[KMSv2] update ci script and add readme

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2025-08-08 11:38:15 +00:00 · 2023-03-24 00:07:51 +00:00 · 2023-03-24 00:07:51 +00:00 · 449f847630
commit 449f847630
parent 0f373abb6a
2 changed files with 74 additions and 18 deletions
--- a/test/e2e/testing-manifests/auth/encrypt/README.md
+++ b/test/e2e/testing-manifests/auth/encrypt/README.md
@ -0,0 +1,46 @@
+# Encryption at rest testing manifests
+
+This directory contains manifests for testing encryption at rest with a [mock KMS provider](../../../../../staging/src/k8s.io/kms/internal/plugins/mock). The mock KMS provider is a fake KMS provider that does not communicate with any external KMS. It is used for testing purposes only.
+
+## run-e2e.sh
+
+The `run-e2e.sh` script does the following:
+
+1. Installs required prerequisites: [`kind`](https://sigs.k8s.io/kind) and [`kubetest2`](https://github.com/kubernetes-sigs/kubetest2).
+2. Builds the `e2e.test`, `ginkgo` and `kubectl` binaries.
+3. Creates local registry if not already present. This registry is used to push the kms mock plugin image.
+4. Build and push the kms mock plugin image to the local registry.
+5. Connect local registry to kind network so that kind cluster created using `kubetest2` in prow CI job can pull the kms mock plugin image.
+6. Create kind cluster using `kubetest2` and run e2e tests.
+7. Collect logs and metrics from kind cluster.
+8. Delete kind cluster.
+
+The script extracts runtime configurations through environment variables. The following environment variables are supported:
+
+| Variable              | Description                                                                     | Default |
+| --------------------- | ------------------------------------------------------------------------------- | ------- |
+| `SKIP_DELETE_CLUSTER` | If set to `true`, the kind cluster will not be deleted after the tests are run. | `false` |
+| `SKIP_RUN_TESTS`      | If set to `true`, the tests will not be run.                                    | `false` |
+| `SKIP_COLLECT_LOGS`   | If set to `true`, the logs and metrics will not be collected.                   | `false` |
+
+### Running the script locally
+
+Run the script locally with the following command:
+
+```bash
+test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+```
+
+### Create a local cluster with mock KMS provider
+
+The `run-e2e.sh` script can be used to create a local cluster with mock KMS provider. The following command creates a local cluster with mock KMS provider:
+
+```bash
+SKIP_RUN_TESTS=true SKIP_DELETE_CLUSTER=true SKIP_COLLECT_LOGS=true test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+```
+
+Delete the cluster after use:
+
+```bash
+kind delete cluster --name=kms
+```
--- a/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+++ b/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
@ -88,24 +88,27 @@ connect_registry(){
 create_cluster_and_run_test() {
    CLUSTER_CREATE_ATTEMPTED=true

+    TEST_ARGS=""
+    if [ "${SKIP_RUN_TESTS:-}" != "true" ]; then
+        # (--use-built-binaries) use the kubectl, e2e.test, and ginkgo binaries built during --build as opposed to from a GCS release tarball
+        TEST_ARGS="--test=ginkgo -- --v=5 --focus-regex=\[Conformance\] --skip-regex=\[Serial\] --parallel 20 --use-built-binaries"
+    else
+        echo "Skipping running tests"
+    fi
+
+    # shellcheck disable=SC2086
    kubetest2 kind -v 5 \
    --build \
    --up \
    --rundir-in-artifacts \
    --config test/e2e/testing-manifests/auth/encrypt/kind.yaml \
-    --cluster-name "${cluster_name}" \
-    --test=ginkgo \
-    -- \
-    --v=5 \
-    --focus-regex='\[Conformance\]' \
-    --skip-regex='\[Serial\]' \
-    --parallel 20 \
-    --use-built-binaries # use the kubectl, e2e.test, and ginkgo binaries built during --build as opposed to from a GCS release tarball
+    --cluster-name "${cluster_name}" ${TEST_ARGS}
 }

 cleanup() {
    # CLUSTER_CREATE_ATTEMPTED is true once we run kubetest2 kind --up
    if [ "${CLUSTER_CREATE_ATTEMPTED:-}" = true ]; then
+        if [ "${SKIP_COLLECT_LOGS:-}" != "true" ]; then
            # collect logs and metrics
            echo "Collecting logs"
            mkdir -p "${ARTIFACTS}/logs"
@ -114,10 +117,17 @@ cleanup() {
            echo "Collecting metrics"
            mkdir -p "${ARTIFACTS}/metrics"
            kubectl get --raw /metrics > "${ARTIFACTS}/metrics/kube-apiserver-metrics.txt"
+        else
+            echo "Skipping collecting logs and metrics"
+        fi

+        if [ "${SKIP_DELETE_CLUSTER:-}" != "true" ]; then
            echo "Deleting kind cluster"
            # delete cluster
            kind delete cluster --name "${cluster_name}"
+        else
+            echo "Skipping deleting kind cluster"
+        fi
    fi
 }