From 56fd9ee4156c9be131274748437f36fc4b7cc291 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Tue, 20 Feb 2018 18:16:33 +0100 Subject: [PATCH 1/6] Fix string encoding wrt TESTNAMESPACE --- Jenkinsfile.groovy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile.groovy b/Jenkinsfile.groovy index 9923e1cd9..9d840613b 100644 --- a/Jenkinsfile.groovy +++ b/Jenkinsfile.groovy @@ -40,8 +40,9 @@ pipeline { timestamps { lock("kubernetes-operator-tests") { withEnv([ - 'TESTNAMESPACE=${params.TESTNAMESPACE}', + "TESTNAMESPACE=${params.TESTNAMESPACE}", ]) { + sh "make" sh "make run-tests" } } From f921584da7ca5211bc9168c9061f606c9c24b200 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Tue, 20 Feb 2018 18:17:13 +0100 Subject: [PATCH 2/6] Fail on missing namespace argument --- scripts/kube_delete_namespace.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/kube_delete_namespace.sh b/scripts/kube_delete_namespace.sh index 8aff43f5f..0836607ac 100755 --- a/scripts/kube_delete_namespace.sh +++ b/scripts/kube_delete_namespace.sh @@ -4,6 +4,11 @@ NS=$1 +if [ -z $NS ]; then + echo "Specify a namespace argument" + exit 1 +fi + kubectl delete namespace $NS --now --ignore-not-found response=$(kubectl get namespace $NS --template="non-empty" --ignore-not-found) while [ ! -z $response ]; do From 69554d57b942fa484aeb4b1426dbe94d8611bcb0 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Tue, 20 Feb 2018 18:53:33 +0100 Subject: [PATCH 3/6] Better testin on jenkins --- Jenkinsfile.groovy | 9 +++++-- Makefile | 25 ++++++++++++++---- scripts/kube_create_operator.sh | 45 +++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 7 deletions(-) create mode 100755 scripts/kube_create_operator.sh diff --git a/Jenkinsfile.groovy b/Jenkinsfile.groovy index 9d840613b..b5c286736 100644 --- a/Jenkinsfile.groovy +++ b/Jenkinsfile.groovy @@ -31,7 +31,11 @@ pipeline { stage('Build') { steps { timestamps { - sh "make" + withEnv([ + "IMAGETAG=${env.GIT_COMMIT}", + ]) { + sh "make" + } } } } @@ -41,8 +45,9 @@ pipeline { lock("kubernetes-operator-tests") { withEnv([ "TESTNAMESPACE=${params.TESTNAMESPACE}", + "IMAGETAG=${env.GIT_COMMIT}", + "PUSHIMAGES=1", ]) { - sh "make" sh "make run-tests" } } diff --git a/Makefile b/Makefile index 0724952d1..b7b693c2b 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,17 @@ endif DOCKERFILE := Dockerfile DOCKERTESTFILE := Dockerfile.test +ifdef IMAGETAG + IMAGESUFFIX := ":$(IMAGETAG)" +endif + +ifndef OPERATORIMAGE + OPERATORIMAGE := $(DOCKERNAMESPACE)/arangodb-operator$(IMAGESUFFIX) +endif +ifndef TESTIMAGE + TESTIMAGE := $(DOCKERNAMESPACE)/arangodb-operator-test$(IMAGESUFFIX) +endif + BINNAME := $(PROJECT) BIN := $(BINDIR)/$(BINNAME) TESTBINNAME := $(PROJECT)_test @@ -126,7 +137,7 @@ $(BIN): $(GOBUILDDIR) $(SOURCES) go build -installsuffix cgo -ldflags "-X main.projectVersion=$(VERSION) -X main.projectBuild=$(COMMIT)" -o /usr/code/bin/$(BINNAME) $(REPOPATH) docker: $(BIN) - docker build -f $(DOCKERFILE) -t arangodb/arangodb-operator . + docker build -f $(DOCKERFILE) -t $(OPERATORIMAGE) . # Testing @@ -144,20 +155,24 @@ $(TESTBIN): $(GOBUILDDIR) $(SOURCES) go test -c -installsuffix cgo -ldflags "-X main.projectVersion=$(VERSION) -X main.projectBuild=$(COMMIT)" -o /usr/code/bin/$(TESTBINNAME) $(REPOPATH)/tests docker-test: $(TESTBIN) - docker build --quiet -f $(DOCKERTESTFILE) -t arangodb/arangodb-operator-test . + docker build --quiet -f $(DOCKERTESTFILE) -t $(TESTIMAGE) . run-tests: docker-test +ifdef PUSHIMAGES + docker push $(OPERATORIMAGE) + docker push $(TESTIMAGE) +endif $(ROOTDIR)/scripts/kube_delete_namespace.sh $(TESTNAMESPACE) kubectl create namespace $(TESTNAMESPACE) - kubectl --namespace=$(TESTNAMESPACE) create -f examples/deployment.yaml - kubectl --namespace $(TESTNAMESPACE) run arangodb-operator-test -i --rm --quiet --restart=Never --image=arangodb/arangodb-operator-test --env="TEST_NAMESPACE=$(TESTNAMESPACE)" -- -test.v + $(ROOTDIR)/scripts/kube_create_operator.sh $(TESTNAMESPACE) $(OPERATORIMAGE) + kubectl --namespace $(TESTNAMESPACE) run arangodb-operator-test -i --rm --quiet --restart=Never --image=$(TESTIMAGE) --env="TEST_NAMESPACE=$(TESTNAMESPACE)" -- -test.v kubectl delete namespace $(TESTNAMESPACE) --ignore-not-found --now # Release building docker-push: docker ifneq ($(DOCKERNAMESPACE), arangodb) - docker tag arangodb/arangodb-operator $(DOCKERNAMESPACE)/arangodb-operator + docker tag $(OPERATORIMAGE) $(DOCKERNAMESPACE)/arangodb-operator endif docker push $(DOCKERNAMESPACE)/arangodb-operator diff --git a/scripts/kube_create_operator.sh b/scripts/kube_create_operator.sh new file mode 100755 index 000000000..ca5c54dcd --- /dev/null +++ b/scripts/kube_create_operator.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Create the operator deployment with custom image option + +NS=$1 +IMAGE=$2 + +if [ -z $NS ]; then + echo "Specify a namespace argument" + exit 1 +fi +if [ -z $IMAGE ]; then + echo "Specify an image argument" + exit 1 +fi + +yaml=$(cat << EOYAML +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: arangodb-operator +spec: + replicas: 1 + template: + metadata: + labels: + name: arangodb-operator + spec: + containers: + - name: arangodb-operator + imagePullPolicy: IfNotPresent + image: ${IMAGE} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + +EOYAML +) +echo "$yaml" | kubectl --namespace=$NS create -f - \ No newline at end of file From cf5c5b539e55de6c91e9f680c1f280713ed48c28 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Tue, 20 Feb 2018 19:00:03 +0100 Subject: [PATCH 4/6] Customize namespace from git commit --- Jenkinsfile.groovy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile.groovy b/Jenkinsfile.groovy index b5c286736..dcbea2196 100644 --- a/Jenkinsfile.groovy +++ b/Jenkinsfile.groovy @@ -42,9 +42,9 @@ pipeline { stage('Test') { steps { timestamps { - lock("kubernetes-operator-tests") { + lock("${params.TESTNAMESPACE}-${env.GIT_COMMIT}") { withEnv([ - "TESTNAMESPACE=${params.TESTNAMESPACE}", + "TESTNAMESPACE=${params.TESTNAMESPACE}-${env.GIT_COMMIT}", "IMAGETAG=${env.GIT_COMMIT}", "PUSHIMAGES=1", ]) { From 29cd0e3827de6effb2daa25896a724c390a45ceb Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Thu, 22 Feb 2018 09:12:36 +0100 Subject: [PATCH 5/6] Use default namespace that is short to avoid exceeding 63 char limit --- Jenkinsfile.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile.groovy b/Jenkinsfile.groovy index dcbea2196..b987ad568 100644 --- a/Jenkinsfile.groovy +++ b/Jenkinsfile.groovy @@ -25,7 +25,7 @@ pipeline { } agent any parameters { - string(name: 'TESTNAMESPACE', defaultValue: 'arangodb-operator-tests', description: 'TESTNAMESPACE sets the kubernetes namespace to ru tests in', ) + string(name: 'TESTNAMESPACE', defaultValue: 'jenkins', description: 'TESTNAMESPACE sets the kubernetes namespace to ru tests in (this must be short!!)', ) } stages { stage('Build') { From 91a6abe40337e8ca7932829f12372436d68acb43 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Thu, 22 Feb 2018 10:47:32 +0100 Subject: [PATCH 6/6] Setup role based access control support --- Makefile | 1 + examples/setup-rbac.sh | 104 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100755 examples/setup-rbac.sh diff --git a/Makefile b/Makefile index b7b693c2b..9c9640c4d 100644 --- a/Makefile +++ b/Makefile @@ -164,6 +164,7 @@ ifdef PUSHIMAGES endif $(ROOTDIR)/scripts/kube_delete_namespace.sh $(TESTNAMESPACE) kubectl create namespace $(TESTNAMESPACE) + $(ROOTDIR)/examples/setup-rbac.sh --namespace=$(TESTNAMESPACE) $(ROOTDIR)/scripts/kube_create_operator.sh $(TESTNAMESPACE) $(OPERATORIMAGE) kubectl --namespace $(TESTNAMESPACE) run arangodb-operator-test -i --rm --quiet --restart=Never --image=$(TESTIMAGE) --env="TEST_NAMESPACE=$(TESTNAMESPACE)" -- -test.v kubectl delete namespace $(TESTNAMESPACE) --ignore-not-found --now diff --git a/examples/setup-rbac.sh b/examples/setup-rbac.sh new file mode 100755 index 000000000..088796690 --- /dev/null +++ b/examples/setup-rbac.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +function usage { + echo "$(basename "$0") - Create Kubernetes RBAC role and bindings for ArangoDB operator +Usage: $(basename "$0") [options...] +Options: + --role-name=STRING Name of ClusterRole to create + (default=\"arangodb-operator\", environment variable: ROLE_NAME) + --role-binding-name=STRING Name of ClusterRoleBinding to create + (default=\"arangodb-operator\", environment variable: ROLE_BINDING_NAME) + --namespace=STRING namespace to create role and role binding in. Must already exist. + (default=\"default\", environment vairable: NAMESPACE) +" >&2 +} + +ROLE_NAME="${ROLE_NAME:-arangodb-operator}" +ROLE_BINDING_NAME="${ROLE_BINDING_NAME:-arangodb-operator}" +NAMESPACE="${NAMESPACE:-default}" + +function setupRole { + yaml=$(cat << EOYAML +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ${ROLE_NAME} +rules: +- apiGroups: + - database.arangodb.com + resources: + - arangodeployments + verbs: + - "*" +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - secrets + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + verbs: + - "*" +EOYAML +) + echo "$yaml" | kubectl apply -f - +} + +function setupRoleBinding { + yaml=$(cat << EOYAML +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ${ROLE_BINDING_NAME} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ${ROLE_NAME} +subjects: +- kind: ServiceAccount + name: default + namespace: ${NAMESPACE} +EOYAML +) + echo "$yaml" | kubectl apply -f - +} + +for i in "$@" +do +case $i in + --role-name=*) + ROLE_NAME="${i#*=}" + ;; + --role-binding-name=*) + ROLE_BINDING_NAME="${i#*=}" + ;; + --namespace=*) + NAMESPACE="${i#*=}" + ;; + -h|--help) + usage + exit 0 + ;; + *) + usage + exit 1 + ;; +esac +done + +setupRole +setupRoleBinding