CI: factorize tests into a single playbook

This allows to use kubespray_defaults (once) instead of redefining defaults in the tests. Test test files becomes imported tasks rather thand standalone playbooks.
2026-03-05 18:51:13 -03:30 · 2025-06-12 10:09:46 +02:00
parent bf41d3bfea
commit 253fc5ee59
8 changed files with 371 additions and 380 deletions
--- a/tests/scripts/testcases_run.sh
+++ b/tests/scripts/testcases_run.sh
@@ -78,25 +78,12 @@ if [ "${RECOVER_CONTROL_PLANE_TEST}" != "false" ]; then
    run_playbook recover-control-plane -e etcd_retries=10 --limit "etcd:kube_control_plane"
 fi
-# Tests Cases
+# Run tests
-## Test Control Plane API
+ansible-playbook \
-run_playbook tests/testcases/010_check-apiserver.yml
+    -e @tests/common_vars.yml \
-run_playbook tests/testcases/015_check-nodes-ready.yml
+    -e @tests/${TESTCASE_FILE} \
-
+    -e local_release_dir=${PWD}/downloads \
-## Test that all nodes are Ready
+    tests/testcases/tests.yml
 if [[ ! ( "$TESTCASE" =~ "macvlan" ) ]]; then
    run_playbook tests/testcases/020_check-pods-running.yml
    run_playbook tests/testcases/030_check-network.yml
    if [[ ! ( "$TESTCASE" =~ "hardening" ) ]]; then
      # TODO: We need to remove this condition by finding alternative container
      # image instead of netchecker which doesn't work at hardening environments.
      run_playbook tests/testcases/040_check-network-adv.yml
    fi
 fi
 ## Kubernetes conformance tests
 run_playbook tests/testcases/100_check-k8s-conformance.yml
 # Test node removal procedure
 if [ "${REMOVE_NODE_CHECK}" = "true" ]; then
--- a/tests/testcases/010_check-apiserver.yml
+++ b/tests/testcases/010_check-apiserver.yml
@@ -1,9 +1,5 @@
 ---
- name: Testcases for apiserver
+- name: Check the API servers are responding
  hosts: kube_control_plane
  tasks:
  - name: Check the API servers are responding
  uri:
    url: "https://{{ (access_ip if (ipv4_stack | default(true)) else access_ip6) | default(ansible_default_ipv4.address if (ipv4_stack | default(true)) else ansible_default_ipv6.address) | ansible.utils.ipwrap }}:{{ kube_apiserver_port | default(6443) }}/version"
    validate_certs: false
@@ -13,7 +9,7 @@
  delay: 5
  until: apiserver_response is success
-  - name: Check API servers version
+- name: Check API servers version
  assert:
    that:
    - apiserver_response.json.gitVersion == kube_version
--- a/tests/testcases/015_check-nodes-ready.yml
+++ b/tests/testcases/015_check-nodes-ready.yml
@@ -1,17 +1,13 @@
 ---
- name: Testcases checking nodes
+- import_role:  # noqa name[missing]
  hosts: kube_control_plane[0]
  tasks:
  - import_role:  # noqa name[missing]
    name: cluster-dump
-  - name: Check kubectl output
+- name: Check kubectl output
  command: "{{ bin_dir }}/kubectl get nodes"
  changed_when: false
  register: get_nodes
-  - name: Check that all nodes are running and ready
+- name: Check that all nodes are running and ready
  command: "{{ bin_dir }}/kubectl get nodes --no-headers -o yaml"
  changed_when: false
  register: get_nodes_yaml
--- a/tests/testcases/020_check-pods-running.yml
+++ b/tests/testcases/020_check-pods-running.yml
@@ -1,16 +1,12 @@
 ---
- name: Testcases checking pods
+- import_role:  # noqa name[missing]
  hosts: kube_control_plane[0]
  tasks:
  - import_role:  # noqa name[missing]
    name: cluster-dump
-  - name: Check kubectl output
+- name: Check kubectl output
  command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
  changed_when: false
-  - name: Check that all pods are running and ready
+- name: Check that all pods are running and ready
  command: "{{ bin_dir }}/kubectl get pods --all-namespaces --no-headers -o yaml"
  changed_when: false
  register: run_pods_log
@@ -22,6 +18,6 @@
  retries: 30
  delay: 10
-  - name: Check kubectl output
+- name: Check kubectl output
  command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
  changed_when: false
--- a/tests/testcases/030_check-network.yml
+++ b/tests/testcases/030_check-network.yml
@@ -1,16 +1,5 @@
 ---
- name: Testcases for network
+- name: Check kubelet serving certificates approved with kubelet_csr_approver
  hosts: kube_control_plane[0]
  vars:
    test_image_repo: registry.k8s.io/e2e-test-images/agnhost
    test_image_tag: "2.40"
    # TODO: source those from kubespray_defaults instead.
    # Needs kubespray_defaults to be decoupled from no-proxy stuff
    kube_pods_subnet: "{{ 'fd85:ee78:d8a6:8607::1:0000/112' if not (ipv4_stack | default(true)) else '10.233.64.0/18' }}"
  tasks:
  - name: Check kubelet serving certificates approved with kubelet_csr_approver
  when:
  - kubelet_rotate_server_certificates | default(false)
  - kubelet_csr_approver_enabled | default(kubelet_rotate_server_certificates | default(false))
@@ -36,7 +25,7 @@
      fail_msg: kubelet_csr_approver is enabled but CSRs are not approved
-  - name: Approve kubelet serving certificates
+- name: Approve kubelet serving certificates
  when:
  - kubelet_rotate_server_certificates | default(false)
  - not (kubelet_csr_approver_enabled | default(kubelet_rotate_server_certificates | default(false)))
@@ -58,11 +47,11 @@
    when: get_csr.stdout_lines | length > 0
    changed_when: certificate_approve.stdout
-  - name: Create test namespace
+- name: Create test namespace
  command: "{{ bin_dir }}/kubectl create namespace test"
  changed_when: false
-  - name: Run 2 agnhost pods in test ns
+- name: Run 2 agnhost pods in test ns
  command:
    cmd: "{{ bin_dir }}/kubectl apply --namespace test -f -"
    stdin: |
@@ -94,7 +83,7 @@
                  type: RuntimeDefault
  changed_when: false
-  - name: Check that all pods are running and ready
+- name: Check that all pods are running and ready
  vars:
    pods: "{{ (pods_json.stdout | from_json)['items'] }}"
  block:
--- a/tests/testcases/040_check-network-adv.yml
+++ b/tests/testcases/040_check-network-adv.yml
@@ -1,30 +1,19 @@
 ---
- name: Testcases for calico
+- name: Test tunl0 routes
  hosts: kube_node
  tasks:
    - name: Test tunl0 routes
  command: "/sbin/ip route"
  register: routes
  failed_when: routes.stdout_lines
    | select('contains', '/' ~ calico_pool_blocksize|d(26))
    | select('contains', 'tunl0') | length == 0
  when:
    - ('kube_node' in group_names)
    - (calico_ipip_mode is defined and calico_ipip_mode != 'Never')
    - kube_network_plugin | default('calico') == 'calico'
-
+- import_role:  # noqa name[missing]
 - name: Advanced testcases for network
  hosts: k8s_cluster
  vars:
    agent_report_interval: 10
    netcheck_namespace: default
    netchecker_port: 31081
  tasks:
    - import_role:  # noqa name[missing]
    name: cluster-dump
-    - name: Wait for netchecker server
+- name: Wait for netchecker server
  command: "{{ bin_dir }}/kubectl get pods --field-selector=status.phase==Running -o jsonpath-as-json={.items[*].metadata.name} --namespace {{ netcheck_namespace }}"
  register: pods_json
  until:
@@ -35,7 +24,7 @@
  delay: 10
  when: inventory_hostname == groups['kube_control_plane'][0]
-    - name: Get netchecker pods
+- name: Get netchecker pods
  command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}"
  run_once: true
  delegate_to: "{{ groups['kube_control_plane'][0] }}"
@@ -44,7 +33,7 @@
    - netchecker-agent-hostnet
  when: not pods_json is success
-    - name: Perform netchecker tests
+- name: Perform netchecker tests
  run_once: true
  delegate_to: "{{ groups['kube_control_plane'][0] }}"
  block:
@@ -91,7 +80,7 @@
      fail:
        msg: "netchecker tests failed"
-    - name: Check connectivity with all netchecker agents
+- name: Check connectivity with all netchecker agents
  vars:
    connectivity_check_result: "{{ connectivity_check.content | from_json }}"
    agents_check_result: "{{ agents.content | from_json }}"
@@ -106,7 +95,7 @@
  delegate_to: "{{ groups['kube_control_plane'][0] }}"
  run_once: true
-    - name: Create macvlan network conf
+- name: Create macvlan network conf
  command:
    cmd: "{{ bin_dir }}/kubectl create -f -"
    stdin: |
@@ -148,7 +137,7 @@
  when:
    - kube_network_plugin_multus | default(false) | bool
-    - name: Check secondary macvlan interface
+- name: Check secondary macvlan interface
  command: "{{ bin_dir }}/kubectl exec samplepod -- ip addr show dev net1"
  register: output
  until: output.rc == 0
--- a/tests/testcases/100_check-k8s-conformance.yml
+++ b/tests/testcases/100_check-k8s-conformance.yml
@@ -1,38 +1,22 @@
 ---
- name: Testcases for kubernetes conformance
+- name: Download sonobuoy
  hosts: kube_control_plane[0]
  vars:
    sonobuoy_version: 0.56.11
    sonobuoy_arch: amd64
    sonobuoy_parallel: 30
    sonobuoy_path: /usr/local/bin/sonobuoy
    sonobuoy_mode: Quick
  tasks:
  - name: Run sonobuoy
    when:
    - sonobuoy_enabled is defined
    - sonobuoy_enabled
    block:
    - name: Download sonobuoy
  get_url:
    url: "https://github.com/heptio/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz"
    dest: /tmp/sonobuoy.tar.gz
    mode: "0644"
-    - name: Extract sonobuoy
+- name: Extract sonobuoy
  unarchive:
    src: /tmp/sonobuoy.tar.gz
    dest: /usr/local/bin/
    copy: false
-    - name: Run sonobuoy
+- name: Run sonobuoy
  command: "{{ sonobuoy_path }} run --mode {{ sonobuoy_mode }} --e2e-parallel {{ sonobuoy_parallel }} --wait"
      when: sonobuoy_enabled | default(false)
-    - name: Run sonobuoy retrieve
+- name: Run sonobuoy retrieve
  command: "{{ sonobuoy_path }} retrieve"
  register: sonobuoy_retrieve
-    - name: Run inspect results
+- name: Run inspect results
  command: "{{ sonobuoy_path }} results {{ sonobuoy_retrieve.stdout }} --plugin e2e --mode report"
--- a/tests/testcases/tests.yml
+++ b/tests/testcases/tests.yml
@@ -0,0 +1,54 @@
 ---
 - name: Define dynamic groups
  import_playbook: ../../playbooks/boilerplate.yml
 - name: Kubespray CI tests
  hosts: k8s_cluster
  gather_facts: false
  vars:
    testcase: "{{ lookup('env', 'TESTCASE') }}"
  tasks:
    - name: Import Kubespray variables
      import_role:
        name: ../../roles/kubespray_defaults
    - name: Testcases for apiserver
      import_tasks: 010_check-apiserver.yml
      when:
        - ('kube_control_plane') in group_names
    - name: Test using API
      delegate_to: "{{ groups['kube_control_plane'][0] }}"
      run_once: true
      block:
        - name: Testcases checking nodes
          import_tasks: 015_check-nodes-ready.yml
        - name: Testcases checking pods
          import_tasks: 020_check-pods-running.yml
          when: ('macvlan' not in testcase)
        - name: Testcases for network
          import_tasks: 030_check-network.yml
          when: ('macvlan' not in testcase)
          vars:
            test_image_repo: registry.k8s.io/e2e-test-images/agnhost
            test_image_tag: "2.40"
    - name: Testcases for calico / advanced network
      import_tasks: 040_check-network-adv.yml
      when:
        - ('macvlan' not in testcase)
        - ('hardening' not in testcase)
      vars:
        agent_report_interval: 10
        netcheck_namespace: default
        netchecker_port: 31081
    - name: Testcases for kubernetes conformance
      import_tasks: 100_check-k8s-conformance.yml
      delegate_to: "{{ groups['kube_control_plane'][0] }}"
      run_once: true
      when:
        - sonobuoy_enabled is defined
        - sonobuoy_enabled
      vars:
        sonobuoy_version: 0.56.11
        sonobuoy_arch: amd64
        sonobuoy_parallel: 30
        sonobuoy_path: /usr/local/bin/sonobuoy
        sonobuoy_mode: Quick