feat: e2e test for containerd egress path (#4070)

Azure · Feb 16, 2024 · b249612 · b249612
1 parent 77ee5f8
commit b249612
Show file tree

Hide file tree

Showing 207 changed files with 363 additions and 202 deletions.
diff --git a/e2e/scenario/scenario.go b/e2e/scenario/scenario.go
@@ -70,6 +70,8 @@ func (t *Template) scenarios() []*Scenario {
 		t.ubuntu2204CustomCATrust(),
 		t.ubuntu2204ArtifactStreaming(),
 		t.ubuntu2204privatekubepkg(),
+		t.ubuntu2204ContainerdURL(),
+		t.ubuntu2204ContainerdVersion(),
 	}
 }
 

diff --git a/e2e/scenario/scenario_ubuntu2204-standalone-containerd.go b/e2e/scenario/scenario_ubuntu2204-standalone-containerd.go
@@ -0,0 +1,58 @@
+package scenario
+
+import (
+	"github.com/Azure/agentbaker/pkg/agent/datamodel"
+)
+
+// These tests were created to verify that the apt-get call in downloadContainerdFromVersion is not executed.
+// The code path is not hit in either of these tests. In the future, testing with some kind of firewall to ensure no egress
+// calls are made would be beneficial for airgap testing.
+
+func (t *Template) ubuntu2204ContainerdURL() *Scenario {
+	return &Scenario{
+		Name:        "ubuntu2204ContainerdURL",
+		Description: "tests that a node using the Ubuntu 2204 VHD with the ContainerdPackageURL override bootstraps with the provided URL and not the maifest contianerd version",
+		Config: Config{
+			ClusterSelector: NetworkPluginKubenetSelector,
+			ClusterMutator:  NetworkPluginKubenetMutator,
+			VHDSelector:     t.Ubuntu2204Gen2Containerd,
+			BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
+				nbc.ContainerService.Properties.AgentPoolProfiles[0].Distro = "aks-ubuntu-containerd-22.04-gen2"
+				nbc.AgentPoolProfile.Distro = "aks-ubuntu-containerd-22.04-gen2"
+				nbc.ContainerdPackageURL = "https://packages.microsoft.com/ubuntu/22.04/prod/pool/main/m/moby-containerd/moby-containerd_1.6.9+azure-ubuntu22.04u1_amd64.deb"
+			},
+			LiveVMValidators: []*LiveVMValidator{
+				containerdVersionValidator("1.6.9"),
+			},
+		},
+	}
+}
+
+func (t *Template) ubuntu2204ContainerdVersion() *Scenario {
+	return &Scenario{
+		Name:        "ubuntu2204ContainerdVersion",
+		Description: "tests that a node using an Ubuntu2204 VHD and the ContainerdVersion override bootstraps with the correct manifest containerd version and ignores the override",
+		Config: Config{
+			ClusterSelector: NetworkPluginKubenetSelector,
+			ClusterMutator:  NetworkPluginKubenetMutator,
+			VHDSelector:     t.Ubuntu2204Gen2Containerd,
+			BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
+				nbc.ContainerService.Properties.AgentPoolProfiles[0].Distro = "aks-ubuntu-containerd-22.04-gen2"
+				nbc.AgentPoolProfile.Distro = "aks-ubuntu-containerd-22.04-gen2"
+				nbc.ContainerdVersion = "1.6.9"
+			},
+			LiveVMValidators: []*LiveVMValidator{
+				containerdVersionValidator(getContainerdManifestVersion()),
+			},
+		},
+	}
+}
+
+func getContainerdManifestVersion() string {
+	manifest, err := getVHDManifest()
+	if err != nil {
+		panic(err)
+	}
+
+	return manifest.Containerd.Edge
+}
diff --git a/e2e/scenario/validators.go b/e2e/scenario/validators.go
@@ -125,3 +125,20 @@ func UlimitValidator(ulimits map[string]string) *LiveVMValidator {
 		},
 	}
 }
+
+func containerdVersionValidator(version string) *LiveVMValidator {
+	return &LiveVMValidator{
+		Description: "assert containerd version",
+		Command:     "containerd --version",
+		Asserter: func(code, stdout, stderr string) error {
+			if code != "0" {
+				return fmt.Errorf("validator command terminated with exit code %q but expected code 0", code)
+			}
+
+			if !strings.Contains(stdout, version) {
+				return fmt.Errorf(fmt.Sprintf("expected to find containerd version %s, but was not", version))
+			}
+			return nil
+		},
+	}
+}
diff --git a/e2e/scenario/vhd.go b/e2e/scenario/vhd.go
@@ -97,6 +97,28 @@ func mustGetVHDCatalogFromEmbeddedJSON(rawJSON string) VHDCatalog {
 	return catalog
 }
 
+type Manifest struct {
+	Containerd struct {
+		Edge string `json:"edge"`
+	} `json:"containerd"`
+}
+
+func getVHDManifest() (*Manifest, error) {
+	manifestData, err := os.ReadFile("../parts/linux/cloud-init/artifacts/manifest.json")
+	if err != nil {
+		return nil, err
+	}
+	manifestDataStr := string(manifestData)
+	manifestDataStr = strings.TrimRight(manifestDataStr, "#EOF \n\r\t")
+	manifestData = []byte(manifestDataStr)
+
+	manifest := Manifest{}
+	if err = json.Unmarshal([]byte(manifestData), &manifest); err != nil {
+		return nil, err
+	}
+	return &manifest, nil
+}
+
 // VHDResourceID represents a resource ID pointing to a VHD in Azure. This could be theoretically
 // be the resource ID of a managed image or SIG image version, though for now this will always be a SIG image version.
 type VHDResourceID string

diff --git a/parts/linux/cloud-init/artifacts/cse_install.sh b/parts/linux/cloud-init/artifacts/cse_install.sh
@@ -56,7 +56,7 @@ installContainerRuntime() {
         logs_to_events "AKS.CSE.installContainerRuntime.installStandaloneContainerd" "installStandaloneContainerd ${containerd_patch_version} ${containerd_revision}"
         echo "in installContainerRuntime - CONTAINERD_VERION = ${containerd_patch_version}"
     else
-        installMoby
+        installMoby # used in docker clusters. Not supported but still exist in production
     fi
 }
 

diff --git a/parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh b/parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh
@@ -175,6 +175,7 @@ downloadContainerdFromVersion() {
     updateAptWithMicrosoftPkg 
     apt_get_download 20 30 moby-containerd=${CONTAINERD_VERSION}* || exit $ERR_CONTAINERD_INSTALL_TIMEOUT
     cp -al ${APT_CACHE_DIR}moby-containerd_${CONTAINERD_VERSION}* $CONTAINERD_DOWNLOADS_DIR/ || exit $ERR_CONTAINERD_INSTALL_TIMEOUT
+    echo "Succeeded to download containerd version ${CONTAINERD_VERSION}"
 }
 
 downloadContainerdFromURL() {