Merge pull request #13266 from thomasferrandiz/backport-multus-1.32

[Release-1.32] Add multus e2e test

Author: thomasferrandiz

.github/workflows/e2e.yaml

@@ -51,7 +51,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        etest: [btrfs, embeddedmirror, externalip, privateregistry, rootless, s3, startup, wasm]
+        etest: [btrfs, embeddedmirror, externalip, privateregistry, rootless, s3, startup, wasm, multus]
       max-parallel: 5
     steps:
       - name: "Checkout"

tests/e2e/amd64_resource_files/multus_test.yaml

@@ -0,0 +1,80 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: macvlan-conf
+spec: 
+  config: '{
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "macvlan",
+          "capabilities": { "ips": true },
+          "master": "eth1",
+          "mode": "bridge",
+          "ipam": {
+            "type": "static",
+            "routes": [
+              {
+                "dst": "0.0.0.0/0",
+                "gw": "10.1.1.1"
+              }
+            ] 
+          }
+        }, {
+          "capabilities": { "mac": true },
+          "type": "tuning"
+        }
+      ]
+    }'
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: pod-macvlan
+  name: pod-macvlan
+  annotations:
+    k8s.v1.cni.cncf.io/networks: '[
+            { "name": "macvlan-conf",
+              "ips": [ "10.1.1.101/24" ],
+              "mac": "c2:b0:57:49:47:f1",
+              "gateway": [ "10.1.1.1" ]
+            }]'
+spec:
+  containers:
+  - image: rancher/mirrored-library-busybox:1.36.1
+    command:
+      - sleep
+      - infinity
+    imagePullPolicy: Always
+    name: busybox
+    securityContext:
+      capabilities:
+        add: ["NET_ADMIN","NET_RAW"]
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: pod2-macvlan
+  name: pod2-macvlan
+  annotations:
+    k8s.v1.cni.cncf.io/networks: '[
+            { "name": "macvlan-conf",
+              "ips": [ "10.1.1.102/24" ],
+              "mac": "c2:b0:57:45:47:f1",
+              "gateway": [ "10.1.1.1" ]
+            }]'
+spec:
+  containers:
+  - image: rancher/mirrored-library-busybox:1.36.1
+    command:
+      - sleep
+      - infinity
+    imagePullPolicy: Always
+    name: busybox
+    securityContext:
+      capabilities:
+        add: ["NET_ADMIN","NET_RAW"]

tests/e2e/multus/Vagrantfile

@@ -0,0 +1,81 @@
+ENV['VAGRANT_NO_PARALLEL'] = 'no'
+NODE_ROLES = (ENV['E2E_NODE_ROLES'] ||
+  ["server-0", "agent-0" ])
+NODE_BOXES = (ENV['E2E_NODE_BOXES'] ||
+  ['bento/ubuntu-24.04', 'bento/ubuntu-24.04'])
+GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master")
+RELEASE_VERSION = (ENV['E2E_RELEASE_VERSION'] || "")
+GOCOVER = (ENV['E2E_GOCOVER'] || "")
+NODE_CPUS = (ENV['E2E_NODE_CPUS'] || 2).to_i
+NODE_MEMORY = (ENV['E2E_NODE_MEMORY'] || 3072).to_i
+NETWORK4_PREFIX = "10.10.10"
+MULTUS_PREFIX = "192.168.1"
+install_type = ""
+
+def provision(vm, role, role_num, node_num)
+  vm.box = NODE_BOXES[node_num]
+  vm.hostname = role
+  node_ip4 = "#{NETWORK4_PREFIX}.#{100+node_num}"
+  vm.network "private_network", :ip => node_ip4, :netmask => "255.255.255.0"
+
+  scripts_location = Dir.exist?("./scripts") ? "./scripts" : "../scripts" 
+  vagrant_defaults = File.exist?("./vagrantdefaults.rb") ? "./vagrantdefaults.rb" : "../vagrantdefaults.rb"
+  load vagrant_defaults
+
+  defaultOSConfigure(vm)
+  addCoverageDir(vm, role, GOCOVER)
+  install_type = getInstallType(vm, RELEASE_VERSION, GITHUB_BRANCH)
+
+  if role.include?("server") && role_num == 0
+    vm.provision :k3s, run: 'once' do |k3s|
+      k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
+      k3s.args = "server "
+      k3s.config = <<~YAML
+        node-ip: #{node_ip4}
+        token: vagrant
+        flannel-iface: eth1
+      YAML
+      k3s.env = ["K3S_KUBECONFIG_MODE=0644", install_type]
+    end
+    #install multus manifest
+    vm.provision "file", source: "multus-config.yaml", destination: "multus-config.yaml"
+    vm.provision "shell", inline: "sudo mkdir -p /var/lib/rancher/k3s/server/manifests/ && sudo cp multus-config.yaml /var/lib/rancher/k3s/server/manifests/"
+  end
+  if role.include?("agent")
+    vm.provision :k3s, run: 'once' do |k3s|
+      k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
+      k3s.args = "agent "
+      k3s.config = <<~YAML
+        server: https://#{NETWORK4_PREFIX}.100:6443
+        token: vagrant
+        node-ip: #{node_ip4}
+        flannel-iface: eth1
+      YAML
+      k3s.env = ["K3S_KUBECONFIG_MODE=0644", install_type]
+    end
+  end
+end
+
+Vagrant.configure("2") do |config|
+  config.vagrant.plugins = ["vagrant-k3s", "vagrant-reload", "vagrant-libvirt"]
+  config.vm.provider "libvirt" do |v|
+    v.cpus = NODE_CPUS
+    v.memory = NODE_MEMORY
+    # We replicate the default prefix, but add a timestamp to enable parallel runs and cleanup of old VMs
+    v.default_prefix = File.basename(Dir.getwd) + "_" + Time.now.to_i.to_s + "_"
+  end
+
+  if NODE_ROLES.kind_of?(String)
+    NODE_ROLES = NODE_ROLES.split(" ", -1)
+  end
+  if NODE_BOXES.kind_of?(String)
+    NODE_BOXES = NODE_BOXES.split(" ", -1)
+  end
+
+  NODE_ROLES.each_with_index do |role, i|
+    role_num = role.split("-", -1).pop.to_i
+    config.vm.define role do |node|
+      provision(node.vm, role, role_num, i)
+    end
+  end
+ end

tests/e2e/multus/multus-config.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: multus
+  namespace: kube-system
+spec:
+  repo: https://rke2-charts.rancher.io
+  chart: rke2-multus
+  targetNamespace: kube-system
+  valuesContent: |-
+    config:
+      fullnameOverride: multus
+      cni_conf:
+        confDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
+        binDir: /var/lib/rancher/k3s/data/cni/
+        kubeconfig: /var/lib/rancher/k3s/agent/etc/cni/net.d/multus.d/multus.kubeconfig
+        # Comment the following line when using rke2-multus < v4.2.202
+        multusAutoconfigDir: /var/lib/rancher/k3s/agent/etc/cni/net.d

tests/e2e/multus/multus_test.go

@@ -0,0 +1,121 @@
+// This test verifies that two nodes, which can't connect using the local network, are
+// able to still connect using the node-external-ip. In real life, node-external-ip
+// would be a public IP. In the test, we create two networks, one sets the node
+// internal-ip and the other sets the node-external-ip. Traffic is blocked on the former
+
+package multus
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/k3s-io/k3s/tests"
+	"github.com/k3s-io/k3s/tests/e2e"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+// Valid nodeOS: bento/ubuntu-24.04, opensuse/Leap-15.6.x86_64
+var nodeOS = flag.String("nodeOS", "bento/ubuntu-24.04", "VM operating system")
+var serverCount = flag.Int("serverCount", 1, "number of server nodes")
+var agentCount = flag.Int("agentCount", 1, "number of agent nodes")
+var ci = flag.Bool("ci", false, "running on CI")
+var local = flag.Bool("local", false, "deploy a locally built K3s binary")
+
+func Test_E2EMultus(t *testing.T) {
+	flag.Parse()
+	RegisterFailHandler(Fail)
+	suiteConfig, reporterConfig := GinkgoConfiguration()
+	RunSpecs(t, "Multus config Suite", suiteConfig, reporterConfig)
+
+}
+
+var tc *e2e.TestConfig
+
+var _ = ReportAfterEach(e2e.GenReport)
+
+var _ = Describe("Verify Multus config", Ordered, func() {
+	Context("Cluster comes up with Multus enabled", func() {
+		It("Starts up with no issues", func() {
+			var err error
+			if *local {
+				tc, err = e2e.CreateLocalCluster(*nodeOS, *serverCount, *agentCount)
+			} else {
+				tc, err = e2e.CreateCluster(*nodeOS, *serverCount, *agentCount)
+			}
+			Expect(err).NotTo(HaveOccurred(), e2e.GetVagrantLog(err))
+			By("CLUSTER CONFIG")
+			By("OS: " + *nodeOS)
+			By(tc.Status())
+		})
+
+		It("Checks Node Status", func() {
+			Eventually(func() error {
+				return tests.NodesReady(tc.KubeconfigFile, e2e.VagrantSlice(tc.AllNodes()))
+			}, "620s", "5s").Should(Succeed())
+			e2e.DumpNodes(tc.KubeconfigFile)
+		})
+
+		It("Checks pod status", func() {
+			By("Fetching pod status")
+			Eventually(func() error {
+				return tests.AllPodsUp(tc.KubeconfigFile, "kube-system")
+			}, "620s", "10s").Should(Succeed())
+		})
+	})
+	Context("Deploy workloads to check cluster connectivity of the nodes", func() {
+		It("Verifies that each node has vagrant IP", func() {
+			nodeIPs, err := e2e.GetNodeIPs(tc.KubeconfigFile)
+			fmt.Printf("nodeIPs: %v", nodeIPs)
+			Expect(err).NotTo(HaveOccurred())
+			for _, node := range nodeIPs {
+				Expect(node.IPv4).Should(ContainSubstring("10.10."))
+			}
+		})
+		It("Verifies that each pod has vagrant IP or clusterCIDR IP", func() {
+			podIPs, err := e2e.GetPodIPs(tc.KubeconfigFile)
+			Expect(err).NotTo(HaveOccurred())
+			for _, pod := range podIPs {
+				Expect(pod.IPv4).Should(Or(ContainSubstring("10.10."), ContainSubstring("10.42.")), pod.Name)
+			}
+		})
+		It("Verifies multus daemonset comes up", func() {
+			Eventually(func() (string, error) {
+				cmd := "kubectl get ds multus -n kube-system -o jsonpath='{.status.numberReady}' --kubeconfig=" + tc.KubeconfigFile
+				return e2e.RunCommand(cmd)
+			}, "120s", "5s").Should(ContainSubstring("2"))
+		})
+		It("Deploys Multus NetworkAttachmentDefinition and test pods", func() {
+			_, err := tc.DeployWorkload("multus_test.yaml")
+			Expect(err).NotTo(HaveOccurred())
+			time.Sleep(5 * time.Second)
+		})
+		It("Verifies internode connectivity over multus network", func() {
+			cmd := "kubectl exec pod-macvlan --kubeconfig=" + tc.KubeconfigFile + " -- ping -c 1 -w 2 10.1.1.102"
+			Eventually(func() (string, error) {
+				return e2e.RunCommand(cmd)
+			}, "20s", "3s").Should(ContainSubstring("0% packet loss"), "failed cmd: "+cmd)
+		})
+	})
+})
+
+var failed bool
+var _ = AfterEach(func() {
+	failed = failed || CurrentSpecReport().Failed()
+})
+
+var _ = AfterSuite(func() {
+	if failed {
+		Expect(e2e.SaveJournalLogs(tc.AllNodes())).To(Succeed())
+		Expect(e2e.TailPodLogs(50, tc.AllNodes())).To(Succeed())
+	} else {
+		Expect(e2e.GetCoverageReport(tc.AllNodes())).To(Succeed())
+	}
+	if !failed || *ci {
+		Expect(e2e.DestroyCluster()).To(Succeed())
+		Expect(os.Remove(tc.KubeconfigFile)).To(Succeed())
+	}
+})