-
Notifications
You must be signed in to change notification settings - Fork 271
/
Copy pathimds-v2-test
executable file
·130 lines (111 loc) · 3.59 KB
/
imds-v2-test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
set -euo pipefail
# Available env vars:
# $TMP_DIR
# $CLUSTER_NAME
# $KUBECONFIG
# $NODE_TERMINATION_HANDLER_DOCKER_REPO
# $NODE_TERMINATION_HANDLER_DOCKER_TAG
# $WEBHOOK_DOCKER_REPO
# $WEBHOOK_DOCKER_TAG
# $AEMM_URL
# $AEMM_VERSION
function fail_and_exit {
echo "❌ IMDSv2 Test failed $CLUSTER_NAME ❌"
exit "${1:-1}"
}
echo "Starting IMDSv2 Test for Node Termination Handler"
SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
common_helm_args=()
[[ "${TEST_WINDOWS-}" == "true" ]] && common_helm_args+=(--set targetNodeOs="windows")
[[ -n "${NTH_WORKER_LABEL-}" ]] && common_helm_args+=(--set nodeSelector."$NTH_WORKER_LABEL")
anth_helm_args=(
upgrade
--install
--namespace kube-system
"$CLUSTER_NAME-anth"
"$SCRIPTPATH/../../config/helm/aws-node-termination-handler/"
--set instanceMetadataURL="${INSTANCE_METADATA_URL:-"http://$AEMM_URL:$IMDS_PORT"}"
--set image.repository="$NODE_TERMINATION_HANDLER_DOCKER_REPO"
--set image.tag="$NODE_TERMINATION_HANDLER_DOCKER_TAG"
--set enableSpotInterruptionDraining="true"
--set enableScheduledEventDraining="true"
--wait
--force
)
[[ -n "${NODE_TERMINATION_HANDLER_DOCKER_PULL_POLICY-}" ]] &&
anth_helm_args+=(--set image.pullPolicy="$NODE_TERMINATION_HANDLER_DOCKER_PULL_POLICY")
[[ ${#common_helm_args[@]} -gt 0 ]] &&
anth_helm_args+=("${common_helm_args[@]}")
set -x
helm "${anth_helm_args[@]}"
set +x
emtp_helm_args=(
upgrade
--install
--namespace default
"$CLUSTER_NAME-emtp"
"$SCRIPTPATH/../../config/helm/webhook-test-proxy/"
--set webhookTestProxy.image.repository="$WEBHOOK_DOCKER_REPO"
--set webhookTestProxy.image.tag="$WEBHOOK_DOCKER_TAG"
--wait
)
[[ -n "${WEBHOOK_DOCKER_PULL_POLICY-}" ]] &&
emtp_helm_args+=(--set webhookTestProxy.image.pullPolicy="$WEBHOOK_DOCKER_PULL_POLICY")
[[ ${#common_helm_args[@]} -gt 0 ]] &&
emtp_helm_args+=("${common_helm_args[@]}")
set -x
helm "${emtp_helm_args[@]}"
set +x
aemm_helm_args=(
upgrade
--install
--namespace default
"$CLUSTER_NAME-aemm"
"$AEMM_DL_URL"
--set aemm.imdsv2="true"
--set servicePort="$IMDS_PORT"
--wait
)
[[ ${#common_helm_args[@]} -gt 0 ]] &&
aemm_helm_args+=("${common_helm_args[@]}")
set -x
retry 5 helm "${aemm_helm_args[@]}"
set +x
TAINT_CHECK_CYCLES=15
TAINT_CHECK_SLEEP=15
DEPLOYED=0
for i in $(seq 1 $TAINT_CHECK_CYCLES); do
if [[ $(kubectl get deployments regular-pod-test -o jsonpath='{.status.unavailableReplicas}') -eq 0 ]]; then
echo "✅ Verified regular-pod-test pod was scheduled and started!"
DEPLOYED=1
break
fi
echo "Setup Loop $i/$TAINT_CHECK_CYCLES, sleeping for $TAINT_CHECK_SLEEP seconds"
sleep $TAINT_CHECK_SLEEP
done
if [[ $DEPLOYED -eq 0 ]]; then
echo "❌ regular-pod-test pod deployment failed"
fail_and_exit 2
fi
cordoned=0
test_node="${TEST_NODE:-$CLUSTER_NAME-worker}"
for i in $(seq 1 $TAINT_CHECK_CYCLES); do
if [[ $cordoned -eq 0 ]] && kubectl get nodes "${test_node}" | grep SchedulingDisabled >/dev/null; then
echo "✅ Verified the worker node was cordoned!"
cordoned=1
fi
if [[ $cordoned -eq 1 && $(kubectl get deployments regular-pod-test -o=jsonpath='{.status.unavailableReplicas}') -eq 1 ]]; then
echo "✅ Verified the regular-pod-test pod was evicted!"
echo "✅ IMDSv2 Test Passed $CLUSTER_NAME! ✅"
exit 0
fi
echo "Assertion Loop $i/$TAINT_CHECK_CYCLES, sleeping for $TAINT_CHECK_SLEEP seconds"
sleep $TAINT_CHECK_SLEEP
done
if [[ $cordoned -eq 0 ]]; then
echo "❌ Worker node was not cordoned"
else
echo "❌ regular-pod-test pod was not evicted"
fi
fail_and_exit 1