1#!/usr/bin/env bash 2 3# Copyright 2014 The Kubernetes Authors. 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17# This command checks that the built commands can function together for 18# simple scenarios. It does not require Docker. 19 20set -o errexit 21set -o nounset 22set -o pipefail 23 24# start the cache mutation detector by default so that cache mutators will be found 25KUBE_CACHE_MUTATION_DETECTOR="${KUBE_CACHE_MUTATION_DETECTOR:-true}" 26export KUBE_CACHE_MUTATION_DETECTOR 27 28# panic the server on watch decode errors since they are considered coder mistakes 29KUBE_PANIC_WATCH_DECODE_ERROR="${KUBE_PANIC_WATCH_DECODE_ERROR:-true}" 30export KUBE_PANIC_WATCH_DECODE_ERROR 31 32KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../.. 33source "${KUBE_ROOT}/hack/lib/init.sh" 34source "${KUBE_ROOT}/hack/lib/test.sh" 35source "${KUBE_ROOT}/test/cmd/legacy-script.sh" 36 37# setup envs for TokenRequest required flags 38SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true} 39SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key} 40# Generate ServiceAccount key if needed 41if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then 42 mkdir -p "$(dirname "${SERVICE_ACCOUNT_KEY}")" 43 openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null 44fi 45 46# Runs kube-apiserver 47# 48# Exports: 49# APISERVER_PID 50function run_kube_apiserver() { 51 kube::log::status "Building kube-apiserver" 52 make -C "${KUBE_ROOT}" WHAT="cmd/kube-apiserver" 53 54 # Start kube-apiserver 55 kube::log::status "Starting kube-apiserver" 56 57 # Admission Controllers to invoke prior to persisting objects in cluster 58 ENABLE_ADMISSION_PLUGINS="LimitRanger,ResourceQuota" 59 DISABLE_ADMISSION_PLUGINS="ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,StorageObjectInUseProtection" 60 61 # Include RBAC (to exercise bootstrapping), and AlwaysAllow to allow all actions 62 AUTHORIZATION_MODE="RBAC,AlwaysAllow" 63 64 # Enable features 65 ENABLE_FEATURE_GATES="ServerSideApply=true" 66 67 "${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \ 68 --bind-address="127.0.0.1" \ 69 --authorization-mode="${AUTHORIZATION_MODE}" \ 70 --secure-port="${SECURE_API_PORT}" \ 71 --feature-gates="${ENABLE_FEATURE_GATES}" \ 72 --enable-admission-plugins="${ENABLE_ADMISSION_PLUGINS}" \ 73 --disable-admission-plugins="${DISABLE_ADMISSION_PLUGINS}" \ 74 --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \ 75 --runtime-config=api/v1 \ 76 --service-account-key-file="${SERVICE_ACCOUNT_KEY}" \ 77 --service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \ 78 --service-account-issuer="https://kubernetes.default.svc" \ 79 --service-account-signing-key-file="${SERVICE_ACCOUNT_KEY}" \ 80 --storage-media-type="${KUBE_TEST_API_STORAGE_TYPE-}" \ 81 --cert-dir="${TMPDIR:-/tmp/}" \ 82 --service-cluster-ip-range="10.0.0.0/24" \ 83 --client-ca-file=hack/testdata/ca.crt \ 84 --token-auth-file=hack/testdata/auth-tokens.csv 1>&2 & 85 export APISERVER_PID=$! 86 87 kube::util::wait_for_url_with_bearer_token "https://127.0.0.1:${SECURE_API_PORT}/healthz" "admin-token" "apiserver" 88} 89 90# Runs run_kube_controller_manager 91# 92# Exports: 93# CTLRMGR_PID 94function run_kube_controller_manager() { 95 kube::log::status "Building kube-controller-manager" 96 make -C "${KUBE_ROOT}" WHAT="cmd/kube-controller-manager" 97 98 # Start controller manager 99 kube::log::status 'Generate kubeconfig for controller-manager' 100 local config 101 config="$(mktemp controller-manager.kubeconfig.XXXXX)" 102 cat <<EOF > "$config" 103kind: Config 104users: 105- name: controller-manager 106 user: 107 token: admin-token 108clusters: 109- cluster: 110 server: https://127.0.0.1:${SECURE_API_PORT} 111 insecure-skip-tls-verify: true 112 name: local 113contexts: 114- context: 115 cluster: local 116 user: controller-manager 117 name: local-context 118current-context: local-context 119EOF 120 121 kube::log::status "Starting controller-manager" 122 "${KUBE_OUTPUT_HOSTBIN}/kube-controller-manager" \ 123 --kube-api-content-type="${KUBE_TEST_API_TYPE-}" \ 124 --kubeconfig="${config}" 1>&2 & 125 export CTLRMGR_PID=$! 126 127 kube::util::wait_for_url "https://127.0.0.1:${SECURE_CTLRMGR_PORT}/healthz" "controller-manager" 128} 129 130# Creates a node object with name 127.0.0.1. This is required because we do not 131# run kubelet. 132# 133# An arbitrary annotation is needed to ensure field managers are saved on the 134# object. Without it, we would be creating an empty object and because status 135# and name get wiped, there were be no field managers tracking any fields. 136# 137# Exports: 138# SUPPORTED_RESOURCES(Array of all resources supported by the apiserver). 139function create_node() { 140 kubectl create -f - << __EOF__ 141{ 142 "kind": "Node", 143 "apiVersion": "v1", 144 "metadata": { 145 "name": "127.0.0.1", 146 "annotations": { 147 "save-managers": "true" 148 } 149 }, 150 "status": { 151 "capacity": { 152 "memory": "1Gi" 153 } 154 } 155} 156__EOF__ 157} 158 159# Run it if: 160# 1) $WHAT is empty 161# 2) $WHAT is not empty and kubeadm is part of $WHAT 162WHAT=${WHAT:-} 163if [[ ${WHAT} == "" || ${WHAT} =~ .*kubeadm.* ]] ; then 164 kube::log::status "Running kubeadm tests" 165 166 # build kubeadm 167 make all -C "${KUBE_ROOT}" WHAT=cmd/kubeadm 168 # unless the user sets KUBEADM_PATH, assume that "make all..." just built it 169 export KUBEADM_PATH="${KUBEADM_PATH:=$(kube::realpath "${KUBE_ROOT}")/_output/local/go/bin/kubeadm}" 170 # invoke the tests 171 make -C "${KUBE_ROOT}" test \ 172 WHAT=k8s.io/kubernetes/cmd/kubeadm/test/cmd \ 173 KUBE_TIMEOUT=--timeout=240s \ 174 KUBE_RACE="" 175 176 # if we ONLY want to run kubeadm, then exit here. 177 if [[ ${WHAT} == "kubeadm" ]]; then 178 kube::log::status "TESTS PASSED" 179 exit 0 180 fi 181fi 182 183kube::log::status "Running kubectl tests for kube-apiserver" 184 185setup 186run_kube_apiserver 187run_kube_controller_manager 188create_node 189export SUPPORTED_RESOURCES=("*") 190# WARNING: Do not wrap this call in a subshell to capture output, e.g. output=$(runTests) 191# Doing so will suppress errexit behavior inside runTests 192runTests 193 194kube::log::status "TESTS PASSED" 195