Since Kilo now uses the `kilo.squat.ai/discovered-endpoints` annotation
for Peer discovery, Kilo no longer needs to update Peer resources, so we
can remove this permission from the ClusterRole. Note, the RBAC in the
manifests is not used today, but we eventually want to migrate to this.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit standardizes how we display a `note` in our docs.
Previously, we used a mix of `_Note_:`, `__Note:__`, `> Note`, and `>
**Note**:` among others. Now, all notes appear as `> **Note**:`.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds a new test suite to the e2e tests that validates
multi-cluster connectivity in Kilo. This is really just an extension of
the testing of the Peers CRD and related tooling that also exercises the
`--allowed-ips` flag of the `kgctl` tool.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit enables the filtering of e2e tests that should be run when
using the Makefile's `e2e` target through the specification of the
`BASH_UNIT_FLAGS` environment variable. The value of this variable will
be passed as arguments to the `bash_unit` command, enabling filtering of
tests.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
* wireguard: `wg show iface dump` reader and parser
* mesh: use LatestHandshake to validate NAT Endpoints
* add skip on error
* switch to loop parsing
So the stop on error pattern can be used
* Add error handling to ParseDump
This commit simplifies the check_adjacency helper to us the curl_pod
helper rather than a re-written version of it. It also simplifies the
curl_pod helper slightly to avoid the need for an additional shell.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit allows the kind cluster configuration to be parameterized at
call time. This enables the test suite to build multiple clusters with
different configurations, e.g. different CIDRs, different numbers of
nodes, etc.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit modifies the logic of the check_adjacent helper so that
rather than expecting the argument to be n^2+n it expects simply n. This
makes it easier to update the caller when the number of nodes in the
cluster changes.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit modifies the e2e shell scripts so that the KUBECONFIG
variable does not need to be exported. This will become important once
we allow the e2e test suite to launch multiple clusters, e.g. to test
multi-cluster connectivity.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Currently, each test suite spins up its own kind cluster, which results
in longer e2e test times as each test suite needs to wait for the
cluster to be ready and for images to download. This commit creates two
new virtual test suites that are run before and after the actual e2e
tests and are responsible for creating and destroying a kind cluster
respectively. Any test suite that needs a fresh cluster can still spin
up its own using the `create_cluster` helper in the lib.sh file.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
We seem to be running into
https://github.com/kubernetes-sigs/kind/issues/2240: kube-proxy is
crashlooping, which in turn causes CoreDNS to fail to connect to the API
server over the Service CIDR, which in turn cases DNS resolution to fail
in the cluster, which in turn causes the e2e tests to fail.
To address this,
this commit bumps the kind version to 0.11.1.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit splits the e2e tests into different suites that all reuse
helper functions from the lib.sh file. This split ensures that the tests
within a suite can all have the same setup, e.g. all tests depending on
a full-mesh will be set up with a full-mesh, and is resilient against
changes in test ordering.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds a new e2e test fot the recently introduced
allowed-location-ips annotation. This test annotates the control-plane
node with an allowed IP and then ensures this IPs is reachable from
the curl helper Pod, which is now guaranteed to be scheduled on a
worker node.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds an e2e test that ensures that invalid Kilo Peers are
rejected thanks to the improved OpenAPI v3 validation.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
The recent test refactor wrapped the adjacency check in a `retry`,
however, the `check_adjacent` function had an `assert` in it, which
meant that the test would fail immediately and not be retried. This
commit moves the assertion out of the check, which also allows for
improved code reuse.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
Users can specify IPs with the annotation "allowed-location-ips".
It makes no difference which node of a location is annotated.
The IP should be routable from the particular location, e.g. a printer in
the same LAN.
This way these IPs become routable from other location.
Signed-off-by: leonnicolas <leonloechner@gmx.de>
Co-authored-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds better handling of the default kubeconfig location in
the kgctl binary for cases where the `$KUBECONFIG` environment variable
is not set. In these cases, kgctl will default to
`$HOME/.kube/config`, putting it in line with tools like `kubectl` and
`kind`.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit adds testing of the VPN feature of Kilo to the e2e tests.
Also, in order to make the tests less flaky, this commit ensures that
the Kilo Pods use the "root" kubeconfig to connect to the API rather
than the Kubernetes API's cluster IP, which can become unavailable when
networking is reconfigured.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit refactors the e2e tests in the following ways:
* bump the version of `bash_unit` to 1.7.2: the previous version was
from 2018;
* remove the unused `block` function;
* fix the order of `block_unitil_ready_by_name` and `check_ping`: we
should not attempt to interact with pods before they are considered
ready;
* extract the retry logic into a reusable function called `retry`; and
* retry the `check_adjacent` function for robustness.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>