diff --git a/openshift/Makefile b/openshift/Makefile index 44fd654d..f8bad22a 100644 --- a/openshift/Makefile +++ b/openshift/Makefile @@ -4,3 +4,7 @@ DIR := $(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) include $(addprefix $(DIR)/vendor/github.com/openshift/build-machinery-go/make/, \ targets/openshift/deps.mk \ ) + +.PHONY: test-e2e-ansible +test-e2e-ansible: + ./openshift/ci/tests/e2e-ansible-scaffolding.sh diff --git a/openshift/ci/dockerfiles/ansible-e2e.Dockerfile b/openshift/ci/dockerfiles/ansible-e2e.Dockerfile new file mode 100644 index 00000000..b356815e --- /dev/null +++ b/openshift/ci/dockerfiles/ansible-e2e.Dockerfile @@ -0,0 +1,10 @@ +# openshift-ansible-operator-plugins is built from the openshift/Dockerfile +FROM openshift-ansible-operator-plugins + +COPY openshift/ci/testdata/ansible/memcached-operator/requirements.yml ${HOME}/requirements.yml +RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ + && chmod -R ug+rwx ${HOME}/.ansible + +COPY openshift/ci/testdata/ansible/memcached-operator/watches.yaml ${HOME}/watches.yaml +COPY openshift/ci/testdata/ansible/memcached-operator/roles/ ${HOME}/roles/ +COPY openshift/ci/testdata/ansible/memcached-operator/playbooks/ ${HOME}/playbooks/ diff --git a/openshift/ci/testdata/ansible/memcached-operator/.gitignore b/openshift/ci/testdata/ansible/memcached-operator/.gitignore new file mode 100644 index 00000000..62fd3e39 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/.gitignore @@ -0,0 +1,14 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ diff --git a/openshift/ci/testdata/ansible/memcached-operator/Dockerfile b/openshift/ci/testdata/ansible/memcached-operator/Dockerfile new file mode 100644 index 00000000..48ee61c6 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/Dockerfile @@ -0,0 +1,9 @@ +FROM quay.io/operator-framework/ansible-operator:v1.35.0 + +COPY requirements.yml ${HOME}/requirements.yml +RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ + && chmod -R ug+rwx ${HOME}/.ansible + +COPY watches.yaml ${HOME}/watches.yaml +COPY roles/ ${HOME}/roles/ +COPY playbooks/ ${HOME}/playbooks/ diff --git a/openshift/ci/testdata/ansible/memcached-operator/Makefile b/openshift/ci/testdata/ansible/memcached-operator/Makefile new file mode 100644 index 00000000..f9d5671e --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/Makefile @@ -0,0 +1,106 @@ + +# Image URL to use all building/pushing image targets +IMG ?= controller:latest + +.PHONY: all +all: docker-build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build + +.PHONY: run +ANSIBLE_ROLES_PATH?="$(shell pwd)/roles" +run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config + $(ANSIBLE_OPERATOR) run + +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + docker build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + docker push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ +# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) +# To properly provided solutions that supports more than one platform you should use this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + - docker buildx create --name project-v3-builder + docker buildx use project-v3-builder + - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . + - docker buildx rm project-v3-builder + +##@ Deployment + +.PHONY: install +install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +.PHONY: uninstall +uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +.PHONY: deploy +deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +.PHONY: undeploy +undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/default | kubectl delete -f - + +OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') + +.PHONY: kustomize +KUSTOMIZE = $(shell pwd)/bin/kustomize +kustomize: ## Download kustomize locally if necessary. +ifeq (,$(wildcard $(KUSTOMIZE))) +ifeq (,$(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUSTOMIZE)) ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ ;\ + } +else +KUSTOMIZE = $(shell which kustomize) +endif +endif + +.PHONY: ansible-operator +ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator +ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. +ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) +ifeq (,$(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.35.0/ansible-operator_$(OS)_$(ARCH) ;\ + chmod +x $(ANSIBLE_OPERATOR) ;\ + } +else +ANSIBLE_OPERATOR = $(shell which ansible-operator) +endif +endif diff --git a/openshift/ci/testdata/ansible/memcached-operator/PROJECT b/openshift/ci/testdata/ansible/memcached-operator/PROJECT new file mode 100644 index 00000000..5fefbf42 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/PROJECT @@ -0,0 +1,17 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: example.com +layout: +- go.kubebuilder.io/v1 +projectName: memcached-operator +resources: +- api: + crdVersion: v1 + namespaced: true + domain: example.com + group: cache + kind: Memcached + version: v1alpha1 +version: "3" diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/crd/bases/cache.example.com_memcacheds.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/crd/bases/cache.example.com_memcacheds.yaml new file mode 100644 index 00000000..b019a46e --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/crd/bases/cache.example.com_memcacheds.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: memcacheds.cache.example.com +spec: + group: cache.example.com + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Memcached + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Memcached + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/crd/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/crd/kustomization.yaml new file mode 100644 index 00000000..c8033c37 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/crd/kustomization.yaml @@ -0,0 +1,6 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/cache.example.com_memcacheds.yaml +#+kubebuilder:scaffold:crdkustomizeresource diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/default/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/default/kustomization.yaml new file mode 100644 index 00000000..2cdda01c --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/default/kustomization.yaml @@ -0,0 +1,28 @@ +# Adds namespace to all resources. +namespace: memcached-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: memcached-operator- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +- ../prometheus + +patches: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- path: manager_auth_proxy_patch.yaml diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_auth_proxy_patch.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 00000000..36429858 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,40 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=0" + ports: + - containerPort: 8443 + protocol: TCP + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - name: manager + args: + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--leader-election-id=memcached-operator" diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml new file mode 100644 index 00000000..f6f58916 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/manager/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/manager/kustomization.yaml new file mode 100644 index 00000000..5c5f0b84 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/manager/manager.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/manager/manager.yaml new file mode 100644 index 00000000..588e1350 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/manager/manager.yaml @@ -0,0 +1,96 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - args: + - --leader-elect + - --leader-election-id=memcached-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 768Mi + requests: + cpu: 10m + memory: 256Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/kustomization.yaml new file mode 100644 index 00000000..ed137168 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml new file mode 100644 index 00000000..ad29d614 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml @@ -0,0 +1,21 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 00000000..3b93efaf --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role.yaml new file mode 100644 index 00000000..4cfaa83c --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role_binding.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 00000000..4eb27643 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_service.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_service.yaml new file mode 100644 index 00000000..3e75af73 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/kustomization.yaml new file mode 100644 index 00000000..3dc28942 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/kustomization.yaml @@ -0,0 +1,24 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- memcached_editor_role.yaml +- memcached_viewer_role.yaml diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml new file mode 100644 index 00000000..d0856253 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role_binding.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 00000000..4fb0caf6 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_editor_role.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_editor_role.yaml new file mode 100644 index 00000000..aff7adbe --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: memcached-editor-role +rules: +- apiGroups: + - cache.example.com + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.example.com + resources: + - memcacheds/status + verbs: + - get diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_viewer_role.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_viewer_role.yaml new file mode 100644 index 00000000..373da887 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/memcached_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: memcached-viewer-role +rules: +- apiGroups: + - cache.example.com + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - cache.example.com + resources: + - memcacheds/status + verbs: + - get diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role.yaml new file mode 100644 index 00000000..27958f81 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: + ## + ## Base operator rules + ## + - apiGroups: + - "" + resources: + - secrets + - pods + - pods/exec + - pods/log + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + ## + ## Rules for cache.example.com/v1alpha1, Kind: Memcached + ## + - apiGroups: + - cache.example.com + resources: + - memcacheds + - memcacheds/status + - memcacheds/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +#+kubebuilder:scaffold:rules diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml new file mode 100644 index 00000000..4585b7d8 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/rbac/service_account.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/service_account.yaml new file mode 100644 index 00000000..242874a5 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/rbac/service_account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/samples/cache_v1alpha1_memcached.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/samples/cache_v1alpha1_memcached.yaml new file mode 100644 index 00000000..09856a63 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/samples/cache_v1alpha1_memcached.yaml @@ -0,0 +1,9 @@ +apiVersion: cache.example.com/v1alpha1 +kind: Memcached +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: memcached-sample +spec: + size: 1 diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/samples/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/samples/kustomization.yaml new file mode 100644 index 00000000..89d91113 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples of your project ## +resources: +- cache_v1alpha1_memcached.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/debug_logs_patch.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/debug_logs_patch.yaml new file mode 100644 index 00000000..3fb3d559 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/debug_logs_patch.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/kustomization.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/kustomization.yaml new file mode 100644 index 00000000..41091623 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/kustomization.yaml @@ -0,0 +1,23 @@ +# Adds namespace to all resources. +namespace: osdk-test + +namePrefix: osdk- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +patchesStrategicMerge: +- manager_image.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager +images: +- name: testing + newName: testing-operator diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/manager_image.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/manager_image.yaml new file mode 100644 index 00000000..e44f542d --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/manager_image.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + image: testing diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Always.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Always.yaml new file mode 100644 index 00000000..6b0a8e2a --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Always.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/IfNotPresent.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/IfNotPresent.yaml new file mode 100644 index 00000000..2f52f496 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/IfNotPresent.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Never.yaml b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Never.yaml new file mode 100644 index 00000000..86f13d81 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/config/testing/pull_policy/Never.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Never diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/converge.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/converge.yml new file mode 100644 index 00000000..9e65e378 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/converge.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + collections: + - kubernetes.core + + tasks: + - name: Create Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + + - import_tasks: kustomize.yml + vars: + state: present diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/create.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/create.yml new file mode 100644 index 00000000..1eeaf922 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/create.yml @@ -0,0 +1,6 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: [] diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/destroy.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/destroy.yml new file mode 100644 index 00000000..9a41e7de --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - kubernetes.core + + tasks: + - import_tasks: kustomize.yml + vars: + state: absent + + - name: Destroy Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + state: absent + + - name: Unset pull policy + command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/kustomize.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/kustomize.yml new file mode 100644 index 00000000..5c801d6a --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/kustomize.yml @@ -0,0 +1,22 @@ +--- +- name: Build kustomize testing overlay + # load_restrictor must be set to none so we can load patch files from the default overlay + command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone' + args: + chdir: '{{ config_dir }}/testing' + register: resources + changed_when: false + +- name: Set resources to {{ state }} + k8s: + definition: '{{ item }}' + state: '{{ state }}' + wait: no + loop: '{{ resources.stdout | from_yaml_all | list }}' + +- name: Wait for resources to get to {{ state }} + k8s: + definition: '{{ item }}' + state: '{{ state }}' + wait: yes + loop: '{{ resources.stdout | from_yaml_all | list }}' diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/molecule.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/molecule.yml new file mode 100644 index 00000000..91fcfcaf --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/molecule.yml @@ -0,0 +1,27 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +platforms: + - name: cluster + groups: + - k8s +provisioner: + name: ansible + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples + operator_image: ${OPERATOR_IMAGE:-""} + operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + kustomize: ${KUSTOMIZE_PATH:-kustomize} + env: + K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} +verifier: + name: ansible diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/prepare.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/prepare.yml new file mode 100644 index 00000000..ed40370c --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/prepare.yml @@ -0,0 +1,28 @@ +--- +- name: Prepare + hosts: localhost + connection: local + gather_facts: false + + tasks: + - name: Ensure operator image is set + fail: + msg: | + You must specify the OPERATOR_IMAGE environment variable in order to run the + 'default' scenario + when: not operator_image + + - name: Set testing image + command: '{{ kustomize }} edit set image testing={{ operator_image }}' + args: + chdir: '{{ config_dir }}/testing' + + - name: Set pull policy + command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' + + - name: Set testing namespace + command: '{{ kustomize }} edit set namespace {{ namespace }}' + args: + chdir: '{{ config_dir }}/testing' diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/tasks/memcached_test.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/tasks/memcached_test.yml new file mode 100644 index 00000000..b13cac07 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/tasks/memcached_test.yml @@ -0,0 +1,129 @@ +--- +- name: Load CR + set_fact: + custom_resource: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" + vars: + cr_file: 'cache_v1alpha1_memcached.yaml' + +- name: Create the cache.example.com/v1alpha1.Memcached + k8s: + state: present + namespace: '{{ namespace }}' + definition: '{{ custom_resource }}' + wait: yes + wait_timeout: 300 + wait_condition: + type: Successful + status: "True" + +- name: Wait 2 minutes for memcached deployment + debug: + var: deploy + until: + - deploy is defined + - deploy.status is defined + - deploy.status.replicas is defined + - deploy.status.replicas == deploy.status.get("availableReplicas", 0) + retries: 12 + delay: 10 + vars: + deploy: '{{ lookup("k8s", + kind="Deployment", + api_version="apps/v1", + namespace=namespace, + label_selector="app=memcached" + )}}' + +- name: Verify custom status exists + assert: + that: debug_cr.status.get("test") == "hello world" + vars: + debug_cr: '{{ lookup("k8s", + kind=custom_resource.kind, + api_version=custom_resource.apiVersion, + namespace=namespace, + resource_name=custom_resource.metadata.name + )}}' + +- when: molecule_yml.scenario.name == "test-local" + block: + - name: Restart the operator by killing the pod + k8s: + state: absent + definition: + api_version: v1 + kind: Pod + metadata: + namespace: '{{ namespace }}' + name: '{{ pod.metadata.name }}' + vars: + pod: '{{ q("k8s", api_version="v1", kind="Pod", namespace=namespace, label_selector="name=memcached-operator").0 }}' + + - name: Wait 2 minutes for operator deployment + debug: + var: deploy + until: + - deploy is defined + - deploy.status is defined + - deploy.status.replicas is defined + - deploy.status.replicas == deploy.status.get("availableReplicas", 0) + retries: 12 + delay: 10 + vars: + deploy: '{{ lookup("k8s", + kind="Deployment", + api_version="apps/v1", + namespace=namespace, + resource_name="memcached-operator" + )}}' + + - name: Wait for reconciliation to have a chance at finishing + pause: + seconds: 15 + + - name: Delete the service that is created. + k8s: + kind: Service + api_version: v1 + namespace: '{{ namespace }}' + name: test-service + state: absent + + - name: Verify that test-service was re-created + debug: + var: service + until: service + retries: 12 + delay: 10 + vars: + service: '{{ lookup("k8s", + kind="Service", + api_version="v1", + namespace=namespace, + resource_name="test-service", + )}}' + +- name: Delete the custom resource + k8s: + state: absent + namespace: '{{ namespace }}' + definition: '{{ custom_resource }}' + +- name: Wait for the custom resource to be deleted + k8s_info: + api_version: '{{ custom_resource.apiVersion }}' + kind: '{{ custom_resource.kind }}' + namespace: '{{ namespace }}' + name: '{{ custom_resource.metadata.name }}' + register: cr + retries: 10 + delay: 6 + until: not cr.resources + failed_when: cr.resources + +- name: Verify the Deployment was deleted (wait 30s) + assert: + that: not lookup('k8s', kind='Deployment', api_version='apps/v1', namespace=namespace, label_selector='app=memcached') + retries: 10 + delay: 3 + diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/default/verify.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/verify.yml new file mode 100644 index 00000000..15f3674d --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/default/verify.yml @@ -0,0 +1,57 @@ +--- +- name: Verify + hosts: localhost + connection: local + gather_facts: no + collections: + - kubernetes.core + + vars: + ctrl_label: control-plane=controller-manager + + tasks: + - block: + - name: Import all test files from tasks/ + include_tasks: '{{ item }}' + with_fileglob: + - tasks/*_test.yml + rescue: + - name: Retrieve relevant resources + k8s_info: + api_version: '{{ item.api_version }}' + kind: '{{ item.kind }}' + namespace: '{{ namespace }}' + loop: + - api_version: v1 + kind: Pod + - api_version: apps/v1 + kind: Deployment + - api_version: v1 + kind: Secret + - api_version: v1 + kind: ConfigMap + register: debug_resources + + - name: Retrieve Pod logs + k8s_log: + name: '{{ item.metadata.name }}' + namespace: '{{ namespace }}' + container: manager + loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}" + register: debug_logs + + - name: Output gathered resources + debug: + var: debug_resources + + - name: Output gathered logs + debug: + var: item.log_lines + loop: '{{ debug_logs.results }}' + + - name: Re-emit failure + vars: + failed_task: + result: '{{ ansible_failed_result }}' + fail: + msg: '{{ failed_task }}' diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/converge.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/converge.yml new file mode 100644 index 00000000..8bd5700f --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/converge.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + + tasks: + - name: Build operator image + docker_image: + build: + path: '{{ project_dir }}' + pull: no + name: '{{ operator_image }}' + tag: latest + push: no + source: build + force_source: yes + + - name: Load image into kind cluster + command: kind load docker-image --name osdk-test '{{ operator_image }}' + register: result + changed_when: '"not yet present" in result.stdout' + +- import_playbook: ../default/converge.yml diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/create.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/create.yml new file mode 100644 index 00000000..66a84a14 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/create.yml @@ -0,0 +1,8 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Create test kind cluster + command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/destroy.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/destroy.yml new file mode 100644 index 00000000..304cca21 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/destroy.yml @@ -0,0 +1,16 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - kubernetes.core + + tasks: + - name: Destroy test kind cluster + command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} + + - name: Unset pull policy + command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' diff --git a/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/molecule.yml b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/molecule.yml new file mode 100644 index 00000000..534c8ce4 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/molecule/kind/molecule.yml @@ -0,0 +1,33 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +platforms: + - name: cluster + groups: + - k8s +provisioner: + name: ansible + playbooks: + prepare: ../default/prepare.yml + verify: ../default/verify.yml + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples + project_dir: ${MOLECULE_PROJECT_DIRECTORY} + operator_image: testing-operator + operator_pull_policy: "Never" + kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" + kustomize: ${KUSTOMIZE_PATH:-kustomize} + env: + K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig + KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig +verifier: + name: ansible diff --git a/openshift/ci/testdata/ansible/memcached-operator/playbooks/.placeholder b/openshift/ci/testdata/ansible/memcached-operator/playbooks/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/openshift/ci/testdata/ansible/memcached-operator/playbooks/memcached.yml b/openshift/ci/testdata/ansible/memcached-operator/playbooks/memcached.yml new file mode 100644 index 00000000..b3ce2c06 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/playbooks/memcached.yml @@ -0,0 +1,9 @@ +--- +- hosts: localhost + gather_facts: no + collections: + - kubernetes.core + - operator_sdk.util + tasks: + - import_role: + name: "memcached" diff --git a/openshift/ci/testdata/ansible/memcached-operator/requirements.yml b/openshift/ci/testdata/ansible/memcached-operator/requirements.yml new file mode 100644 index 00000000..07cabcb9 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/requirements.yml @@ -0,0 +1,10 @@ +--- +collections: + - name: operator_sdk.util + version: "0.5.0" + - name: kubernetes.core + version: "2.4.0" + - name: cloud.common + version: "2.1.1" + - name: community.docker + version: "3.10.3" diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/.placeholder b/openshift/ci/testdata/ansible/memcached-operator/roles/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/README.md b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/README.md new file mode 100644 index 00000000..c37ca916 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/README.md @@ -0,0 +1,43 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, +if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in +defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables +that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set +for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for +users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/defaults/main.yml b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/defaults/main.yml new file mode 100644 index 00000000..073d5277 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/defaults/main.yml @@ -0,0 +1,2 @@ +--- +size: 1 diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/files/.placeholder b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/files/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/handlers/main.yml b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/handlers/main.yml new file mode 100644 index 00000000..87ec3145 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for Memcached diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/meta/main.yml b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/meta/main.yml new file mode 100644 index 00000000..dfab20d3 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/meta/main.yml @@ -0,0 +1,64 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. +collections: +- operator_sdk.util +- kubernetes.core diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/tasks/main.yml b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/tasks/main.yml new file mode 100644 index 00000000..3fad70bf --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/tasks/main.yml @@ -0,0 +1,180 @@ +--- +# tasks file for Memcached +- name: start memcached + kubernetes.core.k8s: + definition: + kind: Deployment + apiVersion: apps/v1 + metadata: + name: '{{ ansible_operator_meta.name }}-memcached' + namespace: '{{ ansible_operator_meta.namespace }}' + labels: + app: memcached + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + replicas: "{{size}}" + selector: + matchLabels: + app: memcached + template: + metadata: + labels: + app: memcached + spec: + containers: + - name: memcached + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + command: + - memcached + - -m=64 + - -o + - modern + - -v + image: "docker.io/memcached:1.4.36-alpine" + ports: + - containerPort: 11211 + readinessProbe: + tcpSocket: + port: 11211 + initialDelaySeconds: 3 + periodSeconds: 3 + +- name: Check if config exists + ansible.builtin.stat: + path: /tmp/metricsbumped + register: metricsbumped + +# Only run once +- block: + - ansible.builtin.file: + path: /tmp/metricsbumped + state: touch + # Sanity + - name: create sanity_counter + operator_sdk.util.osdk_metric: + name: sanity_counter + description: ensure counter can be created + counter: {} + + - name: create sanity_gauge + operator_sdk.util.osdk_metric: + name: sanity_gauge + description: ensure gauge can be created + gauge: {} + + - name: create sanity_histogram + operator_sdk.util.osdk_metric: + name: sanity_histogram + description: ensure histogram can be created + histogram: {} + + - name: create sanity_summary + operator_sdk.util.osdk_metric: + name: sanity_summary + description: ensure summary can be created + summary: {} + + # Counter + - name: Counter increment test setup + operator_sdk.util.osdk_metric: + name: counter_inc_test + description: create counter to be incremented + counter: {} + + - name: Execute Counter increment test + operator_sdk.util.osdk_metric: + name: counter_inc_test + description: increment counter + counter: + increment: yes + + - name: Counter add test setup + operator_sdk.util.osdk_metric: + name: counter_add_test + description: create counter to be added to + counter: {} + + - name: Counter add test exe + operator_sdk.util.osdk_metric: + name: counter_add_test + description: create counter to be incremented + counter: + add: 2 + + # Gauge + - name: Gauge set test + operator_sdk.util.osdk_metric: + name: gauge_set_test + description: create and set a gauge t0 5 + gauge: + set: 5 + + - name: Gauge add test setup + operator_sdk.util.osdk_metric: + name: gauge_add_test + description: create a gauge + gauge: {} + + - name: Gauge add test + operator_sdk.util.osdk_metric: + name: gauge_add_test + description: Add 7 to the gauge + gauge: + add: 7 + + - name: Gauge subtract test setup + operator_sdk.util.osdk_metric: + name: gauge_sub_test + description: create a gauge + gauge: {} + + - name: Gauge sub test + operator_sdk.util.osdk_metric: + name: gauge_sub_test + description: Add 7 to the gauge + gauge: + subtract: 7 + + - name: Gauge time test + operator_sdk.util.osdk_metric: + name: gauge_time_test + description: set the gauge to current time + gauge: + set_to_current_time: yes + + # Summary + - name: Summary test setup + operator_sdk.util.osdk_metric: + name: summary_test + description: create a summary + summary: {} + + - name: Summary test + operator_sdk.util.osdk_metric: + name: summary_test + description: observe a summary + summary: + observe: 2 + + # Histogram + - name: Histogram test setup + operator_sdk.util.osdk_metric: + name: histogram_test + description: create a histogram + histogram: {} + + - name: Histogram test + operator_sdk.util.osdk_metric: + name: histogram_test + description: observe a histogram + histogram: + observe: 2 + when: not metricsbumped.stat.exists + diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/templates/.placeholder b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/templates/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/vars/main.yml b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/vars/main.yml new file mode 100644 index 00000000..1cd58e10 --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/roles/memcached/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for Memcached diff --git a/openshift/ci/testdata/ansible/memcached-operator/watches.yaml b/openshift/ci/testdata/ansible/memcached-operator/watches.yaml new file mode 100644 index 00000000..ec0cb28f --- /dev/null +++ b/openshift/ci/testdata/ansible/memcached-operator/watches.yaml @@ -0,0 +1,7 @@ +--- +# Use the 'create api' subcommand to add watches to this file. +- version: v1alpha1 + group: cache.example.com + kind: Memcached + playbook: playbooks/memcached.yml +#+kubebuilder:scaffold:watch diff --git a/openshift/ci/tests/e2e-ansible-scaffolding.sh b/openshift/ci/tests/e2e-ansible-scaffolding.sh new file mode 100755 index 00000000..7d0cc2d1 --- /dev/null +++ b/openshift/ci/tests/e2e-ansible-scaffolding.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env bash + +source hack/lib/common.sh + +set -eux + +component="osdk-ansible-e2e" +eval IMAGE=$IMAGE_FORMAT +ROOTDIR="$(pwd)" +GOTMP="$(mktemp -d -p $GOPATH/src)" +trap_add 'rm -rf $GOTMP' EXIT + +mkdir -p $ROOTDIR/bin +export PATH=$ROOTDIR/bin:$PATH + +# Install kubectl client +if ! [ -x "$(command -v kubectl)" ]; then + curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.21.2/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl bin/ +fi + +# Install oc client +if ! [ -x "$(command -v oc)" ]; then + OPENSHIFT_CLIENT_VERSION="4.16.0" + curl -Lo oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux-${OPENSHIFT_CLIENT_VERSION}.tar.gz + tar xvzOf oc.tar.gz oc > oc && chmod +x oc && mv oc bin/ && rm oc.tar.gz +fi + +# Printout where we're at and what we're using +oc version +echo $ROOTDIR + +# install operator-sdk +# make install + +# Test the operator +test_operator() { + echo "Entered test_operator" + + # wait for operator pod to run + if ! timeout 1m kubectl rollout status deployment/memcached-operator-controller-manager -n memcached-operator-system; + then + echo FAIL: operator failed to run + kubectl describe pods + kubectl logs deployment/memcached-operator-controller-manager -c manager + exit 1 + fi + + + # verify that metrics service was created + if ! timeout 60s bash -c -- "until kubectl get service/memcached-operator-controller-manager-metrics-service > /dev/null 2>&1; do sleep 1; done"; + then + echo "Failed to get metrics service" + kubectl describe pods + kubectl logs deployment/memcached-operator-controller-manager -c manager + exit 1 + fi + + # create the service-account-token for the default service account + cat < /dev/null; + # then + # echo FAIL: the finalizer did not delete the configmap + # kubectl describe pods + # kubectl logs deployment/memcached-operator-controller-manager -c manager + # exit 1 + # fi + + # The deployment should get garbage collected, so we expect to fail getting the deployment. + if ! timeout 60s bash -c -- "while kubectl get deployment memcached-sample-memcached 2> /dev/null; do sleep 1; done"; + then + echo FAIL: memcached Deployment did not get garbage collected + kubectl describe pods + kubectl logs deployment/memcached-operator-controller-manager -c manager + exit 1 + fi + + # Ensure that no errors appear in the log + if kubectl logs deployment/memcached-operator-controller-manager -c manager | grep -i error; + then + echo FAIL: the operator log includes errors + kubectl describe pods + kubectl logs deployment/memcached-operator-controller-manager -c manager + exit 1 + fi +} + +# use sample in testdata +pushd $ROOTDIR/openshift/ci/testdata/ansible/memcached-operator +ls + +# deploy operator +echo "running make deploy" +make deploy IMG=$IMAGE + +# create clusterrolebinding for metrics +kubectl create clusterrolebinding memcached-operator-metrics-reader-rolebinding --clusterrole=memcached-operator-metrics-reader --serviceaccount=memcached-operator-system:default + +# switch to the "memcached-operator-system" namespace +oc project memcached-operator-system + +# Test the operator +echo "running test_operator" +test_operator + +# clean up the clusterrolebinding for metrics +kubectl delete clusterrolebinding memcached-operator-metrics-reader-rolebinding + +# remove operator +echo "running make undeploy" +make undeploy + +# the memcached-operator pods remain after the deployment is gone; wait until the pods are removed +echo "waiting for controller-manager pod to go away" +if ! timeout 60s bash -c -- "until kubectl get pods -l control-plane=controller-manager |& grep \"No resources found\"; do sleep 2; done"; +then + echo FAIL: memcached-operator Deployment did not get garbage collected + kubectl describe pods + kubectl logs deployment/memcached-operator-controller-manager -c manager + exit 1 +fi + +popd