From 7f1128638f9b8b7f7f5363f69fe1d9d9841292b1 Mon Sep 17 00:00:00 2001
From: Markus Rudy <mr@edgeless.systems>
Date: Fri, 29 Nov 2024 16:00:57 +0100
Subject: [PATCH] caa: adjust peer-pods test for node-installer-based CAA

---
 .github/workflows/e2e_peerpods.yml | 11 ++++++++
 packages/test-peerpods.sh          | 40 ++++++++++++++----------------
 2 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/e2e_peerpods.yml b/.github/workflows/e2e_peerpods.yml
index 9b0c5cf53a..2e02b68a15 100644
--- a/.github/workflows/e2e_peerpods.yml
+++ b/.github/workflows/e2e_peerpods.yml
@@ -18,8 +18,17 @@ on:
 jobs:
   test:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Log in to ghcr.io Container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - uses: ./.github/actions/setup_nix
         with:
           githubToken: ${{ secrets.GITHUB_TOKEN }}
@@ -34,7 +43,9 @@ jobs:
           azure_image_id: ${{ inputs.image-id }}
           azure_resource_group: contrast-ci
           azure_location: germanywestcentral
+          container_registry: ghcr.io/edgelesssys
           CONTRAST_CACHE_DIR: "./workspace.cache"
+          DO_NOT_TRACK: 1
         run: |
           ssh-keygen -t rsa -f ./infra/azure-peerpods/id_rsa -N ""
           cat >infra/azure-peerpods/iam.auto.tfvars <<EOF
diff --git a/packages/test-peerpods.sh b/packages/test-peerpods.sh
index d28f6f8f8c..077f2ce840 100644
--- a/packages/test-peerpods.sh
+++ b/packages/test-peerpods.sh
@@ -22,30 +22,18 @@ EOF
 just create AKS-PEER-SNP
 just get-credentials AKS-PEER-SNP
 just node-installer AKS-PEER-SNP
+just runtime default AKS-PEER-SNP
+just apply-runtime default AKS-PEER-SNP
 
 set +x
-found=false
-for _ in $(seq 30); do
-  if kubectl get runtimeclass | grep -q kata-remote; then
-    found=true
-    break
-  fi
-  echo "Waiting for Kata installation to succeed ..."
-  sleep 10
-done
-
-if [[ $found != true ]]; then
-  echo "Kata RuntimeClass not ready" >&2
+runtime=$(kubectl get runtimeclass -o json | jq -r '.items[] | .metadata.name | select(startswith("contrast-cc-aks-peer"))')
+
+if [[ $runtime == "" ]]; then
+  echo "Contrast RuntimeClass not ready" >&2
   exit 1
 fi
 
-run_tests() {
-  pod="$(kubectl get pod -l app=alpine -o jsonpath='{.items[0].metadata.name}')"
-
-  # Check IMDS functionality.
-  # -f makes this fail on a 500 status code.
-  kubectl exec "$pod" -- curl -f -i -H "Metadata: true" http://169.254.169.254/metadata/THIM/amd/certification
-}
+kubectl wait "--for=jsonpath={.status.numberReady}=1" ds/contrast-node-installer --timeout=5m
 
 cleanup() {
   kubectl delete deploy alpine
@@ -54,6 +42,14 @@ cleanup() {
 
 trap cleanup EXIT
 
+run_tests() {
+  pod="$(kubectl get pod -l app=alpine -o jsonpath='{.items[0].metadata.name}')"
+
+  # Check IMDS functionality.
+  # -f makes this fail on a 500 status code.
+  kubectl exec "$pod" -- curl -f -i -H "Metadata: true" http://169.254.169.254/metadata/THIM/amd/certification
+}
+
 set -x
 
 kubectl apply -f - <<EOF
@@ -71,17 +67,17 @@ spec:
       labels:
         app: alpine
     spec:
-      runtimeClassName: kata-remote
+      runtimeClassName: "$runtime"
       containers:
       - name: alpine
         image: alpine/curl
         imagePullPolicy: Always
-        command: ["sleep", "3600"]
+        command: ["sleep", "infinity"]
 EOF
 
 if ! kubectl wait --for=condition=available --timeout=5m deployment/alpine; then
   kubectl describe pods
-  kubectl logs -n confidential-containers-system -l app=cloud-api-adaptor --tail=-1 --all-containers
+  kubectl logs -l app.kubernetes.io/name=contrast-node-installer --tail=-1 --all-containers
   exit 1
 fi