Add integration test for Pod delete

Author: Supreeth095

test/integration/perpodsg/perpodsg_test.go

@@ -28,6 +28,7 @@ import (
 	sgpWrapper "github.com/aws/amazon-vpc-resource-controller-k8s/test/framework/resource/k8s/sgp"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/test/framework/utils"
 	"github.com/samber/lo"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -513,8 +514,117 @@ var _ = Describe("Branch ENI Pods", func() {
 			})
 		})
 	})
+
+	Describe("Test Network Connectivity on Delete and Recreation of Pod", func() {
+		Context("creating statefulset with network connectivity", func() {
+			var statefulSet *appsv1.StatefulSet
+
+			JustBeforeEach(func() {
+				statefulSet = &appsv1.StatefulSet{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "network-test",
+						Namespace: namespace,
+					},
+					Spec: appsv1.StatefulSetSpec{
+						ServiceName: "network-test",
+						Replicas:    int32Ptr(2),
+						Selector: &metav1.LabelSelector{
+							MatchLabels: map[string]string{
+								podLabelKey: podLabelValue,
+							},
+						},
+						Template: v1.PodTemplateSpec{
+							ObjectMeta: metav1.ObjectMeta{
+								Labels: map[string]string{
+									podLabelKey: podLabelValue,
+								},
+							},
+							Spec: v1.PodSpec{
+								Containers: []v1.Container{
+									{
+										Name:  "network-test",
+										Image: "busybox",
+										Command: []string{
+											"/bin/sh",
+											"-c",
+											"while true; do if ping -c 1 google.com; then echo 'Successfully pinged google.com'; else echo 'Failed to ping google.com'; exit 1; fi; sleep 30; done",
+										},
+									},
+								},
+							},
+						},
+					},
+				}
+			})
+
+			JustAfterEach(func() {
+				By("deleting the statefulset")
+				err = frameWork.K8sClient.Delete(ctx, statefulSet)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			Context("when statefulset is created with network connectivity requirements", func() {
+				It("should have all pods running with network access", func() {
+					By("creating security group policy")
+					sgpWrapper.CreateSecurityGroupPolicy(frameWork.K8sClient, ctx, securityGroupPolicy)
+
+					By("creating statefulset")
+					err = frameWork.K8sClient.Create(ctx, statefulSet)
+					Expect(err).ToNot(HaveOccurred())
+
+					By("waiting for statefulset pods to be ready")
+					Eventually(func() bool {
+						err := frameWork.K8sClient.Get(ctx, client.ObjectKey{
+							Namespace: namespace,
+							Name:      statefulSet.Name,
+						}, statefulSet)
+						if err != nil {
+							return false
+						}
+						return statefulSet.Status.ReadyReplicas == *statefulSet.Spec.Replicas
+					}, 300*time.Second, 5*time.Second).Should(BeTrue())
+
+					By("verifying network connectivity of all pods")
+					verify.VerifyNetworkingOfAllPodUsingENI(namespace, podLabelKey, podLabelValue,
+						securityGroups)
+
+					By("force deleting one pod to verify recreation")
+					pods := &v1.PodList{}
+					err = frameWork.K8sClient.List(ctx, pods, client.InNamespace(namespace),
+						client.MatchingLabels(map[string]string{podLabelKey: podLabelValue}))
+					Expect(err).ToNot(HaveOccurred())
+					Expect(pods.Items).ToNot(BeEmpty())
+
+					// Force delete the first pod
+					err = frameWork.K8sClient.Delete(ctx, &pods.Items[0], client.GracePeriodSeconds(0))
+					Expect(err).ToNot(HaveOccurred())
+
+					By("waiting for pod to be recreated")
+					Eventually(func() bool {
+						err := frameWork.K8sClient.Get(ctx, client.ObjectKey{
+							Namespace: namespace,
+							Name:      statefulSet.Name,
+						}, statefulSet)
+						if err != nil {
+							return false
+						}
+						return statefulSet.Status.ReadyReplicas == *statefulSet.Spec.Replicas
+					}, 300*time.Second, 5*time.Second).Should(BeTrue())
+
+					By("verifying network connectivity after pod recreation")
+					verify.VerifyNetworkingOfAllPodUsingENI(namespace, podLabelKey, podLabelValue,
+						securityGroups)
+				})
+			})
+		})
+	})
 })
 
+// Helper functions
+func int32Ptr(i int32) *int32 {
+    return &i
+}
+
 func CreateServiceAccount(serviceAccount *v1.ServiceAccount) {
 	By("create a service account")
 	err := frameWork.K8sClient.Create(ctx, serviceAccount)