linode-cloud-controller-manager/e2e/test/lb-single-tls/chainsaw-test.yaml at 39548fde41ebd0b9b0e2c3702c11ab73b1fd275c · linode/linode-cloud-controller-manager · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: lb-single-tls
  labels:
    all:
    lke:
spec:
  namespace: "lb-single-tls"
  steps:
    - name: Create secret
      try:
        - script:
            content: |
              set -e
              kubectl -n $NAMESPACE create secret tls tls-secret --cert=../certificates/server.crt --key=../certificates/server.key
            check:
              ($error == null): true
    - name: Create pods and services
      try:
        - apply:
            file: create-pods-services.yaml
      catch:
        - describe:
            apiVersion: v1
            kind: Pod
        - describe:
            apiVersion: v1
            kind: Service
    - name: Check that loadbalancer ip is assigned
      try:
      - assert:
          resource:
            apiVersion: v1
            kind: Service
            metadata:
              name: svc-test
            status:
              (loadBalancer.ingress[0].ip != null): true
    - name: Fetch loadbalancer ip and check if pod is reachable
      try:
        - script:
            content: |
              set -e
              IP=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].ip)

              podnames=()

              for i in {1..10}; do
                  if [[ ${#podnames[@]} -lt 1 ]]; then
                      output=$(curl --resolve linode.test:80:$IP --cacert ../certificates/ca.crt -s https://linode.test:80 | jq -e .podName || true)

                      if [[ "$output" == *"test-"* ]]; then
                          unique=true
                          for i in "${array[@]}"; do
                              if [[ "$i" == "$output" ]]; then
                                  unique=false
                                  break
                              fi
                          done
                          if [[ "$unique" == true ]]; then
                              podnames+=($output)
                          fi
                      fi
                  else
                      break
                  fi
                  sleep 10
              done

              if [[ ${#podnames[@]} -lt 1 ]]; then
                  echo "all pods failed to respond"
              else
                  echo "all pods responded"
              fi
            check:
              ($error == null): true
              (contains($stdout, 'all pods responded')): true
    - name: Delete Pods
      try:
        - delete:
            ref:
              apiVersion: v1
              kind: Pod
    - name: Delete Service
      try:
        - delete:
            ref:
              apiVersion: v1
              kind: Service