Test in Cloud
This guide explains how to run Garden Linux tests on cloud providers including authentication setup and cloud-specific options.
Overview
Cloud testing deploys the image to cloud infrastructure using OpenTofu, providing real-world environment testing with automatic resource cleanup.
Supported Providers:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
- Alibaba Cloud (ALI)
- OpenStack
Cloud Provider Authentication
Before running tests, authenticate with the cloud providers you want to test against. Each provider has its own authentication method.
Alibaba Cloud (ALI)
Alibaba Cloud requires you to set up an AccessKey pair:
# Select profile
export ALIBABA_CLOUD_PROFILE=gardenlinux-test
# Configure your existing ALI credentials (only needed once)
aliyun configure --profile $ALIBABA_CLOUD_PROFILE
# Check access
aliyun sts GetCallerIdentityAmazon Web Services (AWS)
AWS requires IAM user credentials:
# Select profile
export AWS_PROFILE=gardenlinux-test
# Configure your existing AWS credentials (only needed once)
aws configure
# Check access
aws sts get-caller-identity:::note For AWS, you can also use Single Sign-On (SSO) authentication if your organization supports it. :::
Microsoft Azure
Azure requires user authentication via Azure CLI:
# Configure your existing Azure Subscription
export ARM_SUBSCRIPTION_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# Login
az login
# Check access
az account show:::note The subscription ID can be found in the Azure portal under Subscriptions. :::
Google Cloud Platform (GCP)
GCP requires user authentication via gcloud CLI:
# Configure your existing Google Cloud Project
export GOOGLE_PROJECT="gardenlinux-test"
# Configure your existing GCP credentials (only needed once)
gcloud config set project ${GOOGLE_PROJECT}
# Login
gcloud auth application-default login
# Check access
gcloud auth list:::note The Project ID can be found in the Google Cloud portal under Project info. :::
OpenStack
Configure OpenStack authentication:
# Download or configure ~/.config/openstack/clouds.yaml
# Select profile
export OS_CLOUD=gardenlinux-test:::note You can download the clouds.yaml from your OpenStack dashboard. :::
Cloud-Specific Command-Line Options
--cloud <provider>
Specify the cloud provider (aws, gcp, azure, ali, openstack).
./test --cloud aws .build/image.raw:::note QEMU VM testing ignores this flag. :::
--cloud-image
Use an existing cloud image instead of uploading a new one.
Possible images are listed on official releases, for example 1592.12:
- ali:
m-d7o7skltl4qe9anmwdp4(eu-west-1 amd64) - aws:
ami-0d8d06eb3a44ae794(eu-central-1 amd64) - gcp:
gardenlinux-gcp-ff804026cbe7b5f2d6f729e4-1592-12-c6d7f9a9(amd64) - azure:
/CommunityGalleries/gardenlinux-13e998fe-534d-4b0a-8a27-f16a73aef620/Images/gardenlinux-nvme-gen2/Versions/1592.12.0(amd64)
./test --cloud aws --cloud-image ami-0d8d06eb3a44ae794--image-requirements-file
Only needed with --cloud-image. Points to a valid *.requirements file.
./test --cloud aws --cloud-image \
--image-requirements-file .build/aws-gardener_prod-amd64-today-local.requirements \
ami-07f977508ed36098e--only-cleanup
Only run tofu destroy for cloud setups (cleans up resources without running tests).
./test --cloud aws --only-cleanup .build/image.raw--cloud-plan
Only run tofu plan for cloud setups (shows what resources would be created without creating them).
./test --cloud aws --cloud-plan .build/image.raw:::note QEMU VM testing ignores this flag. :::
Examples
Basic Cloud Testing
Test on AWS:
./test --cloud aws .build/image.rawTest on Azure:
./test --cloud azure .build/image.rawTest on GCP:
./test --cloud gcp .build/image.rawTesting with Resource Inspection
Keep resources running after tests for inspection:
./test --cloud aws --skip-cleanup .build/image.rawClean up resources later:
./test --cloud aws --only-cleanup .build/image.rawTesting Existing Cloud Images
Test an existing AWS AMI:
./test --cloud aws --skip-cleanup --skip-tests --cloud-image \
--image-requirements-file .build/aws-gardener_prod-amd64-today-local.requirements \
ami-07f977508ed36098eInfrastructure Setup Only
Set up infrastructure without running tests:
./test --cloud aws --skip-tests --skip-cleanup .build/image.rawPlanning Infrastructure Changes
See what resources would be created:
./test --cloud aws --cloud-plan .build/image.rawRunning Specific Tests
Run only specific tests on cloud:
./test --cloud aws --skip-cleanup \
--test-args "test_ssh.py test_aws.py -v" \
.build/image.rawResource Management
Automatic Cleanup
By default, cloud resources are automatically cleaned up after tests complete:
./test --cloud aws .build/image.raw
# Resources are automatically destroyedManual Cleanup
Skip automatic cleanup for investigation:
# Run tests and keep resources
./test --cloud aws --skip-cleanup .build/image.raw
# Manually clean up later
./test --cloud aws --only-cleanup .build/image.rawCleanup After Interruption
If tests are interrupted with --skip-cleanup, re-run without the flag or use --only-cleanup:
# Tests were interrupted with --skip-cleanup
# Clean up by re-running without the flag
./test --cloud aws .build/image.raw
# Or use --only-cleanup
./test --cloud aws --only-cleanup .build/image.rawTroubleshooting
Authentication Issues
If authentication fails, verify:
- Environment variables are set correctly
- Credentials are valid and not expired
- Required permissions are granted
- CLI tools are installed and configured
Resource Cleanup Failures
If cleanup fails:
- Use
--only-cleanupto retry cleanup - Check cloud provider console for orphaned resources
- Manually delete resources if automatic cleanup fails
Timeout Issues
Cloud resource provisioning can take time. If tests timeout:
- Check cloud provider status pages for outages
- Verify network connectivity
- Try a different region