Add eks addon tests (#1304)

* Add eks addon tests

Signed-off-by: Pete Wall <[email protected]>

* Don't run addon tests automatically, since they don't actually test the current version of the chart

Signed-off-by: Pete Wall <[email protected]>

* Add the ability to skip running the integration tests and skip rendering on certain platform tests

Signed-off-by: Pete Wall <[email protected]>

* Install the addon with the AWS cli, rather than eksctl.

More closely mimics what a customer might do

Signed-off-by: Pete Wall <[email protected]>

* Remove unused gitignore

Signed-off-by: Pete Wall <[email protected]>

---------

Signed-off-by: Pete Wall <[email protected]>

Author: petewall

.github/workflows/integration-test.yml

@@ -29,6 +29,15 @@ jobs:
         id: list_tests
         working-directory: charts/k8s-monitoring/tests/integration
         run: |
+          # if "integration-test-skip" is set, return an empty list
+          # All labels on this PR
+          labels='${{ toJson(github.event.pull_request.labels.*.name) }}'
+          if echo "${labels}" | jq --raw-output --compact-output 'index("integration-test-skip")' > /dev/null; then
+              echo "\"integration-test-skip\" label is set, skipping integration tests."
+              echo "tests=[]" >> "${GITHUB_OUTPUT}"
+              exit 0
+          fi
+
           tests=$(find . -name values.yaml -exec dirname {} \;)
           echo "Tests: ${tests}"
           echo "tests=$(echo "${tests}" | jq --raw-input --slurp --compact-output 'split("\n") | map(select(. != ""))')" >> "${GITHUB_OUTPUT}"

.github/workflows/platform-test.yml

@@ -25,6 +25,7 @@ jobs:
         working-directory: charts/k8s-monitoring/tests/platform
         run: |
           allTests=$(find . -name values.yaml -type f -exec dirname {} \; | sed "s|^\./||" | jq --raw-input --slurp --compact-output 'split("\n") | map(select(. != ""))')
+          manualOnlyTests=$(find . -name .manual-only -type f -exec dirname {} \; | sed "s|^\./||" | jq --raw-input --slurp --compact-output 'split("\n") | map(select(. != ""))')
           if [ "${{ github.event_name }}" == "pull_request" ]; then
             # All labels on this PR
             labels='${{ toJson(github.event.pull_request.labels.*.name) }}'
@@ -35,7 +36,8 @@ jobs:
             # Choose the tests that match the labels
             tests=$(jq --null-input --compact-output --argjson allTests "${allTests}" --argjson chosenTests "${chosenTests}" '$allTests | map(select(. as $test | $chosenTests | index($test)))')
           else
-            tests="${allTests}"
+            # remove manual only tests
+            tests=$(jq --null-input --compact-output --argjson allTests "${allTests}" --argjson manualOnlyTests "${manualOnlyTests}" '$allTests | map(select(. as $test | $manualOnlyTests | index($test) | not))')
           fi
           echo "Running tests: ${tests}"
           echo "tests=${tests}" >> "${GITHUB_OUTPUT}"

charts/k8s-monitoring/Makefile

@@ -90,11 +90,12 @@ EXAMPLE_OUTPUT_FILES = $(EXAMPLE_VALUES_FILES:values.yaml=output.yaml)
 EXAMPLE_ALLOY_FILES = $(foreach file,$(EXAMPLE_VALUES_FILES),$(call alloy_configs, $(file)))
 EXAMPLE_README_FILES = $(EXAMPLE_VALUES_FILES:values.yaml=README.md)
 
-NON_RENDERED_INTEGRATION_TEST_VALUES_FILES = $(shell find tests/integration -name .norender | sed 's/.norender/values.yaml/')
+NON_RENDERED_INTEGRATION_TEST_VALUES_FILES = $(shell find tests/integration -name .no-render | sed 's/.no-render/values.yaml/')
 INTEGRATION_TEST_VALUES_FILES = $(filter-out $(NON_RENDERED_INTEGRATION_TEST_VALUES_FILES),$(shell find tests/integration -name values.yaml))
 INTEGRATION_TEST_OUTPUT_FILES = $(INTEGRATION_TEST_VALUES_FILES:values.yaml=.rendered/output.yaml)
 
-PLATFORM_TEST_VALUES_FILES = $(shell find tests/platform -name values.yaml)
+NON_RENDERED_PLATFORM_TEST_VALUES_FILES = $(shell find tests/platform -name .no-render | sed 's/.no-render/values.yaml/')
+PLATFORM_TEST_VALUES_FILES = $(filter-out $(NON_RENDERED_PLATFORM_TEST_VALUES_FILES),$(shell find tests/platform -name values.yaml))
 PLATFORM_TEST_OUTPUT_FILES = $(PLATFORM_TEST_VALUES_FILES:values.yaml=.rendered/output.yaml)
 
 alloy_configs = $(shell \

charts/k8s-monitoring/tests/integration/terraform-deployment/.norender charts/k8s-monitoring/tests/integration/terraform-deployment/.no-render

@@ -0,0 +1,12 @@
+AWS_ACCESS_KEY_ID=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/AWS Access Key/access key id")
+AWS_SECRET_ACCESS_KEY=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/AWS Access Key/secret access key")
+export AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY
+export AWS_DEFAULT_REGION=ap-northeast-2
+export KUBECONFIG=$(pwd)/kubeconfig.yaml
+
+export GRAFANA_CLOUD_METRICS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/username")
+export GRAFANA_CLOUD_LOGS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Loki/username")
+export GRAFANA_CLOUD_TRACES_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Tempo/username")
+export GRAFANA_CLOUD_RW_POLICY_TOKEN=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/password")
+export RANDOM_NUMBER=$(shuf -i 100000-999999 -n 1)

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/.envrc

@@ -0,0 +1,9 @@
+.terraform
+.terraform.lock.hcl
+kubeconfig.yaml
+terraform.tfstate*
+vars.tf
+deps.json
+deployments/grafana-cloud.yaml
+deployments/grafana-cloud-credentials.yaml
+deployments/test-variables.yaml

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/.gitignore

@@ -0,0 +1,62 @@
+all: deployments/test-variables.yaml deployments/grafana-cloud.yaml deployments/grafana-cloud-credentials.yaml vars.tf
+clean:
+	rm -f deployments/test-variables.yaml deployments/grafana-cloud.yaml deployments/grafana-cloud-credentials.yaml vars.tf
+
+deployments/test-variables.yaml:
+	echo "---" > $@
+	kubectl create configmap test-variables \
+		--from-literal=CLUSTER="$(shell yq eval '.cluster.name' values.yaml)-$$RANDOM_NUMBER" \
+		--from-literal=RANDOM_NUMBER="$$RANDOM_NUMBER" \
+		-o yaml --dry-run=client >> $@
+
+deployments/grafana-cloud.yaml:
+	echo "---" > $@
+	kubectl create namespace monitoring --dry-run=client -o yaml >> $@
+	echo "---" >> $@
+	echo "# yamllint disable rule:line-length" >> $@
+	kubectl create secret generic grafana-cloud \
+		--namespace=monitoring \
+		--from-literal=prometheus-host="https://prometheus-prod-13-prod-us-east-0.grafana.net" \
+  		--from-literal=prometheus-username="$$GRAFANA_CLOUD_METRICS_USERNAME" \
+  		--from-literal=prometheus-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=loki-host="https://logs-prod-006.grafana.net" \
+  		--from-literal=loki-username="$$GRAFANA_CLOUD_LOGS_USERNAME" \
+  		--from-literal=loki-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=tempo-host="https://tempo-prod-04-prod-us-east-0.grafana.net:443" \
+  		--from-literal=tempo-username="$$GRAFANA_CLOUD_TRACES_USERNAME" \
+  		--from-literal=tempo-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+		-o yaml --dry-run=client >> $@
+
+deployments/grafana-cloud-credentials.yaml:
+	echo "---" > $@
+	echo "# yamllint disable rule:line-length" >> $@
+	kubectl create secret generic grafana-cloud-credentials \
+  		--from-literal=PROMETHEUS_USER="$$GRAFANA_CLOUD_METRICS_USERNAME" \
+  		--from-literal=PROMETHEUS_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=LOKI_USER="$$GRAFANA_CLOUD_LOGS_USERNAME" \
+  		--from-literal=LOKI_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+		-o yaml --dry-run=client >> $@
+
+vars.tf:
+	echo "variable \"cluster-name\" {" > $@
+	echo "  type    = string" >> $@
+	echo "  default = \"$(shell yq eval '.cluster.name' values.yaml)-$$RANDOM_NUMBER\"" >> $@
+	echo "}" >> $@
+	echo "" >> $@
+
+	echo "variable \"aws-access-key\" {" >> $@
+	echo "  type    = string" >> $@
+	echo "  default = \"$$AWS_ACCESS_KEY_ID\"" >> $@
+	echo "  sensitive = true" >> $@
+	echo "}" >> $@
+	echo "" >> $@
+
+	echo "variable \"aws-secret-key\" {" >> $@
+	echo "  type      = string" >> $@
+	echo "  default   = \"$$AWS_SECRET_ACCESS_KEY\"" >> $@
+	echo "  sensitive = true" >> $@
+	echo "}" >> $@
+
+
+run-test:
+	../../../../../scripts/run-cluster-test.sh .

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/.manual-only

@@ -0,0 +1,4 @@
+resource "aws_eks_addon" "default" {
+  cluster_name          = var.cluster-name
+  addon_name            = "grafana-labs_kubernetes-monitoring"
+}

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/.no-render

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+pushd "${TEST_DIR}" || exit 1
+
+terraform init
+terraform apply -auto-approve

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/Makefile

@@ -0,0 +1,53 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: k8s-monitoring-test
+spec:
+  interval: 1m
+  url: https://github.com/grafana/k8s-monitoring-helm
+  ref:
+    branch: main
+  ignore: |
+    /*
+    !/charts/k8s-monitoring-test
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: k8s-monitoring-test
+spec:
+  interval: 1m
+  chart:
+    spec:
+      chart: charts/k8s-monitoring-test
+      sourceRef:
+        kind: GitRepository
+        name: k8s-monitoring-test
+      interval: 1m
+  values:
+    tests:
+      - env:
+          PROMETHEUS_URL: https://prometheus-prod-13-prod-us-east-0.grafana.net/api/prom/api/v1/query
+          LOKI_URL: https://logs-prod-006.grafana.net/loki/api/v1/query
+        envFrom:
+          - secretRef: {name: grafana-cloud-credentials}
+          - configMapRef: {name: test-variables}
+        queries:
+          # Cluster metrics
+          - query: kubernetes_build_info{cluster="$CLUSTER", job="integrations/kubernetes/kubelet"}
+            type: promql
+          - query: node_cpu_usage_seconds_total{cluster="$CLUSTER", job="integrations/kubernetes/resources"}
+            type: promql
+          - query: machine_memory_bytes{cluster="$CLUSTER", job="integrations/kubernetes/cadvisor"}
+            type: promql
+          - query: count(kube_node_info{cluster="$CLUSTER", job="integrations/kubernetes/kube-state-metrics"})
+            type: promql
+
+          # Cluster events
+          - query: count_over_time({cluster="$CLUSTER", job="integrations/kubernetes/eventhandler"}[1h])
+            type: logql
+
+          # Pod logs
+          - query: count_over_time({cluster="$CLUSTER", job!~"integrations/kubernetes/eventhandler|integrations/kubernetes/journal"}[1h])
+            type: logql

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/addon.tf

@@ -0,0 +1,14 @@
+---
+kind: ClusterConfig
+apiVersion: eksctl.io/v1alpha5
+metadata:
+  region: ap-northeast-2
+  tags:
+    source: k8s-monitoring-helm-platform-test
+iam:
+  withOIDC: true
+nodeGroups:
+  - name: ng-linux
+    instanceType: m5.large
+    minSize: 1
+    maxSize: 1

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/deploy.sh

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "5.90.0"
+    }
+  }
+}
+
+provider "aws" {
+  access_key                  = var.aws-access-key
+  region                      = "ap-northeast-2"
+  secret_key                  = var.aws-secret-key
+}

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/deployments/query-test.yaml

@@ -0,0 +1,3 @@
+---
+cluster:
+  name: eks-addon-with-terraform

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/eks-cluster-config.yaml

@@ -0,0 +1,12 @@
+AWS_ACCESS_KEY_ID=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/AWS Access Key/access key id")
+AWS_SECRET_ACCESS_KEY=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/AWS Access Key/secret access key")
+export AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY
+export AWS_DEFAULT_REGION=ap-northeast-2
+export KUBECONFIG=$(pwd)/kubeconfig.yaml
+
+export GRAFANA_CLOUD_METRICS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/username")
+export GRAFANA_CLOUD_LOGS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Loki/username")
+export GRAFANA_CLOUD_TRACES_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Tempo/username")
+export GRAFANA_CLOUD_RW_POLICY_TOKEN=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/password")
+export RANDOM_NUMBER=$(shuf -i 100000-999999 -n 1)

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/provider.tf

@@ -0,0 +1,4 @@
+kubeconfig.yaml
+deployments/grafana-cloud.yaml
+deployments/grafana-cloud-credentials.yaml
+deployments/test-variables.yaml

charts/k8s-monitoring/tests/platform/eks-addon-with-terraform/values.yaml

@@ -0,0 +1,44 @@
+all: values.json deployments/test-variables.yaml deployments/grafana-cloud.yaml deployments/grafana-cloud-credentials.yaml
+clean:
+	rm -f deployments/test-variables.yaml deployments/grafana-cloud.yaml deployments/grafana-cloud-credentials.yaml
+
+values.json: values.yaml
+	yq eval --output-format json '. | del(.cluster.name)' values.yaml > $@
+
+deployments/test-variables.yaml:
+	echo "---" > $@
+	kubectl create configmap test-variables \
+		--from-literal=CLUSTER="$(shell yq eval '.cluster.name' values.yaml)-$$RANDOM_NUMBER" \
+		--from-literal=RANDOM_NUMBER="$$RANDOM_NUMBER" \
+		-o yaml --dry-run=client >> $@
+
+deployments/grafana-cloud.yaml:
+	echo "---" > $@
+	kubectl create namespace monitoring --dry-run=client -o yaml >> $@
+	echo "---" >> $@
+	echo "# yamllint disable rule:line-length" >> $@
+	kubectl create secret generic grafana-cloud \
+		--namespace=monitoring \
+		--from-literal=prometheus-host="https://prometheus-prod-13-prod-us-east-0.grafana.net" \
+  		--from-literal=prometheus-username="$$GRAFANA_CLOUD_METRICS_USERNAME" \
+  		--from-literal=prometheus-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=loki-host="https://logs-prod-006.grafana.net" \
+  		--from-literal=loki-username="$$GRAFANA_CLOUD_LOGS_USERNAME" \
+  		--from-literal=loki-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=tempo-host="https://tempo-prod-04-prod-us-east-0.grafana.net:443" \
+  		--from-literal=tempo-username="$$GRAFANA_CLOUD_TRACES_USERNAME" \
+  		--from-literal=tempo-password="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+		-o yaml --dry-run=client >> $@
+
+deployments/grafana-cloud-credentials.yaml:
+	echo "---" > $@
+	echo "# yamllint disable rule:line-length" >> $@
+	kubectl create secret generic grafana-cloud-credentials \
+  		--from-literal=PROMETHEUS_USER="$$GRAFANA_CLOUD_METRICS_USERNAME" \
+  		--from-literal=PROMETHEUS_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+  		--from-literal=LOKI_USER="$$GRAFANA_CLOUD_LOGS_USERNAME" \
+  		--from-literal=LOKI_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+		-o yaml --dry-run=client >> $@
+
+run-test:
+	../../../../../scripts/run-cluster-test.sh .

charts/k8s-monitoring/tests/platform/eks-addon/.envrc

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+pushd "${TEST_DIR}" || exit 1
+
+CLUSTER_NAME="$(yq eval '.cluster.name' "values.yaml")-${RANDOM_NUMBER}"
+CLUSTER_REGION=$(yq eval '.metadata.region' eks-cluster-config.yaml)
+ADDON_NAME=grafana-labs_kubernetes-monitoring
+
+# Check if the addon already exists
+if aws eks list-addons --cluster-name "${CLUSTER_NAME}" --region "${CLUSTER_REGION}" | jq -e ".addons | index(\"${ADDON_NAME}\")" > /dev/null; then
+  echo "Updating addon, \"${ADDON_NAME}\" in cluster ${CLUSTER_NAME}..."
+  aws eks update-addon \
+    --cluster-name "${CLUSTER_NAME}" \
+    --region "${CLUSTER_REGION}" \
+    --addon-name "${ADDON_NAME}" \
+    --configuration-values "$(jq --compact-output . values.json)"
+else
+  echo "installing addon, \"${ADDON_NAME}\" in cluster ${CLUSTER_NAME}..."
+  aws eks create-addon \
+    --cluster-name "${CLUSTER_NAME}" \
+    --region "${CLUSTER_REGION}" \
+    --addon-name "${ADDON_NAME}" \
+    --configuration-values "$(jq --compact-output . values.json)"
+fi

charts/k8s-monitoring/tests/platform/eks-addon/.gitignore

@@ -0,0 +1,53 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: k8s-monitoring-test
+spec:
+  interval: 1m
+  url: https://github.com/grafana/k8s-monitoring-helm
+  ref:
+    branch: main
+  ignore: |
+    /*
+    !/charts/k8s-monitoring-test
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: k8s-monitoring-test
+spec:
+  interval: 1m
+  chart:
+    spec:
+      chart: charts/k8s-monitoring-test
+      sourceRef:
+        kind: GitRepository
+        name: k8s-monitoring-test
+      interval: 1m
+  values:
+    tests:
+      - env:
+          PROMETHEUS_URL: https://prometheus-prod-13-prod-us-east-0.grafana.net/api/prom/api/v1/query
+          LOKI_URL: https://logs-prod-006.grafana.net/loki/api/v1/query
+        envFrom:
+          - secretRef: {name: grafana-cloud-credentials}
+          - configMapRef: {name: test-variables}
+        queries:
+          # Cluster metrics
+          - query: kubernetes_build_info{cluster="$CLUSTER", job="integrations/kubernetes/kubelet", source="eks-addon"}
+            type: promql
+          - query: node_cpu_usage_seconds_total{cluster="$CLUSTER", job="integrations/kubernetes/resources", source="eks-addon"}
+            type: promql
+          - query: machine_memory_bytes{cluster="$CLUSTER", job="integrations/kubernetes/cadvisor", source="eks-addon"}
+            type: promql
+          - query: count(kube_node_info{cluster="$CLUSTER", job="integrations/kubernetes/kube-state-metrics", source="eks-addon"})
+            type: promql
+
+          # Cluster events
+          - query: count_over_time({cluster="$CLUSTER", job="integrations/kubernetes/eventhandler", source="eks-addon"}[1h])
+            type: logql
+
+          # Pod logs
+          - query: count_over_time({cluster="$CLUSTER", job!~"integrations/kubernetes/eventhandler|integrations/kubernetes/journal", source="eks-addon"}[1h])
+            type: logql

charts/k8s-monitoring/tests/platform/eks-addon/.manual-only

@@ -0,0 +1,14 @@
+---
+kind: ClusterConfig
+apiVersion: eksctl.io/v1alpha5
+metadata:
+  region: ap-northeast-2
+  tags:
+    source: k8s-monitoring-helm-platform-test
+iam:
+  withOIDC: true
+nodeGroups:
+  - name: ng-linux
+    instanceType: m5.large
+    minSize: 1
+    maxSize: 1