diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml new file mode 100644 index 0000000000..951e6e9328 --- /dev/null +++ b/.github/workflows/run-kata-deploy-tests-on-aks.yaml @@ -0,0 +1,77 @@ +name: CI | Run kata-deploy tests on AKS +on: + workflow_call: + inputs: + registry: + required: true + type: string + repo: + required: true + type: string + tag: + required: true + type: string + pr-number: + required: true + type: string + commit-hash: + required: false + type: string + +jobs: + run-kata-deploy-tests: + strategy: + fail-fast: false + matrix: + host_os: + - ubuntu + vmm: + - clh + - dragonball + - qemu + include: + - host_os: cbl-mariner + vmm: clh + runs-on: ubuntu-latest + env: + DOCKER_REGISTRY: ${{ inputs.registry }} + DOCKER_REPO: ${{ inputs.repo }} + DOCKER_TAG: ${{ inputs.tag }} + GH_PR_NUMBER: ${{ inputs.pr-number }} + KATA_HOST_OS: ${{ matrix.host_os }} + KATA_HYPERVISOR: ${{ matrix.vmm }} + USING_NFD: "false" + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + + - name: Download Azure CLI + run: bash tests/functional/kata-deploy/gha-run.sh install-azure-cli + + - name: Log into the Azure account + run: bash tests/functional/kata-deploy/gha-run.sh login-azure + env: + AZ_APPID: ${{ secrets.AZ_APPID }} + AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} + AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} + + - name: Create AKS cluster + timeout-minutes: 10 + run: bash tests/functional/kata-deploy/gha-run.sh create-cluster + + - name: Install `bats` + run: bash tests/functional/kata-deploy/gha-run.sh install-bats + + - name: Install `kubectl` + run: bash tests/functional/kata-deploy/gha-run.sh install-kubectl + + - name: Download credentials for the Kubernetes CLI to use them + run: bash tests/functional/kata-deploy/gha-run.sh get-cluster-credentials + + - name: Run tests + run: bash tests/functional/kata-deploy/gha-run.sh run-tests + + - name: Delete AKS cluster + if: always() + run: bash tests/functional/kata-deploy/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-deploy-tests-on-tdx.yaml b/.github/workflows/run-kata-deploy-tests-on-tdx.yaml new file mode 100644 index 0000000000..f4029b6e9e --- /dev/null +++ b/.github/workflows/run-kata-deploy-tests-on-tdx.yaml @@ -0,0 +1,42 @@ +name: CI | Run kata-deploy tests on TDX +on: + workflow_call: + inputs: + registry: + required: true + type: string + repo: + required: true + type: string + tag: + required: true + type: string + pr-number: + required: true + type: string + commit-hash: + required: false + type: string + +jobs: + run-kata-deploy-tests: + strategy: + fail-fast: false + matrix: + vmm: + - qemu-tdx + runs-on: tdx + env: + DOCKER_REGISTRY: ${{ inputs.registry }} + DOCKER_REPO: ${{ inputs.repo }} + DOCKER_TAG: ${{ inputs.tag }} + PR_NUMBER: ${{ inputs.pr-number }} + KATA_HYPERVISOR: ${{ matrix.vmm }} + USING_NFD: "true" + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + + - name: Run tests + run: bash tests/functional/kata-deploy/gha-run.sh run-tests diff --git a/tests/functional/kata-deploy/gha-run.sh b/tests/functional/kata-deploy/gha-run.sh new file mode 100755 index 0000000000..ef362f40e0 --- /dev/null +++ b/tests/functional/kata-deploy/gha-run.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +# Copyright (c) 2023 Microsoft Corporation +# Copyright (c) 2023 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +kata_deploy_dir="$(dirname "$(readlink -f "$0")")" +source "$kata_deploy_dir}/../../gha-run-k8s-common.sh" +tools_dir="${repo_root_dir}/tools" + +function run_tests() { + return 0 +} + +function main() { + export KATA_HOST_OS="${KATA_HOST_OS:-}" + + action="${1:-}" + + case "${action}" in + install-azure-cli) install_azure_cli ;; + login-azure) login_azure ;; + create-cluster) create_cluster ;; + install-bats) install_bats ;; + install-kubectl) install_kubectl ;; + get-cluster-credentials) get_cluster_credentials ;; + run-tests) run_tests ;; + delete-cluster) cleanup "aks" ;; + *) >&2 echo "Invalid argument"; exit 2 ;; + esac +} + +main "$@" diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh new file mode 100644 index 0000000000..cb727a7b72 --- /dev/null +++ b/tests/gha-run-k8s-common.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash + +# Copyright (c) 2023 Microsoft Corporation +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +tests_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${tests_dir}/common.bash" + +AZ_RG="${AZ_RG:-kataCI}" + +function _print_cluster_name() { + short_sha="$(git rev-parse --short=12 HEAD)" + echo "${GH_PR_NUMBER}-${short_sha}-${KATA_HYPERVISOR}-${KATA_HOST_OS}-amd64" +} + +function install_azure_cli() { + curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + # The aks-preview extension is required while the Mariner Kata host is in preview. + az extension add --name aks-preview +} + +function login_azure() { + az login \ + --service-principal \ + -u "${AZ_APPID}" \ + -p "${AZ_PASSWORD}" \ + --tenant "${AZ_TENANT_ID}" +} + +function create_cluster() { + # First, ensure that the cluster didn't fail to get cleaned up from a previous run. + delete_cluster || true + + az aks create \ + -g "${AZ_RG}" \ + -n "$(_print_cluster_name)" \ + -s "Standard_D4s_v5" \ + --node-count 1 \ + --generate-ssh-keys \ + $([ "${KATA_HOST_OS}" = "cbl-mariner" ] && echo "--os-sku AzureLinux --workload-runtime KataMshvVmIsolation") +} + +function install_bats() { + # Installing bats from the lunar repo. + # This installs newer version of the bats which supports setup_file and teardown_file functions. + # These functions are helpful when adding new tests that require one time setup. + + sudo apt install -y software-properties-common + sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu/ lunar universe' + sudo apt install -y bats + sudo add-apt-repository --remove 'deb http://archive.ubuntu.com/ubuntu/ lunar universe' +} + +function install_kubectl() { + sudo az aks install-cli +} + +function get_cluster_credentials() { + az aks get-credentials \ + -g "${AZ_RG}" \ + -n "$(_print_cluster_name)" +} + +function delete_cluster() { + az aks delete \ + -g "${AZ_RG}" \ + -n "$(_print_cluster_name)" \ + --yes +} + +function get_nodes_and_pods_info() { + kubectl debug $(kubectl get nodes -o name) -it --image=quay.io/kata-containers/kata-debug:latest || true + kubectl get pods -o name | grep node-debugger | xargs kubectl delete || true +} diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index e41bc9ce34..07a16a1963 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -9,64 +9,9 @@ set -o nounset set -o pipefail kubernetes_dir="$(dirname "$(readlink -f "$0")")" -source "${kubernetes_dir}/../../common.bash" +source "${kubernetes_dir}/../../gha-run-k8s-common.sh" tools_dir="${repo_root_dir}/tools" -AZ_RG="${AZ_RG:-kataCI}" - -function _print_cluster_name() { - short_sha="$(git rev-parse --short=12 HEAD)" - echo "${GH_PR_NUMBER}-${short_sha}-${KATA_HYPERVISOR}-${KATA_HOST_OS}-amd64" -} - -function install_azure_cli() { - curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash - # The aks-preview extension is required while the Mariner Kata host is in preview. - az extension add --name aks-preview -} - -function login_azure() { - az login \ - --service-principal \ - -u "${AZ_APPID}" \ - -p "${AZ_PASSWORD}" \ - --tenant "${AZ_TENANT_ID}" -} - -function create_cluster() { - # First, ensure that the cluster didn't fail to get cleaned up from a previous run. - delete_cluster || true - - az aks create \ - -g "${AZ_RG}" \ - -n "$(_print_cluster_name)" \ - -s "Standard_D4s_v5" \ - --node-count 1 \ - --generate-ssh-keys \ - $([ "${KATA_HOST_OS}" = "cbl-mariner" ] && echo "--os-sku AzureLinux --workload-runtime KataMshvVmIsolation") -} - -function install_bats() { - # Installing bats from the lunar repo. - # This installs newer version of the bats which supports setup_file and teardown_file functions. - # These functions are helpful when adding new tests that require one time setup. - - sudo apt install -y software-properties-common - sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu/ lunar universe' - sudo apt install -y bats - sudo add-apt-repository --remove 'deb http://archive.ubuntu.com/ubuntu/ lunar universe' -} - -function install_kubectl() { - sudo az aks install-cli -} - -function get_cluster_credentials() { - az aks get-credentials \ - -g "${AZ_RG}" \ - -n "$(_print_cluster_name)" -} - function deploy_kata() { platform="${1}" ensure_yq @@ -183,18 +128,6 @@ function cleanup() { kubectl delete -f "${tools_dir}/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml" } -function delete_cluster() { - az aks delete \ - -g "${AZ_RG}" \ - -n "$(_print_cluster_name)" \ - --yes -} - -function get_nodes_and_pods_info() { - kubectl debug $(kubectl get nodes -o name) -it --image=quay.io/kata-containers/kata-debug:latest || true - kubectl get pods -o name | grep node-debugger | xargs kubectl delete || true -} - function main() { export KATA_HOST_OS="${KATA_HOST_OS:-}"