tags

nginxinc · Dec 20, 2024 · 17b0af4 · 17b0af4
1 parent 073fea8
commit 17b0af4
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 13 deletions.
diff --git a/tests/scripts/vars.env-example b/tests/scripts/vars.env-example
@@ -1,23 +1,11 @@
 # WARNING: This is an example - please copy this file to vars.env and complete appropriately for your environment
-RESOURCE_NAME=<the name of the resources to be created for testing (used for VM, firewall rule, router, nats config)>
 TAG=<tag of the remote image>
 PREFIX=<prefix of the remote image>
 NGINX_PREFIX=<prefix of the remote nginx image>
 NGINX_PLUS_PREFIX=<prefix of the remote nginx plus image>
-GKE_CLUSTER_NAME=<name of deployed GKE cluster>
-GKE_CLUSTER_ZONE=<zone where GKE cluster is deployed>
-GKE_CLUSTER_REGION=<region where GKE cluster is deployed>
-GKE_PROJECT=<GCP project>
-GKE_SVC_ACCOUNT=<service account with k8s admin permissions>
-GKE_NODES_SERVICE_ACCOUNT=<service account for the GKE nodes to assume>
-NETWORK_TAGS=<network tags>
 NGF_REPO=<optional repo, by default nginxinc>
 NGF_BRANCH=main
 GINKGO_LABEL=<optional label to filter the tests, e.g. "performance">
 GINKGO_FLAGS=<optional flags to pass to the go test command>
-SOURCE_IP_RANGE=<IPs that should be allowed SSH to the VM, e.g. 1.2.3.4/32 or $(curl -sS -4 icanhazip.com)/32>
-ADD_VM_IP_AUTH_NETWORKS=<if set to true, the script will add the VM IP to the list of the GKE cluster master authorized networks>
 PLUS_ENABLED=<enable nginx plus>
 NGF_VERSION=<version of NGF being tested. Defaults to value of TAG if not set>
-GKE_MACHINE_TYPE=<the node type for the gke cluster, defaults to e2-medium>
-GKE_NUM_NODES=<the number of nodes in the gke cluster, defaults to 3>
diff --git a/tests/tofu/main.tf b/tests/tofu/main.tf
@@ -67,6 +67,7 @@ resource "google_container_node_pool" "primary_nodes" {
       block-project-ssh-keys   = "TRUE"
       disable-legacy-endpoints = "true"
     }
+    tags = ["ngf-tests-${var.gke_cluster_name}-nodes"]
     shielded_instance_config {
       enable_secure_boot = true
     }
@@ -89,7 +90,7 @@ resource "google_compute_instance" "vm" {
   machine_type              = "n2-standard-2"
   zone                      = local.google_zone
   allow_stopping_for_update = true
-  tags                      = ["ngf-tests-vm"]
+  tags                      = ["ngf-tests-${var.gke_cluster_name}-vm"]
 
   boot_disk {
     initialize_params {

diff --git a/tests/tofu/network.tf b/tests/tofu/network.tf
@@ -49,6 +49,18 @@ resource "google_compute_firewall" "deny_exkubelet" {
 
 }
 
+resource "google_compute_firewall" "allow_inkublet" {
+  name      = "${var.gke_cluster_name}-allow-inkubelet"
+  network   = google_compute_network.vpc.self_link
+  direction = "INGRESS"
+  allow {
+    protocol = "tcp"
+    ports    = ["10255"]
+  }
+  source_tags = ["ngf-tests-${var.gke_cluster_name}-nodes", "ngf-tests-${var.gke_cluster_name}-vm"]
+
+}
+
 resource "google_compute_address" "vpc-ip" {
   name         = "${var.gke_cluster_name}-vpc-ip"
   address_type = "EXTERNAL"