91299fcc1b
Molecule тесты для всех аддонов и кластерный topology тест: Аддоны (Helm lint + template + assertions): - addons/technitium-dns/role/molecule/ — Primary/Secondary DNS, CronJob, kube-vip - addons/authelia/role/molecule/ — OIDC clients, access_control, manifests - addons/ingress-proxypass/role/molecule/ — proxies, Service/Endpoints/Ingress - addons/ingress-add-domains/role/molecule/ — entries, Ingress per namespace - addons/yandex-dns-controller/role/molecule/ — CronJob, ConfigMap, RBAC Кластер: - molecule/cluster/ — 3 master (embedded etcd HA) + 2 worker topology тест Инфраструктура: - scripts/molecule-report.py — генератор HTML отчётов из JUnit XML (читает /tmp/molecule-junit/*.xml → /tmp/molecule-report.html) - requirements-python.txt — комментарий к отчётному блоку - docker/entrypoint.sh — добавлены команды molecule-addon, molecule-cluster, molecule-report с автоматическим включением junit callback - Makefile — targets: molecule-cluster, molecule-addon-*, molecule-addon-all, molecule-report; molecule-all генерирует HTML отчёт - docs/molecule-testing.md — полная документация всех сценариев - docs/addons.md — добавлены technitium-dns и authelia в таблицу аддонов
176 lines
7.2 KiB
YAML
176 lines
7.2 KiB
YAML
---
|
||
# ── Verify master node configs ────────────────────────────────────────────────
|
||
- name: Verify — k3s master configs
|
||
hosts: k3s_master
|
||
become: true
|
||
gather_facts: false
|
||
|
||
tasks:
|
||
- name: Read master config.yaml
|
||
ansible.builtin.slurp:
|
||
src: /etc/kubernetes/k3s/config.yaml
|
||
register: config_raw
|
||
|
||
- name: Parse master config
|
||
ansible.builtin.set_fact:
|
||
cfg: "{{ config_raw.content | b64decode | from_yaml }}"
|
||
|
||
- name: Assert token is set on all masters
|
||
ansible.builtin.assert:
|
||
that: cfg.token | length > 0
|
||
fail_msg: "token не задан в config.yaml на {{ inventory_hostname }}"
|
||
|
||
- name: Assert cluster-cidr is correct
|
||
ansible.builtin.assert:
|
||
that: cfg['cluster-cidr'] == '10.42.0.0/16'
|
||
fail_msg: "cluster-cidr неверный: {{ cfg['cluster-cidr'] }}"
|
||
|
||
- name: Assert service-cidr is correct
|
||
ansible.builtin.assert:
|
||
that: cfg['service-cidr'] == '10.43.0.0/16'
|
||
fail_msg: "service-cidr неверный: {{ cfg['service-cidr'] }}"
|
||
|
||
- name: Assert traefik is disabled
|
||
ansible.builtin.assert:
|
||
that: "'traefik' in cfg.disable"
|
||
fail_msg: "traefik должен быть в disable на {{ inventory_hostname }}"
|
||
|
||
# master01 — инициализатор кластера
|
||
- name: Assert master01 has cluster-init=true
|
||
ansible.builtin.assert:
|
||
that: cfg['cluster-init'] == true
|
||
fail_msg: "master01 должен иметь cluster-init: true"
|
||
when: inventory_hostname == groups['k3s_master'][0]
|
||
|
||
# master02 + master03 — присоединяются к кластеру
|
||
- name: Assert master02/master03 have server URL (join address)
|
||
ansible.builtin.assert:
|
||
that:
|
||
- cfg.server is defined
|
||
- "'192.168.1.100' in cfg.server"
|
||
- "'6443' in cfg.server"
|
||
fail_msg: "master02/master03 должны иметь server URL с VIP, получено: {{ cfg }}"
|
||
when: inventory_hostname != groups['k3s_master'][0]
|
||
|
||
- name: Assert master02/master03 do NOT have cluster-init
|
||
ansible.builtin.assert:
|
||
that: cfg['cluster-init'] is not defined
|
||
fail_msg: "master02/master03 не должны иметь cluster-init"
|
||
when: inventory_hostname != groups['k3s_master'][0]
|
||
|
||
- name: Check config file permissions are 0600
|
||
ansible.builtin.stat:
|
||
path: /etc/kubernetes/k3s/config.yaml
|
||
register: config_stat
|
||
|
||
- name: Assert config file permissions
|
||
ansible.builtin.assert:
|
||
that: config_stat.stat.mode == '0600'
|
||
fail_msg: "config.yaml должен иметь права 0600, получено: {{ config_stat.stat.mode }}"
|
||
|
||
# kube-vip manifest
|
||
- name: Check kube-vip manifest exists
|
||
ansible.builtin.stat:
|
||
path: /var/lib/kubernetes/k3s/server/manifests/kube-vip.yaml
|
||
register: kubevip_stat
|
||
|
||
- name: Assert kube-vip manifest exists
|
||
ansible.builtin.assert:
|
||
that: kubevip_stat.stat.exists
|
||
fail_msg: "kube-vip manifest не создан на {{ inventory_hostname }}"
|
||
|
||
- name: Read kube-vip manifest
|
||
ansible.builtin.slurp:
|
||
src: /var/lib/kubernetes/k3s/server/manifests/kube-vip.yaml
|
||
register: kubevip_raw
|
||
|
||
- name: Assert kube-vip VIP address in manifest
|
||
ansible.builtin.assert:
|
||
that: "'192.168.1.100' in (kubevip_raw.content | b64decode)"
|
||
fail_msg: "VIP 192.168.1.100 не найден в kube-vip manifest"
|
||
|
||
# ── Verify worker node configs ────────────────────────────────────────────────
|
||
- name: Verify — k3s worker configs
|
||
hosts: k3s_workers
|
||
become: true
|
||
gather_facts: false
|
||
|
||
tasks:
|
||
- name: Read worker config.yaml
|
||
ansible.builtin.slurp:
|
||
src: /etc/kubernetes/k3s/config.yaml
|
||
register: agent_raw
|
||
|
||
- name: Parse worker config
|
||
ansible.builtin.set_fact:
|
||
agent: "{{ agent_raw.content | b64decode | from_yaml }}"
|
||
|
||
- name: Assert workers have server URL
|
||
ansible.builtin.assert:
|
||
that:
|
||
- agent.server is defined
|
||
- "'192.168.1.100' in agent.server"
|
||
- "'6443' in agent.server"
|
||
fail_msg: "Worker {{ inventory_hostname }} должен иметь server URL с VIP"
|
||
|
||
- name: Assert workers have token
|
||
ansible.builtin.assert:
|
||
that: agent.token | length > 0
|
||
fail_msg: "token не задан в agent config на {{ inventory_hostname }}"
|
||
|
||
- name: Assert workers do NOT have cluster-init
|
||
ansible.builtin.assert:
|
||
that: agent['cluster-init'] is not defined
|
||
fail_msg: "Воркер не должен иметь cluster-init"
|
||
|
||
# ── Verify rendered addon values ──────────────────────────────────────────────
|
||
- name: Verify — ingress-nginx values template (master01)
|
||
hosts: master01
|
||
become: false
|
||
gather_facts: false
|
||
|
||
tasks:
|
||
- name: Read rendered ingress-nginx values
|
||
ansible.builtin.slurp:
|
||
src: /tmp/molecule-values/ingress-nginx.yaml
|
||
register: nginx_raw
|
||
|
||
- name: Parse ingress-nginx values
|
||
ansible.builtin.set_fact:
|
||
nginx: "{{ nginx_raw.content | b64decode | from_yaml }}"
|
||
|
||
- name: Assert ingress-nginx controller service type
|
||
ansible.builtin.assert:
|
||
that:
|
||
- nginx.controller is defined
|
||
- nginx.controller.service.type == 'LoadBalancer'
|
||
fail_msg: "ingress-nginx service type должен быть LoadBalancer"
|
||
|
||
- name: Assert metrics are enabled
|
||
ansible.builtin.assert:
|
||
that: nginx.controller.metrics.enabled == true
|
||
fail_msg: "ingress-nginx metrics должны быть включены"
|
||
|
||
# ── Summary ───────────────────────────────────────────────────────────────────
|
||
- name: Summary
|
||
hosts: localhost
|
||
gather_facts: false
|
||
tasks:
|
||
- name: Print topology
|
||
ansible.builtin.debug:
|
||
msg:
|
||
- "╔══════════════════════════════════════════════════════╗"
|
||
- "║ Cluster scenario — ALL ASSERTIONS PASSED ║"
|
||
- "╚══════════════════════════════════════════════════════╝"
|
||
- ""
|
||
- " Topology tested:"
|
||
- " Masters (cluster-init HA): master01, master02, master03"
|
||
- " Workers (agent): worker01, worker02"
|
||
- ""
|
||
- " Configs verified:"
|
||
- " ✓ master01: cluster-init=true, traefik disabled"
|
||
- " ✓ master02/03: server=https://192.168.1.100:6443"
|
||
- " ✓ worker01/02: agent config with VIP server URL"
|
||
- " ✓ kube-vip manifests rendered on all masters"
|
||
- " ✓ ingress-nginx values.yaml.j2 renders correctly"
|