wip: basic test for peerpods

edgelesssys · Nov 11, 2024 · 8c6e5b7 · 8c6e5b7
1 parent e2fcc5b
commit 8c6e5b7
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 2 deletions.
diff --git a/.github/workflows/e2e_peerpods.yml b/.github/workflows/e2e_peerpods.yml
@@ -0,0 +1,34 @@
+name: e2e peer-pods
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/setup_nix
+        with:
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+      - name: Login to Azure
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
+        with:
+          creds: ${{ secrets.CONTRAST_CI_INFRA_AZURE }}
+      - name: Cleanup .azure dir
+        run: |
+          rm "$HOME/.azure/{commandIndex.json,versionCheck.json}"
+      - id: resourcegroup
+        working-directory: contrast
+        run: |
+          echo "rg=contrastpp$RANDOM" >> "$GITHUB_OUTPUT"
+      - name: Test peer-pods
+        run: |
+          export azure_resource_group="${{ steps.resourcegroup.outputs.rg }}"
+          nix run .#scripts.test-peerpods
+      - name: Terminate cluster
+        if: always()
+        run: |
+          az group delete --name "${{ steps.resourcegroup.outputs.rg }}_caa_cluster" --yes
diff --git a/justfile b/justfile
@@ -201,7 +201,7 @@ create platform=default_platform:
             echo "subscription_id = \"$azure_subscription_id\"" >> infra/azure-peerpods/just.auto.tfvars
 
             nix run -L .#terraform -- -chdir=infra/azure-peerpods init
-            nix run -L .#terraform -- -chdir=infra/azure-peerpods apply
+            nix run -L .#terraform -- -chdir=infra/azure-peerpods apply --auto-approve
         ;;
         *)
             echo "Unsupported platform: {{ platform }}"
@@ -330,7 +330,7 @@ destroy platform=default_platform:
             :
         ;;
         "AKS-PEER-SNP")
-            nix run -L .#terraform -- -chdir=infra/azure-peerpods destroy
+            nix run -L .#terraform -- -chdir=infra/azure-peerpods destroy --auto-approve
 
             # Clean-up cached image ids.
             rm -f ${CONTRAST_CACHE_DIR}/image-upload/*.image-id

diff --git a/packages/scripts.nix b/packages/scripts.nix
@@ -511,4 +511,14 @@
     ];
     text = builtins.readFile ./cleanup-images.sh;
   };
+
+  test-peerpods = writeShellApplication {
+    name = "test-peerpods";
+    runtimeInputs = with pkgs; [
+      just
+      azure-cli
+      kubectl
+    ];
+    text = builtins.readFile ./test-peerpods.sh;
+  };
 }
diff --git a/packages/test-peerpods.sh b/packages/test-peerpods.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Copyright 2024 Edgeless Systems GmbH
+# SPDX-License-Identifier: AGPL-3.0-only
+
+set -euo pipefail
+
+# just create AKS-PEER-SNP
+# just get-credentials AKS-PEER-SNP
+# just node-installer AKS-PEER-SNP
+
+cat <<EOF | kubectl apply -f -
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      runtimeClassName: kata-remote
+      containers:
+      - name: nginx
+        image: nginx
+        imagePullPolicy: Always
+EOF
+
+if ! kubectl wait --for=condition=available --timeout=5m deployment/nginx; then
+    kubectl describe pods
+    exit 1
+fi