diff --git a/mariadb/templates/bin/_test.sh.tpl b/mariadb/templates/bin/_test.sh.tpl new file mode 100644 index 000000000..fa7d80cc0 --- /dev/null +++ b/mariadb/templates/bin/_test.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +rm -f /tmp/test-success + +mysqlslap \ + --defaults-file=/etc/mysql/test-params.cnf \ + {{ include "helm-toolkit.utils.joinListWithSpace" $.Values.conf.tests.params }} -vv \ + --post-system="touch /tmp/test-success" + +if ! [ -f /tmp/test-success ]; then + exit 1 +fi diff --git a/mariadb/templates/configmap-bin.yaml b/mariadb/templates/configmap-bin.yaml index 7751b3a7e..cc77a62c3 100644 --- a/mariadb/templates/configmap-bin.yaml +++ b/mariadb/templates/configmap-bin.yaml @@ -39,6 +39,8 @@ data: {{ tuple "bin/_start.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} stop.sh: | {{ tuple "bin/_stop.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + test.sh: | +{{ tuple "bin/_test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- if .Values.conf.backup.enabled }} backup_mariadb.sh: | {{ tuple "bin/_backup_mariadb.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml new file mode 100644 index 000000000..de940b980 --- /dev/null +++ b/mariadb/templates/pod-test.yaml @@ -0,0 +1,76 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_test }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.static.tests }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + labels: +{{ tuple $envAll "mariadb" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + shareProcessNamespace: true + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "tests" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + restartPolicy: Never + initContainers: +{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: {{.Release.Name}}-mariadb-test +{{ dict "envAll" $envAll "application" "tests" "container" "test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} +{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }} + command: + - /tmp/test.sh + volumeMounts: + - name: tmp + mountPath: /tmp + - name: mariadb-bin + mountPath: /tmp/test.sh + subPath: test.sh + readOnly: true + - name: mariadb-secrets + mountPath: /etc/mysql/test-params.cnf + {{ if eq $envAll.Values.conf.tests.endpoint "internal" }} + subPath: admin_user_internal.cnf + {{ else if eq $envAll.Values.conf.tests.endpoint "direct" }} + subPath: admin_user.cnf + {{ else }} + {{ fail "Either 'direct' or 'internal' should be specified for .Values.conf.tests.endpoint" }} + {{ end }} + readOnly: true + volumes: + - name: tmp + emptyDir: {} + - name: mariadb-bin + configMap: + name: mariadb-bin + defaultMode: 0555 + - name: mariadb-secrets + secret: + secretName: mariadb-secrets + defaultMode: 0444 +{{- end }} diff --git a/mariadb/templates/secrets-etc.yaml b/mariadb/templates/secrets-etc.yaml index 1e6865986..704e4730d 100644 --- a/mariadb/templates/secrets-etc.yaml +++ b/mariadb/templates/secrets-etc.yaml @@ -24,4 +24,5 @@ metadata: type: Opaque data: admin_user.cnf: {{ tuple "secrets/_admin_user.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }} + admin_user_internal.cnf: {{ tuple "secrets/_admin_user_internal.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }} {{- end }} diff --git a/mariadb/templates/secrets/_admin_user_internal.cnf.tpl b/mariadb/templates/secrets/_admin_user_internal.cnf.tpl new file mode 100644 index 000000000..82aa3597a --- /dev/null +++ b/mariadb/templates/secrets/_admin_user_internal.cnf.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +[client] +user = {{ .Values.endpoints.oslo_db.auth.admin.username }} +password = {{ .Values.endpoints.oslo_db.auth.admin.password }} +host = {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +port = {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml index 8dbf6311d..f1d57d0e6 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -30,6 +30,7 @@ images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 image_repo_sync: docker.io/docker:17.07.0 mariadb_backup: docker.io/openstackhelm/mariadb:10.2.18 + scripted_test: docker.io/openstackhelm/mariadb:10.2.18 pull_policy: "IfNotPresent" local_registry: active: false @@ -53,6 +54,9 @@ labels: job: node_selector_key: openstack-control-plane node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -93,6 +97,13 @@ pod: container: main: allowPrivilegeEscalation: false + tests: + pod: + runAsUser: 999 + container: + test: + runAsUser: 999 + readOnlyRootFilesystem: true affinity: anti: type: @@ -210,6 +221,10 @@ dependencies: services: - endpoint: internal service: oslo_db + tests: + services: + - endpoint: internal + service: oslo_db force_bootstrap: false @@ -234,6 +249,20 @@ jobs: failed: 1 conf: + tests: + # This may either be: + # * internal: which will hit the endpoint exposed by the ingress controller + # * direct: which will hit the backends directly via a k8s service ip + # Note, deadlocks and failure are to be expected with concurrency if + # hitting the `direct` endpoint. + endpoint: internal + # This is a list of tuning params passed to mysqlslap: + params: + - --auto-generate-sql + - --concurrency=100 + - --number-of-queries=1000 + - --number-char-cols=1 + - --number-int-cols=1 ingress: null backup: enabled: true @@ -372,6 +401,7 @@ manifests: service_exporter: true pdb_server: true network_policy: false + pod_test: true secret_dbadmin_password: true secret_sst_password: true secret_etc: true diff --git a/tools/deployment/keystone-auth/060-mariadb.sh b/tools/deployment/keystone-auth/060-mariadb.sh index f3af71588..56c5d6708 100755 --- a/tools/deployment/keystone-auth/060-mariadb.sh +++ b/tools/deployment/keystone-auth/060-mariadb.sh @@ -31,3 +31,6 @@ helm upgrade --install mariadb ./mariadb \ #NOTE: Validate Deployment info helm status mariadb + +#NOTE: Validate the deployment +helm test mariadb diff --git a/tools/deployment/multinode/045-mariadb.sh b/tools/deployment/multinode/045-mariadb.sh index 9fb417aa7..fbc83735c 100755 --- a/tools/deployment/multinode/045-mariadb.sh +++ b/tools/deployment/multinode/045-mariadb.sh @@ -32,3 +32,6 @@ helm upgrade --install mariadb ./mariadb \ #NOTE: Validate Deployment info helm status mariadb + +#NOTE: Validate the deployment +helm test mariadb diff --git a/tools/deployment/network-policy/045-mariadb.sh b/tools/deployment/network-policy/045-mariadb.sh index 559120f17..011b0a707 100755 --- a/tools/deployment/network-policy/045-mariadb.sh +++ b/tools/deployment/network-policy/045-mariadb.sh @@ -55,3 +55,6 @@ helm upgrade --install mariadb ./mariadb \ #NOTE: Validate Deployment info helm status mariadb + +#NOTE: Validate the deployment +helm test mariadb diff --git a/tools/deployment/osh-infra-monitoring/045-mariadb.sh b/tools/deployment/osh-infra-monitoring/045-mariadb.sh index 1f76966a2..fbc83735c 100755 --- a/tools/deployment/osh-infra-monitoring/045-mariadb.sh +++ b/tools/deployment/osh-infra-monitoring/045-mariadb.sh @@ -23,7 +23,6 @@ make mariadb : ${OSH_INFRA_EXTRA_HELM_ARGS:=""} helm upgrade --install mariadb ./mariadb \ --namespace=osh-infra \ - --set pod.replicas.server=1 \ --set monitoring.prometheus.enabled=true \ ${OSH_INFRA_EXTRA_HELM_ARGS} \ ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB} @@ -33,3 +32,6 @@ helm upgrade --install mariadb ./mariadb \ #NOTE: Validate Deployment info helm status mariadb + +#NOTE: Validate the deployment +helm test mariadb