fixup! test: Add volumeattachment demo

jimmidyson · jimmidyson · commit 7a29de549886 · 2025-08-19T16:03:40.000+01:00
diff --git a/hack/demos/eks-ebs-snapshot-volumeattach/demo.sh b/hack/demos/eks-ebs-snapshot-volumeattach/demo.sh
@@ -0,0 +1,212 @@
+#!/usr/bin/env bash
+
+# Copyright 2025 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+set -euo pipefail
+IFS=$'\n\t'
+
+# This script demonstrates:
+# 1. Creating an EKS cluster via ClusterClass
+# 2. Creating a PersistentVolumeClaim (PVC)
+# 3. Populating it with data via a Pod
+# 4. Taking a VolumeSnapshot
+# 5. Restoring the snapshot to a new PVC
+# 6. Attaching the restored volume to a node via VolumeAttachment
+# 7. Validating the data is present on the attached volume
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly SCRIPT_DIR
+cd "${SCRIPT_DIR}"
+
+if [[ -z ${EKS_CLUSTER_NAME:-} ]]; then
+  EKS_CLUSTER_NAME="$(kubectl get clusters -l caren.nutanix.com/demo-name="EBSSnapshotVolumeAttach" -o custom-columns=NAME:.metadata.name --no-headers)"
+  if [[ -z ${EKS_CLUSTER_NAME} ]]; then
+    EKS_CLUSTER_NAME="eks-volumeattach-$(head /dev/urandom | tr -dc a-z0-9 | head -c6)"
+  fi
+fi
+export EKS_CLUSTER_NAME
+echo "Using EKS cluster name: ${EKS_CLUSTER_NAME}"
+
+echo
+echo "Step 1: Create an EKS cluster via ClusterClass"
+envsubst --no-unset -i eks-test.yaml | kubectl apply --server-side -f -
+kubectl wait --for=condition=Ready cluster/"${EKS_CLUSTER_NAME}" --timeout=20m
+
+echo "Cluster is ready, getting kubeconfig"
+EKS_KUBECONFIG="$(mktemp -p "${TMPDIR:-/tmp}")"
+kubectl get secrets "${EKS_CLUSTER_NAME}-user-kubeconfig" -oyaml |
+  gojq --yaml-input -r '.data.value | @base64d' >"${EKS_KUBECONFIG}"
+export KUBECONFIG="${EKS_KUBECONFIG}"
+echo "Using kubeconfig: ${EKS_KUBECONFIG}"
+
+STORAGE_CLASS="${STORAGE_CLASS:-aws-ebs-default}"
+STORAGE_CLASS_IMMEDIATE="${STORAGE_CLASS_IMMEDIATE:-aws-ebs-immediate-binding}"
+VOLUME_SNAPSHOT_CLASS="${VOLUME_SNAPSHOT_CLASS:-ebs-snapclass}"
+ORIGINAL_PVC="${ORIGINAL_PVC:-pvc-demo-original}"
+RESTORED_PVC="${RESTORED_PVC:-pvc-demo-restored}"
+SNAPSHOT_NAME="${SNAPSHOT_NAME:-pvc-demo-snapshot}"
+DATA_POD="${DATA_POD:-data-writer}"
+RESTORE_POD="${RESTORE_POD:-data-reader}"
+
+NAMESPACE="$(kubectl get namespace -l caren.nutanix.com/demo-name="EBSSnapshotVolumeAttach" -o custom-columns=NAME:.metadata.name --no-headers)"
+if [[ -z ${NAMESPACE} ]]; then
+  NAMESPACE="ebs-demo-$(head /dev/urandom | tr -dc a-z0-9 | head -c6)"
+  cat <<EOF | kubectl apply --server-side -f -
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${NAMESPACE}
+  labels:
+    caren.nutanix.com/demo-name: "EBSSnapshotVolumeAttach"
+EOF
+fi
+echo "Using namespace: ${NAMESPACE}"
+
+echo
+echo "Step 2: Create a PersistentVolumeClaim"
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ${ORIGINAL_PVC}
+  namespace: ${NAMESPACE}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ${STORAGE_CLASS}
+EOF
+kubectl -n "${NAMESPACE}" get pvc "${ORIGINAL_PVC}"
+
+echo
+echo "Step 3: Create a Pod to write data to the PVC"
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ${DATA_POD}
+  namespace: ${NAMESPACE}
+spec:
+  restartPolicy: Never
+  containers:
+  - name: writer
+    image: busybox
+    command: ["/bin/sh", "-c"]
+    args:
+      - echo "Hello from original PVC!" > /data/hello.txt; sleep 10
+    volumeMounts:
+    - name: data
+      mountPath: /data
+  volumes:
+  - name: data
+    persistentVolumeClaim:
+      claimName: ${ORIGINAL_PVC}
+EOF
+kubectl -n "${NAMESPACE}" get pod "${DATA_POD}"
+
+echo "Waiting for PVC to be bound..."
+kubectl -n "${NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Bound pvc/"${ORIGINAL_PVC}" --timeout=120s
+kubectl -n "${NAMESPACE}" get pvc "${ORIGINAL_PVC}"
+
+echo "Waiting for data writer pod to complete..."
+kubectl -n "${NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Succeeded pod/"${DATA_POD}" --timeout=120s
+kubectl -n "${NAMESPACE}" get pod "${DATA_POD}"
+
+echo
+echo "Step 4: Create a VolumeSnapshotClass"
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: ${VOLUME_SNAPSHOT_CLASS}
+driver: ebs.csi.aws.com
+deletionPolicy: Delete
+EOF
+kubectl -n "${NAMESPACE}" get volumesnapshotclass "${VOLUME_SNAPSHOT_CLASS}"
+
+echo
+echo "Step 5: Take a snapshot of the PVC"
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshot
+metadata:
+  name: ${SNAPSHOT_NAME}
+  namespace: ${NAMESPACE}
+spec:
+  volumeSnapshotClassName: ${VOLUME_SNAPSHOT_CLASS}
+  source:
+    persistentVolumeClaimName: ${ORIGINAL_PVC}
+EOF
+kubectl -n "${NAMESPACE}" get volumesnapshot "${SNAPSHOT_NAME}"
+
+echo "Waiting for VolumeSnapshot to be ready..."
+kubectl -n "${NAMESPACE}" wait --for=jsonpath='{.status.readyToUse}'=true volumesnapshot/"${SNAPSHOT_NAME}" --timeout=120s
+kubectl -n "${NAMESPACE}" get volumesnapshot "${SNAPSHOT_NAME}"
+
+echo
+echo "Step 6: Restore the snapshot to a new PVC"
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ${RESTORED_PVC}
+  namespace: ${NAMESPACE}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ${STORAGE_CLASS_IMMEDIATE}
+  dataSource:
+    name: ${SNAPSHOT_NAME}
+    kind: VolumeSnapshot
+    apiGroup: snapshot.storage.k8s.io
+EOF
+kubectl -n "${NAMESPACE}" get pvc "${RESTORED_PVC}"
+
+echo "Waiting for restored PVC to be bound..."
+kubectl -n "${NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Bound pvc/"${RESTORED_PVC}" --timeout=120s
+kubectl -n "${NAMESPACE}" get pvc "${RESTORED_PVC}"
+
+echo
+echo "Step 7: Attach the restored volume to a node via VolumeAttachment"
+# Find the PV backing the restored PVC
+RESTORED_PV="$(kubectl -n "${NAMESPACE}" get pvc "${RESTORED_PVC}" -o jsonpath='{.spec.volumeName}')"
+# Find a node to attach to
+NODE_NAME=$(kubectl get nodes -o jsonpath='{.items[0].metadata.name}')
+
+ATTACHMENT_NAME="attach-${RESTORED_PV}"
+
+cat <<EOF | kubectl apply --server-side -f -
+apiVersion: storage.k8s.io/v1
+kind: VolumeAttachment
+metadata:
+  name: ${ATTACHMENT_NAME}
+spec:
+  attacher: ebs.csi.aws.com
+  nodeName: ${NODE_NAME}
+  source:
+    persistentVolumeName: ${RESTORED_PV}
+EOF
+kubectl -n "${NAMESPACE}" get volumeattachment "${ATTACHMENT_NAME}"
+
+echo "Waiting for VolumeAttachment to be attached..."
+kubectl wait --for=jsonpath='{.status.attached}'=true volumeattachment/"${ATTACHMENT_NAME}" --timeout=120s
+kubectl -n "${NAMESPACE}" get volumeattachment "${ATTACHMENT_NAME}"
+
+echo
+echo "Step 8: Show that the restored volume is attached directly to the node with the correct data"
+ATTACHMENT_DEVICE_PATH=$(kubectl -n "${NAMESPACE}" get volumeattachment "${ATTACHMENT_NAME}" -o jsonpath='{.status.attachmentMetadata.devicePath}')
+kubectl debug "node/${NODE_NAME}" --image=ubuntu -it --profile=sysadmin --quiet -- \
+  bash -ec "chroot /host bash -ec \"mkdir -p /tmp/attached; mount \"${ATTACHMENT_DEVICE_PATH}\" /tmp/attached; cat /tmp/attached/hello.txt; umount /tmp/attached\""
+
+echo
+echo
+echo "When you are ready, cleanup the resources created by this demo by running:"
+echo
+echo "kubectl --kubeconfig=${KUBECONFIG} delete namespace ${NAMESPACE}"
+echo "kubectl delete cluster ${EKS_CLUSTER_NAME}"
diff --git a/hack/demos/eks-ebs-snapshot-volumeattach/eks-test.yaml b/hack/demos/eks-ebs-snapshot-volumeattach/eks-test.yaml
@@ -0,0 +1,109 @@
+apiVersion: v1
+data:
+  values.yaml: |-
+    cni:
+      exclusive: false
+    hubble:
+      enabled: true
+      tls:
+        auto:
+          enabled: true               # enable automatic TLS certificate generation
+          method: cronJob             # auto generate certificates using cronJob method
+          certValidityDuration: 60    # certificates validity duration in days (default 2 months)
+          schedule: "0 0 1 * *"       # schedule on the 1st day regeneration of each month
+      relay:
+        enabled: true
+        tls:
+          server:
+            enabled: true
+            mtls: true
+        image:
+          useDigest: false
+        priorityClassName: system-cluster-critical
+    image:
+      useDigest: false
+    operator:
+      image:
+        useDigest: false
+    certgen:
+      image:
+        useDigest: false
+    socketLB:
+      hostNamespaceOnly: true
+    envoy:
+      image:
+        useDigest: false
+    kubeProxyReplacement: true
+    k8sServiceHost: "{{ trimPrefix "https://" .Cluster.spec.controlPlaneEndpoint.host }}"
+    k8sServicePort: "{{ .Cluster.spec.controlPlaneEndpoint.port }}"
+    ipam:
+      mode: eni
+    enableIPv4Masquerade: false
+    eni:
+      enabled: true
+      awsReleaseExcessIPs: true
+    routingMode: native
+    endpointRoutes:
+      enabled: true
+kind: ConfigMap
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: eks
+  name: "${EKS_CLUSTER_NAME}-cilium-cni-helm-values-template"
+  namespace: default
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  annotations:
+    preflight.cluster.caren.nutanix.com/skip: all
+  labels:
+    cluster.x-k8s.io/provider: eks
+    caren.nutanix.com/demo-name: "EBSSnapshotVolumeAttach"
+  name: "${EKS_CLUSTER_NAME}"
+  namespace: default
+spec:
+  topology:
+    class: eks-quick-start
+    controlPlane:
+      metadata:
+        annotations:
+          controlplane.cluster.x-k8s.io/skip-kube-proxy: ""
+    variables:
+    - name: clusterConfig
+      value:
+        addons:
+          clusterAutoscaler: {}
+          cni:
+            provider: Cilium
+            values:
+              sourceRef:
+                kind: ConfigMap
+                name: ${EKS_CLUSTER_NAME}-cilium-cni-helm-values-template
+          csi:
+            defaultStorage:
+              provider: aws-ebs
+              storageClassConfig: default
+            providers:
+              aws-ebs:
+                storageClassConfigs:
+                  default: {}
+                  immediate-binding:
+                    volumeBindingMode: Immediate
+            snapshotController: {}
+          nfd: {}
+        eks:
+          region: us-west-2
+    - name: workerConfig
+      value:
+        eks:
+          instanceType: m5.2xlarge
+    version: v1.32.7
+    workers:
+      machineDeployments:
+      - class: default-worker
+        metadata:
+          annotations:
+            cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "1"
+            cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "1"
+        name: md-0
