Skip to content

Commit

Permalink
caa: adjust peer-pods test for node-installer-based CAA
Browse files Browse the repository at this point in the history
  • Loading branch information
burgerdev committed Dec 6, 2024
1 parent 474962b commit 7f11286
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 22 deletions.
11 changes: 11 additions & 0 deletions .github/workflows/e2e_peerpods.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,17 @@ on:
jobs:
test:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Log in to ghcr.io Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: ./.github/actions/setup_nix
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -34,7 +43,9 @@ jobs:
azure_image_id: ${{ inputs.image-id }}
azure_resource_group: contrast-ci
azure_location: germanywestcentral
container_registry: ghcr.io/edgelesssys
CONTRAST_CACHE_DIR: "./workspace.cache"
DO_NOT_TRACK: 1
run: |
ssh-keygen -t rsa -f ./infra/azure-peerpods/id_rsa -N ""
cat >infra/azure-peerpods/iam.auto.tfvars <<EOF
Expand Down
40 changes: 18 additions & 22 deletions packages/test-peerpods.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,30 +22,18 @@ EOF
just create AKS-PEER-SNP
just get-credentials AKS-PEER-SNP
just node-installer AKS-PEER-SNP
just runtime default AKS-PEER-SNP
just apply-runtime default AKS-PEER-SNP

set +x
found=false
for _ in $(seq 30); do
if kubectl get runtimeclass | grep -q kata-remote; then
found=true
break
fi
echo "Waiting for Kata installation to succeed ..."
sleep 10
done

if [[ $found != true ]]; then
echo "Kata RuntimeClass not ready" >&2
runtime=$(kubectl get runtimeclass -o json | jq -r '.items[] | .metadata.name | select(startswith("contrast-cc-aks-peer"))')

if [[ $runtime == "" ]]; then
echo "Contrast RuntimeClass not ready" >&2
exit 1
fi

run_tests() {
pod="$(kubectl get pod -l app=alpine -o jsonpath='{.items[0].metadata.name}')"

# Check IMDS functionality.
# -f makes this fail on a 500 status code.
kubectl exec "$pod" -- curl -f -i -H "Metadata: true" http://169.254.169.254/metadata/THIM/amd/certification
}
kubectl wait "--for=jsonpath={.status.numberReady}=1" ds/contrast-node-installer --timeout=5m

cleanup() {
kubectl delete deploy alpine
Expand All @@ -54,6 +42,14 @@ cleanup() {

trap cleanup EXIT

run_tests() {
pod="$(kubectl get pod -l app=alpine -o jsonpath='{.items[0].metadata.name}')"

# Check IMDS functionality.
# -f makes this fail on a 500 status code.
kubectl exec "$pod" -- curl -f -i -H "Metadata: true" http://169.254.169.254/metadata/THIM/amd/certification
}

set -x

kubectl apply -f - <<EOF
Expand All @@ -71,17 +67,17 @@ spec:
labels:
app: alpine
spec:
runtimeClassName: kata-remote
runtimeClassName: "$runtime"
containers:
- name: alpine
image: alpine/curl
imagePullPolicy: Always
command: ["sleep", "3600"]
command: ["sleep", "infinity"]
EOF

if ! kubectl wait --for=condition=available --timeout=5m deployment/alpine; then
kubectl describe pods
kubectl logs -n confidential-containers-system -l app=cloud-api-adaptor --tail=-1 --all-containers
kubectl logs -l app.kubernetes.io/name=contrast-node-installer --tail=-1 --all-containers
exit 1
fi

Expand Down

0 comments on commit 7f11286

Please sign in to comment.