temp commit

test/e2e/e2e_suite_test.go

@@ -0,0 +1,40 @@
+package e2e_test
+
+import (
+	"flag"
+	"os"
+	"testing"
+	"time"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"k8s.io/klog"
+	"kubesphere.io/kubesphere/pkg/apis/network/v1alpha1"
+	"kubesphere.io/kubesphere/pkg/test"
+)
+
+var ctx *test.TestCtx
+
+func TestE2e(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Networking E2e Suite")
+}
+
+var _ = BeforeSuite(func() {
+	klog.InitFlags(nil)
+	flag.Set("logtostderr", "false")
+	flag.Set("alsologtostderr", "false")
+	flag.Set("v", "4")
+	flag.Parse()
+	klog.SetOutput(GinkgoWriter)
+
+	ctx = test.NewTestCtx(nil, os.Getenv("TEST_NAMESPACE"))
+	Expect(ctx.Setup(os.Getenv("YAML_PATH"), "", v1alpha1.AddToScheme)).ShouldNot(HaveOccurred())
+	deployName := os.Getenv("DEPLOY_NAME")
+	Expect(test.WaitForController(ctx.Client, ctx.Namespace, deployName, 1, time.Second*5, time.Minute)).ShouldNot(HaveOccurred(), "Controlller failed to start")
+	klog.Infoln("Controller is up, begin to test ")
+})
+
+var _ = AfterSuite(func() {
+	ctx.Cleanup(nil)
+})

test/e2e/e2e_test.go

@@ -0,0 +1,153 @@
+package e2e_test
+
+import (
+	"context"
+	"time"
+
+	"k8s.io/klog"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/kubernetes/scheme"
+	"kubesphere.io/kubesphere/pkg/apis/network/v1alpha1"
+	"kubesphere.io/kubesphere/pkg/test"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var simpleDeployYaml = `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name:  nginx
+  namespace: production
+  labels:
+    name:  nginx
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+       app: nginx
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name:  nginx
+        app: nginx
+        color : red
+    spec:
+      containers:
+      - image:  nginx:alpine
+        name:  nginx
+        imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+            cpu: "20m"
+            memory: "55M"
+        env:
+        - name:  ENVVARNAME
+          value:  ENVVARVALUE       
+        ports:
+        - containerPort:  80
+          name:  http
+      restartPolicy: Always`
+
+var simpleNPYaml = `apiVersion: network.kubesphere.io/v1alpha1
+kind: NamespaceNetworkPolicy
+metadata:
+  name: allow-icmp-only
+  namespace: production
+spec:
+  selector: color == 'red'
+  ingress:
+  - action: Allow
+    protocol: ICMP
+    source:
+      selector: color == 'blue'
+      namespaceSelector: all()`
+
+var simpleJobYaml = `apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-connect
+  namespace: production
+spec:
+  template:
+    metadata:
+      labels:
+        color : blue
+    spec:
+      containers:
+      - name: test-connect
+        image: alpine
+        command: ["ping", "1.1.1.1"]
+      restartPolicy: Never
+  backoffLimit: 1`
+
+var _ = Describe("E2e for network policy", func() {
+	BeforeEach(func() {
+		Expect(test.EnsureNamespace(ctx.Client, "production")).ShouldNot(HaveOccurred())
+	})
+
+	AfterEach(func() {
+		Expect(test.DeleteNamespace(ctx.Client, "production"))
+	})
+
+	It("Should work well in simple namespaceNetworkPolicy", func() {
+		decode := scheme.Codecs.UniversalDeserializer().Decode
+		obj, _, err := decode([]byte(simpleDeployYaml), nil, nil)
+		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse yaml")
+		deploy := obj.(*appsv1.Deployment)
+		Expect(ctx.Client.Create(context.TODO(), obj)).ShouldNot(HaveOccurred())
+		Expect(test.WaitForController(ctx.Client, deploy.Namespace, deploy.Name, *deploy.Spec.Replicas, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
+		defer func() {
+			Expect(ctx.Client.Delete(context.TODO(), deploy)).ShouldNot(HaveOccurred())
+		}()
+		obj, _, err = decode([]byte(simpleNPYaml), nil, nil)
+		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse networkpolicy yaml")
+		np := obj.(*v1alpha1.NamespaceNetworkPolicy)
+		Expect(ctx.Client.Create(context.TODO(), np)).ShouldNot(HaveOccurred())
+		defer func() {
+			Expect(ctx.Client.Delete(context.TODO(), np)).ShouldNot(HaveOccurred())
+			Expect(test.WaitForDeletion(ctx.Client, np, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
+		}()
+		obj, _, err = decode([]byte(simpleJobYaml), nil, nil)
+		Expect(err).ShouldNot(HaveOccurred(), "Failed to parse job yaml")
+
+		//create a job to test
+		job := obj.(*batchv1.Job)
+		selector, _ := labels.Parse("app=nginx")
+		podlist := &corev1.PodList{}
+		Expect(ctx.Client.List(context.TODO(), &client.ListOptions{
+			Namespace:     deploy.Namespace,
+			LabelSelector: selector,
+		}, podlist)).ShouldNot(HaveOccurred())
+		Expect(podlist.Items).To(HaveLen(int(*deploy.Spec.Replicas)))
+		podip := podlist.Items[0].Status.PodIP
+		job.Spec.Template.Spec.Containers[0].Command = []string{"ping", "-c", "4", podip}
+		job.Spec.Template.Labels["color"] = "yellow"
+		orginalJob := job.DeepCopy()
+		Expect(ctx.Client.Create(context.TODO(), job)).ShouldNot(HaveOccurred())
+		defer func() {
+			Expect(ctx.Client.Delete(context.TODO(), job)).ShouldNot(HaveOccurred())
+		}()
+		klog.Infoln("sleep 10s to wait for controller creating np")
+		time.Sleep(time.Second * 10)
+		Expect(test.WaitForJobFail(ctx.Client, job.Namespace, job.Name, time.Second*3, time.Minute)).ShouldNot(HaveOccurred(), "Failed to block connection")
+
+		//change job color
+		job = orginalJob.DeepCopy()
+		Expect(ctx.Client.Delete(context.TODO(), job)).ShouldNot(HaveOccurred())
+		Expect(test.WaitForDeletion(ctx.Client, job, time.Second*2, time.Minute)).ShouldNot(HaveOccurred())
+		job.Spec.Template.Labels["color"] = "blue"
+		Expect(ctx.Client.Create(context.TODO(), job)).ShouldNot(HaveOccurred())
+		Expect(test.WaitForJobSucceed(ctx.Client, job.Namespace, job.Name, time.Second*3, time.Minute)).ShouldNot(HaveOccurred(), "Connection failed")
+	})
+})

test/network/Dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.12
+
+RUN apt-get update && apt-get install -y apt-transport-https jq openssl libltdl7 && \
+    go get -u github.com/onsi/ginkgo/ginkgo && \
+    curl -s https://api.github.com/repos/kubernetes-sigs/kustomize/releases/latest |\
+    grep browser_download |\
+    grep linux |\
+    cut -d '"' -f 4 |\
+    xargs curl -O -L && \
+    mv kustomize_*_linux_amd64 kustomize && \
+    chmod u+x kustomize && \
+    mv kustomize /usr/bin/
+    

test/network/Jenkinsfile

@@ -0,0 +1,43 @@
+
+pipeline {
+  agent {
+    docker {
+      image 'magicsong/nete2e:v0.0.1'
+      args '-v gomod:/go -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker'
+    }
+  }
+  environment {
+        KUBECONFIG = "/root/.kube/config"
+    }
+  stages {
+    stage('set kubeconfig and secret'){
+     steps{
+        sh 'mkdir -p ~/.kube'
+        sh 'mkdir ./kustomize/network/etcd'
+        withCredentials([kubeconfigContent(credentialsId: 'net-kubeconfig', variable: 'KUBECONFIG_CONTENT'),
+        file(credentialsId: 'etcd-ca', variable: 'etcd-ca'),
+        file(credentialsId: 'etcd-crt', variable: 'etcd-crt'),
+        file(credentialsId: 'etcd-key', variable: 'etcd-key')]) {
+           sh 'echo "$KUBECONFIG_CONTENT" > ~/.kube/config'
+           sh "cp \${etcd-ca} ./kustomize/network/etcd/ca"
+           sh "cp \${etcd-key} ./kustomize/network/etcd/key"
+           sh "cp \${etcd-crt} ./kustomize/network/etcd/crt"
+        }
+      }
+    }
+    stage('testing') {
+      steps {
+        sh """
+            make network-e2e
+          """
+      }
+    }
+    stage('cleanup'){
+        steps{
+            sh """
+            rm -rf ./kustomize/network/etcd
+            """
+        }
+    }
+  }
+}

test/network/OWNERS

@@ -1,13 +1,11 @@
 approvers:
     - magicsong
-    - zryfish
     - zheng1
 
 reviewers:
     - magicsong
     - zheng1
-    - zryfish
 
 labels:
-    - area/controller
+    - area/testing
     - area/networking

test/network/manifests/sample1.yaml

@@ -1,18 +1,15 @@
 apiVersion: network.kubesphere.io/v1alpha1
 kind: NamespaceNetworkPolicy
 metadata:
-  name: allow-tcp-80
+  name: allow-icmp-only
   namespace: production
 spec:
   selector: color == 'red'
   ingress:
   - action: Allow
-    protocol: TCP
+    protocol: ICMP
     source:
-      selector: color == 'blue'
-    # destination:
-    #   ports:
-    #   - 80
+      selector: "all()"
 
 ---
 apiVersion: apps/v1

test/network/test.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+set -e
+
+workspace=`pwd`
+tag=`git rev-parse --short HEAD`
+IMG=magicsong/ks-network:$tag
+DEST=/tmp/manager.yaml
+TEST_NS=network-test-$tag
+SKIP_BUILD=no
+
+export TEST_NAMESPACE=$TEST_NS
+export YAML_PATH=$DEST
+export CRD_PATH=$workspace/kustomize/crds
+export DEPLOY_NAME=network-manager
+
+while [[ $# -gt 0 ]]
+do
+key="$1"
+
+case $key in
+    -s|--skip-build)
+    SKIP_BUILD=yes
+    shift # past argument
+    ;;
+    -n|--NAMESPACE)
+    TEST_NS=$2
+    shift # past argument
+    shift # past value
+    ;;
+    -t|--tag)
+    tag="$2"
+    shift # past argument
+    shift # past value
+    ;;
+    --default)
+    DEFAULT=YES
+    shift # past argument
+    ;;
+    *)    # unknown option
+    POSITIONAL+=("$1") # save it in an array for later
+    shift # past argument
+    ;;
+esac
+done
+if [ $SKIP_BUILD == "no" ]; then
+    echo "Building binary"
+    hack/gobuild.sh cmd/ks-network
+    docker build -f build/ks-network/Dockerfile -t $IMG bin/cmd
+    echo "Push images"
+    docker push $IMG
+fi
+
+kustomize_dir="./kustomize/network"
+if [ "$(uname)" == "Darwin" ]; then
+    sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/kustomization.yaml
+    sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/patch_role_binding.yaml
+    sed -i '' -e 's@image: .*@image: '"${IMG}"'@' $kustomize_dir/patch_image_name.yaml
+else
+    sed -i  -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/patch_role_binding.yaml
+    sed -i  -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/kustomization.yaml
+    sed -i -e 's@image: .*@image: '"${IMG}"'@' $kustomize_dir/patch_image_name.yaml
+fi
+
+kustomize build $kustomize_dir -o $DEST 
+ginkgo -v ./test/e2e/...
+