Add integration test for role=apiserver on GCE

Author: rifelpet

cmd/kops/integration_test.go

@@ -77,6 +77,13 @@ type integrationTest struct {
 	startupScript bool
 	// verify "kops get assets" functionality
 	testGetAssets bool
+	// gceAPIServerIGs is a list of APIServer instance group names and their zones for GCE
+	gceAPIServerIGs []gceAPIServerIG
+}
+
+type gceAPIServerIG struct {
+	name string
+	zone string
 }
 
 func newIntegrationTest(clusterName, srcDir string) *integrationTest {
@@ -151,6 +158,11 @@ func (i *integrationTest) withCiliumEtcd() *integrationTest {
 	return i
 }
 
+func (i *integrationTest) withGCEDedicatedAPIServer(name, zone string) *integrationTest {
+	i.gceAPIServerIGs = append(i.gceAPIServerIGs, gceAPIServerIG{name: name, zone: zone})
+	return i
+}
+
 func (i *integrationTest) withDedicatedAPIServer() *integrationTest {
 	i.expectTerraformFilenames = append(i.expectTerraformFilenames,
 		"aws_iam_role_apiservers."+i.clusterName+"_policy",
@@ -408,6 +420,21 @@ func TestMinimalGCEPublicLoadBalancer(t *testing.T) {
 		runTestTerraformGCE(t)
 }
 
+// TestMinimalGCEPublicLoadBalancerAPIServer runs tests on a minimal GCE configuration with a public load balancer and an APIServer instance group.
+func TestMinimalGCEPublicLoadBalancerAPIServer(t *testing.T) {
+	featureflag.ParseFlags("+APIServerNodes")
+	defer featureflag.ParseFlags("-APIServerNodes")
+
+	newIntegrationTest("minimal-gce-plb-apiserver.example.com", "minimal_gce_plb_apiserver").
+		withAddons(
+			dnsControllerAddon,
+			gcpCCMAddon,
+			gcpPDCSIAddon,
+		).
+		withGCEDedicatedAPIServer("apiserver-us-test1-a", "us-test1-a").
+		runTestTerraformGCE(t)
+}
+
 // TestMinimalGCELongClusterName runs tests on a minimal GCE configuration with a very long cluster name
 func TestMinimalGCELongClusterName(t *testing.T) {
 	newIntegrationTest("minimal-gce-with-a-very-very-very-very-very-long-name.example.com", "minimal_gce_longclustername").
@@ -1681,6 +1708,17 @@ func (i *integrationTest) runTestTerraformGCE(t *testing.T) {
 		}
 	}
 
+	for _, ig := range i.gceAPIServerIGs {
+		expectedFilenames = append(expectedFilenames, "aws_s3_object_nodeupconfig-"+ig.name+"_content")
+
+		prefix := "google_compute_instance_template_" + ig.name + "-" + gce.SafeClusterName(i.clusterName) + "_metadata_"
+		if !i.startupScript {
+			expectedFilenames = append(expectedFilenames, prefix+"user-data")
+		} else {
+			expectedFilenames = append(expectedFilenames, prefix+"startup-script")
+		}
+	}
+
 	i.runTest(t, ctx, h, expectedFilenames, "", "", nil)
 }
 

tests/integration/update_cluster/minimal_gce_plb_apiserver/data/aws_s3_object_cluster-completed.spec_content

@@ -0,0 +1,209 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: "2017-01-01T00:00:00Z"
+  name: minimal-gce-plb-apiserver.example.com
+spec:
+  api:
+    loadBalancer:
+      subnets:
+      - name: us-test-1
+      type: Public
+      useForInternalApi: true
+  authorization:
+    rbac: {}
+  channel: stable
+  cloudConfig:
+    gceServiceAccount: default
+    gcpPDCSIDriver:
+      defaultStorageClassName: balanced-storage
+      enabled: true
+      version: v1.22.1
+    manageStorageClasses: true
+    multizone: true
+    nodeTags: minimal-gce-plb-apiserver-example-com-k8s-io-role-node
+  cloudControllerManager:
+    allocateNodeCIDRs: true
+    cidrAllocatorType: CloudAllocator
+    clusterCIDR: 100.96.0.0/11
+    clusterName: minimal-gce-plb-apiserver-example-com
+    controllers:
+    - '*'
+    image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v35.0.0
+    leaderElection:
+      leaderElect: true
+  cloudProvider: gce
+  clusterDNSDomain: cluster.local
+  configBase: memfs://tests/minimal-gce-plb-apiserver.example.com
+  containerd:
+    logLevel: info
+    runc:
+      version: 1.3.4
+    sandboxImage: registry.k8s.io/pause:3.10.1
+    version: 2.1.6
+  dnsZone: "1"
+  etcdClusters:
+  - backups:
+      backupStore: memfs://tests/minimal-gce-plb-apiserver.example.com/backups/etcd/main
+    cpuRequest: 200m
+    etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    manager:
+      backupRetentionDays: 90
+    memoryRequest: 100Mi
+    name: main
+    version: 3.5.25
+  - backups:
+      backupStore: memfs://tests/minimal-gce-plb-apiserver.example.com/backups/etcd/events
+    cpuRequest: 100m
+    etcdMembers:
+    - instanceGroup: master-us-test1-a
+      name: a
+    manager:
+      backupRetentionDays: 90
+    memoryRequest: 100Mi
+    name: events
+    version: 3.5.25
+  externalDns:
+    provider: dns-controller
+  iam:
+    legacy: false
+  keyStore: memfs://tests/minimal-gce-plb-apiserver.example.com/pki
+  kubeAPIServer:
+    allowPrivileged: true
+    anonymousAuth: false
+    apiAudiences:
+    - kubernetes.svc.default
+    apiServerCount: 1
+    authorizationMode: Node,RBAC
+    bindAddress: 0.0.0.0
+    cloudProvider: external
+    enableAdmissionPlugins:
+    - DefaultStorageClass
+    - DefaultTolerationSeconds
+    - LimitRanger
+    - MutatingAdmissionWebhook
+    - NamespaceLifecycle
+    - NodeRestriction
+    - ResourceQuota
+    - RuntimeClass
+    - ServiceAccount
+    - ValidatingAdmissionPolicy
+    - ValidatingAdmissionWebhook
+    etcdServers:
+    - https://127.0.0.1:4001
+    etcdServersOverrides:
+    - /events#https://127.0.0.1:4002
+    image: registry.k8s.io/kube-apiserver:v1.32.0
+    kubeletPreferredAddressTypes:
+    - InternalIP
+    - Hostname
+    - ExternalIP
+    logLevel: 2
+    requestheaderAllowedNames:
+    - aggregator
+    requestheaderExtraHeaderPrefixes:
+    - X-Remote-Extra-
+    requestheaderGroupHeaders:
+    - X-Remote-Group
+    requestheaderUsernameHeaders:
+    - X-Remote-User
+    securePort: 443
+    serviceAccountIssuer: https://api.internal.minimal-gce-plb-apiserver.example.com
+    serviceAccountJWKSURI: https://api.internal.minimal-gce-plb-apiserver.example.com/openid/v1/jwks
+    serviceClusterIPRange: 100.64.0.0/13
+    storageBackend: etcd3
+  kubeControllerManager:
+    allocateNodeCIDRs: true
+    attachDetachReconcileSyncPeriod: 1m0s
+    cloudProvider: external
+    clusterCIDR: 100.96.0.0/11
+    clusterName: minimal-gce-plb-apiserver.example.com
+    configureCloudRoutes: false
+    image: registry.k8s.io/kube-controller-manager:v1.32.0
+    leaderElection:
+      leaderElect: true
+    logLevel: 2
+    useServiceAccountCredentials: true
+  kubeDNS:
+    cacheMaxConcurrent: 150
+    cacheMaxSize: 1000
+    cpuRequest: 100m
+    domain: cluster.local
+    memoryLimit: 170Mi
+    memoryRequest: 70Mi
+    nodeLocalDNS:
+      cpuRequest: 25m
+      enabled: false
+      image: registry.k8s.io/dns/k8s-dns-node-cache:1.26.0
+      memoryRequest: 5Mi
+    provider: CoreDNS
+    serverIP: 100.64.0.10
+  kubeProxy:
+    clusterCIDR: 100.96.0.0/11
+    cpuRequest: 100m
+    image: registry.k8s.io/kube-proxy:v1.32.0
+    logLevel: 2
+  kubeScheduler:
+    image: registry.k8s.io/kube-scheduler:v1.32.0
+    leaderElection:
+      leaderElect: true
+    logLevel: 2
+  kubelet:
+    anonymousAuth: false
+    cgroupDriver: systemd
+    cgroupRoot: /
+    cloudProvider: external
+    clusterDNS: 100.64.0.10
+    clusterDomain: cluster.local
+    enableDebuggingHandlers: true
+    evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
+    hairpinMode: promiscuous-bridge
+    kubeconfigPath: /var/lib/kubelet/kubeconfig
+    logLevel: 2
+    podManifestPath: /etc/kubernetes/manifests
+    protectKernelDefaults: true
+    registerSchedulable: true
+    shutdownGracePeriod: 30s
+    shutdownGracePeriodCriticalPods: 10s
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  - ::/0
+  kubernetesVersion: 1.32.0
+  masterKubelet:
+    anonymousAuth: false
+    cgroupDriver: systemd
+    cgroupRoot: /
+    cloudProvider: external
+    clusterDNS: 100.64.0.10
+    clusterDomain: cluster.local
+    enableDebuggingHandlers: true
+    evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5%
+    hairpinMode: promiscuous-bridge
+    kubeconfigPath: /var/lib/kubelet/kubeconfig
+    logLevel: 2
+    podManifestPath: /etc/kubernetes/manifests
+    protectKernelDefaults: true
+    registerSchedulable: true
+    shutdownGracePeriod: 30s
+    shutdownGracePeriodCriticalPods: 10s
+  masterPublicName: api.minimal-gce-plb-apiserver.example.com
+  networking:
+    cni: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  podCIDR: 100.96.0.0/11
+  project: testproject
+  secretStore: memfs://tests/minimal-gce-plb-apiserver.example.com/secrets
+  serviceClusterIPRange: 100.64.0.0/13
+  sshAccess:
+  - 0.0.0.0/0
+  - ::/0
+  subnets:
+  - cidr: 10.0.16.0/20
+    name: us-test1
+    region: us-test1
+    type: Private
+  topology:
+    dns:
+      type: Public

tests/integration/update_cluster/minimal_gce_plb_apiserver/data/aws_s3_object_etcd-cluster-spec-events_content

@@ -0,0 +1,4 @@
+{
+  "memberCount": 1,
+  "etcdVersion": "3.5.25"
+}

tests/integration/update_cluster/minimal_gce_plb_apiserver/data/aws_s3_object_etcd-cluster-spec-main_content

@@ -0,0 +1,4 @@
+{
+  "memberCount": 1,
+  "etcdVersion": "3.5.25"
+}

tests/integration/update_cluster/minimal_gce_plb_apiserver/data/aws_s3_object_kops-version.txt_content

@@ -0,0 +1 @@
+1.34.0-beta.1