mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-22 13:00:19 +00:00
267 lines
9.6 KiB
Go
267 lines
9.6 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package upgrades
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"path/filepath"
|
|
"reflect"
|
|
|
|
"github.com/davecgh/go-spew/spew"
|
|
. "github.com/onsi/ginkgo"
|
|
|
|
compute "google.golang.org/api/compute/v1"
|
|
extensions "k8s.io/api/extensions/v1beta1"
|
|
"k8s.io/apimachinery/pkg/util/wait"
|
|
"k8s.io/kubernetes/pkg/util/version"
|
|
"k8s.io/kubernetes/test/e2e/framework"
|
|
)
|
|
|
|
// Dependent on "static-ip-2" manifests
|
|
const path = "foo"
|
|
const host = "ingress.test.com"
|
|
|
|
// IngressUpgradeTest adapts the Ingress e2e for upgrade testing
|
|
type IngressUpgradeTest struct {
|
|
gceController *framework.GCEIngressController
|
|
// holds GCP resources pre-upgrade
|
|
resourceStore *GCPResourceStore
|
|
jig *framework.IngressTestJig
|
|
httpClient *http.Client
|
|
ip string
|
|
ipName string
|
|
skipSSLCheck bool
|
|
}
|
|
|
|
// GCPResourceStore keeps track of the GCP resources spun up by an ingress.
|
|
// Note: Fields are exported so that we can utilize reflection.
|
|
type GCPResourceStore struct {
|
|
Fw *compute.Firewall
|
|
FwdList []*compute.ForwardingRule
|
|
UmList []*compute.UrlMap
|
|
TpList []*compute.TargetHttpProxy
|
|
TpsList []*compute.TargetHttpsProxy
|
|
SslList []*compute.SslCertificate
|
|
BeList []*compute.BackendService
|
|
Ip *compute.Address
|
|
IgList []*compute.InstanceGroup
|
|
}
|
|
|
|
func (IngressUpgradeTest) Name() string { return "ingress-upgrade" }
|
|
|
|
// Setup creates a GLBC, allocates an ip, and an ingress resource,
|
|
// then waits for a successful connectivity check to the ip.
|
|
// Also keeps track of all load balancer resources for cross-checking
|
|
// during an IngressUpgrade.
|
|
func (t *IngressUpgradeTest) Setup(f *framework.Framework) {
|
|
framework.SkipUnlessProviderIs("gce", "gke")
|
|
|
|
// jig handles all Kubernetes testing logic
|
|
jig := framework.NewIngressTestJig(f.ClientSet)
|
|
|
|
ns := f.Namespace
|
|
|
|
// gceController handles all cloud testing logic
|
|
gceController := &framework.GCEIngressController{
|
|
Ns: ns.Name,
|
|
Client: jig.Client,
|
|
Cloud: framework.TestContext.CloudConfig,
|
|
}
|
|
framework.ExpectNoError(gceController.Init())
|
|
|
|
t.gceController = gceController
|
|
t.jig = jig
|
|
t.httpClient = framework.BuildInsecureClient(framework.IngressReqTimeout)
|
|
|
|
// Allocate a static-ip for the Ingress, this IP is cleaned up via CleanupGCEIngressController
|
|
t.ipName = fmt.Sprintf("%s-static-ip", ns.Name)
|
|
t.ip = t.gceController.CreateStaticIP(t.ipName)
|
|
|
|
// Create a working basic Ingress
|
|
By(fmt.Sprintf("allocated static ip %v: %v through the GCE cloud provider", t.ipName, t.ip))
|
|
jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "static-ip-2"), ns.Name, map[string]string{
|
|
framework.IngressStaticIPKey: t.ipName,
|
|
framework.IngressAllowHTTPKey: "false",
|
|
}, map[string]string{})
|
|
t.jig.SetHTTPS("tls-secret", "ingress.test.com")
|
|
|
|
By("waiting for Ingress to come up with ip: " + t.ip)
|
|
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))
|
|
|
|
By("keeping track of GCP resources created by Ingress")
|
|
t.resourceStore = &GCPResourceStore{}
|
|
t.populateGCPResourceStore(t.resourceStore)
|
|
}
|
|
|
|
// Test waits for the upgrade to complete, and then verifies
|
|
// with a connectvity check to the loadbalancer ip.
|
|
func (t *IngressUpgradeTest) Test(f *framework.Framework, done <-chan struct{}, upgrade UpgradeType) {
|
|
switch upgrade {
|
|
case MasterUpgrade:
|
|
// Restarting the ingress controller shouldn't disrupt a steady state
|
|
// Ingress. Restarting the ingress controller and deleting ingresses
|
|
// while it's down will leak cloud resources, because the ingress
|
|
// controller doesn't checkpoint to disk.
|
|
t.verify(f, done, true)
|
|
case IngressUpgrade:
|
|
t.verify(f, done, true)
|
|
default:
|
|
// Currently ingress gets disrupted across node upgrade, because endpoints
|
|
// get killed and we don't have any guarantees that 2 nodes don't overlap
|
|
// their upgrades (even on cloud platforms like GCE, because VM level
|
|
// rolling upgrades are not Kubernetes aware).
|
|
t.verify(f, done, false)
|
|
}
|
|
}
|
|
|
|
// Teardown cleans up any remaining resources.
|
|
func (t *IngressUpgradeTest) Teardown(f *framework.Framework) {
|
|
if CurrentGinkgoTestDescription().Failed {
|
|
framework.DescribeIng(t.gceController.Ns)
|
|
}
|
|
|
|
if t.jig.Ingress != nil {
|
|
By("Deleting ingress")
|
|
t.jig.TryDeleteIngress()
|
|
} else {
|
|
By("No ingress created, no cleanup necessary")
|
|
}
|
|
|
|
By("Cleaning up cloud resources")
|
|
framework.ExpectNoError(t.gceController.CleanupGCEIngressController())
|
|
}
|
|
|
|
// Skip checks if the test or part of the test should be skipped.
|
|
func (t *IngressUpgradeTest) Skip(upgCtx UpgradeContext) bool {
|
|
sslNameChangeVersion, err := version.ParseGeneric("v1.10.0")
|
|
framework.ExpectNoError(err)
|
|
var hasVersionBelow, hasVersionAboveOrEqual bool
|
|
for _, v := range upgCtx.Versions {
|
|
if v.Version.LessThan(sslNameChangeVersion) {
|
|
hasVersionBelow = true
|
|
continue
|
|
}
|
|
hasVersionAboveOrEqual = true
|
|
}
|
|
// Skip SSL certificates check if k8s version changes between 1.10-
|
|
// and 1.10+ because the naming scheme has changed.
|
|
if hasVersionBelow && hasVersionAboveOrEqual {
|
|
t.skipSSLCheck = true
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (t *IngressUpgradeTest) verify(f *framework.Framework, done <-chan struct{}, testDuringDisruption bool) {
|
|
if testDuringDisruption {
|
|
By("continuously hitting the Ingress IP")
|
|
wait.Until(func() {
|
|
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))
|
|
}, t.jig.PollInterval, done)
|
|
} else {
|
|
By("waiting for upgrade to finish without checking if Ingress remains up")
|
|
<-done
|
|
}
|
|
By("hitting the Ingress IP " + t.ip)
|
|
framework.ExpectNoError(framework.PollURL(fmt.Sprintf("https://%v/%v", t.ip, path), host, framework.LoadBalancerPollTimeout, t.jig.PollInterval, t.httpClient, false))
|
|
|
|
// We want to manually trigger a sync because then we can easily verify
|
|
// a correct sync completed after update.
|
|
By("updating ingress spec to manually trigger a sync")
|
|
t.jig.Update(func(ing *extensions.Ingress) {
|
|
ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths = append(
|
|
ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths,
|
|
extensions.HTTPIngressPath{
|
|
Path: "/test",
|
|
// Note: Dependant on using "static-ip-2" manifest.
|
|
Backend: ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].Backend,
|
|
})
|
|
})
|
|
// WaitForIngress() tests that all paths are pinged, which is how we know
|
|
// everything is synced with the cloud.
|
|
t.jig.WaitForIngress(false)
|
|
By("comparing GCP resources post-upgrade")
|
|
postUpgradeResourceStore := &GCPResourceStore{}
|
|
t.populateGCPResourceStore(postUpgradeResourceStore)
|
|
|
|
// Stub out the number of instances as that is out of Ingress controller's control.
|
|
for _, ig := range t.resourceStore.IgList {
|
|
ig.Size = 0
|
|
}
|
|
for _, ig := range postUpgradeResourceStore.IgList {
|
|
ig.Size = 0
|
|
}
|
|
// Stub out compute.SslCertificates in case we know it will change during an upgrade/downgrade.
|
|
if t.skipSSLCheck {
|
|
t.resourceStore.SslList = nil
|
|
postUpgradeResourceStore.SslList = nil
|
|
}
|
|
|
|
// TODO(rramkumar): Remove this when GLBC v1.2.0 is released.
|
|
t.resourceStore.BeList = nil
|
|
postUpgradeResourceStore.BeList = nil
|
|
|
|
framework.ExpectNoError(compareGCPResourceStores(t.resourceStore, postUpgradeResourceStore, func(v1 reflect.Value, v2 reflect.Value) error {
|
|
i1 := v1.Interface()
|
|
i2 := v2.Interface()
|
|
// Skip verifying the UrlMap since we did that via WaitForIngress()
|
|
if !reflect.DeepEqual(i1, i2) && (v1.Type() != reflect.TypeOf([]*compute.UrlMap{})) {
|
|
return spew.Errorf("resources after ingress upgrade were different:\n Pre-Upgrade: %#v\n Post-Upgrade: %#v", i1, i2)
|
|
}
|
|
return nil
|
|
}))
|
|
}
|
|
|
|
func (t *IngressUpgradeTest) populateGCPResourceStore(resourceStore *GCPResourceStore) {
|
|
cont := t.gceController
|
|
resourceStore.Fw = cont.GetFirewallRule()
|
|
resourceStore.FwdList = cont.ListGlobalForwardingRules()
|
|
resourceStore.UmList = cont.ListUrlMaps()
|
|
resourceStore.TpList = cont.ListTargetHttpProxies()
|
|
resourceStore.TpsList = cont.ListTargetHttpsProxies()
|
|
resourceStore.SslList = cont.ListSslCertificates()
|
|
resourceStore.BeList = cont.ListGlobalBackendServices()
|
|
resourceStore.Ip = cont.GetGlobalAddress(t.ipName)
|
|
resourceStore.IgList = cont.ListInstanceGroups()
|
|
}
|
|
|
|
func compareGCPResourceStores(rs1 *GCPResourceStore, rs2 *GCPResourceStore, compare func(v1 reflect.Value, v2 reflect.Value) error) error {
|
|
// Before we do a comparison, remove the ServerResponse field from the
|
|
// Compute API structs. This is needed because two objects could be the same
|
|
// but their ServerResponse will be different if they were populated through
|
|
// separate API calls.
|
|
rs1Json, _ := json.Marshal(rs1)
|
|
rs2Json, _ := json.Marshal(rs2)
|
|
rs1New := &GCPResourceStore{}
|
|
rs2New := &GCPResourceStore{}
|
|
json.Unmarshal(rs1Json, rs1New)
|
|
json.Unmarshal(rs2Json, rs2New)
|
|
|
|
// Iterate through struct fields and perform equality checks on the fields.
|
|
// We do this rather than performing a deep equal on the struct itself because
|
|
// it is easier to log which field, if any, is not the same.
|
|
rs1V := reflect.ValueOf(*rs1New)
|
|
rs2V := reflect.ValueOf(*rs2New)
|
|
for i := 0; i < rs1V.NumField(); i++ {
|
|
if err := compare(rs1V.Field(i), rs2V.Field(i)); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|