From 6b0eaca4d467902073f9e356e732589d300a81bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Doktor?= <ldoktor@redhat.com>
Date: Wed, 13 Mar 2024 11:54:13 +0100
Subject: [PATCH 1/2] tests: Add support for nodeport ingress for the kbs setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

this can be used on kcli or other systems where cluster nodes are
accessible from all places where the tests are running.

Fixes: #9272

Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
---
 .../kubernetes/confidential_kbs.sh            | 37 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh
index a3235ae2b7..a3e95d3b2d 100644
--- a/tests/integration/kubernetes/confidential_kbs.sh
+++ b/tests/integration/kubernetes/confidential_kbs.sh
@@ -296,6 +296,11 @@ kbs_k8s_svc_host() {
 	if kubectl get ingress -n "$KBS_NS" 2>/dev/null | grep -q kbs; then
 		kubectl get ingress kbs -n "$KBS_NS" \
 			-o jsonpath='{.spec.rules[0].host}' 2>/dev/null
+	elif kubectl get svc kbs-nodeport -n "$KBS_NS" &>/dev/null; then
+			local host
+			host=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}' -n "$KBS_NS")
+			[ -z "$host"] && host=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}' -n "$KBS_NS")
+			echo "$host"
 	else
 		kubectl get svc kbs -n "$KBS_NS" \
 			-o jsonpath='{.spec.clusterIP}' 2>/dev/null
@@ -309,6 +314,8 @@ kbs_k8s_svc_port() {
 	if kubectl get ingress -n "$KBS_NS" 2>/dev/null | grep -q kbs; then
 		# Assume served on default HTTP port 80
 		echo "80"
+	elif kubectl get svc kbs-nodeport -n "$KBS_NS" &>/dev/null; then
+		kubectl get -o jsonpath='{.spec.ports[0].nodePort}' svc kbs-nodeport -n "$KBS_NS"
 	else
 		kubectl get svc kbs -n "$KBS_NS" \
 			-o jsonpath='{.spec.ports[0].port}' 2>/dev/null
@@ -407,4 +414,32 @@ _handle_ingress_aks() {
 
 	kustomize edit add resource ingress.yaml
 	popd
-}
\ No newline at end of file
+}
+
+
+# Implements the ingress handler for servernode
+# this is useful on kcli or anywhere where cluster IPs are accessible
+# from the testing machines.
+#
+_handle_ingress_nodeport() {
+	pushd "${COCO_KBS_DIR}/config/kubernetes/overlays"
+
+	cat > nodeport_service.yaml <<EOF
+# Service to expose the KBS on nodes
+apiVersion: v1
+kind: Service
+metadata:
+  name: kbs-nodeport
+  namespace: "$KBS_NS"
+spec:
+  selector:
+    app: kbs
+  ports:
+  - protocol: TCP
+    port: 8080
+    targetPort: 8080
+  type: NodePort
+EOF
+	kustomize edit add resource nodeport_service.yaml
+	popd
+}

From a671b3fc6e514929ca43e1e73aa7bb4a0877b680 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Doktor?= <ldoktor@redhat.com>
Date: Tue, 26 Mar 2024 12:17:29 +0100
Subject: [PATCH 2/2] tests: Use full svc address to check kbs service
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

the service might not listen on the default port, use the full service
address to ensure we are talking to the right resource.

Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
---
 tests/integration/kubernetes/confidential_kbs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh
index a3e95d3b2d..bacbc8f974 100644
--- a/tests/integration/kubernetes/confidential_kbs.sh
+++ b/tests/integration/kubernetes/confidential_kbs.sh
@@ -269,7 +269,7 @@ function kbs_k8s_deploy() {
 
 	if [ -n "$ingress" ]; then
 		echo "::group::Check the kbs service is exposed"
-		svc_host=$(kbs_k8s_svc_host)
+		svc_host=$(kbs_k8s_svc_http_addr)
 		if [ -z "$svc_host" ]; then
 			echo "ERROR: service host not found"
 			return 1