diff --git a/.github/actions/e2e/install-karpenter/action.yaml b/.github/actions/e2e/install-karpenter/action.yaml index 41997e72a0da..17a78d46132f 100644 --- a/.github/actions/e2e/install-karpenter/action.yaml +++ b/.github/actions/e2e/install-karpenter/action.yaml @@ -27,6 +27,9 @@ inputs: private_cluster: description: "Whether the cluster is private or not. Valid values are 'true' or 'false'" default: 'false' + webhooks_enabled: + description: "Whether webhooks are enabled or not. Valid values are 'true' or 'false'" + default: 'true' runs: using: "composite" steps: @@ -57,6 +60,7 @@ runs: CLUSTER_NAME: ${{ inputs.cluster_name }} K8S_VERSION: ${{ inputs.k8s_version }} PRIVATE_CLUSTER: ${{ inputs.private_cluster }} + WEBHOOKS_ENABLED: ${{ inputs.webhooks_enabled }} run: | ./test/hack/e2e_scripts/install_karpenter.sh - name: diff-karpenter diff --git a/.github/actions/e2e/setup-cluster/action.yaml b/.github/actions/e2e/setup-cluster/action.yaml index 329f8ca7cc48..b3403cebdaeb 100644 --- a/.github/actions/e2e/setup-cluster/action.yaml +++ b/.github/actions/e2e/setup-cluster/action.yaml @@ -47,6 +47,9 @@ inputs: default: 'false' codebuild_role: description: "Codebuild Role that must be given an access entry in case of private cluster" + webhooks_enabled: + description: "Whether webhooks are enabled or not. Valid values are 'true' or 'false'" + default: 'true' runs: using: "composite" steps: @@ -274,3 +277,4 @@ runs: k8s_version: ${{ inputs.k8s_version }} git_ref: ${{ inputs.git_ref }} private_cluster: ${{ inputs.private_cluster }} + webhooks_enabled: ${{ inputs.webhooks_enabled }} diff --git a/.github/workflows/e2e-matrix.yaml b/.github/workflows/e2e-matrix.yaml index 40a51c30b740..439d0f1b7487 100644 --- a/.github/workflows/e2e-matrix.yaml +++ b/.github/workflows/e2e-matrix.yaml @@ -77,6 +77,8 @@ jobs: region: ${{ inputs.region }} - name: IPv6 region: ${{ inputs.region }} + - name: Webhooks + region: ${{ inputs.region }} - name: LocalZone # LAX is the only local zone available in the CI account, therefore only use us-west-2 region: us-west-2 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index a508d13bfb8b..307ad3634c2c 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -27,6 +27,7 @@ on: - Scale - PrivateCluster - LocalZone + - Webhooks k8s_version: type: choice options: @@ -144,6 +145,7 @@ jobs: enable_local_zones: ${{ inputs.suite == 'LocalZone' }} cleanup: ${{ inputs.cleanup }} codebuild_role: ${{ vars[format('{0}_CODEBUILD_ROLE', inputs.codebuild_region)] }} + webhooks_enabled: ${{ !contains(inputs.suite, 'Webhooks') }} - name: run tests for private cluster if: ${{ inputs.workflow_trigger == 'private_cluster' }} uses: ./.github/actions/e2e/run-tests-private-cluster diff --git a/test/hack/e2e_scripts/install_karpenter.sh b/test/hack/e2e_scripts/install_karpenter.sh index 835be6aaa9f6..5067d66679dd 100755 --- a/test/hack/e2e_scripts/install_karpenter.sh +++ b/test/hack/e2e_scripts/install_karpenter.sh @@ -2,7 +2,6 @@ aws eks update-kubeconfig --name "$CLUSTER_NAME" # Parse minor version to determine whether to enable the webhooks K8S_VERSION_MINOR="${K8S_VERSION#*.}" -WEBHOOK_ENABLED=true CHART="oci://$ECR_ACCOUNT_ID.dkr.ecr.$ECR_REGION.amazonaws.com/karpenter/snapshot/karpenter" ADDITIONAL_FLAGS="" @@ -16,7 +15,7 @@ helm upgrade --install karpenter "${CHART}" \ -n kube-system \ --version "0-$(git rev-parse HEAD)" \ --set logLevel=debug \ - --set webhook.enabled=${WEBHOOK_ENABLED} \ + --set webhook.enabled=${WEBHOOKS_ENABLED} \ --set settings.isolatedVPC=${PRIVATE_CLUSTER} \ --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::$ACCOUNT_ID:role/karpenter-irsa-$CLUSTER_NAME" \ $ADDITIONAL_FLAGS \ diff --git a/test/suites/webhooks/suite_test.go b/test/suites/webhooks/suite_test.go new file mode 100644 index 000000000000..ec1639672f55 --- /dev/null +++ b/test/suites/webhooks/suite_test.go @@ -0,0 +1,68 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package webhooks_test + +import ( + "context" + "testing" + + v1beta1 "github.com/aws/karpenter-provider-aws/pkg/apis/v1beta1" + "github.com/aws/karpenter-provider-aws/test/pkg/environment/aws" + + karpv1beta1 "sigs.k8s.io/karpenter/pkg/apis/v1beta1" + + karptest "sigs.k8s.io/karpenter/pkg/test" + + "github.com/aws/karpenter-provider-aws/pkg/test" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "sigs.k8s.io/karpenter/pkg/test/expectations" + . "sigs.k8s.io/karpenter/pkg/utils/testing" +) + +var ctx context.Context +var env *aws.Environment +var nodeClass *v1beta1.EC2NodeClass +var nodePool *karpv1beta1.NodePool + +func TestWebhook(t *testing.T) { + RegisterFailHandler(Fail) + + ctx = TestContextWithLogger(t) + BeforeSuite(func() { + env = aws.NewEnvironment(t) + }) + AfterSuite(func() { + env.Stop() + }) + RunSpecs(t, "Webhook") +} + +var _ = BeforeEach(func() { + env.BeforeEach() + nodeClass = env.DefaultEC2NodeClass() + nodePool = env.DefaultNodePool(nodeClass) +}) + +var _ = Describe("Webhook", func() { + It("should schedule pods when webhooks are disabled", func() { + nodeClass := test.EC2NodeClass() + env.ExpectCreated(nodeClass, nodePool) + ExpectApplied(ctx, env.Client, nodePool, nodeClass) + pod := karptest.UnschedulablePod() + ExpectScheduled(ctx, env.Client, pod) + }) +})