect(err).To(BeNil())
+
+	// Delete the overridden e2e config
+	err = os.Remove(toxiProxyContext.ConfigPath)
+	Expect(err).To(BeNil())
+
+}
+
+func parseUrl(url string) (string, string, int, string) {
+	serverRegex := regexp.MustCompilePOSIX("(https?)://([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+):([0-9]+)?(.*)")
+
+	urlComponents := serverRegex.FindStringSubmatch(url)
+	Expect(len(urlComponents)).To(BeNumerically(">=", 4))
+	protocol := urlComponents[1]
+	address := urlComponents[2]
+	port, err := strconv.Atoi(urlComponents[3])
+	Expect(err).To(BeNil())
+	path := urlComponents[4]
+	return protocol, address, port, path
+}
+
+func getOutboundIP() net.IP {
+	conn, err := net.Dial("udp", "8.8.8.8:80") // 8.8.8.8:80 is arbitrary.  Any IP will do, reachable or not.
+	Expect(err).To(BeNil())
+
+	defer conn.Close()
+
+	localAddr := conn.LocalAddr().(*net.UDPAddr)
+
+	return localAddr.IP
+}
+
+func editConfigFile(destFilename string, sourceFilename string, key string, newValue string) {
+	// For config files with key: value on each line.
+
+	dat, err := os.ReadFile(sourceFilename)
+	Expect(err).To(BeNil())
+
+	lines := strings.Split(string(dat), "\n")
+
+	keyFound := false
+	for index, line := range lines {
+		if strings.HasPrefix(line, "CLOUDSTACK_FD1_SECRET_NAME:") {
+			keyFound = true
+			lines[index] = fmt.Sprintf("%v: %v", key, newValue)
+			break
+		}
+	}
+	Expect(keyFound).To(BeTrue())
+
+	dat = []byte(strings.Join(lines[:], "\n"))
+	err = os.WriteFile(destFilename, dat, 0600)
+	Expect(err).To(BeNil())
+}