e2e: cluster object store

cbang-akamai · cbang-akamai · commit 8571e47cc0c2 · 2025-01-30T09:47:59.000-05:00
diff --git a/e2e/linodemachine-controller/cluster-object-store/assert-capi-resources.yaml b/e2e/linodemachine-controller/cluster-object-store/assert-capi-resources.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capi-controller-manager
+  namespace: capi-system
+status:
+  availableReplicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capl-controller-manager
+  namespace: capl-system
+status:
+  availableReplicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capi-kubeadm-bootstrap-controller-manager
+  namespace: kubeadm-bootstrap-system
+status:
+  availableReplicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capi-kubeadm-control-plane-controller-manager
+  namespace: kubeadm-control-plane-system
+status:
+  availableReplicas: 1
diff --git a/e2e/linodemachine-controller/cluster-object-store/assert-key-and-secret.yaml b/e2e/linodemachine-controller/cluster-object-store/assert-key-and-secret.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeObjectStorageKey
+metadata:
+  name: ($key)
+spec:
+  keyGeneration: 0
+status:
+  ready: true
+  lastKeyGeneration: 0
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ($key_secret)
+data:
+  (bucket_name != null): true
+  (s3_endpoint != null): true
+  (access_key != null): true
+  (secret_key != null): true
diff --git a/e2e/linodemachine-controller/cluster-object-store/assert-linodemachine.yaml b/e2e/linodemachine-controller/cluster-object-store/assert-linodemachine.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeMachine
+metadata:
+  labels:
+    cluster.x-k8s.io/cluster-name: ($cluster)
+spec:
+  region: us-sea
+  type: g6-nanode-1
+status:
+  ready: true
+  instanceState: running
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Machine
+metadata:
+  labels:
+    cluster.x-k8s.io/cluster-name: ($cluster)
+spec:
+  clusterName: ($cluster)
+status:
+  bootstrapReady: true
+  infrastructureReady: true
diff --git a/e2e/linodemachine-controller/cluster-object-store/chainsaw-test.yaml b/e2e/linodemachine-controller/cluster-object-store/chainsaw-test.yaml
@@ -0,0 +1,140 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: cluster-object-store
+  # Label to trigger the test on every PR
+  labels:
+    all:
+    linodemachine:
+spec:
+  bindings:
+    # A short identifier for the E2E test run
+    - name: run
+      value: (join('-', ['e2e', 'cluster-obj-store', env('GIT_REF')]))
+    - name: cluster
+      # Format the cluster name
+      value: (trim((truncate(($run), `29`)), '-'))
+    - name: key
+      # Format the key name into a valid Kubernetes object name
+      # TODO: This is over-truncated to account for the Kubernetes access key Secret
+      value: (trim((truncate((join('-', [($cluster), 'object-store'])), `52`)), '-'))
+    - name: key_secret
+      value: (join('-', [($key), 'obj-key']))
+  template: true
+  steps:
+    - name: Check if CAPI provider resources exist
+      try:
+        - assert:
+            file: assert-capi-resources.yaml
+    - name: Create bucket
+      try:
+        - script:
+            env:
+              - name: URI
+                value: object-storage/buckets
+              - name: BUCKET_LABEL
+                value: ($key)
+            content: |
+              set -e
+
+              curl -s \
+                -X POST \
+                -H "Authorization: Bearer $LINODE_TOKEN" \
+                -H "Content-Type: application/json" \
+                -d "{\"label\":\"$BUCKET_LABEL\",\"region\":\"us-sea\"}" \
+                "https://api.linode.com/v4/$URI"
+            check:
+              ($error): ~
+    - name: Create LinodeObjectStorageKey
+      try:
+        - apply:
+            file: create-linodeobjectstoragekey.yaml
+        - assert:
+            file: assert-key-and-secret.yaml
+      catch:
+        - describe:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+            kind: LinodeObjectStorageKey
+        - describe:
+            apiVersion: v1
+            kind: Secret
+    - name: Create Cluster resource
+      try:
+        - apply:
+            file: create-cluster.yaml
+      catch:
+        - describe:
+            apiVersion: cluster.x-k8s.io/v1beta1
+            kind: Cluster
+    - name: Generate dummy thicc cloud-config data
+      try:
+        - script:
+            env:
+              - name: NAMESPACE
+                value: ($namespace)
+            content: |
+              set -e
+
+              tr -dc A-Za-z0-9 < /dev/urandom | head -c 100kB > chonk.txt
+              kubectl -n $NAMESPACE create secret generic chonk-secret --from-file=chonk.txt
+            check:
+              ($error): ~
+    - name: Create LinodeMachine resource
+      try:
+        - apply:
+            file: create-linodemachine.yaml
+        - assert:
+            file: assert-linodemachine.yaml
+      catch:
+        - describe:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+            kind: LinodeMachineTemplate
+        - describe:
+            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+            kind: KubeadmControlPlane
+    - name: Delete Cluster resource
+      try:
+        - delete:
+            ref:
+              apiVersion: cluster.x-k8s.io/v1beta1
+              kind: Cluster
+              name: ($cluster)
+        - error:
+            file: check-linodemachine-deletion.yaml
+    - name: Delete LinodeObjectStorageKey
+      try:
+        - script:
+            env:
+              - name: URI
+                value: object-storage/keys
+              - name: OBJ_KEY
+                value: ($key)
+            content: |
+              set -e
+
+              export KEY_ID=$(kubectl -n $NAMESPACE get lobjkey $OBJ_KEY -ojson | jq '.status.accessKeyRef')
+
+              curl -s \
+                -X DELETE \
+                -H "Authorization: Bearer $LINODE_TOKEN" \
+                "https://api.linode.com/v4/$URI/$KEY_ID"
+            check:
+              ($error): ~
+    - name: Delete bucket
+      try:
+        - script:
+            env:
+              - name: URI
+                value: object-storage/buckets/us-sea
+              - name: BUCKET_LABEL
+                value: ($key)
+            content: |
+              set -e
+
+              curl -s \
+                -X DELETE \
+                -H "Authorization: Bearer $LINODE_TOKEN" \
+                "https://api.linode.com/v4/$URI/$BUCKET_LABEL"
+            check:
+              ($error): ~
diff --git a/e2e/linodemachine-controller/cluster-object-store/check-linodemachine-deletion.yaml b/e2e/linodemachine-controller/cluster-object-store/check-linodemachine-deletion.yaml
@@ -0,0 +1,5 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeMachine
+metadata:
+  labels:
+    cluster.x-k8s.io/cluster-name: ($cluster)
diff --git a/e2e/linodemachine-controller/cluster-object-store/create-cluster.yaml b/e2e/linodemachine-controller/cluster-object-store/create-cluster.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: ($cluster)
+spec:
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: KubeadmControlPlane
+    name: ($cluster)
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+    kind: LinodeCluster
+    name: ($cluster)
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeCluster
+metadata:
+  name: ($cluster)
+spec:
+  region: us-sea
+  objectStore:
+    credentialsRef:
+      name: ($key_secret)
diff --git a/e2e/linodemachine-controller/cluster-object-store/create-linodemachine.yaml b/e2e/linodemachine-controller/cluster-object-store/create-linodemachine.yaml
@@ -0,0 +1,37 @@
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+    name: ($cluster)
+spec:
+    kubeadmConfigSpec:
+        files:
+            - path: /chonk.txt
+              contentFrom:
+                  secret:
+                      key: chonk.txt
+                      name: chonk-secret
+        clusterConfiguration:
+            apiServer:
+                extraArgs:
+                    cloud-provider: external
+            controllerManager:
+                extraArgs:
+                    cloud-provider: external
+    machineTemplate:
+        infrastructureRef:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+            kind: LinodeMachineTemplate
+            name: ($cluster)
+    replicas: 1
+    version: 1.29.1
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeMachineTemplate
+metadata:
+    name: ($cluster)
+spec:
+    template:
+        spec:
+            region: us-sea
+            type: g6-nanode-1
diff --git a/e2e/linodemachine-controller/cluster-object-store/create-linodeobjectstoragekey.yaml b/e2e/linodemachine-controller/cluster-object-store/create-linodeobjectstoragekey.yaml
@@ -0,0 +1,16 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeObjectStorageKey
+metadata:
+  name: ($key)
+spec:
+  bucketAccess:
+    - bucketName: ($key)
+      permissions: read_write
+      region: us-sea
+  generatedSecret:
+    name: ($key_secret)
+    format:
+      bucket_name: '{{ .BucketName }}'
+      s3_endpoint: '{{ .S3Endpoint }}'
+      access_key: '{{ .AccessKey }}'
+      secret_key: '{{ .SecretKey }}'
