From 8342f384e4df4ea3f3098da66a530e3bbaeeadd7 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Mon, 6 Apr 2020 14:37:15 -0700 Subject: [PATCH 01/12] build author label escaping --- .buildkite/integration-restricted-test.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.buildkite/integration-restricted-test.sh b/.buildkite/integration-restricted-test.sh index 2a86aed07a10..a8f07bb897ec 100644 --- a/.buildkite/integration-restricted-test.sh +++ b/.buildkite/integration-restricted-test.sh @@ -8,9 +8,8 @@ export DEPLOY_SOURCEGRAPH_ROOT=$(pwd) export TEST_GCP_PROJECT=sourcegraph-server export TEST_GCP_ZONE=us-central1-a export TEST_GCP_USERNAME=buildkite@sourcegraph-dev.iam.gserviceaccount.com -export BUILD_CREATOR=${BUILDKITE_BUILD_CREATOR_EMAIL//[@.]/-} +export BUILD_CREATOR=`echo ${BUILDKITE_BUILD_CREATOR} | tr '[:upper:]' '[:lower:]' | sed -e 's/[[:blank:]]//g'` export BUILD_UUID=$BUILDKITE_BUILD_ID export BUILD_BRANCH=${BUILDKITE_BRANCH//./-} ${DEPLOY_SOURCEGRAPH_ROOT}/tests/integration/restricted/test.sh - From 44253387121d821a8866fed83751a6e3a4fcbca1 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 11:52:27 -0700 Subject: [PATCH 02/12] switch to ingress from service expose --- tests/integration/restricted/ingress.yaml | 9 +++++++++ tests/integration/restricted/test.sh | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 tests/integration/restricted/ingress.yaml diff --git a/tests/integration/restricted/ingress.yaml b/tests/integration/restricted/ingress.yaml new file mode 100644 index 000000000000..2c9ffebf62b8 --- /dev/null +++ b/tests/integration/restricted/ingress.yaml @@ -0,0 +1,9 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: sourcegraph-ingress + namespace: ns-sourcegraph +spec: + backend: + serviceName: sourcegraph + servicePort: 3080 diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index fec76dee51a4..72ceb067b7f6 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -32,7 +32,9 @@ kubectl create rolebinding -n ns-sourcegraph fake-user:nonroot:unprivileged --ro kubectl --as=system:serviceaccount:ns-sourcegraph:fake-user -n ns-sourcegraph apply -k ${DEPLOY_SOURCEGRAPH_ROOT}/overlays/non-privileged-create-cluster -kubectl -n ns-sourcegraph expose deployment sourcegraph-frontend --type=NodePort --name sourcegraph --type=LoadBalancer +kubectl -n ns-sourcegraph expose deployment sourcegraph-frontend --type=NodePort --name sourcegraph + +kubectl -n ns-sourcegraph apply -f ingress.yaml # wait for it all to finish (we list out the ones with persistent volume claim because they take longer) @@ -46,9 +48,9 @@ kubectl -n ns-sourcegraph rollout status -w deployment/sourcegraph-frontend # hit it with one request -SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe service sourcegraph | grep "LoadBalancer Ingress:" | cut -d ":" -f 2 | tr -d " "` +SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | grep "Address:" | cut -d ":" -f 2 | tr -d " "` -curl -m 60 http://${SOURCEGRAPH_IP}:3080 +curl -m 60 http://${SOURCEGRAPH_IP} # delete cluster From e4968ef7b9eeb174ecd4639990d4e5e58239af3b Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 12:31:37 -0700 Subject: [PATCH 03/12] restricted test makes several attempts at http request --- tests/integration/restricted/test.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index 72ceb067b7f6..2a30aebfcfa0 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -6,6 +6,11 @@ CLUSTER_NAME_SUFFIX=`echo ${BUILD_UUID} | head -c 8` CLUSTER_NAME="ds-test-restricted-${CLUSTER_NAME_SUFFIX}" +function finish { + gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet +} +trap finish EXIT + cd $(dirname "${BASH_SOURCE[0]}") # set up the cluster, set up the fake user and restricted policy and then deploy the non-privileged overlay as that user @@ -50,9 +55,15 @@ kubectl -n ns-sourcegraph rollout status -w deployment/sourcegraph-frontend SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | grep "Address:" | cut -d ":" -f 2 | tr -d " "` -curl -m 60 http://${SOURCEGRAPH_IP} - -# delete cluster +attempt_counter=0 +max_attempts=6 -gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet +until $(curl --output /dev/null --silent --head --fail http://${SOURCEGRAPH_IP}); do + if [ ${attempt_counter} -eq ${max_attempts} ];then + echo "Max attempts reached" + exit 1 + fi + attempt_counter=$(($attempt_counter+1)) + sleep 10 +done From 49c6c1a31611d515ff873c3eedb4532561b701dc Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 12:54:51 -0700 Subject: [PATCH 04/12] not just head --- tests/integration/restricted/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index 2a30aebfcfa0..d276cadf40c4 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -58,7 +58,7 @@ SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | attempt_counter=0 max_attempts=6 -until $(curl --output /dev/null --silent --head --fail http://${SOURCEGRAPH_IP}); do +until $(curl --output /dev/null --silent --fail http://${SOURCEGRAPH_IP}); do if [ ${attempt_counter} -eq ${max_attempts} ];then echo "Max attempts reached" exit 1 From bc93954a4b343d8d7155d7815e2aed6cb4f386d5 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 13:02:35 -0700 Subject: [PATCH 05/12] comment out deletion of cluster for debugging --- tests/integration/restricted/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index d276cadf40c4..a249f93211e2 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -7,7 +7,7 @@ CLUSTER_NAME_SUFFIX=`echo ${BUILD_UUID} | head -c 8` CLUSTER_NAME="ds-test-restricted-${CLUSTER_NAME_SUFFIX}" function finish { - gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet + #gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet } trap finish EXIT From 26136646829d4d1fdc6c4988a897f7c56ad96f5d Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 13:07:05 -0700 Subject: [PATCH 06/12] debug --- tests/integration/restricted/test.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index a249f93211e2..0a7a228f0490 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -6,10 +6,10 @@ CLUSTER_NAME_SUFFIX=`echo ${BUILD_UUID} | head -c 8` CLUSTER_NAME="ds-test-restricted-${CLUSTER_NAME_SUFFIX}" -function finish { - #gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet -} -trap finish EXIT +#function finish { +# gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet +#} +#trap finish EXIT cd $(dirname "${BASH_SOURCE[0]}") From ff1c244e8684872c6f9d3a076457f34f7bd03281 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 13:23:57 -0700 Subject: [PATCH 07/12] while loop --- tests/integration/restricted/test.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index 0a7a228f0490..e77b48b2cdcb 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -58,12 +58,16 @@ SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | attempt_counter=0 max_attempts=6 -until $(curl --output /dev/null --silent --fail http://${SOURCEGRAPH_IP}); do +status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}/site-admin/init) + +while [ ${status_code} -ge 400 ] +do if [ ${attempt_counter} -eq ${max_attempts} ];then echo "Max attempts reached" exit 1 fi + status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}/site-admin/init) attempt_counter=$(($attempt_counter+1)) sleep 10 done From 442d5bbfc98a6f368ee2cbdba09275a0c1c9a635 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 13:44:04 -0700 Subject: [PATCH 08/12] only hit main url --- tests/integration/restricted/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index e77b48b2cdcb..b564b380774b 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -58,7 +58,7 @@ SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | attempt_counter=0 max_attempts=6 -status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}/site-admin/init) +status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) while [ ${status_code} -ge 400 ] do @@ -67,7 +67,7 @@ do exit 1 fi - status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}/site-admin/init) + status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) attempt_counter=$(($attempt_counter+1)) sleep 10 done From 0e980062f973a464c63a74214c615d445a09d142 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 15:12:47 -0700 Subject: [PATCH 09/12] comment out request hitting for now --- tests/integration/restricted/test.sh | 44 ++++++++++++++-------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index b564b380774b..334d2fa25e6d 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -6,10 +6,10 @@ CLUSTER_NAME_SUFFIX=`echo ${BUILD_UUID} | head -c 8` CLUSTER_NAME="ds-test-restricted-${CLUSTER_NAME_SUFFIX}" -#function finish { -# gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet -#} -#trap finish EXIT +function finish { + gcloud container clusters delete ${CLUSTER_NAME} --zone ${TEST_GCP_ZONE} --project ${TEST_GCP_PROJECT} --quiet +} +trap finish EXIT cd $(dirname "${BASH_SOURCE[0]}") @@ -53,21 +53,21 @@ kubectl -n ns-sourcegraph rollout status -w deployment/sourcegraph-frontend # hit it with one request -SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | grep "Address:" | cut -d ":" -f 2 | tr -d " "` - -attempt_counter=0 -max_attempts=6 - -status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) - -while [ ${status_code} -ge 400 ] -do - if [ ${attempt_counter} -eq ${max_attempts} ];then - echo "Max attempts reached" - exit 1 - fi - - status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) - attempt_counter=$(($attempt_counter+1)) - sleep 10 -done +#SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | grep "Address:" | cut -d ":" -f 2 | tr -d " "` +# +#attempt_counter=0 +#max_attempts=6 +# +#status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) +# +#while [ ${status_code} -ge 400 ] +#do +# if [ ${attempt_counter} -eq ${max_attempts} ];then +# echo "Max attempts reached" +# exit 1 +# fi +# +# status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) +# attempt_counter=$(($attempt_counter+1)) +# sleep 10 +#done From 2982a0134c2ce6a5d7bd9f629df9947b32bb91fc Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 15:48:13 -0700 Subject: [PATCH 10/12] revert to expose --- tests/integration/restricted/test.sh | 44 +++++++++++++--------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index 334d2fa25e6d..b4d182f2dd0b 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -37,9 +37,7 @@ kubectl create rolebinding -n ns-sourcegraph fake-user:nonroot:unprivileged --ro kubectl --as=system:serviceaccount:ns-sourcegraph:fake-user -n ns-sourcegraph apply -k ${DEPLOY_SOURCEGRAPH_ROOT}/overlays/non-privileged-create-cluster -kubectl -n ns-sourcegraph expose deployment sourcegraph-frontend --type=NodePort --name sourcegraph - -kubectl -n ns-sourcegraph apply -f ingress.yaml +kubectl -n ns-sourcegraph expose deployment sourcegraph-frontend --type=NodePort --name sourcegraph --type=LoadBalancer --port=3080 --target-port=3080 # wait for it all to finish (we list out the ones with persistent volume claim because they take longer) @@ -51,23 +49,23 @@ kubectl -n ns-sourcegraph rollout status -w deployment/redis-store kubectl -n ns-sourcegraph rollout status -w statefulset/gitserver kubectl -n ns-sourcegraph rollout status -w deployment/sourcegraph-frontend -# hit it with one request - -#SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe ingress sourcegraph-ingress | grep "Address:" | cut -d ":" -f 2 | tr -d " "` -# -#attempt_counter=0 -#max_attempts=6 -# -#status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) -# -#while [ ${status_code} -ge 400 ] -#do -# if [ ${attempt_counter} -eq ${max_attempts} ];then -# echo "Max attempts reached" -# exit 1 -# fi -# -# status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}) -# attempt_counter=$(($attempt_counter+1)) -# sleep 10 -#done + hit it with one request + +SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe service sourcegraph | grep "LoadBalancer Ingress:" | cut -d ":" -f 2 | tr -d " "` + +attempt_counter=0 +max_attempts=6 + +status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}:3080) + +while [ ${status_code} -ge 400 ] +do + if [ ${attempt_counter} -eq ${max_attempts} ];then + echo "Max attempts reached" + exit 1 + fi + + status_code=$(curl -o /dev/null -s -w "%{http_code}\n" http://${SOURCEGRAPH_IP}:3080) + attempt_counter=$(($attempt_counter+1)) + sleep 10 +done From c3e6b6e7eed39b406e72070d6c41b9b45a641405 Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 15:54:11 -0700 Subject: [PATCH 11/12] uncommented a comment --- tests/integration/restricted/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/restricted/test.sh b/tests/integration/restricted/test.sh index b4d182f2dd0b..d58635779e53 100755 --- a/tests/integration/restricted/test.sh +++ b/tests/integration/restricted/test.sh @@ -49,7 +49,7 @@ kubectl -n ns-sourcegraph rollout status -w deployment/redis-store kubectl -n ns-sourcegraph rollout status -w statefulset/gitserver kubectl -n ns-sourcegraph rollout status -w deployment/sourcegraph-frontend - hit it with one request +# hit it with one request SOURCEGRAPH_IP=`kubectl -n ns-sourcegraph describe service sourcegraph | grep "LoadBalancer Ingress:" | cut -d ":" -f 2 | tr -d " "` From e9699d639990e51644ba8832328e767d2371183e Mon Sep 17 00:00:00 2001 From: Uwe Hoffmann <534011+uwedeportivo@users.noreply.github.com> Date: Tue, 7 Apr 2020 18:20:44 -0700 Subject: [PATCH 12/12] remove unneeded file --- tests/integration/restricted/ingress.yaml | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 tests/integration/restricted/ingress.yaml diff --git a/tests/integration/restricted/ingress.yaml b/tests/integration/restricted/ingress.yaml deleted file mode 100644 index 2c9ffebf62b8..000000000000 --- a/tests/integration/restricted/ingress.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: sourcegraph-ingress - namespace: ns-sourcegraph -spec: - backend: - serviceName: sourcegraph - servicePort: 3080