-
Notifications
You must be signed in to change notification settings - Fork 7
209 lines (174 loc) · 8.72 KB
/
e2e-atomic-fruits-vault-crossplane.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: Job testing an end to end scenario with simple application. It tests all steps from kind, vault and crossplane installation.
on:
workflow_dispatch:
pull_request:
branches: [ main ]
paths-ignore:
- '*.md' # Ignores .md files at the root of the repository
- '**/*.md' # Ignores .md files within subdirectories
push:
branches: [ main ]
paths-ignore:
- '*.md' # Ignores .md files at the root of the repository
- '**/*.md' # Ignores .md files within subdirectories
env:
# Variable used to disable the pv tool which is not working here as pseudo tty is not supported by GitHub steps
PSEUDO_TTY: "false"
jobs:
e2e-atomic-fruits-vault-crossplane:
runs-on: ubuntu-latest
strategy:
matrix:
java-version: [ 17 ]
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ matrix.java-version }}
cache: 'maven'
- name: Setup Kubernetes using kind and deploy a local container registry
env:
REGISTRY_NAME: kind-registry
REGISTRY_PORT: 5000
run: |
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s install
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install
# Adding registry name to the /etc/hosts file
echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts
# Exporting the registry location for subsequent jobs
echo "KIND_REGISTRY=${REGISTRY_NAME}:${REGISTRY_PORT}" >> $GITHUB_ENV
- name: Build primaza, generate image, Helm chart and push image
env:
REGISTRY_GROUP: local
PRIMAZA_GITHUB_REPO: ${{ github.event.pull_request.head.repo.full_name }}
GITHUB_SHA_COMMIT: ${{ github.sha }}
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app
PRIMAZA_NAMESPACE: primaza
PRIMAZA_URL: primaza.127.0.0.1.nip.io
# Variable needed by the helm chart to configure primaza vault client
VAULT_URL: http://vault-internal.vault:8200
run: |
./scripts/primaza.sh build
- name: Deploy primaza helm chart
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app
PRIMAZA_NAMESPACE: primaza
# Variable needed by the helm chart to configure primaza vault client
VAULT_URL: http://vault-internal.vault:8200
run: |
./scripts/primaza.sh localdeploy
./scripts/primaza.sh isAlive
- name: Load the data such as cluster, services & credential
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_NAMESPACE: primaza
run: |
./scripts/data/cluster.sh url=$PRIMAZA_URL kube_context=kind kind_url="https://kubernetes.default.svc" environment=dev ns_to_exclude="default,kube-system,ingress,pipelines-as-code,local-path-storage,crossplane-system,primaza,tekton-pipelines,tekton-pipelines-resolvers,vault"
# Register this service as installable to let crossplane to install it
./scripts/data/services.sh url=$PRIMAZA_URL service_name=postgresql version=14.5 installable=on type=postgresql endpoint=tcp:5432 helm_repo="https://charts.bitnami.com/bitnami&helmChart=postgresql&helmChartVersion=11.9.13"
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mysql version=8.0 type=mysql endpoint=tcp:3306
./scripts/data/services.sh url=$PRIMAZA_URL service_name=activemq-artemis version=2.26 type=activemq endpoint=tcp:8161
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mariadb version=10.9 type=mariadb endpoint=tcp:3306
./scripts/data/credentials.sh url=$PRIMAZA_URL credential_type=vault credential_name=fruits_database-vault-creds service_name=postgresql vault_kv=primaza/fruits
- name: Installing Vault
run: |
./scripts/vault.sh
- name: Installing Crossplane
run: |
./scripts/crossplane.sh
- name: Installing Atomic fruits
env:
ATOMIC_FRUITS_NAMESPACE: app
run: |
# Install the atomic fruits helm chart from Halkyion repo
./scripts/atomic-fruits.sh deploy
- name: Creating the Primaza fruits Vault KV key
run: |
source ./scripts/common.sh
# Login as user bob and password sinclair
./scripts/vault.sh loginAsUser bob sinclair
# Register the primaza KV entries
note "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database"
./scripts/vault.sh vaultExec "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database"
- name: Wait until atomic-fruits is registered in Primaza
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
run: |
source ./scripts/common.sh
max_retries=5
retry_delay=5
retry_attempt=1
function discover_atomic_fruits() {
APPLICATION=$(curl -H 'Accept: application/json' -s "$PRIMAZA_URL/applications/name/atomic-fruits")
if [[ $(echo "$APPLICATION" | jq -r '.name') == "atomic-fruits" ]]; then
return 0
else
return 1
fi
}
while [ $retry_attempt -le $max_retries ]; do
note "Attempt $retry_attempt of $max_retries"
if discover_atomic_fruits; then
note "Primaza discovered the atomic-fruits application: $APPLICATION."
note "Getting the application id for atomic-fruits"
APPLICATION_ID=$(echo "$APPLICATION" | jq -r '.id')
echo "atomic-fruits application id: $APPLICATION_ID"
./scripts/data/claims.sh url=$PRIMAZA_URL claim_name=fruits-claim description=postgresql-fruits-db requested_service=postgresql-14.5 application_id=$APPLICATION_ID
exit 0
else
warn "Primaza didn't yet discovered the atomic-fruits application: $APPLICATION."
sleep $retry_delay
fi
done
- name: Bind application
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_NAMESPACE: primaza
run: |
./scripts/data/bind_application.sh application_name=atomic-fruits claim_name=fruits-claim
- id: wait-for-atomic-fruits
name: atomic-fruits should now be up and running
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
ATOMIC_FRUITS_NAMESPACE: app
run: |
source ./scripts/common.sh
# When the condition met and that the atomic fruits deployment is available,
# that means that the application is now bound with the service,
# so we're good !
kubectl wait --timeout=300s --for=condition=available deployment atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE
CLAIM_STATUS=$(curl -s http://$PRIMAZA_URL/claims/name/fruits-claim | jq -r .status)
if [[ "$CLAIM_STATUS" == "bound" ]]; then
exit 0
else
error "Status of the claim: fruits-claim is: $CLAIM_STATUS"
exit 1
fi
- name: (Only if it failed) Log Primaza traces at failures
if: failure()
run: |
./scripts/primaza.sh log
- name: (Only if it failed) Log Atomic Fruits traces at failure like Primaza
if: failure()
env:
ATOMIC_FRUITS_NAMESPACE: app
run: |
source ./scripts/common.sh
log BLUE "Logs of Primaza pod"
./scripts/primaza.sh log
log BLUE "List of the pods deployed on the cluster"
kubectl get pods -A
log BLUE "Description of the atomic-fruits deployment resource"
kubectl get deployment atomic-fruits -o yaml -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of the atomic-fruits deployment resource"
kubectl logs deploy/atomic-fruits --all-containers=true -n $ATOMIC_FRUITS_NAMESPACE
POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE -o name)
log BLUE "Information of the Atomic-fruits pod"
kubectl describe $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of atomic-fruits running pod"
kubectl logs $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of atomic-fruits terminated pod"
kubectl logs -p $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE