Initial e2e test migration from in-tree to gcp cloud provider

Author: seans3

Diff for: BUILD

@@ -19,3 +19,4 @@ gazelle(
 )
 
 # gazelle:exclude crd
+# gazelle:exclude test/e2e

Diff for: cluster/gce/util.sh

@@ -253,6 +253,7 @@ function copy-to-staging() {
     fi
   fi
 
+  rm -f "${tar}.sha512"
   echo "${hash}" > "${tar}.sha512"
   gsutil -m -q -h "Cache-Control:private, max-age=0" cp "${tar}" "${tar}.sha512" "${staging_path}"
   gsutil -m acl ch -g all:R "${gs_url}" "${gs_url}.sha512" >/dev/null 2>&1 || true

Diff for: test/boskos.sh

@@ -1,5 +1,24 @@
 #!/usr/bin/env bash
 
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Source this file to be able to acquire a boskos project using
+# the acquire_project function. Must be run in prow, since acquiring
+# a boskos project expects the owner to be the prow job name (JOB_NAME).
+# Can set a custom boskos url by passing the BOSKOS_URL env var.
+
 set -o errexit
 set -o nounset
 set -o pipefail
@@ -9,13 +28,18 @@ if [[ -z "${BOSKOS_URL:-}" ]]; then
   BOSKOS_URL="http://boskos.test-pods.svc.cluster.local"
 fi
 
-# acquires a project from boskos
+# Acquires a "gce" project from boskos. Returns project by setting/exporting PROJECT env var.
+# Parameter: JOB_NAME is an env var set by prow. Parameter: BOSKOS_URL is an env var set above
+# by either passing in the env var, or using the default url. Starts/runs a heartbeat with
+# the returned bosko project. Returns an error if unable to acquire the boskos project.
 acquire_project() {
     local project=""
     local project_type="gce-project"
 
     boskos_response=$(curl -X POST "${BOSKOS_URL}/acquire?type=${project_type}&state=free&dest=busy&owner=${JOB_NAME}")
-
+    echo
+    echo "DEBUG--Boskos Response: ${boskos_response}"
+    echo
     if project=$(echo "${boskos_response}" | jq -r '.name'); then
         echo "Using GCP project: ${project}"
         PROJECT="${project}"

Diff for: test/e2e/firewall.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package e2e
+
+import (
+	"context"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	v1 "k8s.io/api/core/v1"
+	clientset "k8s.io/client-go/kubernetes"
+	"k8s.io/kubernetes/pkg/cluster/ports"
+	kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
+	"k8s.io/kubernetes/test/e2e/framework"
+	e2enode "k8s.io/kubernetes/test/e2e/framework/node"
+)
+
+const firewallTestTCPTimeout = time.Duration(1 * time.Second)
+
+var _ = Describe("[cloud-provider-gcp-e2e] Firewall Rules", func() {
+	f := framework.NewDefaultFramework("firewall-rules")
+
+	var cs clientset.Interface
+	BeforeEach(func() {
+		cs = f.ClientSet
+	})
+
+	AfterEach(func() {
+		// After each test
+	})
+
+	// Firewall Test
+	f.It("control plane should not expose well-known ports", func(ctx context.Context) {
+		nodes, err := e2enode.GetReadySchedulableNodes(ctx, cs)
+		framework.ExpectNoError(err)
+
+		By("Checking well known ports on master and nodes are not exposed externally")
+		nodeAddr := e2enode.FirstAddress(nodes, v1.NodeExternalIP)
+		if nodeAddr != "" {
+			assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletPort, firewallTestTCPTimeout, false)
+			assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletReadOnlyPort, firewallTestTCPTimeout, false)
+			assertNotReachableHTTPTimeout(nodeAddr, "/", ports.ProxyStatusPort, firewallTestTCPTimeout, false)
+		}
+
+		controlPlaneAddresses := framework.GetControlPlaneAddresses(ctx, cs)
+		for _, instanceAddress := range controlPlaneAddresses {
+			assertNotReachableHTTPTimeout(instanceAddress, "/healthz", ports.KubeControllerManagerPort, firewallTestTCPTimeout, true)
+			assertNotReachableHTTPTimeout(instanceAddress, "/healthz", kubeschedulerconfig.DefaultKubeSchedulerPort, firewallTestTCPTimeout, true)
+		}
+	})
+})
+
+func assertNotReachableHTTPTimeout(ip, path string, port int, timeout time.Duration, enableHTTPS bool) {
+	result := PokeHTTP(ip, port, path, &HTTPPokeParams{Timeout: timeout, EnableHTTPS: enableHTTPS})
+	if result.Status == HTTPError {
+		framework.Failf("Unexpected error checking for reachability of %s:%d: %v", ip, port, result.Error)
+	}
+	if result.Code != 0 {
+		framework.Failf("Was unexpectedly able to reach %s:%d", ip, port)
+	}
+}

Diff for: test/e2e/gce.go

@@ -0,0 +1,118 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package e2e
+
+import (
+	"fmt"
+	"math/rand"
+
+	gcecloud "k8s.io/cloud-provider-gcp/providers/gce"
+	"k8s.io/kubernetes/test/e2e/framework"
+)
+
+// Run when the "gce" provider is registered in "init()".
+func factory() (framework.ProviderInterface, error) {
+	framework.Logf("Fetching cloud provider for %q\r", framework.TestContext.Provider)
+	zone := framework.TestContext.CloudConfig.Zone
+	region := framework.TestContext.CloudConfig.Region
+	allowedZones := framework.TestContext.CloudConfig.Zones
+
+	// ensure users don't specify a zone outside of the requested zones
+	if len(zone) > 0 && len(allowedZones) > 0 {
+		var found bool
+		for _, allowedZone := range allowedZones {
+			if zone == allowedZone {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return nil, fmt.Errorf("the provided zone %q must be included in the list of allowed zones %v", zone, allowedZones)
+		}
+	}
+
+	var err error
+	if region == "" {
+		region, err = gcecloud.GetGCERegion(zone)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing GCE/GKE region from zone %q: %w", zone, err)
+		}
+	}
+	managedZones := []string{} // Manage all zones in the region
+	if !framework.TestContext.CloudConfig.MultiZone {
+		managedZones = []string{zone}
+	}
+	if len(allowedZones) > 0 {
+		managedZones = allowedZones
+	}
+
+	gceCloud, err := gcecloud.CreateGCECloud(&gcecloud.CloudConfig{
+		APIEndpoint:        framework.TestContext.CloudConfig.APIEndpoint,
+		ProjectID:          framework.TestContext.CloudConfig.ProjectID,
+		Region:             region,
+		Zone:               zone,
+		ManagedZones:       managedZones,
+		NetworkName:        "", // TODO: Change this to use framework.TestContext.CloudConfig.Network?
+		SubnetworkName:     "",
+		NodeTags:           nil,
+		NodeInstancePrefix: "",
+		TokenSource:        nil,
+		UseMetadataServer:  false,
+		AlphaFeatureGate:   gcecloud.NewAlphaFeatureGate([]string{}),
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("Error building GCE/GKE provider: %w", err)
+	}
+
+	// Arbitrarily pick one of the zones we have nodes in, looking at prepopulated zones first.
+	if framework.TestContext.CloudConfig.Zone == "" && len(managedZones) > 0 {
+		framework.TestContext.CloudConfig.Zone = managedZones[rand.Intn(len(managedZones))]
+	}
+	if framework.TestContext.CloudConfig.Zone == "" && framework.TestContext.CloudConfig.MultiZone {
+		zones, err := gceCloud.GetAllZonesFromCloudProvider()
+		if err != nil {
+			return nil, err
+		}
+
+		framework.TestContext.CloudConfig.Zone, _ = zones.PopAny()
+	}
+
+	return NewProvider(gceCloud), nil
+}
+
+// Provider is a structure to handle GCE clouds for e2e testing
+type Provider struct {
+	framework.NullProvider
+	gceCloud *gcecloud.Cloud
+}
+
+// NewProvider returns a cloud provider interface for GCE
+func NewProvider(gceCloud *gcecloud.Cloud) framework.ProviderInterface {
+	return &Provider{
+		gceCloud: gceCloud,
+	}
+}
+
+// GetGCECloud returns GCE cloud provider
+func GetGCECloud() (*gcecloud.Cloud, error) {
+	p, ok := framework.TestContext.CloudConfig.Provider.(*Provider)
+	if !ok {
+		return nil, fmt.Errorf("failed to convert CloudConfig.Provider to GCE provider: %#v", framework.TestContext.CloudConfig.Provider)
+	}
+	return p.gceCloud, nil
+}

Diff for: test/e2e/go.mod

@@ -0,0 +1,138 @@
+module k8s.io/cloud-provider-gcp/tests/e2e
+
+go 1.22.0
+
+toolchain go1.22.1
+
+require (
+	github.com/onsi/ginkgo/v2 v2.15.0
+	github.com/onsi/gomega v1.31.0
+	google.golang.org/api v0.151.0
+	k8s.io/api v0.30.0
+	k8s.io/apimachinery v0.30.0
+	k8s.io/client-go v0.30.0
+	k8s.io/cloud-provider-gcp/providers v0.0.0-00010101000000-000000000000
+	k8s.io/kubernetes v1.30.0
+	k8s.io/pod-security-admission v0.30.0
+)
+
+require (
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/GoogleCloudPlatform/k8s-cloud-provider v1.25.0 // indirect
+	github.com/NYTimes/gziphandler v1.1.1 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/coreos/go-semver v0.3.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/cel-go v0.17.8 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.4.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.16.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stoewer/go-strcase v1.2.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.10 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.10 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/gcfg.v1 v1.2.3 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.0.0 // indirect
+	k8s.io/apiserver v0.30.0 // indirect
+	k8s.io/cloud-provider v0.30.0 // indirect
+	k8s.io/component-base v0.30.0 // indirect
+	k8s.io/component-helpers v0.30.0 // indirect
+	k8s.io/controller-manager v0.30.0 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kms v0.30.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kubectl v0.0.0 // indirect
+	k8s.io/kubelet v0.30.0 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+replace (
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.0
+	k8s.io/cloud-provider-gcp/providers => ../../providers
+	k8s.io/kubectl => k8s.io/kubectl v0.30.0
+)