test: add AKS integration test

Author: dkontorovskyy

.circleci/config.yml

@@ -32,6 +32,35 @@ commands:
                     echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> $BASH_ENV
                     echo 'nvm use 16' >> $BASH_ENV
 jobs:
+    aks_integration_tests:
+        machine:
+            docker_layer_caching: true
+            enabled: true
+            image: ubuntu-2004:202010-01
+        steps:
+            - checkout
+            - install_python_requests
+            - azure-cli/install
+            - run:
+                command: mkdir -p /tmp/logs/test/integration/aks
+                name: Create temp dir for logs
+            - run:
+                command: |
+                    export NVM_DIR="/opt/circleci/.nvm"
+                    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+                    nvm install v16
+                    npm install
+                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
+                    .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:aks:yaml
+                name: Integration tests AKS
+            - run:
+                command: |
+                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
+                name: Notify Slack on failure
+                when: on_fail
+            - store_artifacts:
+                path: /tmp/logs/test/integration/aks
+        working_directory: ~/kubernetes-monitor
     build_and_upload_operator:
         docker:
             - auth:
@@ -849,6 +878,7 @@ master_branch_only_filter:
             only:
                 - master
 orbs:
+    azure-cli: circleci/[email protected]
     redhat-openshift: circleci/[email protected]
 staging_branch_only_filter:
     filters:
@@ -950,6 +980,13 @@ workflows:
                             - staging
                 requires:
                     - build_image
+            - aks_integration_tests:
+                filters:
+                    branches:
+                        only:
+                            - staging
+                requires:
+                    - build_image
             - openshift3_integration_tests:
                 filters:
                     branches:

.circleci/config/@config.yml

@@ -69,6 +69,10 @@ workflows:
           requires:
             - build_image
           <<: *staging_branch_only_filter
+      - aks_integration_tests:
+          requires:
+            - build_image
+          <<: *staging_branch_only_filter
       - openshift3_integration_tests:
           requires:
             - build_image

.circleci/config/jobs/@jobs.yml

@@ -264,6 +264,37 @@ eks_integration_tests:
     - store_artifacts:
         path: /tmp/logs/test/integration/eks
 
+aks_integration_tests:
+  machine:
+    image: ubuntu-2004:202010-01
+    enabled: true
+    docker_layer_caching: true
+  working_directory: ~/kubernetes-monitor
+  steps:
+    - checkout
+    - install_python_requests
+    - azure-cli/install
+    - run:
+        name: Create temp dir for logs
+        command: mkdir -p /tmp/logs/test/integration/aks
+    - run:
+        name: Integration tests AKS
+        # WARNING! Do not use the step "setup_node16" here - the call to "nvm use 16" breaks the tests!
+        command: |
+          export NVM_DIR="/opt/circleci/.nvm"
+          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+          nvm install v16
+          npm install
+          export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
+          .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:aks:yaml
+    - run:
+        name: Notify Slack on failure
+        command: |
+          ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
+        when: on_fail
+    - store_artifacts:
+        path: /tmp/logs/test/integration/aks
+
 openshift3_integration_tests:
   machine:
     image: ubuntu-2004:202010-01

.circleci/config/orbs/@azure-cli.yml

@@ -0,0 +1 @@
+azure-cli: circleci/[email protected]

package.json

@@ -20,6 +20,7 @@
     "test:integration:kind:proxy": "DEPLOYMENT_TYPE=Proxy TEST_PLATFORM=kind CREATE_CLUSTER=true jest --logHeapUsage --ci --maxWorkers=1 test/integration/kubernetes.spec.ts",
     "test:integration:kindolm:operator": "DEPLOYMENT_TYPE=OperatorOLM TEST_PLATFORM=kindolm CREATE_CLUSTER=true jest --logHeapUsage --ci --maxWorkers=1 test/integration/kubernetes.spec.ts",
     "test:integration:eks:yaml": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=eks CREATE_CLUSTER=false jest --logHeapUsage --ci --maxWorkers=1 test/integration/kubernetes.spec.ts",
+    "test:integration:aks:yaml": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=aks CREATE_CLUSTER=false jest --logHeapUsage --ci --maxWorkers=1 test/integration/kubernetes.spec.ts",
     "test:integration:openshift3:yaml": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=openshift3 CREATE_CLUSTER=true jest --logHeapUsage --ci --maxWorkers=1 test/integration/kubernetes.spec.ts",
     "test:integration:openshift4:operator": "scripts/test-openshift4.sh",
     "test:coverage": "npm run test:unit -- --coverage",

test/README.md

@@ -5,6 +5,7 @@
 - [Integration tests](#integration-tests)
   - [KinD](#kind)
   - [EKS](#eks)
+  - [AKS](#aks)
   - [OpenShift 4](#openshift-4)
   - [KinD with OLM](#kind-with-olm)
 - [Debugging with Tilt](#debugging-with-tilt)
@@ -49,7 +50,7 @@ All integration tests require the Kubernetes-Monitor to be built into an image o
 The easiest way to achieve it is by running the `scripts/docker/build-image.sh` script.
 Please note that `docker` needs to be installed in order for this script to succeed.
 
-As part of these tests, we attempt pulling and scanning an image hosted on a private GCR registry. For this test case to work, one has to define the following environment variables: `GCR_IO_SERVICE_ACCOUNT`, `GCR_IO_DOCKERCFG`, `DOCKER_HUB_RO_USERNAME`, `DOCKER_HUB_RO_PASSWORD`.
+As part of these tests, we attempt pulling and scanning an image hosted on a private GCR registry. For this test case to work, one has to define the following environment variables: `GCR_IO_SERVICE_ACCOUNT`, `GCR_IO_DOCKERCFG`, `PRIVATE_REGISTRIES_DOCKERCFG`, `DOCKER_HUB_RO_USERNAME`, `DOCKER_HUB_RO_PASSWORD`.
 
 Our integration tests may use different Kubernetes platforms to host the Kubernetes-Monitor. These platforms may use an existing cluster, or create a new one. Both decisions are based on the environment variables:
 * `TEST_PLATFORM` (`kind`, `kindolm`, `eks`)
@@ -84,6 +85,19 @@ This test runs whenever we commit to our `staging` branch, and at the moment may
 
 Run with `npm run test:integration:eks`.
 
+### AKS ###
+
+AKS is Azure's Kubernetes platform and helps us ensure we support not only the generic Kubernetes API, but also specifically AKS.
+
+This test uses an existing Azure account with an existing AKS cluster, and as such has a few more prerequisites:
+- `pip` is used to ensure the `az` CLI is installed and up to date. `az` is then used to generate a `kubeconfig` file to access the AKS cluster, as well as credentials to ACR.
+- AZ environment variables: `AZ_SP_APP_ID`, `AZ_SP_TENANT`, `AZ_SP_PASSWORD`, `AZ_ACR_REGISTRY`, `AZ_SUBSCRIPTION`, `AZ_RESOURCE_NAME`, `AZ_RESOURCE_GROUP` are used to authenticate against the Azure account.
+- `docker` is used to push the Kubernetes-Monitor's image to ACR.
+
+This test runs whenever we commit to our `staging` branch, and at the moment may only run once concurrently since it uses the same cluster.
+
+Run with `npm run test:integration:aks:yaml`.
+
 ### OpenShift 4 ###
 
 See the [OpenShift 4 README](README.md) for setup instructions.

test/setup/index.ts

@@ -90,7 +90,7 @@ async function predeploy(
     } catch (error) {
       console.log(`Namespace ${namespace} already exist`);
     }
-    const gcrDockercfg = process.env['GCR_IO_DOCKERCFG'] || '{}';
+    const gcrDockercfg = process.env['PRIVATE_REGISTRIES_DOCKERCFG'] || '{}';
     await kubectl.createSecret(secretName, namespace, {
       'dockercfg.json': gcrDockercfg,
       integrationId,

test/setup/platforms/aks.ts

@@ -0,0 +1,74 @@
+import { throwIfEnvironmentVariableUnset } from './helpers';
+import * as kubectl from '../../helpers/kubectl';
+import { execWrapper as exec } from '../../helpers/exec';
+
+export async function validateRequiredEnvironment(): Promise<void> {
+  console.log(
+    'Checking for the required environment variables: AZ_SP_APP_ID, AZ_SP_TENANT, AZ_SP_PASSWORD, AZ_ACR_REGISTRY, AZ_SUBSCRIPTION, AZ_RESOURCE_NAME, AZ_RESOURCE_GROUP',
+  );
+  throwIfEnvironmentVariableUnset('AZ_SP_APP_ID');
+  throwIfEnvironmentVariableUnset('AZ_SP_TENANT');
+  throwIfEnvironmentVariableUnset('AZ_SP_PASSWORD');
+  throwIfEnvironmentVariableUnset('AZ_ACR_REGISTRY');
+  throwIfEnvironmentVariableUnset('AZ_SUBSCRIPTION');
+  throwIfEnvironmentVariableUnset('AZ_RESOURCE_NAME');
+  throwIfEnvironmentVariableUnset('AZ_RESOURCE_GROUP');
+  throwIfEnvironmentVariableUnset('DOCKER_HUB_RO_USERNAME');
+  throwIfEnvironmentVariableUnset('DOCKER_HUB_RO_PASSWORD');
+}
+
+export async function setupTester(): Promise<void> {
+  const {
+    AZ_SP_APP_ID,
+    AZ_SP_PASSWORD,
+    AZ_SP_TENANT,
+    AZ_RESOURCE_GROUP,
+    AZ_RESOURCE_NAME,
+    AZ_SUBSCRIPTION,
+  } = process.env;
+  await exec(
+    `az login --service-principal --username ${AZ_SP_APP_ID} --password ${AZ_SP_PASSWORD} --tenant ${AZ_SP_TENANT}`,
+  );
+
+  await exec(`az account set --subscription ${AZ_SUBSCRIPTION}`);
+  await exec(
+    `az aks get-credentials --resource-group ${AZ_RESOURCE_GROUP} --name ${AZ_RESOURCE_NAME}`,
+  );
+}
+
+export async function createCluster(): Promise<void> {
+  throw new Error('Not implemented');
+}
+
+export async function deleteCluster(): Promise<void> {
+  throw new Error('Not implemented');
+}
+
+export async function exportKubeConfig(): Promise<void> {
+  const { HOME } = process.env;
+  process.env.KUBECONFIG = `${HOME}/.kube/config`;
+}
+
+export async function loadImageInCluster(
+  imageNameAndTag: string,
+): Promise<string> {
+  const { AZ_ACR_REGISTRY } = process.env;
+  console.log(`Loading image ${imageNameAndTag} in ACR...`);
+
+  await exec(`az acr login --name ${AZ_ACR_REGISTRY}`);
+
+  const targetImage = `${AZ_ACR_REGISTRY}.azurecr.io/${imageNameAndTag}`;
+
+  await exec(`docker tag ${imageNameAndTag} ${targetImage}`);
+  await exec(`docker push ${targetImage}`);
+
+  console.log(`Loaded image in ACR`);
+  return targetImage;
+}
+
+export async function clean(): Promise<void> {
+  await Promise.all([
+    kubectl.deleteNamespace('services'),
+    kubectl.deleteNamespace('snyk-monitor'),
+  ]);
+}

test/setup/platforms/index.ts

@@ -1,6 +1,7 @@
 import * as kind from './kind';
 import * as kindOlm from './kind-olm';
 import * as eks from './eks';
+import * as aks from './aks';
 import * as openshift3 from './openshift3';
 import * as openshift4 from './openshift4';
 
@@ -51,6 +52,16 @@ const eksSetup: IPlatformSetup = {
   validateRequiredEnvironment: eks.validateRequiredEnvironment,
 };
 
+const aksSetup: IPlatformSetup = {
+  create: aks.createCluster,
+  loadImage: aks.loadImageInCluster,
+  delete: aks.deleteCluster,
+  config: aks.exportKubeConfig,
+  clean: aks.clean,
+  setupTester: aks.setupTester,
+  validateRequiredEnvironment: aks.validateRequiredEnvironment,
+};
+
 // Use a kind cluster pinned to a specific Kubernetes version to mimic OS3.
 const openshift3Setup: IPlatformSetup = {
   create: kind.createCluster,
@@ -85,6 +96,7 @@ export default {
   kind: kindSetup,
   kindolm: kindOlmSetup,
   eks: eksSetup,
+  aks: aksSetup,
   openshift3: openshift3Setup,
   openshift4: openshift4Setup,
 } as {