Halaman utama Jelajahi Bantuan
Masuk
akillibulut
/
kilo
cermin dari https://github.com/squat/kilo
2
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: c728870b49
Ranting Tag
kilo
/
e2e
/
lib.sh

lib.sh 6.0 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. #!/usr/bin/env bash
    2. 

  2. KUBECONFIG="kind.yaml"
    3. 

  3. KIND_CLUSTER="kind-cluster-kilo"
    4. 

  4. KIND_BINARY="${KIND_BINARY:-kind}"
    5. 

  5. KUBECTL_BINARY="${KUBECTL_BINARY:-kubectl}"
    6. 

  6. KGCTL_BINARY="${KGCTL_BINARY:-kgctl}"
    7. 

  7. KILO_IMAGE="${KILO_IMAGE:-squat/kilo}"
    8. 

  8. 

  9. retry() {
    10. 

  10. 	local COUNT="${1:-10}"
    11. 

  11. 	local SLEEP="${2:-5}"
    12. 

  12. 	local ERROR=$3
    13. 

  13. 	[ -n "$ERROR" ] && ERROR="$ERROR "
    14. 

  14. 	shift 3
    15. 

  15. 	for c in $(seq 1 "$COUNT"); do
    16. 

  16. 		if "$@"; then
    17. 

  17. 			return 0
    18. 

  18. 		else
    19. 

  19. 			printf "%s(attempt %d/%d)\n" "$ERROR" "$c" "$COUNT" | color "$YELLOW"
    20. 

  20. 			if [ "$c" != "$COUNT" ]; then
    21. 

  21. 				printf "retrying in %d seconds...\n" "$SLEEP" | color "$YELLOW"
    22. 

  22. 				sleep "$SLEEP"
    23. 

  23. 			fi
    24. 

  24. 		fi
    25. 

  25. 	done
    26. 

  26. 	return 1
    27. 

  27. }
    28. 

  28. 

  29. _not() {
    30. 

  30. 	if "$@"; then
    31. 

  31. 		return 1
    32. 

  32. 	fi
    33. 

  33. 	return 0
    34. 

  34. }
    35. 

  35. 

  36. # _kubectl is a helper that calls kubectl with the --kubeconfig flag.
    37. 

  37. _kubectl() {
    38. 

  38. 	$KUBECTL_BINARY --kubeconfig="$KUBECONFIG" "$@"
    39. 

  39. }
    40. 

  40. 

  41. # _kgctl is a helper that calls kgctl with the --kubeconfig flag.
    42. 

  42. _kgctl() {
    43. 

  43. 	$KGCTL_BINARY --kubeconfig="$KUBECONFIG" "$@"
    44. 

  44. }
    45. 

  45. 

  46. # _kind is a helper that calls kind with the --kubeconfig flag.
    47. 

  47. _kind() {
    48. 

  48. 	$KIND_BINARY --kubeconfig="$KUBECONFIG" "$@"
    49. 

  49. }
    50. 

  50. 

  51. create_interface() {
    52. 

  52. 	docker run -d --name="$1" --rm --network=host --cap-add=NET_ADMIN --device=/dev/net/tun -v /var/run/wireguard:/var/run/wireguard -e WG_LOG_LEVEL=debug leonnicolas/boringtun --foreground --disable-drop-privileges true "$1"
    53. 

  53. }
    54. 

  54. 

  55. delete_interface() {
    56. 

  56. 	docker rm --force "$1"
    57. 

  57. }
    58. 

  58. 

  59. create_peer() {
    60. 

  60. 	cat <<EOF | _kubectl apply -f -
    61. 

  61. apiVersion: kilo.squat.ai/v1alpha1
    62. 

  62. kind: Peer
    63. 

  63. metadata:
    64. 

  64.   name: $1
    65. 

  65. spec:
    66. 

  66.   allowedIPs:
    67. 

  67.   - $2
    68. 

  68.   persistentKeepalive: $3
    69. 

  69.   publicKey: $4
    70. 

  70. EOF
    71. 

  71. }
    72. 

  72. 

  73. delete_peer() {
    74. 

  74. 	_kubectl delete peer "$1"
    75. 

  75. }
    76. 

  76. 

  77. is_ready() {
    78. 

  78. 	for pod in $(_kubectl -n "$1" get pods -o name -l "$2"); do
    79. 

  79. 		if ! _kubectl -n "$1" get "$pod" | tail -n 1 | grep -q Running; then
    80. 

  80. 			return 1;
    81. 

  81. 		fi
    82. 

  82. 	done
    83. 

  83. 	return 0
    84. 

  84. }
    85. 

  85. 

  86. # Returns non zero if one pod of the given name in the given namespace is not ready.
    87. 

  87. block_until_ready_by_name() {
    88. 

  88. 	block_until_ready "$1" "app.kubernetes.io/name=$2"
    89. 

  89. }
    90. 

  90. 

  91. # Blocks until all pods of a deployment are ready.
    92. 

  92. block_until_ready() {
    93. 

  93. 	retry 30 5 "some $2 pods are not ready yet" is_ready "$1" "$2"
    94. 

  94. }
    95. 

  95. 

  96. 

  97. # create_cluster launches a kind cluster and deploys Kilo, Adjacency, and a helper with curl.
    98. 

  98. create_cluster() {
    99. 

  99. 	_kind delete clusters $KIND_CLUSTER > /dev/null
    100. 

  100. 	# Create the kind cluster.
    101. 

  101. 	_kind create cluster --name $KIND_CLUSTER --config ./kind-config.yaml
    102. 

  102. 	# Load the Kilo image into kind.
    103. 

  103. 	docker tag "$KILO_IMAGE" squat/kilo:test
    104. 

  104. 	# This command does not accept the --kubeconfig flag, so call the command directly.
    105. 

  105. 	$KIND_BINARY load docker-image squat/kilo:test --name $KIND_CLUSTER
    106. 

  106. 	# Create the kubeconfig secret.
    107. 

  107. 	_kubectl create secret generic kubeconfig --from-file=kubeconfig="$KUBECONFIG" -n kube-system
    108. 

  108. 	# Apply Kilo the the cluster.
    109. 

  109. 	_kubectl apply -f ../manifests/crds.yaml
    110. 

  110. 	_kubectl apply -f kilo-kind-userspace.yaml
    111. 

  111. 	block_until_ready_by_name kube-system kilo-userspace 
    112. 

  112. 	_kubectl wait nodes --all --for=condition=Ready
    113. 

  113. 	# Wait for CoreDNS.
    114. 

  114. 	block_until_ready kube_system k8s-app=kube-dns
    115. 

  115. 	# Ensure the curl helper is not scheduled on a control-plane node.
    116. 

  116. 	_kubectl apply -f helper-curl.yaml
    117. 

  117. 	block_until_ready_by_name default curl
    118. 

  118. 	_kubectl taint node $KIND_CLUSTER-control-plane node-role.kubernetes.io/master:NoSchedule-
    119. 

  119. 	_kubectl apply -f https://raw.githubusercontent.com/heptoprint/adjacency/master/example.yaml
    120. 

  120. 	block_until_ready_by_name adjacency adjacency
    121. 

  121. }
    122. 

  122. 

  123. delete_cluster () {
    124. 

  124. 	_kind delete clusters $KIND_CLUSTER
    125. 

  125. }
    126. 

  126. 

  127. curl_pod() {
    128. 

  128. 	_kubectl get pods -l app.kubernetes.io/name=curl -o name | xargs -I{} "$KUBECTL_BINARY" --kubeconfig="$KUBECONFIG" exec {} -- /bin/sh -c "curl $*"
    129. 

  129. }
    130. 

  130. 

  131. check_ping() {
    132. 

  132. 	local LOCAL
    133. 

  133. 	while [ $# -gt 0 ]; do
    134. 

  134. 		case $1 in
    135. 

  135. 			--local)
    136. 

  136. 			LOCAL=true
    137. 

  137. 			;;
    138. 

  138. 		esac
    139. 

  139. 		shift
    140. 

  140. 	done
    141. 

  141. 

  142. 	for ip in $(_kubectl get pods -l app.kubernetes.io/name=adjacency -o jsonpath='{.items[*].status.podIP}'); do
    143. 

  143. 		if [ -n "$LOCAL" ]; then
    144. 

  144. 			ping=$(curl -m 1 -s http://"$ip":8080/ping)
    145. 

  145. 		else
    146. 

  146. 			ping=$(curl_pod -m 1 -s http://"$ip":8080/ping)
    147. 

  147. 		fi
    148. 

  148. 		if [ "$ping" = "pong" ]; then
    149. 

  149. 			echo "successfully pinged $ip"
    150. 

  150. 		else
    151. 

  151. 			printf 'failed to ping %s; expected "pong" but got "%s"\n' "$ip" "$ping"
    152. 

  152. 			return 1
    153. 

  153. 		fi
    154. 

  154. 	done
    155. 

  155. 	return 0
    156. 

  156. }
    157. 

  157. 

  158. check_adjacent() {
    159. 

  159.         _kubectl get pods -l app.kubernetes.io/name=curl -o name | xargs -I{} "$KUBECTL_BINARY" --kubeconfig="$KUBECONFIG" exec {} -- /bin/sh -c 'curl -m 1 -s adjacency:8080/?format=fancy'
    160. 

  160. 	[ "$(curl_pod -m 1 -s adjacency:8080/?format=json | jq '.[].latencies[].ok' | grep -c true)" -eq $(($1*$1)) ]
    161. 

  161. }
    162. 

  162. 

  163. check_peer() {
    164. 

  164. 	local INTERFACE=$1
    165. 

  165. 	local PEER=$2
    166. 

  166. 	local ALLOWED_IP=$3
    167. 

  167. 	local GRANULARITY=$4
    168. 

  168. 	create_interface "$INTERFACE"
    169. 

  169. 	docker run --rm --entrypoint=/usr/bin/wg "$KILO_IMAGE" genkey > "$INTERFACE"
    170. 

  170. 	assert "create_peer $PEER $ALLOWED_IP 10 $(docker run --rm --entrypoint=/bin/sh -v "$PWD/$INTERFACE":/key "$KILO_IMAGE" -c 'cat /key | wg pubkey')" "should be able to create Peer"
    171. 

  171. 	assert "_kgctl showconf peer $PEER --mesh-granularity=$GRANULARITY > $PEER.ini" "should be able to get Peer configuration"
    172. 

  172. 	assert "docker run --rm --network=host --cap-add=NET_ADMIN --entrypoint=/usr/bin/wg -v /var/run/wireguard:/var/run/wireguard -v $PWD/$PEER.ini:/peer.ini $KILO_IMAGE setconf $INTERFACE /peer.ini" "should be able to apply configuration from kgctl"
    173. 

  173. 	docker run --rm --network=host --cap-add=NET_ADMIN --entrypoint=/usr/bin/wg -v /var/run/wireguard:/var/run/wireguard -v "$PWD/$INTERFACE":/key "$KILO_IMAGE" set "$INTERFACE" private-key /key
    174. 

  174. 	docker run --rm --network=host --cap-add=NET_ADMIN --entrypoint=/sbin/ip "$KILO_IMAGE" address add "$ALLOWED_IP" dev "$INTERFACE"
    175. 

  175. 	docker run --rm --network=host --cap-add=NET_ADMIN --entrypoint=/sbin/ip "$KILO_IMAGE" link set "$INTERFACE" up
    176. 

  176. 	docker run --rm --network=host --cap-add=NET_ADMIN --entrypoint=/sbin/ip "$KILO_IMAGE" route add 10.42/16 dev "$INTERFACE"
    177. 

  177. 	assert "retry 10 5 '' check_ping --local" "should be able to ping Pods from host"
    178. 

  178. 	assert_equals "$(_kgctl showconf peer "$PEER")" "$(_kgctl showconf peer "$PEER" --mesh-granularity="$GRANULARITY")" "kgctl should be able to auto detect the mesh granularity"
    179. 

  179. 	rm "$INTERFACE" "$PEER".ini
    180. 

  180. 	delete_peer "$PEER"
    181. 

  181. 	delete_interface "$INTERFACE"
    182. 

  182. }
    183.