Merge pull request #12295 from VannTen/ci/collection

CI: Simplify running playbooks as collection + various CI Fixes

tests/scripts/testcases_run.sh

@@ -30,38 +30,16 @@ export ANSIBLE_BECOME_USER=root
 if [[ "${TESTCASE}" =~ "collection" ]]; then
   # Build and install collection
   ansible-galaxy collection build
-  ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
-
-  # Simply remove all of our files and directories except for our tests directory
-  # to be absolutely certain that none of our playbooks or roles
-  # are interfering with our collection
-  find -mindepth 1 -maxdepth 1 ! -regex './\(tests\|inventory\)' -exec rm -rfv {} +
-
-cat > cluster.yml <<EOF
-- name: Install Kubernetes
-  ansible.builtin.import_playbook: kubernetes_sigs.kubespray.cluster
-EOF
-
-cat > upgrade-cluster.yml <<EOF
-- name: Install Kubernetes
-  ansible.builtin.import_playbook: kubernetes_sigs.kubespray.upgrade-cluster
-EOF
-
-cat > reset.yml <<EOF
-- name: Remove Kubernetes
-  ansible.builtin.import_playbook: kubernetes_sigs.kubespray.reset
-EOF
-
-cat > remove-node.yml <<EOF
-- name: Remove node from Kubernetes
-  ansible.builtin.import_playbook: kubernetes_sigs.kubespray.remove_node
-EOF
-
+  ansible-galaxy collection install kubernetes_sigs-kubespray-*.tar.gz
 fi
-
 run_playbook () {
-playbook=$1
+if [[ "${TESTCASE}" =~ "collection" ]]; then
+    playbook=kubernetes_sigs.kubespray.$1
+else
+    playbook=$1.yml
+fi
 shift
+
 ansible-playbook \
     -e @tests/common_vars.yml \
     -e @tests/${TESTCASE_FILE} \
@@ -71,11 +49,10 @@ ansible-playbook \
 }
 
 
-
 ## START KUBESPRAY
 
 # Create cluster
-run_playbook cluster.yml
+run_playbook cluster
 
 # Repeat deployment if testing upgrade
 if [ "${UPGRADE_TEST}" != "false" ]; then
@@ -85,10 +62,10 @@ if [ "${UPGRADE_TEST}" != "false" ]; then
 
   case "${UPGRADE_TEST}" in
     "basic")
-        run_playbook cluster.yml
+        run_playbook cluster
         ;;
     "graceful")
-        run_playbook upgrade-cluster.yml
+        run_playbook upgrade-cluster
         ;;
     *)
         ;;
@@ -97,36 +74,23 @@ fi
 
 # Test control plane recovery
 if [ "${RECOVER_CONTROL_PLANE_TEST}" != "false" ]; then
-    run_playbook reset.yml --limit "${RECOVER_CONTROL_PLANE_TEST_GROUPS}" -e reset_confirmation=yes
-    run_playbook recover-control-plane.yml -e etcd_retries=10 --limit "etcd:kube_control_plane"
+    run_playbook reset --limit "${RECOVER_CONTROL_PLANE_TEST_GROUPS}" -e reset_confirmation=yes
+    run_playbook recover-control-plane -e etcd_retries=10 --limit "etcd:kube_control_plane"
 fi
 
-# Tests Cases
-## Test Control Plane API
-run_playbook tests/testcases/010_check-apiserver.yml
-run_playbook tests/testcases/015_check-nodes-ready.yml
-
-## Test that all nodes are Ready
-
-if [[ ! ( "$TESTCASE" =~ "macvlan" ) ]]; then
-    run_playbook tests/testcases/020_check-pods-running.yml
-    run_playbook tests/testcases/030_check-network.yml
-    if [[ ! ( "$TESTCASE" =~ "hardening" ) ]]; then
-      # TODO: We need to remove this condition by finding alternative container
-      # image instead of netchecker which doesn't work at hardening environments.
-      run_playbook tests/testcases/040_check-network-adv.yml
-    fi
-fi
-
-## Kubernetes conformance tests
-run_playbook tests/testcases/100_check-k8s-conformance.yml
+# Run tests
+ansible-playbook \
+    -e @tests/common_vars.yml \
+    -e @tests/${TESTCASE_FILE} \
+    -e local_release_dir=${PWD}/downloads \
+    tests/testcases/tests.yml
 
 # Test node removal procedure
 if [ "${REMOVE_NODE_CHECK}" = "true" ]; then
-  run_playbook remove-node.yml -e skip_confirmation=yes -e node=${REMOVE_NODE_NAME}
+  run_playbook remove-node -e skip_confirmation=yes -e node=${REMOVE_NODE_NAME}
 fi
 
 # Clean up at the end, this is to allow stage1 tests to include cleanup test
 if [ "${RESET_CHECK}" = "true" ]; then
-  run_playbook reset.yml -e reset_confirmation=yes
+  run_playbook reset -e reset_confirmation=yes
 fi

tests/testcases/010_check-apiserver.yml

@@ -1,8 +1,4 @@
 ---
-- name: Testcases for apiserver
-  hosts: kube_control_plane
-
-  tasks:
 - name: Check the API servers are responding
   uri:
     url: "https://{{ (access_ip if (ipv4_stack | default(true)) else access_ip6) | default(ansible_default_ipv4.address if (ipv4_stack | default(true)) else ansible_default_ipv6.address) | ansible.utils.ipwrap }}:{{ kube_apiserver_port | default(6443) }}/version"
@@ -16,6 +12,5 @@
 - name: Check API servers version
   assert:
     that:
-      - apiserver_response.json.gitVersion == kube_version
-      fail_msg: "apiserver version different than expected {{ kube_version }}"
-    when: kube_version is defined
+    - apiserver_response.json.gitVersion == ('v' + kube_version)
+    fail_msg: "apiserver is {{ apiserver_response.json.gitVersion }}, expected {{ kube_version }}"

tests/testcases/015_check-nodes-ready.yml

@@ -1,8 +1,4 @@
 ---
-- name: Testcases checking nodes
-  hosts: kube_control_plane[0]
-  tasks:
-
 - import_role:  # noqa name[missing]
     name: cluster-dump
 

tests/testcases/020_check-pods-running.yml

@@ -1,8 +1,4 @@
 ---
-- name: Testcases checking pods
-  hosts: kube_control_plane[0]
-  tasks:
-
 - import_role:  # noqa name[missing]
     name: cluster-dump
 
@@ -10,18 +6,34 @@
   command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
   changed_when: false
 
-  - name: Check that all pods are running and ready
-    command: "{{ bin_dir }}/kubectl get pods --all-namespaces --no-headers -o yaml"
-    changed_when: false
+- name: Check pods
+  vars:
+    query_pods_not_running: "items[?status.phase != 'Running']"
+    query_pods_not_ready: "items[?(status.conditions[?type == 'Ready'])[0].status != 'True']"
+    pods_not_running: "{{ run_pods_log.stdout | from_json | json_query(query_pods_not_running + '.metadata') }}"
+    pods_not_ready: "{{ run_pods_log.stdout | from_json | json_query(query_pods_not_ready + '.metadata') }}"
+  block:
+  - name: Check that all pods are running
+    command: "{{ bin_dir }}/kubectl get pods --all-namespaces -o json"
     register: run_pods_log
+    changed_when: false
     until:
     # Check that all pods are running
-    - '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.phase") | unique | list == ["Running"]'
+    - run_pods_log.stdout | from_json | json_query(query_pods_not_running) == []
     # Check that all pods are ready
-    - '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.containerStatuses") | map("map", attribute = "ready") | map("min") | min'
+    - run_pods_log.stdout | from_json | json_query(query_pods_not_ready) == []
     retries: 30
     delay: 10
-
-  - name: Check kubectl output
-    command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
-    changed_when: false
+  rescue:
+  - name: Describe broken pods
+    command: "{{ bin_dir }}/kubectl describe pod -n {{ item.namespace }} {{ item.name }}"
+    loop: "{{ pods_not_running + pods_not_ready }}"
+    loop_control:
+      label: "{{ item.namespace }}/{{ item.name }}"
+  - name: Get logs from broken pods
+    command: "{{ bin_dir }}/kubectl logs -n {{ item.namespace }} {{ item.pod }}"
+    loop: "{{ pods_not_running + pods_not_ready }}"
+    loop_control:
+      label: "{{ item.namespace }}/{{ item.name }}"
+  - name: Fail CI
+    fail: {}

tests/testcases/030_check-network.yml

@@ -1,15 +1,4 @@
 ---
-- name: Testcases for network
-  hosts: kube_control_plane[0]
-  vars:
-    test_image_repo: registry.k8s.io/e2e-test-images/agnhost
-    test_image_tag: "2.40"
-    # TODO: source those from kubespray_defaults instead.
-    # Needs kubespray_defaults to be decoupled from no-proxy stuff
-    kube_pods_subnet: "{{ 'fd85:ee78:d8a6:8607::1:0000/112' if not (ipv4_stack | default(true)) else '10.233.64.0/18' }}"
-
-  tasks:
-
 - name: Check kubelet serving certificates approved with kubelet_csr_approver
   when:
   - kubelet_rotate_server_certificates | default(false)
@@ -118,6 +107,8 @@
     with_nested:
     - "{{ pods }}"
     - "{{ pods }}"
+    loop_control:
+      label: "{{ item[0].metadata.name + ' --> ' + item[1].metadata.name }}"
   rescue:
   - name: List pods cluster-wide
     command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"

tests/testcases/040_check-network-adv.yml

@@ -1,7 +1,4 @@
 ---
-- name: Testcases for calico
-  hosts: kube_node
-  tasks:
 - name: Test tunl0 routes
   command: "/sbin/ip route"
   register: routes
@@ -9,18 +6,10 @@
     | select('contains', '/' ~ calico_pool_blocksize|d(26))
     | select('contains', 'tunl0') | length == 0
   when:
+    - ('kube_node' in group_names)
     - (calico_ipip_mode is defined and calico_ipip_mode != 'Never')
     - kube_network_plugin | default('calico') == 'calico'
 
-
-- name: Advanced testcases for network
-  hosts: k8s_cluster
-  vars:
-    agent_report_interval: 10
-    netcheck_namespace: default
-    netchecker_port: 31081
-
-  tasks:
 - import_role:  # noqa name[missing]
     name: cluster-dump
 

tests/testcases/100_check-k8s-conformance.yml

@@ -1,22 +1,7 @@
 ---
-- name: Testcases for kubernetes conformance
-  hosts: kube_control_plane[0]
-  vars:
-    sonobuoy_version: 0.56.11
-    sonobuoy_arch: amd64
-    sonobuoy_parallel: 30
-    sonobuoy_path: /usr/local/bin/sonobuoy
-    sonobuoy_mode: Quick
-
-  tasks:
-  - name: Run sonobuoy
-    when:
-    - sonobuoy_enabled is defined
-    - sonobuoy_enabled
-    block:
 - name: Download sonobuoy
   get_url:
-        url: "https://github.com/heptio/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz"
+    url: "https://github.com/vmware-tanzu/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz"
     dest: /tmp/sonobuoy.tar.gz
     mode: "0644"
 
@@ -28,7 +13,6 @@
 
 - name: Run sonobuoy
   command: "{{ sonobuoy_path }} run --mode {{ sonobuoy_mode }} --e2e-parallel {{ sonobuoy_parallel }} --wait"
-      when: sonobuoy_enabled | default(false)
 
 - name: Run sonobuoy retrieve
   command: "{{ sonobuoy_path }} retrieve"

tests/testcases/tests.yml

@@ -0,0 +1,54 @@
+---
+- name: Define dynamic groups
+  import_playbook: ../../playbooks/boilerplate.yml
+
+- name: Kubespray CI tests
+  hosts: k8s_cluster
+  gather_facts: false
+  vars:
+    testcase: "{{ lookup('env', 'TESTCASE') }}"
+  tasks:
+    - name: Import Kubespray variables
+      import_role:
+        name: ../../roles/kubespray_defaults
+    - name: Testcases for apiserver
+      import_tasks: 010_check-apiserver.yml
+      when:
+        - ('kube_control_plane') in group_names
+    - name: Test using API
+      delegate_to: "{{ groups['kube_control_plane'][0] }}"
+      run_once: true
+      block:
+        - name: Testcases checking nodes
+          import_tasks: 015_check-nodes-ready.yml
+        - name: Testcases checking pods
+          import_tasks: 020_check-pods-running.yml
+          when: ('macvlan' not in testcase)
+        - name: Testcases for network
+          import_tasks: 030_check-network.yml
+          when: ('macvlan' not in testcase)
+          vars:
+            test_image_repo: registry.k8s.io/e2e-test-images/agnhost
+            test_image_tag: "2.40"
+    - name: Testcases for calico / advanced network
+      import_tasks: 040_check-network-adv.yml
+      when:
+        - ('macvlan' not in testcase)
+        - ('hardening' not in testcase)
+      vars:
+        agent_report_interval: 10
+        netcheck_namespace: default
+        netchecker_port: 31081
+    - name: Testcases for kubernetes conformance
+      import_tasks: 100_check-k8s-conformance.yml
+      delegate_to: "{{ groups['kube_control_plane'][0] }}"
+      run_once: true
+      when:
+        - sonobuoy_enabled is defined
+        - sonobuoy_enabled
+      vars:
+        sonobuoy_version: 0.56.11
+        sonobuoy_arch: amd64
+        sonobuoy_parallel: 30
+        sonobuoy_path: /usr/local/bin/sonobuoy
+        sonobuoy_mode: Quick