Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / tcp-qa / 44a43521da9c3071dd9c6c7ad6260a18bec08bbe / . / tcp_tests / tests / system / test_calico.py
blob: f25264ab7510b379a17de98c55bbad6505a19ff5 [file] [log] [blame]
Artem Panchenko501e67e2017-06-14 14:59:18 +0300[diff] [blame]1# Copyright 2017 Mirantis, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import pytest
16
17from devops.helpers import helpers
18
19from tcp_tests import logger
20from tcp_tests.helpers import netchecker
21
22LOG = logger.logger
23
24
25class TestMCPCalico(object):
26 """Test class for Calico network provider in k8s"""
27
28 @pytest.mark.fail_snapshot
Artem Panchenko0872ec02017-06-29 17:14:12 +0300[diff] [blame]29 @pytest.mark.calico_ci
Artem Panchenko501e67e2017-06-14 14:59:18 +0300[diff] [blame]30 def test_k8s_netchecker_calico(self, show_step, config, k8s_deployed):
31 """Test for deploying k8s environment with Calico plugin and check
32 network connectivity between different pods by k8s-netchecker
33
34 Scenario:
35 1. Install k8s with Calico network plugin.
36 2. Run netchecker-server service.
37 3. Run netchecker-agent daemon set.
38 4. Get network verification status. Check status is 'OK'.
39
40 Duration: 3000 seconds
41 """
42
43 # STEP #1
44 show_step(1)
45 k8sclient = k8s_deployed.api
46 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
47
48 # STEP #2
49 show_step(2)
50 netchecker.start_server(k8s=k8s_deployed, config=config)
51 netchecker.wait_check_network(k8sclient, works=True,
52 timeout=300)
53
54 # STEP #3
55 show_step(3)
56 netchecker.start_agent(k8s=k8s_deployed, config=config)
57
58 # STEP #4
59 show_step(4)
60 netchecker.wait_check_network(k8sclient, works=True,
61 timeout=300)
62
63 @pytest.mark.fail_snapshot
Artem Panchenko0872ec02017-06-29 17:14:12 +0300[diff] [blame]64 @pytest.mark.calico_ci
Artem Panchenko501e67e2017-06-14 14:59:18 +0300[diff] [blame]65 def test_calico_route_recovery(self, show_step, config, underlay,
66 k8s_deployed):
67 """Test for deploying k8s environment with Calico plugin and check
68 that local routes are recovered by felix after removal
69
70 Scenario:
71 1. Install k8s with Calico network plugin.
72 2. Run netchecker-server service.
73 3. Run netchecker-agent daemon set.
74 4. Get network verification status. Check status is 'OK'.
75 5. Remove local route to netchecker-agent pod on the first node
76 6. Check that the route is automatically recovered
77 7. Get network verification status. Check status is 'OK'.
78
79 Duration: 3000 seconds
80 """
81
82 # STEP #1
83 show_step(1)
84 k8sclient = k8s_deployed.api
85 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
86
87 # STEP #2
88 show_step(2)
89 netchecker.start_server(k8s=k8s_deployed, config=config)
90 LOG.info("Waiting for netchecker server is running")
91 netchecker.wait_check_network(k8sclient, works=True,
92 timeout=300)
93
94 # STEP #3
95 show_step(3)
96 netchecker.start_agent(k8s=k8s_deployed, config=config)
97
98 # STEP #4
99 show_step(4)
100 netchecker.wait_check_network(k8sclient, works=True,
101 timeout=300)
102
103 # STEP #5
104 show_step(5)
105 first_node = k8sclient.nodes.list()[0]
106 first_node_ips = [addr.address for addr in first_node.status.addresses
107 if 'IP' in addr.type]
108 assert len(first_node_ips) > 0, "Couldn't find first k8s node IP!"
109 first_node_names = [name for name in underlay.node_names()
110 if name.startswith(first_node.name)]
111 assert len(first_node_names) == 1, "Couldn't find first k8s node " \
112 "hostname in SSH config!"
113 first_node_name = first_node_names.pop()
114
115 target_pod_ip = None
116
117 for pod in k8sclient.pods.list():
118 if pod.status.host_ip not in first_node_ips:
119 continue
120 # TODO: get pods by daemonset with name 'netchecker-agent'
121 if 'netchecker-agent-' in pod.name and 'hostnet' not in pod.name:
122 target_pod_ip = pod.status.pod_ip
123
124 assert target_pod_ip is not None, "Could not find netchecker pod IP!"
125
126 route_del_cmd = 'ip route delete {0}'.format(target_pod_ip)
127 underlay.sudo_check_call(cmd=route_del_cmd, node_name=first_node_name)
128 LOG.debug('Removed local route to pod IP {0} on node {1}'.format(
129 target_pod_ip, first_node.name
130 ))
131
132 # STEP #6
133 show_step(6)
134 route_chk_cmd = 'ip route list | grep -q "{0}"'.format(target_pod_ip)
135 helpers.wait_pass(
136 lambda: underlay.sudo_check_call(cmd=route_chk_cmd,
137 node_name=first_node_name),
138 timeout=30,
139 interval=1
140 )
141 pod_ping_cmd = 'sleep 3 && ping -q -c 1 -w 3 {0}'.format(target_pod_ip)
142 underlay.sudo_check_call(cmd=pod_ping_cmd, node_name=first_node_name)
143 LOG.debug('Local route to pod IP {0} on node {1} is '
144 'recovered'.format(target_pod_ip, first_node.name))
145
146 # STEP #7
147 show_step(7)
148 netchecker.wait_check_network(k8sclient, works=True)
149
150 @pytest.mark.fail_snapshot
Valentyn Yakovlev44c8bcd2017-07-04 12:34:24 +0300[diff] [blame]151 @pytest.mark.calico_ci
Artem Panchenko501e67e2017-06-14 14:59:18 +0300[diff] [blame]152 def test_calico_network_policies(self, show_step, config, underlay,
153 k8s_deployed):
154 """Test for deploying k8s environment with Calico and check
155 that network policies work as expected
156
157 Scenario:
158 1. Install k8s.
159 2. Create new namespace 'netchecker'
160 3. Run netchecker-server service
161 4. Check that netchecker-server returns '200 OK'
162 5. Run netchecker-agent daemon set in default namespace
163 6. Get network verification status. Check status is 'OK'
164 7. Enable network isolation for 'netchecker' namespace
165 8. Allow connections to netchecker-server from tests using
166 Calico policy
167 9. Get network verification status. Check status is 'FAIL' because
168 no netcheker-agent pods can reach netchecker-service pod
169 10. Add kubernetes network policies which allow connections
170 from netchecker-agent pods (including ones with host network)
171 11. Get network verification status. Check status is 'OK'
172
173 Duration: 3000 seconds
174 """
175
176 show_step(1)
177 k8sclient = k8s_deployed.api
178 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
179 kube_master_nodes = k8s_deployed.get_k8s_masters()
180 assert kube_master_nodes, "No k8s masters found in pillars!"
181
182 show_step(2)
183 k8s_deployed.check_namespace_create(name='netchecker')
184
185 show_step(3)
186 netchecker.start_server(k8s=k8s_deployed, config=config,
187 namespace='netchecker')
188
189 show_step(4)
190 netchecker.wait_check_network(k8sclient, namespace='netchecker',
191 works=True)
192
193 show_step(5)
194 netchecker.start_agent(k8s=k8s_deployed, config=config,
195 namespace='default',
196 service_namespace='netchecker')
197
198 show_step(6)
199 netchecker.wait_check_network(k8sclient, namespace='netchecker',
200 works=True, timeout=300)
201
202 show_step(7)
203 netchecker.kubernetes_block_traffic_namespace(underlay,
204 kube_master_nodes[0],
205 'netchecker')
206
207 show_step(8)
208 netchecker.calico_allow_netchecker_connections(underlay,
209 kube_master_nodes[0],
210 config.k8s.kube_host,
211 'netchecker')
212
213 show_step(9)
214 netchecker.wait_check_network(k8sclient, namespace='netchecker',
215 works=False, timeout=500)
216
217 show_step(10)
218 netchecker.kubernetes_allow_traffic_from_agents(underlay,
219 kube_master_nodes[0],
220 'netchecker')
221
222 show_step(11)
223 netchecker.wait_check_network(k8sclient, namespace='netchecker',
224 works=True, timeout=300)