Tester

eks-anywhere-common/Addons/Partner/TestPartner2/external-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kubecost-external-secret
+  namespace: kubecost
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: eksa-secret-store #The secret store name we have just created.
+    kind: ClusterSecretStore
+  target:
+    name: kubecost-secret # Secret name in k8s
+  data:
+  - secretKey: kubecost-token # which key it's going to be stored
+    remoteRef:
+      key: kubecost-token # Our secret-name goes here

eks-anywhere-common/Addons/Partner/TestPartner2/kubecost-source.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: kubecost-charts
+  namespace: flux-system
+spec:
+  interval: 30s
+  url: https://kubecost.github.io/cost-analyzer/
+

eks-anywhere-common/Addons/Partner/TestPartner2/kubecost.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubecost
+  namespace: kubecost
+spec:
+  chart:
+    spec:
+      chart: cost-analyzer
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: kubecost-charts
+        namespace: flux-system
+      version: 2.1.0
+  interval: 1m0s
+  targetNamespace: kubecost
+  valuesFrom:
+  - kind: Secret
+    name: kubecost-secret
+    valuesKey: kubecost-token
+    targetPath: kubecostToken

eks-anywhere-common/Addons/Partner/TestPartner2/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubecost
+  labels:
+      aws.conformance.vendor: kubecost
+      aws.conformance.vendor-solution: cost-analyzer
+      aws.conformance.vendor-solution-version: 2.1.0

eks-anywhere-common/Testers/TestPartner2/kubecost-testJob.yaml

@@ -0,0 +1,77 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubecost-healthtest
+  namespace: kubecost
+spec:
+  schedule: "*/10 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 3000
+            fsGroup: 2000
+          serviceAccountName: tester
+          containers:
+            - name: test-kubecost
+              image: alpine/k8s:1.26.9
+              securityContext:
+                privileged: false
+                capabilities:
+                  drop: 
+                  - ALL
+                allowPrivilegeEscalation: false
+                readOnlyRootFilesystem: true
+              command:
+                - /bin/sh
+              args:
+                - -c
+                - >-
+                  svc=$(kubectl get --raw  /api/v1/namespaces/kubecost/services | jq -r '.items[] | select(.metadata.name | test("cost-analyzer$")).metadata.name');
+                  echo Getting current Kubecost state.;
+                  response=$(curl -sL http://${svc}:9090/model/getConfigs);
+                  code=$(echo ${response} | jq .code);
+                  if [ "$code" -eq 200 ]; then
+                    echo "Got Kubecost working configuration. Successful."
+                    exit 0
+                  else 
+                    echo "Failed to fetch Kubecost configuration. Response was $response"
+                    exit 1
+                  fi
+          restartPolicy: Never
+      backoffLimit: 1
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: test-role
+  namespace: kubecost
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: test-rolebinding
+  namespace: kubecost
+subjects:
+- kind: ServiceAccount
+  name: tester
+  namespace: kubecost
+roleRef:
+  kind: Role
+  name: test-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tester
+  namespace: kubecost