Akd/integration tests on vsphere (#2)

* use vsphere creds in terraform provider * clone from template rather than ovf * auto-approve terraform apply * Add terraform added k8s machine to the test model * move testing model to calico-enterprise * use repository secrets to setup license testing * use juju 3.1 for testing, calico secrets are text * user terraform to cleanup after test * integration tests support pre-built charm * mark TF variables as sensative * Deploy without spaces support, and ensure the machine mappings line up with 5 machine model from terraform * properly teardown the terraform environment * fix test overlay * Map manual machines into the the overlay * expect the correct app name, and include no_proxy in cloud-init * adjust no_proxy subnets * simplify the image pull secret to a single variable * Apply the registry secret during terraform apply * fix subnet issue, use sshuttle to map client to controller, improve netplan generator * Adjust to manual cloud with 3 nics on each of the k8s VMS * Corret spelling mistakes and noproxy config * Adjust cloud credentials * appropriately use github env vars * bury sensative data into GITHUB_ENV * remove unnecessary package * Quote GHA environment variables * address misspelling * move TF_VAR secrets to its own file * completely move secrets out of GHA control * env.K8S_IPS contain spaces, must escape * better debug issue with juju spaces * respect posargs when running integration tests * wait 5m for appearance of the calico-enterprise charm * Ensure that cloud-init configuration completes successfully before juju enlistment * don't log the bundles to the action artifacts * Move tigera manifests into the charm, rather than as attached resources * simplify calico-early bgp parameter rendering * rearrange distribution of proxy environment settings appropriately * Split gh actions into a separate shell script * Improve status condition of the unit
charmed-kubernetes · Oct 17, 2023 · d31ac17 · d31ac17
1 parent d6e0d14
commit d31ac17
Show file tree

Hide file tree

Showing 32 changed files with 37,838 additions and 1,226 deletions.
diff --git a/.github/data/proxy_config.yaml b/.github/data/proxy_config.yaml
@@ -0,0 +1,8 @@
+apt-http-proxy: http://squid.internal:3128
+apt-https-proxy: http://squid.internal:3128
+apt-no-proxy: localhost,127.0.0.1,0.0.0.0,ppa.launchpad.net,launchpad.net,10.101.249.0/24,10.152.183.0/24,10.246.153.0/24,10.246.154.0/24,10.246.155.0/24
+juju-http-proxy: http://squid.internal:3128
+juju-https-proxy: http://squid.internal:3128
+juju-no-proxy: localhost,127.0.0.1,0.0.0.0,ppa.launchpad.net,launchpad.net,10.101.249.0/24,10.152.183.0/24,10.246.153.0/24,10.246.154.0/24,10.246.155.0/24
+snap-http-proxy: http://squid.internal:3128
+snap-https-proxy: http://squid.internal:3128
diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml
@@ -19,3 +19,81 @@ jobs:
       python: "['3.8', '3.9', '3.10', '3.11']"
     needs: 
       - call-inclusive-naming-check
+
+  integration-test:
+    name: VSphere Integration Test
+    needs: 
+      - lint-unit
+    runs-on: self-hosted
+    env:
+      JUJU_MODEL: calico-enterprise
+      CHARM_TIGERA_EE_LICENSE: ${{ secrets.CHARM_TIGERA_EE_LICENSE }}
+      CHARM_TIGERA_EE_REG_SECRET: ${{ secrets.CHARM_TIGERA_EE_REG_SECRET }}
+      CREDENTIALS_YAML_CONTENT: ${{ secrets.CREDENTIALS_YAML }}
+      CLOUDS_YAML_CONTENT: ${{ secrets.CLOUDS_YAML }}
+
+    timeout-minutes: 90
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.8
+
+      - name: Install Tools
+        run: tests/integration/setup.sh install_tools
+
+      - name: Generate SSH Keys
+        run: tests/integration/setup.sh generate_ssh_keys
+
+      - name: Apply cloud credentials
+        run: tests/integration/setup.sh apply_cloud_credentials
+
+      - name: Terraform Create Cloud
+        run: tests/integration/setup.sh terraform_cloud
+
+      - name: Setup operator environment
+        uses: charmed-kubernetes/actions-operator@main
+        with:
+          provider: manual-cloud
+          juju-channel: 3.1/stable
+          credentials-yaml: ${{ secrets.CREDENTIALS_YAML }}
+          clouds-yaml: ${{ env.MANUAL_CLOUD_YAML }}
+          bootstrap-constraints: ""
+          bootstrap-options: ""
+
+      - name: Juju Deploy DualTor Charms
+        run: tests/integration/setup.sh juju_create_manual_model
+
+      - name: Run test
+        run: tox -e integration -- --basetemp=/home/ubuntu/pytest --crash-dump=on-failure
+
+      - name: Setup Debug Artifact Collection
+        if: ${{ failure() }}
+        run: mkdir tmp
+
+      - name: Collect Charmcraft Errors
+        if: ${{ failure() }}
+        run: |
+          mv /home/ubuntu/.local/state/charmcraft/log/* tmp/ | true
+
+      - name: Collect Juju Status
+        if: ${{ failure() }}
+        run: tests/integration/setup.sh juju_status
+
+      - name: Upload debug artifacts
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-run-artifacts
+          path: tmp
+
+      - name: Juju Teardown
+        if: ${{ always() }}
+        run: |
+          juju destroy-model ${JUJU_MODEL} --force --destroy-storage --no-prompt
+
+      - name: Terraform Teardown
+        if: ${{ always() }}
+        run: tests/integration/setup.sh terraform_teardown
diff --git a/.gitignore b/.gitignore
@@ -1,160 +1,14 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
+venv/
 build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
+*.charm
 .tox/
-.nox/
 .coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-cover/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-.pybuilder/
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# poetry
-#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
-
-# pdm
-#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#pdm.lock
-#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
-#   in version control.
-#   https://pdm.fming.dev/#use-with-ide
-.pdm.toml
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
-
-# pytype static type analyzer
-.pytype/
-
-# Cython debug symbols
-cython_debug/
+__pycache__/
+*.py[cod]
+.kube/
+.python-version
 
-# PyCharm
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+# terraform metadata
+.terraform/
+*.tfstate*
+.integration_local_env
diff --git a/.wokeignore b/.wokeignore
@@ -0,0 +1 @@
+upstream/**/*.yaml
diff --git a/charmcraft.yaml b/charmcraft.yaml
@@ -3,6 +3,8 @@ parts:
   charm:
     build-packages: [git]
     charm-python-packages: [setuptools, pip]
+    prime:
+      - upstream/**
 bases:
   - build-on:
     - name: "ubuntu"

diff --git a/config.yaml b/config.yaml
@@ -18,8 +18,16 @@ options:
     default: ""
     type: string
     description: |
-      License file converted into base64 following the command:
-        $ juju config tigera license="$(cat license | base64 -w0)"
+      LicenseKey should be a file, appiled as a bas64 string
+
+      file format:
+          kind: LicenseKey
+          apiVersion: crd.projectcalico.org/v1
+          spec:
+            certificate: <content>
+            token: <content>
+
+      $ juju config calico-enterprise license="$(cat license | base64 -w0)"
   addons:
     default: False
     type: boolean
@@ -58,8 +66,7 @@ options:
     default: ""
     type: string
     description: |
-      String in the format of "user:password". Passed as a secret named
-      tigera-pull-secret.
+      String in the format of "user:password" run through base64 encoding
   tigera_version:
     default: 'distro'
     type: string
@@ -98,7 +105,7 @@ options:
     type: string
     description: |
       A pattern to configure as the Calico NIC detection method. For example enp.*.
-      Takes precident over CIDR.
+      Takes precedence over CIDR.
       For details on Autodetection see: https://docs.tigera.io/calico-enterprise/latest/networking/ipam/ip-autodetection#autodetection-methods
   nic_autodetection_cidrs:
     default: ""

diff --git a/metadata.yaml b/metadata.yaml
@@ -23,18 +23,5 @@ requires:
     interface: kubernetes-cni
     scope: container
 peers:
-  tigera:
-    interface: tigera
-resources:
-  cnx-node-image:
-    type: file
-    filename: cnx-node-image.tar.gz
-    description: 'cnx-node resource tarball for amd64'
-  calico-enterprise-manifest:
-    type: file
-    filename: tigera-installation.yaml
-    description: 'The Tigera manifest'
-  calico-crd-manifest:
-    type: file
-    filename: tigera-crds.yaml
-    description: 'The Tigera CRDs manifest'
+  calico-enterprise:
+    interface: calico-enterprise