From c36c300fd60f70026700942fcc4a0da36eff3948 Mon Sep 17 00:00:00 2001 From: Gabriela Cervantes Date: Mon, 27 May 2024 22:53:30 +0000 Subject: [PATCH] tests: kbs: Use nodeport deployment from upstream trustee This PR uses the nodeport deployment from upstream trustee. To ensure our deployment is as close to upstream trustee replace the custom nodeport handling and replace it with nodeport kustomized flavour from the trustee project. Signed-off-by: Gabriela Cervantes --- .../kubernetes/confidential_kbs.sh | 44 ++++++------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh index b674c18cf..2ca65b1db 100644 --- a/tests/integration/kubernetes/confidential_kbs.sh +++ b/tests/integration/kubernetes/confidential_kbs.sh @@ -24,6 +24,8 @@ readonly KBS_NS="coco-tenant" readonly KBS_PRIVATE_KEY="${COCO_KBS_DIR}/config/kubernetes/base/kbs.key" # The kbs service name readonly KBS_SVC_NAME="kbs" +# The kbs ingress name +readonly KBS_INGRESS_NAME="kbs" # Set "allow all" policy to resources. # @@ -243,7 +245,6 @@ function kbs_k8s_deploy() { kustomize edit set image "kbs-container-image=${image}:${image_tag}" popd echo "::endgroup::" - [ -n "$ingress" ] && _handle_ingress "$ingress" echo "::group::Deploy the KBS" @@ -259,6 +260,7 @@ function kbs_k8s_deploy() { EOF export DEPLOYMENT_DIR=custom_pccs fi + ./deploy-kbs.sh popd @@ -284,6 +286,7 @@ EOF echo "::group::Check the service healthy" kbs_ip=$(kubectl get -o jsonpath='{.spec.clusterIP}' svc "$KBS_SVC_NAME" -n "$KBS_NS" 2>/dev/null) kbs_port=$(kubectl get -o jsonpath='{.spec.ports[0].port}' svc "$KBS_SVC_NAME" -n "$KBS_NS" 2>/dev/null) + local pod=kbs-checker-$$ kubectl run "$pod" --image=quay.io/prometheus/busybox --restart=Never -- \ sh -c "wget -O- --timeout=5 \"${kbs_ip}:${kbs_port}\" || true" @@ -326,15 +329,14 @@ EOF # kbs_k8s_svc_host() { if kubectl get ingress -n "$KBS_NS" 2>/dev/null | grep -q kbs; then - kubectl get ingress kbs -n "$KBS_NS" \ + kubectl get ingress "$KBS_INGRESS_NAME" -n "$KBS_NS" \ -o jsonpath='{.spec.rules[0].host}' 2>/dev/null - elif kubectl get svc kbs-nodeport -n "$KBS_NS" &>/dev/null; then + elif kubectl get svc "$KBS_SVC_NAME" -n "$KBS_NS" &>/dev/null; then local host - host=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}' -n "$KBS_NS") - [ -z "$host"] && host=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}' -n "$KBS_NS") + host=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}' -n "$KBS_NS") echo "$host" else - kubectl get svc kbs -n "$KBS_NS" \ + kubectl get svc "$KBS_SVC_NAME" -n "$KBS_NS" \ -o jsonpath='{.spec.clusterIP}' 2>/dev/null fi } @@ -346,10 +348,10 @@ kbs_k8s_svc_port() { if kubectl get ingress -n "$KBS_NS" 2>/dev/null | grep -q kbs; then # Assume served on default HTTP port 80 echo "80" - elif kubectl get svc kbs-nodeport -n "$KBS_NS" &>/dev/null; then - kubectl get -o jsonpath='{.spec.ports[0].nodePort}' svc kbs-nodeport -n "$KBS_NS" + elif kubectl get svc "$KBS_SVC_NAME" -n "$KBS_NS" &>/dev/null; then + kubectl get svc "$KBS_SVC_NAME" -n "$KBS_NS" -o jsonpath='{.spec.ports[0].nodePort}' else - kubectl get svc kbs -n "$KBS_NS" \ + kubectl get svc "$KBS_SVC_NAME" -n "$KBS_NS" \ -o jsonpath='{.spec.ports[0].port}' 2>/dev/null fi } @@ -449,28 +451,8 @@ _handle_ingress_aks() { } # Implements the ingress handler for servernode -# this is useful on kcli or anywhere where cluster IPs are accessible -# from the testing machines. # _handle_ingress_nodeport() { - pushd "${COCO_KBS_DIR}/config/kubernetes/overlays" - - cat > nodeport_service.yaml <