azure-container-networking/.pipelines/npm/npm-cni-integration-test.yaml

parameters:
  clusterName: ""
  os: ""
  sub: ""
  os_version: ""
  dependsOn: ""
  tag: ""
  continueOnError: false

# Condition confirms that:
# Pipeline has not been canceled and that the previous job has reports anything other than failure(Succeeded, SuccededWithIssues, Skipped). Previous job is declared by dependsOn: ${{ parameters.dependsOn }}
# Cluster is either Windows2022 or Linux
# CONTROL_SCENARIO either contains 'npm' or 'all'. It is not case sensitive
jobs:
  - job: npm_k8se2e
    displayName: "NPM k8s E2E"
    dependsOn: ${{ parameters.dependsOn }}
    condition: and( and( not(canceled()), not(failed()) ), ${{ or(contains(parameters.os_version, '2022'), eq(parameters.os, 'linux') ) }} , or( contains(variables.CONTROL_SCENARIO, 'npm') , contains(variables.CONTROL_SCENARIO, 'all') ) )
    timeoutInMinutes: 180 # This is for testing windows, due to the 3m between the 14 tests -> results in 42m of wasted time
    pool:
      name: $(BUILD_POOL_NAME_DEFAULT)
      demands:
      - agent.os -equals Linux
      - Role -equals Build
    steps:
      - ${{ if eq(parameters.os, 'linux') }}:
        - task: AzureCLI@2
          displayName: "Deploy NPM to Test Cluster"
          inputs:
            azureSubscription: ${{ parameters.sub }}
            scriptType: "bash"
            scriptLocation: "inlineScript"
            inlineScript: |
              set -ex

              make -C ./hack/aks set-kubeconf AZCLI=az CLUSTER=${{ parameters.clusterName }}

              # deploy azure-npm
              kubectl apply -f https://raw.githubusercontent.com/Azure/azure-container-networking/master/npm/azure-npm.yaml
              kubectl set image daemonset/azure-npm -n kube-system azure-npm=$IMAGE_REGISTRY/azure-npm:${{ parameters.tag }}
              kubectl rollout status -n kube-system daemonset/azure-npm

              kubectl get po -n kube-system -owide -A

              # FQDN=`az aks show -n $CLUSTER_NAME -g $CLUSTER_NAME --query fqdn -o tsv`
              FQDN=`az aks show -g ${{ parameters.clusterName }} -n ${{ parameters.clusterName }} --query fqdn -o tsv`
              echo $FQDN
              echo "##vso[task.setvariable variable=FQDN]$FQDN"

              artifact=npm_k8s
              echo $artifact/e2e.test
              echo "##vso[task.setvariable variable=artifact]$artifact"              

        - download: current
          artifact: npm_k8s

      - ${{ if eq(parameters.os, 'windows') }}:
        - task: AzureCLI@2
          displayName: "Deploy Windows NPM to Test Cluster"
          inputs:
            azureSubscription: ${{ parameters.sub }}
            scriptType: "bash"
            scriptLocation: "inlineScript"
            inlineScript: |
              set -ex

              make -C ./hack/aks set-kubeconf AZCLI=az CLUSTER=${{ parameters.clusterName }}

              # deploy azure-npm-win
              # Windows
              kubectl apply -f npm/examples/windows/azure-npm.yaml
              kubectl set image daemonset/azure-npm-win -n kube-system azure-npm=$IMAGE_REGISTRY/azure-npm:windows-amd64-ltsc2022-${{ parameters.tag }}
              kubectl rollout status -n kube-system daemonset/azure-npm-win

              # konnectivity agent tends to fail after rollout. Give it time to recover
              sleep 60
              # Taint Linux (system) nodes so windows tests do not run on them
              kubectl taint nodes -l kubernetes.azure.com/mode=system node-role.kubernetes.io/control-plane:NoSchedule

              kubectl get po -n kube-system -owide -A

              # FQDN=`az aks show -n $CLUSTER_NAME -g $CLUSTER_NAME --query fqdn -o tsv`
              FQDN=`az aks show -g ${{ parameters.clusterName }} -n ${{ parameters.clusterName }} --query fqdn -o tsv`
              echo $FQDN
              echo "##vso[task.setvariable variable=FQDN]$FQDN"

              artifact=npm_k8s_windows
              echo $artifact/e2e.test
              echo "##vso[task.setvariable variable=artifact]$artifact"              

        - download: current
          artifact: npm_k8s_windows

      - bash: |
          set -e
          # NetworkPolicy between server and...
          focus="\
          client should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector|\
          client should deny egress from pods based on PodSelector|\
          client should enforce multiple, stacked policies with overlapping podSelectors|\
          client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector|\
          client should work with Ingress, Egress specified together|\
          client should enforce ingress policy allowing any port traffic to a server on a specific protocol|\
          client should not allow access by TCP when a policy specifies only UDP|\
          client should allow egress access to server in CIDR block|\
          client should enforce policy based on Ports|\
          client should support allow-all policy|\
          client should enforce updated policy|\
          client should support denying of egress traffic on the client side|\
          client should stop enforcing policies after they are deleted|\
          client should support a 'default-deny-ingress' policy"

          ls -l $(Pipeline.Workspace)/$(artifact)
          echo adding execution to $(artifact)/e2e.test
          chmod +x $(Pipeline.Workspace)/$(artifact)/e2e.test
          ls -l $(Pipeline.Workspace)/$(artifact)

          KUBERNETES_SERVICE_HOST="$FQDN" KUBERNETES_SERVICE_PORT=443 \
          $(Pipeline.Workspace)/$(artifact)/e2e.test \
          --provider=local \
          --ginkgo.focus="$focus" \
          --ginkgo.skip="NetworkPolicyLegacy|SCTP" \
          --kubeconfig=$HOME/.kube/config \
          --ginkgo.timeout="2h"          
        displayName: "Run Kubernetes e2e.test"
        continueOnError: ${{ parameters.continueOnError }}

      - ${{ if eq(parameters.os, 'windows') }}:
        - bash: |
            # Untaint Linux (system) nodes once testing is complete
            kubectl taint nodes -l kubernetes.azure.com/mode=system node-role.kubernetes.io/control-plane:NoSchedule-            

          displayName: Untaint Linux Nodes
          condition: always()

      - bash: |
          npmLogs=$(System.DefaultWorkingDirectory)/${{ parameters.clusterName }}_npmLogs_Attempt_#$(System.StageAttempt)
          mkdir -p $npmLogs

          kubectl get pods -n kube-system | grep npm
          npmPodList=`kubectl get pods -n kube-system | grep npm | awk '{print $1}'`
          # capture all logs
          for npmPod in $npmPodList; do
            kubectl logs -n kube-system $npmPod > $npmLogs/$npmPod-logs.txt
          done          
        displayName: Generate NPM pod logs
        retryCountOnTaskFailure: 3
        condition: always()

      - publish: $(System.DefaultWorkingDirectory)/${{ parameters.clusterName }}_npmLogs_Attempt_#$(System.StageAttempt)
        condition: always()
        artifact: ${{ parameters.clusterName }}_npmLogs_Attempt_#$(System.StageAttempt)
        name: npmLogs
        displayName: Publish NPM pod logs