gha: kata-deploy: Add the first kata-deploy test

This test, at least for now, only checks whether the runtimeclasses
have been properly created.

This is just a migration from a test we had as part of the k8s suite.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

tests/functional/kata-deploy/gha-run.sh

@@ -10,16 +10,23 @@ set -o nounset
 set -o pipefail
 
 kata_deploy_dir="$(dirname "$(readlink -f "$0")")"
-source "$kata_deploy_dir}/../../gha-run-k8s-common.sh"
-tools_dir="${repo_root_dir}/tools"
+source "${kata_deploy_dir}/../../gha-run-k8s-common.sh"
 
 function run_tests() {
-	return 0
+	pushd "${kata_deploy_dir}"
+	bash run-kata-deploy-tests.sh
+	popd
 }
 
 function main() {
     export KATA_HOST_OS="${KATA_HOST_OS:-}"
 
+    platform="aks"
+    if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then
+	    platform="tdx"
+    fi
+    export platform
+
     action="${1:-}"
 
     case "${action}" in

tests/functional/kata-deploy/kata-deploy.bats

@@ -0,0 +1,119 @@
+#!/usr/bin/env bats
+#
+# Copyright (c) 2023 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+load "${BATS_TEST_DIRNAME}/../../common.bash"
+
+setup() {
+	repo_root_dir="${BATS_TEST_DIRNAME}/../../../"
+	ensure_yq
+
+	# Cleanup any runtimeclass already present in the cluster
+	# apart from the default one that comes from AKS
+	for rc in `kubectl get runtimeclass -o name | grep -v "kata-mshv-vm-isolation" | sed 's|runtimeclass.node.k8s.io/||'`; do
+		 kubectl delete runtimeclass $rc;
+	done
+	
+	# We expect 2 runtime classes because:
+	# * `kata` is the default runtimeclass created, basically an alias for `kata-${KATA_HYPERVISOR}`.
+	# * `kata-${KATA_HYPERVISOR}` is the other one
+	#    * As part of the tests we're only deploying the specific runtimeclass that will be used, instead of all of them.
+	expected_runtime_classes=2
+
+	# We expect both runtime classes to have the same handler: kata-${KATA_HYPERVISOR}
+	expected_handlers_re=( \
+		"kata\s+kata-${KATA_HYPERVISOR}" \
+		"kata-${KATA_HYPERVISOR}\s+kata-${KATA_HYPERVISOR}" \
+	)
+
+	# Set the latest image, the one generated as part of the PR, to be used as part of the tests
+	sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
+
+	# Enable debug for Kata Containers
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[1].value' --tag '!!str' "true"
+	# Create the runtime class only for the shim that's being tested
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[2].value' "${KATA_HYPERVISOR}"
+	# Set the tested hypervisor as the default `kata` shim
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[3].value' "${KATA_HYPERVISOR}"
+	# Let the `kata-deploy` script take care of the runtime class creation / removal
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[4].value' --tag '!!str' "true"
+	# Let the `kata-deploy` create the default `kata` runtime class
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[5].value' --tag '!!str' "true"
+	
+	if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then
+		yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[+].name' "HOST_OS"
+		yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}"
+	fi
+	
+	echo "::group::Final kata-deploy.yaml that is used in the test"
+	cat "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
+	grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" || die "Failed to setup the tests image"
+	echo "::endgroup::"
+	
+	kubectl apply -f "${repo_root_dir}/tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml"
+	if [ "${platform}" = "tdx" ]; then
+		kubectl apply -k "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/overlays/k3s"
+	else
+		kubectl apply -f "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
+	fi
+	kubectl -n kube-system wait --timeout=10m --for=condition=Ready -l name=kata-deploy pod
+
+	# Give some time for the pod to finish what's doing and have the
+	# runtimeclasses properly created
+	sleep 30s
+}
+
+@test "Test runtimeclasses are being properly created" {
+	# We filter `kata-mshv-vm-isolation` out as that's present on AKS clusters, but that's not coming from kata-deploy
+	current_runtime_classes=$(kubectl get runtimeclasses | grep -v "kata-mshv-vm-isolation" | grep "kata" | wc -l)
+	[[ ${current_runtime_classes} -eq ${expected_runtime_classes} ]]
+
+	for handler_re in ${expected_handlers_re[@]}
+	do
+		kubectl get runtimeclass | grep -E "${handler_re}"
+	done
+}
+
+teardown() {
+	kubectl get runtimeclasses -o name | grep -v "kata-mshv-vm-isolation"
+
+	if [ "${platform}" = "tdx" ]; then
+		deploy_spec="-k "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/overlays/k3s""
+		cleanup_spec="-k "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/overlays/k3s""
+	else
+		deploy_spec="-f "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml""
+		cleanup_spec="-f "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml""
+	fi
+
+	kubectl delete ${deploy_spec}
+	kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod
+	
+	# Let the `kata-deploy` script take care of the runtime class creation / removal
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" 'spec.template.spec.containers[0].env[4].value' --tag '!!str' "true"
+	# Create the runtime class only for the shim that's being tested
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" 'spec.template.spec.containers[0].env[2].value' "${KATA_HYPERVISOR}"
+	# Set the tested hypervisor as the default `kata` shim
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" 'spec.template.spec.containers[0].env[3].value' "${KATA_HYPERVISOR}"
+	# Let the `kata-deploy` create the default `kata` runtime class
+	yq write -i "${repo_root_dir}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[5].value' --tag '!!str' "true"
+	
+	sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
+	cat "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml"
+	grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" "${repo_root_dir}/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml" || die "Failed to setup the tests image"
+
+	kubectl apply ${cleanup_spec}
+	sleep 30s
+	
+	kubectl delete ${cleanup_spec}
+	kubectl delete -f "${repo_root_dir}/tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml"
+
+	# Cleanup any runtime class that was left behind in the cluster, in
+	# case of a test failure, apart from the default one that comes from
+	# AKS
+	for rc in `kubectl get runtimeclass -o name | grep -v "kata-mshv-vm-isolation" | sed 's|runtimeclass.node.k8s.io/||'`; do
+		 kubectl delete runtimeclass $rc;
+	done
+}

tests/functional/kata-deploy/run-kata-deploy-tests.sh

@@ -14,11 +14,12 @@ if [ -n "${KATA_DEPLOY_TEST_UNION:-}" ]; then
 	KATA_DEPLOY_TEST_UNION=($KATA_DEPLOY_TEST_UNION)
 else
 	KATA_DEPLOY_TEST_UNION=( \
+		"kata-deploy.bats" \
 	)
 fi
 
 info "Run tests"
 for KATA_DEPLOY_TEST_ENTRY in ${KATA_DEPLOY_TEST_UNION[@]}
 do
-	#bats "${KATA_DEPLOY_TEST_ENTRY}"
+	bats "${KATA_DEPLOY_TEST_ENTRY}"
 done