diff --git a/CHANGELOG.md b/CHANGELOG.md index 84d2efff..d94cf295 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,9 @@ All notable changes to this project will be documented in this file. ### Added - Readiness probe added ([#241]) -- Support s3 path style access ([#245]) +- Support S3 path style access ([#245]) +- Support S3 TLS verification ([#255]) +- Support Druid 0.23.0 ([#255]) ### Changed @@ -24,6 +26,7 @@ All notable changes to this project will be documented in this file. [#241]: https://github.com/stackabletech/druid-operator/pull/241 [#244]: https://github.com/stackabletech/druid-operator/pull/244 [#245]: https://github.com/stackabletech/druid-operator/pull/245 +[#255]: https://github.com/stackabletech/druid-operator/pull/255 ## [0.5.0] - 2022-03-15 diff --git a/Cargo.lock b/Cargo.lock index e6bba137..16e1bfb8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -776,6 +776,12 @@ dependencies = [ "hashbrown", ] +[[package]] +name = "indoc" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05a0bd019339e5d968b37855180087b7b9d512c5046fbd244cf8c95687927d6e" + [[package]] name = "instant" version = "0.1.12" @@ -1707,6 +1713,7 @@ dependencies = [ "clap", "fnv", "futures 0.3.21", + "indoc", "pin-project", "semver", "serde", @@ -1722,8 +1729,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.21.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.21.0#dbfa6d45fb59fadd17f9b571255c0fdc4c522671" +version = "0.21.1" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.21.1#01b0aa2069580b9f2088a4409a63436f9917004b" dependencies = [ "backoff", "chrono", @@ -1756,8 +1763,8 @@ dependencies = [ [[package]] name = "stackable-operator-derive" -version = "0.21.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.21.0#dbfa6d45fb59fadd17f9b571255c0fdc4c522671" +version = "0.21.1" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.21.1#01b0aa2069580b9f2088a4409a63436f9917004b" dependencies = [ "darling 0.14.1", "proc-macro2", diff --git a/docs/modules/ROOT/pages/usage.adoc b/docs/modules/ROOT/pages/usage.adoc index 0fac6f50..17447037 100644 --- a/docs/modules/ROOT/pages/usage.adoc +++ b/docs/modules/ROOT/pages/usage.adoc @@ -53,7 +53,7 @@ kind: DruidCluster metadata: name: simple-druid spec: - version: 0.22.1-authorizer0.1.0-stackable0.2.0 + version: 0.23.0-stackable0.3.0 zookeeperConfigMapName: simple-zk metadataStorageDatabase: dbType: postgresql diff --git a/docs/modules/ROOT/partials/supported-versions.adoc b/docs/modules/ROOT/partials/supported-versions.adoc index 0975602c..d8760fb3 100644 --- a/docs/modules/ROOT/partials/supported-versions.adoc +++ b/docs/modules/ROOT/partials/supported-versions.adoc @@ -3,3 +3,4 @@ // Stackable Platform documentation. - 0.22.1 +- 0.23.0 diff --git a/examples/psql-s3/psql-s3-druid-cluster.yaml b/examples/psql-s3/psql-s3-druid-cluster.yaml index 056ac1a2..987bd5fb 100644 --- a/examples/psql-s3/psql-s3-druid-cluster.yaml +++ b/examples/psql-s3/psql-s3-druid-cluster.yaml @@ -35,7 +35,7 @@ kind: DruidCluster metadata: name: psql-s3-druid spec: - version: 0.22.1-authorizer0.1.0-stackable0.2.0 + version: 0.23.0-stackable0.3.0 zookeeperConfigMapName: simple-druid-znode metadataStorageDatabase: dbType: postgresql diff --git a/examples/psql/psql-hdfs-druid-cluster.yaml b/examples/psql/psql-hdfs-druid-cluster.yaml index 60ed396e..a974c566 100644 --- a/examples/psql/psql-hdfs-druid-cluster.yaml +++ b/examples/psql/psql-hdfs-druid-cluster.yaml @@ -27,7 +27,7 @@ kind: DruidCluster metadata: name: psql-druid spec: - version: 0.22.1-authorizer0.1.0-stackable0.2.0 + version: 0.23.0-stackable0.3.0 zookeeperConfigMapName: simple-druid-znode metadataStorageDatabase: dbType: postgresql diff --git a/examples/simple-druid-cluster.yaml b/examples/simple-druid-cluster.yaml index 57fdcb93..a05c5b7c 100644 --- a/examples/simple-druid-cluster.yaml +++ b/examples/simple-druid-cluster.yaml @@ -47,7 +47,7 @@ kind: DruidCluster metadata: name: simple-derby-druid spec: - version: 0.22.1-authorizer0.1.0-stackable0.2.0 + version: 0.23.0-stackable0.3.0 zookeeperConfigMapName: simple-druid-znode metadataStorageDatabase: dbType: derby diff --git a/rust/crd/Cargo.toml b/rust/crd/Cargo.toml index af9cc3d0..825d486c 100644 --- a/rust/crd/Cargo.toml +++ b/rust/crd/Cargo.toml @@ -8,7 +8,7 @@ repository = "https://github.com/stackabletech/druid-operator" version = "0.6.0-nightly" [dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.1" } semver = "1.0" serde = { version = "1.0", features = ["derive"] } diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index bf8925e7..0508c246 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -2,6 +2,7 @@ use serde::{Deserialize, Serialize}; use snafu::{ResultExt, Snafu}; use stackable_operator::client::Client; use stackable_operator::commons::s3::{InlinedS3BucketSpec, S3BucketDef, S3ConnectionSpec}; +use stackable_operator::commons::tls::{CaCert, Tls, TlsServerVerification, TlsVerification}; use stackable_operator::kube::ResourceExt; use stackable_operator::{ commons::{opa::OpaConfig, s3::S3ConnectionDef}, @@ -21,6 +22,12 @@ pub const JVM_CONFIG: &str = "jvm.config"; pub const RUNTIME_PROPS: &str = "runtime.properties"; pub const LOG4J2_CONFIG: &str = "log4j2.xml"; +pub const SYSTEM_TRUST_STORE: &str = "/etc/pki/java/cacerts"; +pub const SYSTEM_TRUST_STORE_PASSWORD: &str = "changeit"; +pub const STACKABLE_TRUST_STORE: &str = "/stackable/truststore.p12"; +pub const STACKABLE_TRUST_STORE_PASSWORD: &str = "changeit"; +pub const CERTS_DIR: &str = "/stackable/certificates/"; + // port names pub const CONTAINER_HTTP_PORT: &str = "http"; pub const CONTAINER_METRICS_PORT: &str = "metrics"; @@ -64,6 +71,8 @@ pub const MD_ST_HOST: &str = "druid.metadata.storage.connector.host"; pub const MD_ST_PORT: &str = "druid.metadata.storage.connector.port"; pub const MD_ST_USER: &str = "druid.metadata.storage.connector.user"; pub const MD_ST_PASSWORD: &str = "druid.metadata.storage.connector.password"; +// indexer properties +pub const INDEXER_JAVA_OPTS: &str = "druid.indexer.runner.javaOptsArray"; // extra pub const CREDENTIALS_SECRET_PROPERTY: &str = "credentialsSecret"; @@ -178,21 +187,24 @@ impl DruidRole { } /// Returns the start commands for the different server types. - pub fn get_command(&self, mount_s3_credentials: bool) -> Vec { - let mut shell_cmd = vec![]; - if mount_s3_credentials { - shell_cmd.push(format!( - "export {env_var}=$(cat {secret_dir}/{file_name})", - env_var = ENV_S3_ACCESS_KEY, - secret_dir = S3_SECRET_DIR_NAME, - file_name = SECRET_KEY_S3_ACCESS_KEY - )); - shell_cmd.push(format!( - "export {env_var}=$(cat {secret_dir}/{file_name})", - env_var = ENV_S3_SECRET_KEY, - secret_dir = S3_SECRET_DIR_NAME, - file_name = SECRET_KEY_S3_SECRET_KEY - )); + pub fn get_command(&self, s3_connection: Option<&S3ConnectionSpec>) -> Vec { + let mut shell_cmd = vec![format!("keytool -importkeystore -srckeystore {SYSTEM_TRUST_STORE} -srcstoretype jks -srcstorepass {SYSTEM_TRUST_STORE_PASSWORD} -destkeystore {STACKABLE_TRUST_STORE} -deststoretype pkcs12 -deststorepass {STACKABLE_TRUST_STORE_PASSWORD} -noprompt")]; + + if let Some(s3_connection) = s3_connection { + if let Some(Tls { + verification: + TlsVerification::Server(TlsServerVerification { + ca_cert: CaCert::SecretClass(secret_class), + }), + }) = &s3_connection.tls + { + shell_cmd.push(format!("keytool -importcert -file /stackable/certificates/{secret_class}-tls-certificate/ca.crt -alias stackable-{secret_class} -keystore {STACKABLE_TRUST_STORE} -storepass {STACKABLE_TRUST_STORE_PASSWORD} -noprompt")); + } + + if s3_connection.credentials.is_some() { + shell_cmd.push(format!("export {ENV_S3_ACCESS_KEY}=$(cat {S3_SECRET_DIR_NAME}/{SECRET_KEY_S3_ACCESS_KEY})")); + shell_cmd.push(format!("export {ENV_S3_SECRET_KEY}=$(cat {S3_SECRET_DIR_NAME}/{SECRET_KEY_S3_SECRET_KEY})")); + } } shell_cmd.push(format!( "{} {} {}", @@ -488,6 +500,19 @@ impl Configuration for DruidConfig { PROMETHEUS_PORT.to_string(), Some(DRUID_METRICS_PORT.to_string()), ); + // Role-specific config + if role == DruidRole::MiddleManager { + // When we start ingestion jobs they will run as new JVM processes. + // We need to set this config to pass the custom truststore not only to the Druid roles but also to the started ingestion jobs. + result.insert( + INDEXER_JAVA_OPTS.to_string(), + Some(build_string_list(&[ + format!("-Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE}"), + format!("-Djavax.net.ssl.trustStorePassword={STACKABLE_TRUST_STORE_PASSWORD}"), + "-Djavax.net.ssl.trustStoreType=pkcs12".to_string() + ])) + ); + } } LOG4J2_CONFIG => {} _ => {} diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index 83982338..64402377 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -8,12 +8,13 @@ repository = "https://github.com/stackabletech/druid-operator" version = "0.6.0-nightly" [dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.1" } stackable-druid-crd = { path = "../crd" } anyhow = "1.0" clap = "3.2" fnv = "1.0" futures = { version = "0.3", features = ["compat"] } +indoc = "1.0.6" pin-project = "1.0" semver = "1.0" serde = "1.0" @@ -26,5 +27,5 @@ tracing = "0.1" [build-dependencies] built = { version = "0.5", features = ["chrono", "git2"] } -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.21.1" } stackable-druid-crd = { path = "../crd" } diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs index 055fbfaa..947ebea7 100644 --- a/rust/operator-binary/src/config.rs +++ b/rust/operator-binary/src/config.rs @@ -1,55 +1,58 @@ -use stackable_druid_crd::DruidRole; +use indoc::formatdoc; +use stackable_druid_crd::{DruidRole, STACKABLE_TRUST_STORE, STACKABLE_TRUST_STORE_PASSWORD}; pub fn get_jvm_config(role: &DruidRole) -> String { - let common_props = " - -server - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Djava.io.tmpdir=/tmp - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - -XX:+UseG1GC - -XX:+ExitOnOutOfMemoryError - "; + let common_config = formatdoc! {" + -server + -Duser.timezone=UTC + -Dfile.encoding=UTF-8 + -Djava.io.tmpdir=/tmp + -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager + -XX:+UseG1GC + -XX:+ExitOnOutOfMemoryError + -Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE} + -Djavax.net.ssl.trustStorePassword={STACKABLE_TRUST_STORE_PASSWORD} + -Djavax.net.ssl.trustStoreType=pkcs12"}; match role { DruidRole::Broker => { - common_props.to_string() - + " - -Xms512m - -Xmx512m - -XX:MaxDirectMemorySize=400m - " + formatdoc! {" + {common_config} + -Xms512m + -Xmx512m + -XX:MaxDirectMemorySize=400m + "} } DruidRole::Coordinator => { - common_props.to_string() - + " - -Xms256m - -Xmx256m - -Dderby.stream.error.file=/stackable/var/druid/derby.log - " + formatdoc! {" + {common_config} + -Xms256m + -Xmx256m + -Dderby.stream.error.file=/stackable/var/druid/derby.log + "} } DruidRole::Historical => { - common_props.to_string() - + " - -Xms512m - -Xmx512m - -XX:MaxDirectMemorySize=400m - " + formatdoc! {" + {common_config} + -Xms512m + -Xmx512m + -XX:MaxDirectMemorySize=400m + "} } DruidRole::MiddleManager => { - common_props.to_string() - + " - -Xms64m - -Xmx64m - " + formatdoc! {" + {common_config} + -Xms64m + -Xmx64m + "} } DruidRole::Router => { - common_props.to_string() - + " - -Xms128m - -Xmx128m - -XX:MaxDirectMemorySize=128m - " + formatdoc! {" + {common_config} + -Xms128m + -Xmx128m + -XX:MaxDirectMemorySize=128m + "} } } } diff --git a/rust/operator-binary/src/druid_controller.rs b/rust/operator-binary/src/druid_controller.rs index 1aa73a7a..d4092f60 100644 --- a/rust/operator-binary/src/druid_controller.rs +++ b/rust/operator-binary/src/druid_controller.rs @@ -6,7 +6,7 @@ use crate::{ use snafu::{OptionExt, ResultExt, Snafu}; use stackable_druid_crd::{ - DeepStorageSpec, DruidCluster, DruidRole, APP_NAME, AUTH_AUTHORIZER_OPA_URI, + DeepStorageSpec, DruidCluster, DruidRole, APP_NAME, AUTH_AUTHORIZER_OPA_URI, CERTS_DIR, CONTAINER_HTTP_PORT, CONTAINER_METRICS_PORT, CREDENTIALS_SECRET_PROPERTY, DRUID_METRICS_PORT, DS_BUCKET, JVM_CONFIG, LOG4J2_CONFIG, RUNTIME_PROPS, S3_ENDPOINT_URL, S3_PATH_STYLE_ACCESS, S3_SECRET_DIR_NAME, ZOOKEEPER_CONNECTION_STRING, @@ -14,11 +14,12 @@ use stackable_druid_crd::{ use stackable_operator::{ builder::{ ConfigMapBuilder, ContainerBuilder, ObjectMetaBuilder, PodBuilder, - PodSecurityContextBuilder, VolumeBuilder, + PodSecurityContextBuilder, SecretOperatorVolumeSourceBuilder, VolumeBuilder, }, commons::{ opa::OpaApiVersion, s3::{S3AccessStyle, S3ConnectionSpec}, + tls::{CaCert, TlsVerification}, }, k8s_openapi::{ api::{ @@ -142,6 +143,10 @@ pub enum Error { ApplyDiscoveryConfig { source: stackable_operator::error::Error, }, + #[snafu(display( + "Druid does not support skipping the verification of the tls enabled S3 server" + ))] + S3TlsNoVerificationNotSupported, } type Result = std::result::Result; @@ -189,7 +194,7 @@ pub async fn reconcile_druid(druid: Arc, ctx: Context) -> Res }; // Get the s3 connection if one is defined - let s3_conn: Option = druid + let s3_conn = druid .get_s3_connection(client) .await .context(GetS3ConnectionSnafu)?; @@ -368,8 +373,9 @@ fn build_rolegroup_config_map( if let Some(conn) = s3_conn { if let Some(endpoint) = conn.endpoint() { transformed_config.insert(S3_ENDPOINT_URL.to_string(), Some(endpoint)); - } // TODO make code nicer + } + // We did choose a match statement here to detect new access styles in the future let path_style_access = match conn.access_style.clone().unwrap_or_default() { S3AccessStyle::Path => true, S3AccessStyle::VirtualHosted => false, @@ -516,20 +522,37 @@ fn build_rolegroup_statefulset( // add image cb.image(container_image(druid_version)); - let mut load_s3_credentials = false; - // Add s3 credentials secret volume - if let Some(S3ConnectionSpec { - credentials: Some(credentials), - .. - }) = s3_conn - { - load_s3_credentials = true; - pb.add_volume(credentials.to_volume("s3-credentials")); - cb.add_volume_mount("s3-credentials", S3_SECRET_DIR_NAME); + if let Some(s3_conn) = s3_conn { + if let Some(credentials) = &s3_conn.credentials { + pb.add_volume(credentials.to_volume("s3-credentials")); + cb.add_volume_mount("s3-credentials", S3_SECRET_DIR_NAME); + } + + if let Some(tls) = &s3_conn.tls { + match &tls.verification { + TlsVerification::None {} => return S3TlsNoVerificationNotSupportedSnafu.fail(), + TlsVerification::Server(server_verification) => { + match &server_verification.ca_cert { + CaCert::WebPki {} => {} + CaCert::SecretClass(secret_class) => { + let volume_name = format!("{secret_class}-tls-certificate"); + + let volume = VolumeBuilder::new(&volume_name) + .ephemeral( + SecretOperatorVolumeSourceBuilder::new(secret_class).build(), + ) + .build(); + pb.add_volume(volume); + cb.add_volume_mount(&volume_name, format!("{CERTS_DIR}{volume_name}")); + } + } + } + } + } } // add command - cb.command(role.get_command(load_s3_credentials)); + cb.command(role.get_command(s3_conn)); // rest of env let rest_env = rolegroup_config diff --git a/tests/templates/kuttl/authorizer/00-assert.yaml b/tests/templates/kuttl/authorizer/00-assert.yaml index db095416..dd2e29a7 100644 --- a/tests/templates/kuttl/authorizer/00-assert.yaml +++ b/tests/templates/kuttl/authorizer/00-assert.yaml @@ -10,7 +10,6 @@ kind: StatefulSet metadata: name: druid-zk-server-default status: - availableReplicas: 1 readyReplicas: 1 replicas: 1 --- diff --git a/tests/templates/kuttl/ingestion-no-s3-ext/00-assert.yaml b/tests/templates/kuttl/ingestion-no-s3-ext/00-assert.yaml index db095416..dd2e29a7 100644 --- a/tests/templates/kuttl/ingestion-no-s3-ext/00-assert.yaml +++ b/tests/templates/kuttl/ingestion-no-s3-ext/00-assert.yaml @@ -10,7 +10,6 @@ kind: StatefulSet metadata: name: druid-zk-server-default status: - availableReplicas: 1 readyReplicas: 1 replicas: 1 --- diff --git a/tests/templates/kuttl/ingestion-s3-ext/00-assert.yaml b/tests/templates/kuttl/ingestion-s3-ext/00-assert.yaml index db095416..dd2e29a7 100644 --- a/tests/templates/kuttl/ingestion-s3-ext/00-assert.yaml +++ b/tests/templates/kuttl/ingestion-s3-ext/00-assert.yaml @@ -10,7 +10,6 @@ kind: StatefulSet metadata: name: druid-zk-server-default status: - availableReplicas: 1 readyReplicas: 1 replicas: 1 --- diff --git a/tests/templates/kuttl/s3-deep-storage/00-assert.yaml b/tests/templates/kuttl/s3-deep-storage/00-assert.yaml new file mode 100644 index 00000000..9ad851c7 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/00-assert.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: install-zk +timeout: 600 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-zk-server-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: druid-znode diff --git a/tests/templates/kuttl/s3-deep-storage/00-install-zk.yaml.j2 b/tests/templates/kuttl/s3-deep-storage/00-install-zk.yaml.j2 new file mode 100644 index 00000000..a5d4cbbd --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/00-install-zk.yaml.j2 @@ -0,0 +1,22 @@ +--- +apiVersion: zookeeper.stackable.tech/v1alpha1 +kind: ZookeeperCluster +metadata: + name: druid-zk +spec: + servers: + roleGroups: + default: + replicas: 1 + config: + myidOffset: 10 + version: {{ test_scenario['values']['zookeeper'] }} + stopped: false +--- +apiVersion: zookeeper.stackable.tech/v1alpha1 +kind: ZookeeperZnode +metadata: + name: druid-znode +spec: + clusterRef: + name: druid-zk diff --git a/tests/templates/kuttl/s3-deep-storage/01-install-minio-certificates.yaml.j2 b/tests/templates/kuttl/s3-deep-storage/01-install-minio-certificates.yaml.j2 new file mode 100644 index 00000000..4bcaac88 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/01-install-minio-certificates.yaml.j2 @@ -0,0 +1,24 @@ +{% if test_scenario['values']['s3-use-tls'] == 'true' %} +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: minio-druid-tls-certificates +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-druid-tls-certificates + labels: + secrets.stackable.tech/class: minio-druid-tls-certificates +# Have a look at the folder certs on how to create this +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lVYTRSeWtzbzNHRWZsNnZuSlk4NFN6Lzk0MFI4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU1qQTJNamN4TXpVNU16TmEKR0E4eU1USXlNRFl3TXpFek5Ua3pNMW93ZXpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4S0RBbUJnTlZCQW9NSDFOMFlXTnJZV0pzClpTQlRhV2R1YVc1bklFRjFkR2h2Y21sMGVTQkpibU14RlRBVEJnTlZCQU1NREhOMFlXTnJZV0pzWlM1a1pUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLTnVOZVBDOVdKckh0OTdNL3BhaVdUaApvbi9RY1ZETGgrUWVjY0w3cWpkaWk0d1NxcU8xUjNwQWZvdGl0UVl2RFd5MFlIaXZYNFNMV2Qyc08rRmU1OXNmCkIyMmdJbHBDR1VMQ2l4MGV1NW5BTEFNbzk4eHMwME42RmwvRFRFb2tndUprVWloYzZsVzd3c3NKQ25QMFN5Y1UKZjArMDF1enV3SjZOZHVLSFhNV0U0V0JFR21tMjJiN3lQeWFWRzRNZWhmWTU2MUkrUzdlSGVpSkN4WWl2Vmc0QQpFRldDZHRxcjdXUXpsdnRkVFpZTGhUVUNhTFdqOTBySzV1V3AxOWxRSlZCVmJPQUZjQ0RhTVg1ZkVBam8xM0Q0CmRNNTgvNm9VTVhFRDlxa2VJQkJFZi9RaFNnZTA4N04yejA0RFJYaHlLWGF3WVdBb1MxeFZncGZkOGkzMVVXRUMKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRkRINzF3dGxkZEE4QVBwSktGVTlpZ2RDeWVZNk1COEdBMVVkSXdRWQpNQmFBRkRINzF3dGxkZEE4QVBwSktGVTlpZ2RDeWVZNk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQi9MUUd2eXRIN3RRa1JNMUEzZzhKeUN2T2lacm5CTU5Ga3E2UzBCNXpDaVgyL28KRXpHd1ZzSDB0TzJsSE5Gd0dsK1dvbmtDWEdqKzVudGF4VzYwMlBUMjZHSFVZb2xnbzhYank1YXE5bXAwSTY1SApENCtKVkxaOU1JU2xUNjFHaTZwTHN5aElNOUlFM1pHdDBqankzK2tOY0FkcHJmS3BTU3M2R0FXd1hGMFlPUUVoCjNqaVZNazh2TzZRYlNzOUIydVhGWVRyRmhQcUxpSDZMRDA0L1V2QmF0Y0FDcEVEcWVoenNhU0xoc3BwemxLQ1EKQ1Mxb2x4aGw0dzhlSWFOcEU5UGVjVlFvSXMxM3hhajAwK1h4emlRZkVRcXJWTEZaK2JsaEJSbm9uZlF2WTV4VApUS2VhNVNwek5OR1crbCtxTEhHcVUxZGFzU0dTM1ZXMVVEKzBzSGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhRENDQWxBQ0ZIS21SV0NJbTJ2ZVI1ZEllL3ZUT3VueU5CUnVNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Ic3gKQ3pBSkJnTlZCQVlUQWtSRk1Sc3dHUVlEVlFRSURCSlRZMmhzWlhOM2FXY3RTRzlzYzNSbGFXNHhEakFNQmdOVgpCQWNNQlZkbFpHVnNNU2d3SmdZRFZRUUtEQjlUZEdGamEyRmliR1VnVTJsbmJtbHVaeUJCZFhSb2IzSnBkSGtnClNXNWpNUlV3RXdZRFZRUUREQXh6ZEdGamEyRmliR1V1WkdVd0lCY05Nakl3TmpJM01UTTFPVE0wV2hnUE1qRXkKTWpBMk1ETXhNelU1TXpSYU1HUXhDekFKQmdOVkJBWVRBa1JGTVJzd0dRWURWUVFJREJKVFkyaHNaWE4zYVdjdApTRzlzYzNSbGFXNHhEakFNQmdOVkJBY01CVmRsWkdWc01SSXdFQVlEVlFRS0RBbFRkR0ZqYTJGaWJHVXhGREFTCkJnTlZCQU1NQzIxcGJtbHZMV1J5ZFdsa01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQXAzOGZmeGovNlJZbzdXNldReVFISFNhRXNyaVcrK3QwTTJUSDB5WVFnZkpVb1dWbWNKWHdwQVQyTHRSZQp4dDBXUjc2Nmkwcjk4VTB0Rnpva1d2NFk0K21TZnZ6eXc1dnFOOVJ3S2FOVlk4Sk9WRTdNUkkxTGhzRG1oQ3hYCnozbmxPdnRWelFiblpkbHVXSWZmc29tV1ljSStlK0M5elJjOVNYbkhucTZoRWJVS2RVV3JCLzRWaXM3UXB6a3QKUWYrQ2FmU2JXRExDZFBTMjduRDVwSTBxUFFXOWNlZ1ZzOEdBbW9Nb1BtVEZqOWtmOWFmaVg2QzF4ZldVUi9HcApWOHA5OFNtYm5KSXF5V1FhMlVMcDJ6Y3BTSGFjd045d1Q3QnF1QVJqZHUrU3c3TmNqQ29xK2YxaTFCRkdPdGFxCnlDZ1dRYkF2VVdTV0NZTzZwb1pCSXRuckFRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBNDJMYSsKTFN0aEVJYUJTYU9WNmJXMk1GMzVqZTZzRUdOaDE3K1hNMHhlQW41VktJeVBGQ0hKZENnandveDdaWWFjemxacwpKTW5kZkJnV09oM3E1TW9TSjJkQkR0QnNkVStvKzNwdHo5aDg4ejE0WTVRdXRwTWxTbWxWcU5kNkQzaWJLMWFvCmVrR3NkOGZSY0RVcFMyR0F2bnlaU1E3YTlxaStmaDFHb2FqdGtGOGdraDZkNm9xbGVnRDJoWDNTeU8zeFpXa2MKREtKR3FxY3lIQmY1a3AxanFIUHhEMGlLNlR1YjNwOTBReisxZUNXdlV5QU00MUE0TDc2Q2Rhb01TdGtCWlh6ZAo4SW9wdGVqOGI1SWRidm9XeUlWdFE1MmZBUy81WTIvL00zcURSUitRWU9RTmExSWluTk1xNVJsYUhxRlAwUWJpCjkvbmMyMXFadDArbVp5WEIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBcDM4ZmZ4ai82UllvN1c2V1F5UUhIU2FFc3JpVysrdDBNMlRIMHlZUWdmSlVvV1ZtCmNKWHdwQVQyTHRSZXh0MFdSNzY2aTByOThVMHRGem9rV3Y0WTQrbVNmdnp5dzV2cU45UndLYU5WWThKT1ZFN00KUkkxTGhzRG1oQ3hYejNubE92dFZ6UWJuWmRsdVdJZmZzb21XWWNJK2UrQzl6UmM5U1huSG5xNmhFYlVLZFVXcgpCLzRWaXM3UXB6a3RRZitDYWZTYldETENkUFMyN25ENXBJMHFQUVc5Y2VnVnM4R0Ftb01vUG1URmo5a2Y5YWZpClg2QzF4ZldVUi9HcFY4cDk4U21ibkpJcXlXUWEyVUxwMnpjcFNIYWN3Tjl3VDdCcXVBUmpkdStTdzdOY2pDb3EKK2YxaTFCRkdPdGFxeUNnV1FiQXZVV1NXQ1lPNnBvWkJJdG5yQVFJREFRQUJBb0lCQUM4clJadHRWdVExTVdGcgorelQ5T0dPbExVbUhZajJmbVNIQUIrWVdtaDkrTndjY256U2xoUmNycm9pUmxmODYwOE53bXVnUFBtUnQ3M3pUCkN0bjFKTjFLTWM5QlBMeUpjL1ExQjBFeWxpRjUzc1V2UzZjaWcxcDNpSE5BYVpvc0libnlmYjgzYW9Mc01IOE8KQkprcTFnYkJ4UWJ0eTRXdVBid3JaMlB3bWJ0Nlk0RmZxNXlrTmU0OVcxYVNGazhzMFcyNjRzNDNjQmhNNjhBVwpFbWdaeDdFeUlaR1EzWlN1MTJXbVFwTXdUWjArMjlBb3dsWGhSM2J1MVg4UlAyYzloKzk5Q2NHZUZrWW9NL2lMCm1WU2tsNjZmRjdTNVV0T0E3OEZxaFViWXJnY1F3dkZUSXNmK0tyT2VLcktmRkViVlBxWHAzK0E2RGxhTVJ3VzMKNzczMUFBRUNnWUVBM25vODExWjNuNHlJcWN2MXFtZHZkajBDeURsaWxuMFRhNUI4OXFVTjZLc0pQaUt4U0tzYQpaVW0zZlg3c1VMYm9Vd0lyVmE4Y0tTVjcxYkxhRUUvUXgrUzBJQU9TZUZhcHAxeThjb2tZVEtPRzk1NlhVKzA4CmxjZ29PalEzUmVZZEFpRk5XamM4bWFCNlcwMTBFMTEveTAvclFQRi9TUTUyblNuUGhjdEV2NEVDZ1lFQXdMd1MKaGRpV2cvRHBsVytOQTZzaTlZREdpaytiZkd3MjU0bmU1THJBTEtyUlN2NHN0dnhHTFI1ekFHVGh3S3Z2NWU2bQp5eEpYRnYvUnlsKzhFaytYWi9neHFqam5aWm15NERrc3F3Y2l5L1JudS9DcVVwU09vL2ZSYW1FS3lyU0w1UHhkCjBBMHkwbjk2aUptVXB4ZUZ0TU5FV2Z1cWdpQVQ2dmc3N1U1cTY0RUNnWUFhaStOdW5uYXZwd2szbVlxNnhwVGEKT3ZWMkJzTG95Z3ZqTGQ1N1g3NkZJTU45a280czZaM0FzRWNneG1CVVVUN3ZpTGE3QnFZSmt0dHY2R04weHRGVwp5TWRsZW9lanJGT2FFTXE3ci9naVRQRHg0dzZUaVI5TmtCQ2N3VlpIRk9vcE11Z1Q5N3RYYVhxd0lsSFRiYml0Ci9kOUlaSWlYb3c0c09xejBmZ2k2QVFLQmdIWitLbFVueDhIdWgyMWNXN0g1c1ZDR2o0blJUNks3VlRZY3lYQ08KY0VBRjlRN0tIZXVTUmdMUFNaemdhUHJ2dWxuKzA0VGVEYlVTS29UbFB0ZHpIMzdJVktCMnc2enZSYzRjMkoxOQprYU1hNi92Y0Jwc213bHVFckxkZVdpZ3R3Q1JVRThrcGxDbGVQcE5rK01PUjdwNG52d29qYzd6MHc4b2VPNW0yCk1INEJBb0dBQUxCbEN1OStNc1dsWEMxQkJ5YkZMSXZnMHcwaDU1elVqTW5TdlNpYjVMMGQ3THlaSHFjQmluWmMKUU5RdFBoSU5kU2FLWGNVRGJQY0xtVEtKZ3UxenhzZlBWZjlKRDg4eUlzQms3dFg4QkprNVdEc21OdU44UDZwbAo2cjIyeU4wTkZ3VEMxWmRMZ1RjbDV3MVNJbWpoQjNkaG9ucEFmcmM1WmRHKytvMmppRGs9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +{% endif %} diff --git a/tests/templates/kuttl/s3-deep-storage/02-install-minio.yaml.j2 b/tests/templates/kuttl/s3-deep-storage/02-install-minio.yaml.j2 new file mode 100644 index 00000000..3780efd6 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/02-install-minio.yaml.j2 @@ -0,0 +1,20 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: >- + helm install minio-druid + --namespace $NAMESPACE + --set mode=standalone + --set replicas=1 + --set persistence.enabled=false + --set buckets[0].name=druid,buckets[0].policy=none + --set users[0].accessKey=druid,users[0].secretKey=druiddruid,users[0].policy=readwrite + --set resources.requests.memory=1Gi + --set service.type=NodePort,service.nodePort=null + --set consoleService.type=NodePort,consoleService.nodePort=null +{% if test_scenario['values']['s3-use-tls'] == 'true' %} + --set tls.enabled=true,tls.certSecret=minio-druid-tls-certificates,tls.publicCrt=tls.crt,tls.privateKey=tls.key +{% endif %} + --repo https://charts.min.io/ minio + timeout: 600 diff --git a/tests/templates/kuttl/s3-deep-storage/03-assert.yaml b/tests/templates/kuttl/s3-deep-storage/03-assert.yaml new file mode 100644 index 00000000..af6372f9 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/03-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: checks +timeout: 300 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: checks +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/s3-deep-storage/03-checks-container.yaml b/tests/templates/kuttl/s3-deep-storage/03-checks-container.yaml new file mode 100644 index 00000000..afe75a6e --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/03-checks-container.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: checks + labels: + app: checks +spec: + replicas: 1 + selector: + matchLabels: + app: checks + template: + metadata: + labels: + app: checks + spec: + containers: + - name: checks + image: python:3.10-slim + stdin: true + tty: true diff --git a/tests/templates/kuttl/s3-deep-storage/10-assert.yaml b/tests/templates/kuttl/s3-deep-storage/10-assert.yaml new file mode 100644 index 00000000..8165295f --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/10-assert.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: install-druid +timeout: 600 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-s3-deep-storage-broker-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-s3-deep-storage-coordinator-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-s3-deep-storage-historical-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-s3-deep-storage-middlemanager-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: druid-s3-deep-storage-router-default +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/s3-deep-storage/10-install-druid.yaml.j2 b/tests/templates/kuttl/s3-deep-storage/10-install-druid.yaml.j2 new file mode 100644 index 00000000..c583ff86 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/10-install-druid.yaml.j2 @@ -0,0 +1,99 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +metadata: + name: install-druid +timeout: 180 +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: druid-s3-credentials +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: druid-s3-credentials + labels: + secrets.stackable.tech/class: druid-s3-credentials +stringData: + accessKey: druid + secretKey: druiddruid +--- +apiVersion: druid.stackable.tech/v1alpha1 +kind: DruidCluster +metadata: + name: druid-s3-deep-storage +spec: + version: {{ test_scenario['values']['druid'] }} + zookeeperConfigMapName: druid-znode + metadataStorageDatabase: + dbType: derby + connString: jdbc:derby://localhost:1527/var/druid/metadata.db;create=true + host: localhost + port: 1527 + deepStorage: + s3: + bucket: + inline: + bucketName: druid + connection: + inline: + host: minio-druid + port: 9000 + accessStyle: Path + credentials: + secretClass: druid-s3-credentials +{% if test_scenario['values']['s3-use-tls'] == 'true' %} + tls: + verification: + server: + caCert: + secretClass: minio-druid-tls-certificates +{% endif %} + baseKey: deep-storage + brokers: + roleGroups: + default: + selector: + matchLabels: + kubernetes.io/os: linux + config: {} + replicas: 1 + coordinators: + roleGroups: + default: + selector: + matchLabels: + kubernetes.io/os: linux + config: {} + replicas: 1 + historicals: + roleGroups: + default: + selector: + matchLabels: + kubernetes.io/os: linux + config: {} + replicas: 1 + middleManagers: + roleGroups: + default: + selector: + matchLabels: + kubernetes.io/os: linux + config: {} + replicas: 1 + routers: + roleGroups: + default: + selector: + matchLabels: + kubernetes.io/os: linux + config: {} + replicas: 1 diff --git a/tests/templates/kuttl/s3-deep-storage/11-assert.yaml b/tests/templates/kuttl/s3-deep-storage/11-assert.yaml new file mode 100644 index 00000000..4801f6df --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/11-assert.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: install-healthcheck-files +commands: + - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/healthcheck.py druid-s3-deep-storage +timeout: 300 diff --git a/tests/templates/kuttl/s3-deep-storage/11-healthcheck.yaml b/tests/templates/kuttl/s3-deep-storage/11-healthcheck.yaml new file mode 100644 index 00000000..bddb355a --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/11-healthcheck.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +timeout: 600 +commands: + - script: kubectl cp -n $NAMESPACE ./healthcheck.py checks-0:/tmp + - script: kubectl cp -n $NAMESPACE ./requirements.txt checks-0:/tmp + - script: kubectl exec -n $NAMESPACE checks-0 -- pip install --user -r /tmp/requirements.txt diff --git a/tests/templates/kuttl/s3-deep-storage/12-assert.yaml b/tests/templates/kuttl/s3-deep-storage/12-assert.yaml new file mode 100644 index 00000000..91748eb2 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/12-assert.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: ingestion-check +commands: + - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/ingestioncheck.py druid-s3-deep-storage +timeout: 300 diff --git a/tests/templates/kuttl/s3-deep-storage/12-ingestioncheck.yaml b/tests/templates/kuttl/s3-deep-storage/12-ingestioncheck.yaml new file mode 100644 index 00000000..c5b501e7 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/12-ingestioncheck.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl cp -n $NAMESPACE ./ingestioncheck.py checks-0:/tmp + - script: kubectl cp -n $NAMESPACE ./druid-quickstartimport.json checks-0:/tmp diff --git a/tests/templates/kuttl/s3-deep-storage/certs/ca.crt b/tests/templates/kuttl/s3-deep-storage/certs/ca.crt new file mode 100644 index 00000000..f038e8f0 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/ca.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUa4Rykso3GEfl6vnJY84Sz/940R8wDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMjA2MjcxMzU5MzNa +GA8yMTIyMDYwMzEzNTkzM1owezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNuNePC9WJrHt97M/paiWTh +on/QcVDLh+QeccL7qjdii4wSqqO1R3pAfotitQYvDWy0YHivX4SLWd2sO+Fe59sf +B22gIlpCGULCix0eu5nALAMo98xs00N6Fl/DTEokguJkUihc6lW7wssJCnP0SycU +f0+01uzuwJ6NduKHXMWE4WBEGmm22b7yPyaVG4MehfY561I+S7eHeiJCxYivVg4A +EFWCdtqr7WQzlvtdTZYLhTUCaLWj90rK5uWp19lQJVBVbOAFcCDaMX5fEAjo13D4 +dM58/6oUMXED9qkeIBBEf/QhSge087N2z04DRXhyKXawYWAoS1xVgpfd8i31UWEC +AwEAAaNTMFEwHQYDVR0OBBYEFDH71wtlddA8APpJKFU9igdCyeY6MB8GA1UdIwQY +MBaAFDH71wtlddA8APpJKFU9igdCyeY6MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAB/LQGvytH7tQkRM1A3g8JyCvOiZrnBMNFkq6S0B5zCiX2/o +EzGwVsH0tO2lHNFwGl+WonkCXGj+5ntaxW602PT26GHUYolgo8Xjy5aq9mp0I65H +D4+JVLZ9MISlT61Gi6pLsyhIM9IE3ZGt0jjy3+kNcAdprfKpSSs6GAWwXF0YOQEh +3jiVMk8vO6QbSs9B2uXFYTrFhPqLiH6LD04/UvBatcACpEDqehzsaSLhsppzlKCQ +CS1olxhl4w8eIaNpE9PecVQoIs13xaj00+XxziQfEQqrVLFZ+blhBRnonfQvY5xT +TKea5SpzNNGW+l+qLHGqU1dasSGS3VW1UD+0sHk= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/client.crt.pem b/tests/templates/kuttl/s3-deep-storage/certs/client.crt.pem new file mode 100644 index 00000000..c2418a5a --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/client.crt.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlACFHKmRWCIm2veR5dIe/vTOunyNBRuMA0GCSqGSIb3DQEBCwUAMHsx +CzAJBgNVBAYTAkRFMRswGQYDVQQIDBJTY2hsZXN3aWctSG9sc3RlaW4xDjAMBgNV +BAcMBVdlZGVsMSgwJgYDVQQKDB9TdGFja2FibGUgU2lnbmluZyBBdXRob3JpdHkg +SW5jMRUwEwYDVQQDDAxzdGFja2FibGUuZGUwIBcNMjIwNjI3MTM1OTM0WhgPMjEy +MjA2MDMxMzU5MzRaMGQxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJTY2hsZXN3aWct +SG9sc3RlaW4xDjAMBgNVBAcMBVdlZGVsMRIwEAYDVQQKDAlTdGFja2FibGUxFDAS +BgNVBAMMC21pbmlvLWRydWlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAp38ffxj/6RYo7W6WQyQHHSaEsriW++t0M2TH0yYQgfJUoWVmcJXwpAT2LtRe +xt0WR766i0r98U0tFzokWv4Y4+mSfvzyw5vqN9RwKaNVY8JOVE7MRI1LhsDmhCxX +z3nlOvtVzQbnZdluWIffsomWYcI+e+C9zRc9SXnHnq6hEbUKdUWrB/4Vis7Qpzkt +Qf+CafSbWDLCdPS27nD5pI0qPQW9cegVs8GAmoMoPmTFj9kf9afiX6C1xfWUR/Gp +V8p98SmbnJIqyWQa2ULp2zcpSHacwN9wT7BquARjdu+Sw7NcjCoq+f1i1BFGOtaq +yCgWQbAvUWSWCYO6poZBItnrAQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA42La+ +LSthEIaBSaOV6bW2MF35je6sEGNh17+XM0xeAn5VKIyPFCHJdCgjwox7ZYaczlZs +JMndfBgWOh3q5MoSJ2dBDtBsdU+o+3ptz9h88z14Y5QutpMlSmlVqNd6D3ibK1ao +ekGsd8fRcDUpS2GAvnyZSQ7a9qi+fh1GoajtkF8gkh6d6oqlegD2hX3SyO3xZWkc +DKJGqqcyHBf5kp1jqHPxD0iK6Tub3p90Qz+1eCWvUyAM41A4L76CdaoMStkBZXzd +8Ioptej8b5IdbvoWyIVtQ52fAS/5Y2//M3qDRR+QYOQNa1IinNMq5RlaHqFP0Qbi +9/nc21qZt0+mZyXB +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/client.csr.pem b/tests/templates/kuttl/s3-deep-storage/certs/client.csr.pem new file mode 100644 index 00000000..9beb52eb --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/client.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICqTCCAZECAQAwZDELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1I +b2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJsZTEUMBIG +A1UEAwwLbWluaW8tZHJ1aWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCnfx9/GP/pFijtbpZDJAcdJoSyuJb763QzZMfTJhCB8lShZWZwlfCkBPYu1F7G +3RZHvrqLSv3xTS0XOiRa/hjj6ZJ+/PLDm+o31HApo1Vjwk5UTsxEjUuGwOaELFfP +eeU6+1XNBudl2W5Yh9+yiZZhwj574L3NFz1JeceerqERtQp1RasH/hWKztCnOS1B +/4Jp9JtYMsJ09LbucPmkjSo9Bb1x6BWzwYCagyg+ZMWP2R/1p+JfoLXF9ZRH8alX +yn3xKZuckirJZBrZQunbNylIdpzA33BPsGq4BGN275LDs1yMKir5/WLUEUY61qrI +KBZBsC9RZJYJg7qmhkEi2esBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEATon2 +C0HCXS9d+KYJstN7ZZzHht/S2FiaXxldfqYwLwpr3co0NbFKGSQZ7Rhj75BOVsSn +GfYO3z7tdkCMUAANW1nnT4O8DaCQpkRcqZZmXJVavXcfy4lMAj62k6mMjorQcMhb +3ZGy0MSB5m/3b6tv2cza6nhuoVmOifcWq5ky9JdZC3xuoaUqHwAcE+uYRubvNXyC +3ggjU80xQLA+tZocvEljlaRIAvuyEf2yj4NOIWJj5n+fg9z+Y1rfI7I8fnrBg2CH +HAnjH1y42+Sdf/nLETqzPQ0YVWA5BQXxD4S6uTZHO1uJOiwTZkQkvz41Chx2isEd +Kuwht9VgXiwrPnX7Gw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/client.key.pem b/tests/templates/kuttl/s3-deep-storage/certs/client.key.pem new file mode 100644 index 00000000..aad97472 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/client.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAp38ffxj/6RYo7W6WQyQHHSaEsriW++t0M2TH0yYQgfJUoWVm +cJXwpAT2LtRext0WR766i0r98U0tFzokWv4Y4+mSfvzyw5vqN9RwKaNVY8JOVE7M +RI1LhsDmhCxXz3nlOvtVzQbnZdluWIffsomWYcI+e+C9zRc9SXnHnq6hEbUKdUWr +B/4Vis7QpzktQf+CafSbWDLCdPS27nD5pI0qPQW9cegVs8GAmoMoPmTFj9kf9afi +X6C1xfWUR/GpV8p98SmbnJIqyWQa2ULp2zcpSHacwN9wT7BquARjdu+Sw7NcjCoq ++f1i1BFGOtaqyCgWQbAvUWSWCYO6poZBItnrAQIDAQABAoIBAC8rRZttVuQ1MWFr ++zT9OGOlLUmHYj2fmSHAB+YWmh9+NwccnzSlhRcrroiRlf8608NwmugPPmRt73zT +Ctn1JN1KMc9BPLyJc/Q1B0EyliF53sUvS6cig1p3iHNAaZosIbnyfb83aoLsMH8O +BJkq1gbBxQbty4WuPbwrZ2Pwmbt6Y4Ffq5ykNe49W1aSFk8s0W264s43cBhM68AW +EmgZx7EyIZGQ3ZSu12WmQpMwTZ0+29AowlXhR3bu1X8RP2c9h+99CcGeFkYoM/iL +mVSkl66fF7S5UtOA78FqhUbYrgcQwvFTIsf+KrOeKrKfFEbVPqXp3+A6DlaMRwW3 +7731AAECgYEA3no811Z3n4yIqcv1qmdvdj0CyDliln0Ta5B89qUN6KsJPiKxSKsa +ZUm3fX7sULboUwIrVa8cKSV71bLaEE/Qx+S0IAOSeFapp1y8cokYTKOG956XU+08 +lcgoOjQ3ReYdAiFNWjc8maB6W010E11/y0/rQPF/SQ52nSnPhctEv4ECgYEAwLwS +hdiWg/DplW+NA6si9YDGik+bfGw254ne5LrALKrRSv4stvxGLR5zAGThwKvv5e6m +yxJXFv/Ryl+8Ek+XZ/gxqjjnZZmy4Dksqwciy/Rnu/CqUpSOo/fRamEKyrSL5Pxd +0A0y0n96iJmUpxeFtMNEWfuqgiAT6vg77U5q64ECgYAai+Nunnavpwk3mYq6xpTa +OvV2BsLoygvjLd57X76FIMN9ko4s6Z3AsEcgxmBUUT7viLa7BqYJkttv6GN0xtFW +yMdleoejrFOaEMq7r/giTPDx4w6TiR9NkBCcwVZHFOopMugT97tXaXqwIlHTbbit +/d9IZIiXow4sOqz0fgi6AQKBgHZ+KlUnx8Huh21cW7H5sVCGj4nRT6K7VTYcyXCO +cEAF9Q7KHeuSRgLPSZzgaPrvuln+04TeDbUSKoTlPtdzH37IVKB2w6zvRc4c2J19 +kaMa6/vcBpsmwluErLdeWigtwCRUE8kplClePpNk+MOR7p4nvwojc7z0w8oeO5m2 +MH4BAoGAALBlCu9+MsWlXC1BBybFLIvg0w0h55zUjMnSvSib5L0d7LyZHqcBinZc +QNQtPhINdSaKXcUDbPcLmTKJgu1zxsfPVf9JD88yIsBk7tX8BJk5WDsmNuN8P6pl +6r22yN0NFwTC1ZdLgTcl5w1SImjhB3dhonpAfrc5ZdG++o2jiDk= +-----END RSA PRIVATE KEY----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/generate.sh b/tests/templates/kuttl/s3-deep-storage/certs/generate.sh new file mode 100755 index 00000000..faa56c38 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/generate.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +echo "Creating Root Certificate Authority" +openssl genrsa \ + -out root-ca.key.pem \ + 2048 + +echo "Self-signing the Root Certificate Authority" +openssl req \ + -x509 \ + -new \ + -nodes \ + -key root-ca.key.pem \ + -days 36500 \ + -out root-ca.crt.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable Signing Authority Inc/CN=stackable.de" + +echo "Creating client cert" +FQDN="minio-druid" + +openssl genrsa \ + -out client.key.pem \ + 2048 + +echo "Creating the CSR" +openssl req -new \ + -key client.key.pem \ + -out client.csr.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable/CN=${FQDN}" + +echo "Signing the client cert with the root ca" +openssl x509 \ + -req -in client.csr.pem \ + -CA root-ca.crt.pem \ + -CAkey root-ca.key.pem \ + -CAcreateserial \ + -out client.crt.pem \ + -days 36500 + +echo "Copying the files to match the api of the secret-operator" +cp root-ca.crt.pem ca.crt +cp client.key.pem tls.key +cp client.crt.pem tls.crt + +echo "To create a k8s secret run" +echo "kubectl create secret generic foo --from-file=ca.crt --from-file=tls.crt --from-file=tls.key" diff --git a/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.pem b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.pem new file mode 100644 index 00000000..f038e8f0 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUa4Rykso3GEfl6vnJY84Sz/940R8wDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMjA2MjcxMzU5MzNa +GA8yMTIyMDYwMzEzNTkzM1owezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNuNePC9WJrHt97M/paiWTh +on/QcVDLh+QeccL7qjdii4wSqqO1R3pAfotitQYvDWy0YHivX4SLWd2sO+Fe59sf +B22gIlpCGULCix0eu5nALAMo98xs00N6Fl/DTEokguJkUihc6lW7wssJCnP0SycU +f0+01uzuwJ6NduKHXMWE4WBEGmm22b7yPyaVG4MehfY561I+S7eHeiJCxYivVg4A +EFWCdtqr7WQzlvtdTZYLhTUCaLWj90rK5uWp19lQJVBVbOAFcCDaMX5fEAjo13D4 +dM58/6oUMXED9qkeIBBEf/QhSge087N2z04DRXhyKXawYWAoS1xVgpfd8i31UWEC +AwEAAaNTMFEwHQYDVR0OBBYEFDH71wtlddA8APpJKFU9igdCyeY6MB8GA1UdIwQY +MBaAFDH71wtlddA8APpJKFU9igdCyeY6MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAB/LQGvytH7tQkRM1A3g8JyCvOiZrnBMNFkq6S0B5zCiX2/o +EzGwVsH0tO2lHNFwGl+WonkCXGj+5ntaxW602PT26GHUYolgo8Xjy5aq9mp0I65H +D4+JVLZ9MISlT61Gi6pLsyhIM9IE3ZGt0jjy3+kNcAdprfKpSSs6GAWwXF0YOQEh +3jiVMk8vO6QbSs9B2uXFYTrFhPqLiH6LD04/UvBatcACpEDqehzsaSLhsppzlKCQ +CS1olxhl4w8eIaNpE9PecVQoIs13xaj00+XxziQfEQqrVLFZ+blhBRnonfQvY5xT +TKea5SpzNNGW+l+qLHGqU1dasSGS3VW1UD+0sHk= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.srl b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.srl new file mode 100644 index 00000000..4260ff05 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.crt.srl @@ -0,0 +1 @@ +72A64560889B6BDE4797487BFBD33AE9F234146E diff --git a/tests/templates/kuttl/s3-deep-storage/certs/root-ca.key.pem b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.key.pem new file mode 100644 index 00000000..599f02ea --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/root-ca.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAo24148L1Ymse33sz+lqJZOGif9BxUMuH5B5xwvuqN2KLjBKq +o7VHekB+i2K1Bi8NbLRgeK9fhItZ3aw74V7n2x8HbaAiWkIZQsKLHR67mcAsAyj3 +zGzTQ3oWX8NMSiSC4mRSKFzqVbvCywkKc/RLJxR/T7TW7O7Ano124odcxYThYEQa +abbZvvI/JpUbgx6F9jnrUj5Lt4d6IkLFiK9WDgAQVYJ22qvtZDOW+11NlguFNQJo +taP3Ssrm5anX2VAlUFVs4AVwINoxfl8QCOjXcPh0znz/qhQxcQP2qR4gEER/9CFK +B7Tzs3bPTgNFeHIpdrBhYChLXFWCl93yLfVRYQIDAQABAoIBAE8c8c9guAK9kkNi +06WUoEAKjexLjh8rd4vxROa7hwmqlZzoCFyZS5GdmOSGktT8gAYoRy8EzjtObeFG +F/KgS6KiIalqxFZm+u17WXZuQyhJg8S/1zzJTXezqRMQamTVydon8DGD0RhRfRlm +Nf4tuxee74Y5J3Womevm1S8RkdI3G7Ehlo3dwRIeHPceXIdgkNQ1//DTBmMaoMgy +C7DrPq5jb7GAA1rNvpF0JoznMa/Xj0IAhrXkTsDUZ5v0mghW5jACuKU86c0yZqDL +xYUtEhBUSEZmiipfJbGnALja/MliBnAyJBQ2YUnHGwj7hQZzzdcypjGAjmYMugzB +++vpD8ECgYEA2VLo4rcfpX2/3JrjZmaxmZKVAzI84MWMBaEfrxC3BkSTiHg5k0Ow +WbJ2whc6BWFgvPuNfgJu680ACG/vESBSK2vpN6XJ4dI7TIlidmPK588PWLXd9l2o +Wp6ptJ0LBKn8PvghQkmxf8EWm0KzgvBmdwFrq4DhKSCI4JFnsVztb2kCgYEAwIP3 +ItGM3BcMlFLXzkHZsD38ZLN0/Dd1jaRSH/l/53QAOzr20R7ag4mxFSWdU36UkQBa +CDTM/lhl2GWa94z7gK7wlpvRnPXMvNvbBWU4Fj218foMSFplE5XiInskua1A77dZ +egqrJ3K3Ly17E3mq4PQhddtZoSS0MKe0DQMeCzkCgYANSLofkZ4HmaYur/ESg1h7 +0K/3IA0EmE600WKEavslEPALuX2beNnAwd3sg0rypT8qjh3aBAAPvdowqdbtLxKW +wOPimOm8OgOR7BvurK7seIWxoHxO4O63i1dISQkxYcqfdr9hs+t7qaveFbevW06I +G7gfJaOdxfVX9Mtn1gxVcQKBgCfpdAwY654ZfTcm8azGRC5gu3nZJrC/grSJ06jj +XhwLFZ0x/UefoOfSXQ8oTDSqMnzZWNEIuVMl2n+BmR4ncWDdY+2lglCLORYScpbs +xDMAOj9ferppWzkzQr2pUBTakXLhTUCbA57bDpVOVYzVFZMrqeA4SJ268UyBCDgG +ZG0pAoGAZYDbz+PXbNTdIRKUy36+EQy1bQmayP6NPinCrsIC425RPdwGdlKDgcjF +Lu3qE1PijFx9kVKvENim54Xa6Mo1iXVuhpUHkQhMUevNs8qKzWOzaephHpNgAj3T +hczALGSKT1G6FWPrvfhXne5rAFssU5uTA5/sG3Iqo3g4bz7sTyo= +-----END RSA PRIVATE KEY----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/tls.crt b/tests/templates/kuttl/s3-deep-storage/certs/tls.crt new file mode 100644 index 00000000..c2418a5a --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/tls.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlACFHKmRWCIm2veR5dIe/vTOunyNBRuMA0GCSqGSIb3DQEBCwUAMHsx +CzAJBgNVBAYTAkRFMRswGQYDVQQIDBJTY2hsZXN3aWctSG9sc3RlaW4xDjAMBgNV +BAcMBVdlZGVsMSgwJgYDVQQKDB9TdGFja2FibGUgU2lnbmluZyBBdXRob3JpdHkg +SW5jMRUwEwYDVQQDDAxzdGFja2FibGUuZGUwIBcNMjIwNjI3MTM1OTM0WhgPMjEy +MjA2MDMxMzU5MzRaMGQxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJTY2hsZXN3aWct +SG9sc3RlaW4xDjAMBgNVBAcMBVdlZGVsMRIwEAYDVQQKDAlTdGFja2FibGUxFDAS +BgNVBAMMC21pbmlvLWRydWlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAp38ffxj/6RYo7W6WQyQHHSaEsriW++t0M2TH0yYQgfJUoWVmcJXwpAT2LtRe +xt0WR766i0r98U0tFzokWv4Y4+mSfvzyw5vqN9RwKaNVY8JOVE7MRI1LhsDmhCxX +z3nlOvtVzQbnZdluWIffsomWYcI+e+C9zRc9SXnHnq6hEbUKdUWrB/4Vis7Qpzkt +Qf+CafSbWDLCdPS27nD5pI0qPQW9cegVs8GAmoMoPmTFj9kf9afiX6C1xfWUR/Gp +V8p98SmbnJIqyWQa2ULp2zcpSHacwN9wT7BquARjdu+Sw7NcjCoq+f1i1BFGOtaq +yCgWQbAvUWSWCYO6poZBItnrAQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA42La+ +LSthEIaBSaOV6bW2MF35je6sEGNh17+XM0xeAn5VKIyPFCHJdCgjwox7ZYaczlZs +JMndfBgWOh3q5MoSJ2dBDtBsdU+o+3ptz9h88z14Y5QutpMlSmlVqNd6D3ibK1ao +ekGsd8fRcDUpS2GAvnyZSQ7a9qi+fh1GoajtkF8gkh6d6oqlegD2hX3SyO3xZWkc +DKJGqqcyHBf5kp1jqHPxD0iK6Tub3p90Qz+1eCWvUyAM41A4L76CdaoMStkBZXzd +8Ioptej8b5IdbvoWyIVtQ52fAS/5Y2//M3qDRR+QYOQNa1IinNMq5RlaHqFP0Qbi +9/nc21qZt0+mZyXB +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/s3-deep-storage/certs/tls.key b/tests/templates/kuttl/s3-deep-storage/certs/tls.key new file mode 100644 index 00000000..aad97472 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/certs/tls.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAp38ffxj/6RYo7W6WQyQHHSaEsriW++t0M2TH0yYQgfJUoWVm +cJXwpAT2LtRext0WR766i0r98U0tFzokWv4Y4+mSfvzyw5vqN9RwKaNVY8JOVE7M +RI1LhsDmhCxXz3nlOvtVzQbnZdluWIffsomWYcI+e+C9zRc9SXnHnq6hEbUKdUWr +B/4Vis7QpzktQf+CafSbWDLCdPS27nD5pI0qPQW9cegVs8GAmoMoPmTFj9kf9afi +X6C1xfWUR/GpV8p98SmbnJIqyWQa2ULp2zcpSHacwN9wT7BquARjdu+Sw7NcjCoq ++f1i1BFGOtaqyCgWQbAvUWSWCYO6poZBItnrAQIDAQABAoIBAC8rRZttVuQ1MWFr ++zT9OGOlLUmHYj2fmSHAB+YWmh9+NwccnzSlhRcrroiRlf8608NwmugPPmRt73zT +Ctn1JN1KMc9BPLyJc/Q1B0EyliF53sUvS6cig1p3iHNAaZosIbnyfb83aoLsMH8O +BJkq1gbBxQbty4WuPbwrZ2Pwmbt6Y4Ffq5ykNe49W1aSFk8s0W264s43cBhM68AW +EmgZx7EyIZGQ3ZSu12WmQpMwTZ0+29AowlXhR3bu1X8RP2c9h+99CcGeFkYoM/iL +mVSkl66fF7S5UtOA78FqhUbYrgcQwvFTIsf+KrOeKrKfFEbVPqXp3+A6DlaMRwW3 +7731AAECgYEA3no811Z3n4yIqcv1qmdvdj0CyDliln0Ta5B89qUN6KsJPiKxSKsa +ZUm3fX7sULboUwIrVa8cKSV71bLaEE/Qx+S0IAOSeFapp1y8cokYTKOG956XU+08 +lcgoOjQ3ReYdAiFNWjc8maB6W010E11/y0/rQPF/SQ52nSnPhctEv4ECgYEAwLwS +hdiWg/DplW+NA6si9YDGik+bfGw254ne5LrALKrRSv4stvxGLR5zAGThwKvv5e6m +yxJXFv/Ryl+8Ek+XZ/gxqjjnZZmy4Dksqwciy/Rnu/CqUpSOo/fRamEKyrSL5Pxd +0A0y0n96iJmUpxeFtMNEWfuqgiAT6vg77U5q64ECgYAai+Nunnavpwk3mYq6xpTa +OvV2BsLoygvjLd57X76FIMN9ko4s6Z3AsEcgxmBUUT7viLa7BqYJkttv6GN0xtFW +yMdleoejrFOaEMq7r/giTPDx4w6TiR9NkBCcwVZHFOopMugT97tXaXqwIlHTbbit +/d9IZIiXow4sOqz0fgi6AQKBgHZ+KlUnx8Huh21cW7H5sVCGj4nRT6K7VTYcyXCO +cEAF9Q7KHeuSRgLPSZzgaPrvuln+04TeDbUSKoTlPtdzH37IVKB2w6zvRc4c2J19 +kaMa6/vcBpsmwluErLdeWigtwCRUE8kplClePpNk+MOR7p4nvwojc7z0w8oeO5m2 +MH4BAoGAALBlCu9+MsWlXC1BBybFLIvg0w0h55zUjMnSvSib5L0d7LyZHqcBinZc +QNQtPhINdSaKXcUDbPcLmTKJgu1zxsfPVf9JD88yIsBk7tX8BJk5WDsmNuN8P6pl +6r22yN0NFwTC1ZdLgTcl5w1SImjhB3dhonpAfrc5ZdG++o2jiDk= +-----END RSA PRIVATE KEY----- diff --git a/tests/templates/kuttl/s3-deep-storage/druid-quickstartimport.json b/tests/templates/kuttl/s3-deep-storage/druid-quickstartimport.json new file mode 100644 index 00000000..909b9008 --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/druid-quickstartimport.json @@ -0,0 +1,66 @@ +{ + "type": "index_parallel", + "spec": { + "ioConfig": { + "type": "index_parallel", + "inputSource": { + "type": "local", + "baseDir": "quickstart/tutorial/", + "filter": "wikiticker-2015-09-12-sampled.json.gz" + }, + "inputFormat": { + "type": "json" + } + }, + "tuningConfig": { + "type": "index_parallel", + "partitionsSpec": { + "type": "dynamic" + } + }, + "dataSchema": { + "dataSource": "wikipedia-2015-09-12", + "timestampSpec": { + "column": "time", + "format": "iso" + }, + "dimensionsSpec": { + "dimensions": [ + "channel", + "cityName", + "comment", + "countryIsoCode", + "countryName", + "isAnonymous", + "isMinor", + "isNew", + "isRobot", + "isUnpatrolled", + "metroCode", + "namespace", + "page", + "regionIsoCode", + "regionName", + "user", + { + "type": "long", + "name": "delta" + }, + { + "type": "long", + "name": "added" + }, + { + "type": "long", + "name": "deleted" + } + ] + }, + "granularitySpec": { + "queryGranularity": "none", + "rollup": false, + "segmentGranularity": "day" + } + } + } +} diff --git a/tests/templates/kuttl/s3-deep-storage/healthcheck.py b/tests/templates/kuttl/s3-deep-storage/healthcheck.py new file mode 100755 index 00000000..95bcea0b --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/healthcheck.py @@ -0,0 +1,64 @@ +import requests +import sys +import logging +import time + +if __name__ == "__main__": + result = 0 + + log_level = 'DEBUG' # if args.debug else 'INFO' + logging.basicConfig(level=log_level, format='%(asctime)s %(levelname)s: %(message)s', stream=sys.stdout) + + druid_cluster_name = sys.argv[1] + + druid_roles = [ + "broker", + "coordinator", + "middlemanager", + "historical", + "router" + ] + druid_ports = { + "broker": 8082, + "coordinator": 8081, + "middlemanager": 8091, + "historical": 8083, + "router": 8888 + } + + for role in druid_roles: + url = f"http://{druid_cluster_name}-{role}-default:{druid_ports[role]}/status/health" + count = 1 + + # As this script is intended to be executed by Kuttl which is in charge of overall test timeouts it is ok + # to loop infinitely here - or until all tests succeed + # The script iterates over all known ports and services and checks that the ports are available + # The timeout for this connection attempt is configured to 5 seconds, to ensure frequent retries that are + # not handled internally by the requests library, because it was unclear when or if dns entries are cached + # internally during retry handling. + # By issuing a new call to .get() we are trying to ensure a new dns lookup for the target. + # + # Any errors are logged and retried until either the test succeeds or Kuttl kills this script due to + # the timeout. + while True: + try: + count = count + 1 + print(f"Checking role [{role}] on url [{url}]") + res = requests.get(url, timeout=5) + code = res.status_code + if res.status_code == 200 and res.text.lower() == "true": + break + else: + print(f"Got non 200 status code [{res.status_code}] or non-true response [{res.text.lower()}], retrying attempt no [{count}] ....") + except requests.exceptions.Timeout: + print(f"Connection timed out, retrying attempt no [{count}] ....") + except requests.ConnectionError as e: + print(f"Connection Error: {str(e)}") + except requests.RequestException as e: + print(f"General Error: {str(e)}") + except Exception: + print(f"Unhandled error occurred, retrying attempt no [{count}] ....") + + # Wait a little bit before retrying + time.sleep(1) + sys.exit(0) diff --git a/tests/templates/kuttl/s3-deep-storage/ingestioncheck.py b/tests/templates/kuttl/s3-deep-storage/ingestioncheck.py new file mode 100755 index 00000000..dd0c1b9e --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/ingestioncheck.py @@ -0,0 +1,117 @@ +import urllib + +import requests +import http +import sys +import json +import time + + +class DruidClient: + def __init__(self): + self.session = requests.Session() + self.session.headers.update({'Accept': 'application/json', 'Content-Type': 'application/json'}) + http.client.HTTPConnection.debuglevel = 1 + + def get(self, url): + response = self.session.get(url) + assert response.status_code == 200 + return response.text + + def get_tasks(self, url): + response = self.session.get(url) + assert response.status_code == 200 + return response.text + + def post_task(self, url, input): + response = self.session.post(url, data=open(input, 'rb')) + assert response.status_code == 200 + return response.text + + def check_rc(self, url): + response = self.session.get(url) + return response.status_code + + def query_datasource(self, url, sql, expected, iterations): + loop = 0 + while True: + response = self.session.post(url, json=sql) + assert response.status_code == 200 + actual = list(json.loads(response.text)[0].values())[0] + if (actual == expected) | (loop == iterations): + break + time.sleep(5) + loop += 1 + return actual + + +druid_cluster_name = sys.argv[1] +druid = DruidClient() + +print(''' +Query tasks +===========''') +tasks = druid.get_tasks( + url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/tasks", +) +task_count = len(json.loads(tasks)) +print(f'existing tasks: {task_count}') + +print(''' +Start ingestion task +====================''') +ingestion = druid.post_task( + url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/task", + input='/tmp/druid-quickstartimport.json' +) +task_id = json.loads(ingestion)["task"] +url_encoded_taskid = urllib.parse.quote(task_id, safe='') +print(f"TASKID: [{task_id}]") +print(''' +Re-query tasks +==============''') +tasks = druid.get_tasks( + url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/tasks", +) +new_task_count = len(json.loads(tasks)) +print(f'new tasks: {new_task_count}') +print(f'assert {new_task_count} == {task_count+1}') +assert new_task_count == task_count + 1 + +print(''' +Wait for ingestion task to succeed +======================================''') +job_finished = False +while not job_finished: + time.sleep(5) + task = druid.get( + url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/task/{url_encoded_taskid}/status", + ) + task_status = json.loads(task)["status"]["statusCode"] + print(f"Current task status: [{task_status}]") + assert task_status == "RUNNING" or task_status == "SUCCESS", f"Taskstatus not running or succeeeded: {task_status}" + job_finished = task_status == "SUCCESS" + +print(''' +Wait for broker to indicate all segments are fully online +======================================''') +broker_ready = False +while not broker_ready: + time.sleep(2) + broker_ready_rc = druid.check_rc(f"http://{druid_cluster_name}-broker-default:8082/druid/broker/v1/readiness") + broker_ready = broker_ready_rc == 200 + print(f"Broker respondend with [{broker_ready_rc}] to readiness check") + +print(''' +Datasource SQL +==============''') +sample_data_size = 39244 +result = druid.query_datasource( + url=f"http://{druid_cluster_name}-broker-default:8082/druid/v2/sql", + sql={"query": "select count(*) as c from \"wikipedia-2015-09-12\""}, + expected=sample_data_size, + iterations=12 +) +print(f'results: {result}') +print(f'assert {sample_data_size} == {result}') +assert sample_data_size == result diff --git a/tests/templates/kuttl/s3-deep-storage/requirements.txt b/tests/templates/kuttl/s3-deep-storage/requirements.txt new file mode 100644 index 00000000..9cdfca0c --- /dev/null +++ b/tests/templates/kuttl/s3-deep-storage/requirements.txt @@ -0,0 +1 @@ +requests==2.27.1 \ No newline at end of file diff --git a/tests/templates/kuttl/smoke/00-assert.yaml b/tests/templates/kuttl/smoke/00-assert.yaml index db095416..dd2e29a7 100644 --- a/tests/templates/kuttl/smoke/00-assert.yaml +++ b/tests/templates/kuttl/smoke/00-assert.yaml @@ -10,7 +10,6 @@ kind: StatefulSet metadata: name: druid-zk-server-default status: - availableReplicas: 1 readyReplicas: 1 replicas: 1 --- diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 0044066c..8a46e0a5 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -3,6 +3,7 @@ dimensions: - name: druid values: - 0.22.1-authorizer0.1.0-stackable0.2.0 + - 0.23.0-stackable0.3.0 - name: zookeeper values: - 3.7.0-stackable0.7.1 @@ -13,7 +14,16 @@ dimensions: - name: hadoop values: - 3.2.2-stackable0.5.0 + - name: s3-use-tls + values: + - "true" + - "false" tests: + - name: smoke + dimensions: + - druid + - zookeeper + - hadoop - name: authorizer dimensions: - druid @@ -30,8 +40,8 @@ tests: - druid - zookeeper - hadoop - - name: smoke + - name: s3-deep-storage dimensions: - druid - zookeeper - - hadoop + - s3-use-tls