Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / tcp-qa / 501e67e177b01a954bc2a503480761e1e2bb61b9 / . / tcp_tests / tests / system / test_calico.py
blob: f174c9fdb308bf039a325ff73433389d519ec68c [file] [log] [blame]
Artem Panchenko501e67e2017-06-14 14:59:18 +0300[diff] [blame^]1# Copyright 2017 Mirantis, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import pytest
16
17from devops.helpers import helpers
18
19from tcp_tests import logger
20from tcp_tests.helpers import netchecker
21
22LOG = logger.logger
23
24
25class TestMCPCalico(object):
26 """Test class for Calico network provider in k8s"""
27
28 @pytest.mark.fail_snapshot
29 def test_k8s_netchecker_calico(self, show_step, config, k8s_deployed):
30 """Test for deploying k8s environment with Calico plugin and check
31 network connectivity between different pods by k8s-netchecker
32
33 Scenario:
34 1. Install k8s with Calico network plugin.
35 2. Run netchecker-server service.
36 3. Run netchecker-agent daemon set.
37 4. Get network verification status. Check status is 'OK'.
38
39 Duration: 3000 seconds
40 """
41
42 # STEP #1
43 show_step(1)
44 k8sclient = k8s_deployed.api
45 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
46
47 # STEP #2
48 show_step(2)
49 netchecker.start_server(k8s=k8s_deployed, config=config)
50 netchecker.wait_check_network(k8sclient, works=True,
51 timeout=300)
52
53 # STEP #3
54 show_step(3)
55 netchecker.start_agent(k8s=k8s_deployed, config=config)
56
57 # STEP #4
58 show_step(4)
59 netchecker.wait_check_network(k8sclient, works=True,
60 timeout=300)
61
62 @pytest.mark.fail_snapshot
63 def test_calico_route_recovery(self, show_step, config, underlay,
64 k8s_deployed):
65 """Test for deploying k8s environment with Calico plugin and check
66 that local routes are recovered by felix after removal
67
68 Scenario:
69 1. Install k8s with Calico network plugin.
70 2. Run netchecker-server service.
71 3. Run netchecker-agent daemon set.
72 4. Get network verification status. Check status is 'OK'.
73 5. Remove local route to netchecker-agent pod on the first node
74 6. Check that the route is automatically recovered
75 7. Get network verification status. Check status is 'OK'.
76
77 Duration: 3000 seconds
78 """
79
80 # STEP #1
81 show_step(1)
82 k8sclient = k8s_deployed.api
83 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
84
85 # STEP #2
86 show_step(2)
87 netchecker.start_server(k8s=k8s_deployed, config=config)
88 LOG.info("Waiting for netchecker server is running")
89 netchecker.wait_check_network(k8sclient, works=True,
90 timeout=300)
91
92 # STEP #3
93 show_step(3)
94 netchecker.start_agent(k8s=k8s_deployed, config=config)
95
96 # STEP #4
97 show_step(4)
98 netchecker.wait_check_network(k8sclient, works=True,
99 timeout=300)
100
101 # STEP #5
102 show_step(5)
103 first_node = k8sclient.nodes.list()[0]
104 first_node_ips = [addr.address for addr in first_node.status.addresses
105 if 'IP' in addr.type]
106 assert len(first_node_ips) > 0, "Couldn't find first k8s node IP!"
107 first_node_names = [name for name in underlay.node_names()
108 if name.startswith(first_node.name)]
109 assert len(first_node_names) == 1, "Couldn't find first k8s node " \
110 "hostname in SSH config!"
111 first_node_name = first_node_names.pop()
112
113 target_pod_ip = None
114
115 for pod in k8sclient.pods.list():
116 if pod.status.host_ip not in first_node_ips:
117 continue
118 # TODO: get pods by daemonset with name 'netchecker-agent'
119 if 'netchecker-agent-' in pod.name and 'hostnet' not in pod.name:
120 target_pod_ip = pod.status.pod_ip
121
122 assert target_pod_ip is not None, "Could not find netchecker pod IP!"
123
124 route_del_cmd = 'ip route delete {0}'.format(target_pod_ip)
125 underlay.sudo_check_call(cmd=route_del_cmd, node_name=first_node_name)
126 LOG.debug('Removed local route to pod IP {0} on node {1}'.format(
127 target_pod_ip, first_node.name
128 ))
129
130 # STEP #6
131 show_step(6)
132 route_chk_cmd = 'ip route list | grep -q "{0}"'.format(target_pod_ip)
133 helpers.wait_pass(
134 lambda: underlay.sudo_check_call(cmd=route_chk_cmd,
135 node_name=first_node_name),
136 timeout=30,
137 interval=1
138 )
139 pod_ping_cmd = 'sleep 3 && ping -q -c 1 -w 3 {0}'.format(target_pod_ip)
140 underlay.sudo_check_call(cmd=pod_ping_cmd, node_name=first_node_name)
141 LOG.debug('Local route to pod IP {0} on node {1} is '
142 'recovered'.format(target_pod_ip, first_node.name))
143
144 # STEP #7
145 show_step(7)
146 netchecker.wait_check_network(k8sclient, works=True)
147
148 @pytest.mark.fail_snapshot
149 def test_calico_network_policies(self, show_step, config, underlay,
150 k8s_deployed):
151 """Test for deploying k8s environment with Calico and check
152 that network policies work as expected
153
154 Scenario:
155 1. Install k8s.
156 2. Create new namespace 'netchecker'
157 3. Run netchecker-server service
158 4. Check that netchecker-server returns '200 OK'
159 5. Run netchecker-agent daemon set in default namespace
160 6. Get network verification status. Check status is 'OK'
161 7. Enable network isolation for 'netchecker' namespace
162 8. Allow connections to netchecker-server from tests using
163 Calico policy
164 9. Get network verification status. Check status is 'FAIL' because
165 no netcheker-agent pods can reach netchecker-service pod
166 10. Add kubernetes network policies which allow connections
167 from netchecker-agent pods (including ones with host network)
168 11. Get network verification status. Check status is 'OK'
169
170 Duration: 3000 seconds
171 """
172
173 show_step(1)
174 k8sclient = k8s_deployed.api
175 assert k8sclient.nodes.list() is not None, "Can not get nodes list"
176 kube_master_nodes = k8s_deployed.get_k8s_masters()
177 assert kube_master_nodes, "No k8s masters found in pillars!"
178
179 show_step(2)
180 k8s_deployed.check_namespace_create(name='netchecker')
181
182 show_step(3)
183 netchecker.start_server(k8s=k8s_deployed, config=config,
184 namespace='netchecker')
185
186 show_step(4)
187 netchecker.wait_check_network(k8sclient, namespace='netchecker',
188 works=True)
189
190 show_step(5)
191 netchecker.start_agent(k8s=k8s_deployed, config=config,
192 namespace='default',
193 service_namespace='netchecker')
194
195 show_step(6)
196 netchecker.wait_check_network(k8sclient, namespace='netchecker',
197 works=True, timeout=300)
198
199 show_step(7)
200 netchecker.kubernetes_block_traffic_namespace(underlay,
201 kube_master_nodes[0],
202 'netchecker')
203
204 show_step(8)
205 netchecker.calico_allow_netchecker_connections(underlay,
206 kube_master_nodes[0],
207 config.k8s.kube_host,
208 'netchecker')
209
210 show_step(9)
211 netchecker.wait_check_network(k8sclient, namespace='netchecker',
212 works=False, timeout=500)
213
214 show_step(10)
215 netchecker.kubernetes_allow_traffic_from_agents(underlay,
216 kube_master_nodes[0],
217 'netchecker')
218
219 show_step(11)
220 netchecker.wait_check_network(k8sclient, namespace='netchecker',
221 works=True, timeout=300)