Fix nightly acceptance tests (hashicorp#916)

* Update consul and consul-k8s images * Provide NET_ADMIN capability to PSP when running with tproxy Co-authored-by: Kyle Schochenmaier <[email protected]>
duckhan · Apr 16, 2021 · 6a74d33 · 6a74d33
1 parent 61ec24f
commit 6a74d33
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -145,7 +145,7 @@ jobs:
                     -kubecontext="kind-dc1" \
                     -secondary-kubecontext="kind-dc2" \
                     -debug-directory="$TEST_RESULTS/debug" \
-                    -consul-image="ishustava/consul-enterprise:tproxy-test" \
+                    -consul-image="hashicorp/consul-enterprise:1.10.0-ent-beta1" \
                     -consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
               then
                 echo "Tests in ${pkg} failed, aborting early"
@@ -215,7 +215,7 @@ jobs:
             # The license expires 15-Oct-2025.
             KUBECONFIG=$primary_kubeconfig kubectl create secret generic ent-license --from-literal=key="${CONSUL_ENT_LICENSE}"
 
-            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 50m -failfast \
+            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 2h -failfast \
               -enable-enterprise \
               -enterprise-license-secret-name=ent-license \
               -enterprise-license-secret-key=key \
@@ -224,6 +224,7 @@ jobs:
               -kubeconfig="$primary_kubeconfig" \
               -secondary-kubeconfig="$secondary_kubeconfig" \
               -debug-directory="$TEST_RESULTS/debug" \
+              -consul-image="hashicorp/consul-enterprise:1.10.0-ent-beta1" \
               -consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
 
       - store_test_results:
@@ -286,6 +287,7 @@ jobs:
               -kubeconfig="$primary_kubeconfig" \
               -secondary-kubeconfig="$secondary_kubeconfig" \
               -debug-directory="$TEST_RESULTS/debug" \
+              -consul-image="hashicorp/consul-enterprise:1.10.0-ent-beta1" \
               -consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
 
       - store_test_results:
@@ -353,12 +355,13 @@ jobs:
             chmod 600 "$primary_kubeconfig"
             chmod 600 "$secondary_kubeconfig"
 
-            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 50m -failfast \
+            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 2h -failfast \
               -enable-enterprise \
               -enable-multi-cluster \
               -kubeconfig="$primary_kubeconfig" \
               -secondary-kubeconfig="$secondary_kubeconfig" \
               -debug-directory="$TEST_RESULTS/debug" \
+              -consul-image="hashicorp/consul-enterprise:1.10.0-ent-beta1" \
               -consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
 
       - store_test_results:
@@ -416,7 +419,7 @@ jobs:
           working_directory: test/acceptance/tests
           no_output_timeout: 1h
           command: |
-            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 40m -failfast \
+            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 2h -failfast \
               -enable-openshift \
               -enable-enterprise \
               -enable-multi-cluster \
@@ -481,13 +484,14 @@ jobs:
           working_directory: test/acceptance/tests
           no_output_timeout: 1h
           command: |
-            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 50m -failfast \
+            gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- ./... -p 1 -timeout 2h -failfast \
               -use-kind \
               -enable-multi-cluster \
               -enable-enterprise \
               -kubecontext="kind-dc1" \
               -secondary-kubecontext="kind-dc2" \
               -debug-directory="$TEST_RESULTS/debug" \
+              -consul-image="hashicorp/consul-enterprise:1.10.0-ent-beta1" \
               -consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest"
 
       - store_test_results:

diff --git a/test/acceptance/framework/consul/consul_cluster.go b/test/acceptance/framework/consul/consul_cluster.go
@@ -19,6 +19,7 @@ import (
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	policyv1beta "k8s.io/api/policy/v1beta1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -347,7 +348,8 @@ func configurePodSecurityPolicies(t *testing.T, client kubernetes.Interface, cfg
 					Name: "test-psp",
 				},
 				Spec: policyv1beta.PodSecurityPolicySpec{
-					Privileged: false,
+					Privileged:          false,
+					AllowedCapabilities: []corev1.Capability{"NET_ADMIN"},
 					SELinux: policyv1beta.SELinuxStrategyOptions{
 						Rule: policyv1beta.SELinuxStrategyRunAsAny,
 					},