k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/hack/make-rules/test-cmd.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # Copyright 2014 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  # This command checks that the built commands can function together for
    18  # simple scenarios.  It does not require Docker.
    19  
    20  set -o errexit
    21  set -o nounset
    22  set -o pipefail
    23  
    24  # start the cache mutation detector by default so that cache mutators will be found
    25  KUBE_CACHE_MUTATION_DETECTOR="${KUBE_CACHE_MUTATION_DETECTOR:-true}"
    26  export KUBE_CACHE_MUTATION_DETECTOR
    27  
    28  # panic the server on watch decode errors since they are considered coder mistakes
    29  KUBE_PANIC_WATCH_DECODE_ERROR="${KUBE_PANIC_WATCH_DECODE_ERROR:-true}"
    30  export KUBE_PANIC_WATCH_DECODE_ERROR
    31  
    32  KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
    33  source "${KUBE_ROOT}/hack/lib/init.sh"
    34  source "${KUBE_ROOT}/hack/lib/test.sh"
    35  source "${KUBE_ROOT}/test/cmd/legacy-script.sh"
    36  
    37  # setup envs for TokenRequest required flags
    38  SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true}
    39  SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key}
    40  # Generate ServiceAccount key if needed
    41  if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
    42    mkdir -p "$(dirname "${SERVICE_ACCOUNT_KEY}")"
    43    openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
    44  fi
    45  
    46  # Runs kube-apiserver
    47  #
    48  # Exports:
    49  #   APISERVER_PID
    50  function run_kube_apiserver() {
    51    kube::log::status "Building kube-apiserver"
    52    make -C "${KUBE_ROOT}" WHAT="cmd/kube-apiserver"
    53  
    54    # Start kube-apiserver
    55    kube::log::status "Starting kube-apiserver"
    56  
    57    # Admission Controllers to invoke prior to persisting objects in cluster
    58    ENABLE_ADMISSION_PLUGINS="LimitRanger,ResourceQuota"
    59    DISABLE_ADMISSION_PLUGINS="ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,StorageObjectInUseProtection"
    60  
    61    # Include RBAC (to exercise bootstrapping), and AlwaysAllow to allow all actions
    62    AUTHORIZATION_MODE="RBAC,AlwaysAllow"
    63  
    64    # Enable features
    65    ENABLE_FEATURE_GATES=""
    66  
    67    "${THIS_PLATFORM_BIN}/kube-apiserver" \
    68      --bind-address="127.0.0.1" \
    69      --authorization-mode="${AUTHORIZATION_MODE}" \
    70      --secure-port="${SECURE_API_PORT}" \
    71      --feature-gates="${ENABLE_FEATURE_GATES}" \
    72      --enable-admission-plugins="${ENABLE_ADMISSION_PLUGINS}" \
    73      --disable-admission-plugins="${DISABLE_ADMISSION_PLUGINS}" \
    74      --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
    75      --runtime-config=api/v1 \
    76      --service-account-key-file="${SERVICE_ACCOUNT_KEY}" \
    77      --service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \
    78      --service-account-issuer="https://kubernetes.default.svc" \
    79      --service-account-signing-key-file="${SERVICE_ACCOUNT_KEY}" \
    80      --storage-media-type="${KUBE_TEST_API_STORAGE_TYPE-}" \
    81      --cert-dir="${TMPDIR:-/tmp/}" \
    82      --service-cluster-ip-range="10.0.0.0/24" \
    83      --client-ca-file=hack/testdata/ca/ca.crt \
    84      --token-auth-file=hack/testdata/auth-tokens.csv 1>&2 &
    85    export APISERVER_PID=$!
    86  
    87    kube::util::wait_for_url_with_bearer_token "https://127.0.0.1:${SECURE_API_PORT}/healthz" "admin-token" "apiserver"
    88  }
    89  
    90  # Runs run_kube_controller_manager
    91  #
    92  # Exports:
    93  #   CTLRMGR_PID
    94  function run_kube_controller_manager() {
    95    kube::log::status "Building kube-controller-manager"
    96    make -C "${KUBE_ROOT}" WHAT="cmd/kube-controller-manager"
    97  
    98    # Start controller manager
    99    kube::log::status 'Generate kubeconfig for controller-manager'
   100    local config
   101    config="$(mktemp controller-manager.kubeconfig.XXXXX)"
   102    cat <<EOF > "$config"
   103  kind: Config
   104  users:
   105  - name: controller-manager
   106    user:
   107      token: admin-token
   108  clusters:
   109  - cluster:
   110      server: https://127.0.0.1:${SECURE_API_PORT}
   111      insecure-skip-tls-verify: true
   112    name: local
   113  contexts:
   114  - context:
   115      cluster: local
   116      user: controller-manager
   117    name: local-context
   118  current-context: local-context
   119  EOF
   120  
   121    kube::log::status "Starting controller-manager"
   122    "${THIS_PLATFORM_BIN}/kube-controller-manager" \
   123      --kube-api-content-type="${KUBE_TEST_API_TYPE-}" \
   124      --cluster-signing-cert-file=hack/testdata/ca/ca.crt \
   125      --cluster-signing-key-file=hack/testdata/ca/ca.key \
   126      --kubeconfig="${config}" 1>&2 &
   127    export CTLRMGR_PID=$!
   128  
   129    kube::util::wait_for_url "https://127.0.0.1:${SECURE_CTLRMGR_PORT}/healthz" "controller-manager"
   130  }
   131  
   132  # Creates a node object with name 127.0.0.1. This is required because we do not
   133  # run kubelet.
   134  #
   135  # An arbitrary annotation is needed to ensure field managers are saved on the
   136  # object. Without it, we would be creating an empty object and because status
   137  # and name get wiped, there were be no field managers tracking any fields.
   138  #
   139  # Exports:
   140  #   SUPPORTED_RESOURCES(Array of all resources supported by the apiserver).
   141  function create_node() {
   142    kubectl create -f - << __EOF__
   143  {
   144    "kind": "Node",
   145    "apiVersion": "v1",
   146    "metadata": {
   147      "name": "127.0.0.1",
   148      "annotations": {
   149        "save-managers": "true"
   150      }
   151    },
   152    "status": {
   153      "capacity": {
   154        "memory": "1Gi"
   155      }
   156    }
   157  }
   158  __EOF__
   159  }
   160  
   161  # Run it if:
   162  # 1) $WHAT is empty
   163  # 2) $WHAT is not empty and kubeadm is part of $WHAT
   164  WHAT=${WHAT:-}
   165  if [[ ${WHAT} == "" || ${WHAT} =~ .*kubeadm.* ]] ; then
   166    kube::log::status "Running kubeadm tests"
   167  
   168    # build kubeadm
   169    make all -C "${KUBE_ROOT}" WHAT=cmd/kubeadm
   170    # unless the user sets KUBEADM_PATH, assume that "make all..." just built it
   171    export KUBEADM_PATH="${KUBEADM_PATH:=$(kube::realpath "${KUBE_ROOT}")/_output/local/go/bin/kubeadm}"
   172    # invoke the tests
   173    make -C "${KUBE_ROOT}" test \
   174      WHAT=k8s.io/kubernetes/cmd/kubeadm/test/cmd \
   175      KUBE_TIMEOUT=--timeout=240s \
   176      KUBE_RACE=""
   177  
   178    # if we ONLY want to run kubeadm, then exit here.
   179    if [[ ${WHAT} == "kubeadm" ]]; then
   180      kube::log::status "TESTS PASSED"
   181      exit 0
   182    fi
   183  fi
   184  
   185  kube::log::status "Running kubectl tests for kube-apiserver"
   186  
   187  setup
   188  run_kube_apiserver
   189  run_kube_controller_manager
   190  create_node
   191  export SUPPORTED_RESOURCES=("*")
   192  # WARNING: Do not wrap this call in a subshell to capture output, e.g. output=$(runTests)
   193  # Doing so will suppress errexit behavior inside runTests
   194  runTests
   195  
   196  kube::log::status "TESTS PASSED"