Merge pull request #118 from conjurdemos/fix-kind-on-mac-demo

Fixes test app verify for running with KinD on a MacOS

8_app_verify_authentication.sh

@@ -42,6 +42,26 @@ announce "Validating that the deployments are functioning as expected."
 
 set_namespace "$TEST_APP_NAMESPACE_NAME"
 
+deploy_test_curl() {
+  $cli delete --ignore-not-found pod/test-curl
+  $cli create -f ./$PLATFORM/test-curl.yml
+}
+
+check_test_curl() {
+  pods_ready "test-curl"
+}
+
+pod_curl() {
+  kubectl exec test-curl -- curl "$@"
+}
+
+if [[ "$TEST_APP_LOADBALANCER_SVCS" == "false" ]]; then
+  echo "Deploying a test curl pod"
+  deploy_test_curl
+  echo "Waiting for test curl pod to become available"
+  bl_retry_constant "${RETRIES}" "${RETRY_WAIT}"  check_test_curl
+fi
+
 echo "Waiting for pods to become available"
 
 check_pods(){
@@ -78,12 +98,13 @@ if [[ "$PLATFORM" == "openshift" ]]; then
   oc port-forward "$init_pod_with_host_outside_apps" 8084:8080 > /dev/null 2>&1 &
   INIT_WITH_HOST_OUTSIDE_APPS_PORT_FORWARD_PID=$!
 
+  curl_cmd=curl
   sidecar_url="localhost:8081"
   init_url="localhost:8082"
   secretless_url="localhost:8083"
   init_url_with_host_outside_apps="localhost:8084"
 else
-  if [[ "$TEST_APP_NODEPORT_SVCS" == "false" ]]; then
+  if [[ "$TEST_APP_LOADBALANCER_SVCS" == "true" ]]; then
     echo "Waiting for external IPs to become available"
     check_services(){
       [[ -n "$(external_ip "test-app-summon-init")" ]] &&
@@ -93,69 +114,70 @@ else
     }
     bl_retry_constant "${RETRIES}" "${RETRY_WAIT}"  check_services
 
+    curl_cmd=curl
     init_url=$(external_ip test-app-summon-init):8080
     init_url_with_host_outside_apps=$(external_ip test-app-with-host-outside-apps-branch-summon-init):8080
     sidecar_url=$(external_ip test-app-summon-sidecar):8080
     secretless_url=$(external_ip test-app-secretless):8080
+
   else
-    # Else assume NodePort service type. Use a URL of the form
-    #    <any-node-IP>:<service-node-port>
-    # The IP address of any node in the cluster will work for NodePort access.
-    node_ip="$($cli get nodes -o jsonpath='{.items[0].status.addresses[0].address}')"
-    init_url="$node_ip:$(get_nodeport test-app-summon-init)"
-    init_url_with_host_outside_apps="$node_ip:$(get_nodeport test-app-with-host-outside-apps-branch-summon-init)"
-    sidecar_url="$node_ip:$(get_nodeport test-app-summon-sidecar)"
-    secretless_url="$node_ip:$(get_nodeport test-app-secretless)"
+    # Apps don't have loadbalancer services, so test by curling from
+    # a pod that is inside the KinD cluster.
+    curl_cmd=pod_curl
+    init_url="test-app-summon-init.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080"
+    init_url_with_host_outside_apps="test-app-with-host-outside-apps-branch-summon-init.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080"
+    sidecar_url="test-app-summon-sidecar.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080"
+    secretless_url="test-app-secretless.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080"
   fi
 fi
 
 echo "Waiting for urls to be ready"
 
 check_urls(){
   (
-    curl -sS --connect-timeout 3 "$init_url" &&
-    curl -sS --connect-timeout 3 "$init_url_with_host_outside_apps" &&
-    curl -sS --connect-timeout 3 "$sidecar_url" &&
-    curl -sS --connect-timeout 3 "$secretless_url"
+    $curl_cmd -sS --connect-timeout 3 "$init_url" &&
+    $curl_cmd -sS --connect-timeout 3 "$init_url_with_host_outside_apps" &&
+    $curl_cmd -sS --connect-timeout 3 "$sidecar_url" &&
+    $curl_cmd -sS --connect-timeout 3 "$secretless_url"
   ) > /dev/null
 }
 
 bl_retry_constant "${RETRIES}" "${RETRY_WAIT}" check_urls
 
 echo -e "\nAdding entry to the init app\n"
-curl \
+$curl_cmd \
   -d '{"name": "Mr. Init"}' \
   -H "Content-Type: application/json" \
   "$init_url"/pet
 
 echo -e "Adding entry to the init app with host outside apps\n"
-curl \
+$curl_cmd \
   -d '{"name": "Mr. Init"}' \
   -H "Content-Type: application/json" \
   "$init_url_with_host_outside_apps"/pet
 
 echo -e "Adding entry to the sidecar app\n"
-curl \
+$curl_cmd \
   -d '{"name": "Mr. Sidecar"}' \
   -H "Content-Type: application/json" \
   "$sidecar_url"/pet
 
 echo -e "Adding entry to the secretless app\n"
-curl \
+$curl_cmd \
   -d '{"name": "Mr. Secretless"}' \
   -H "Content-Type: application/json" \
   "$secretless_url"/pet
 
 echo -e "Querying init app\n"
-curl "$init_url"/pets
+$curl_cmd "$init_url"/pets
 
 echo -e "\n\nQuerying init app with hosts outside apps\n"
-curl "$init_url_with_host_outside_apps"/pets
+$curl_cmd "$init_url_with_host_outside_apps"/pets
 
 echo -e "\n\nQuerying sidecar app\n"
-curl "$sidecar_url"/pets
+$curl_cmd "$sidecar_url"/pets
 
 echo -e "\n\nQuerying secretless app\n"
-curl "$secretless_url"/pets
+$curl_cmd "$secretless_url"/pets
 
 DETAILED_DUMP_ON_EXIT=false

README.md

@@ -120,7 +120,7 @@ Set the following variables in your local environment:
 | `PLATFORM` | Set this variable to `kubernetes` or `openshift`, depending on which type of cluster you will be running the demo in. | No | `kubernetes` | `openshift` |
 | `TEST_APP_DATABASE` | The type of database to run with the pet store app. Supported values are `mysql`, `mssql`, and `postgres`. | Yes | - | `mysql` |
 | `TEST_APP_NAMESPACE_NAME` | The Kubernetes namespace in which your test app will be deployed. The demo scripts create this namespace for you if necessary. | Yes | - | `demo-namespace` |
-| `TEST_APP_NODEPORT_SVCS` | Boolean to determine whether to use NodePort type service instead of LoadBalancer services. When running MiniKube or Kubernetes-in-Docker, you may want to set this to `true`. | No | `false` | `true` |
+| `TEST_APP_LOADBALANCER_SVCS` | Boolean to determine whether to use LoadBalancer type service instead of NodePort services. When running MiniKube or Kubernetes-in-Docker, you may want to set this to `false`. | No | `true` | `false` |
 
 The demo scripts determine whether to use the `kubectl` or `oc` CLI
 based on your `PLATFORM` environment variable configuration.

bootstrap.env

@@ -5,7 +5,7 @@ export CONJUR_ACCOUNT=[Conjur account]
 export CONJUR_ADMIN_PASSWORD=[password of Conjur admin user]
 export ANNOTATION_BASED_AUTHN=[true or false, defaults to false]
 export CONJUR_OSS_HELM_INSTALLED=[true or false, defaults to false]
-export TEST_APP_NODEPORT_SVCS=[true or false, defaults to false]
+export TEST_APP_LOADBALANCER_SVCS=[true or false, defaults to true]
 
 # Set these explicitly if not using the kubernetes-conjur-deploy scripts.
 export CONJUR_NAMESPACE_NAME=[namespace where Conjur is deployed]

kubernetes/test-curl.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-curl
+  labels:
+    name: test-curl
+spec:
+  containers:
+  - name: busyboxplus
+    image: radial/busyboxplus:curl
+    imagePullPolicy: Always
+    command: ["sh", "-c", "tail -f /dev/null"]

openshift/test-curl.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-curl
+  labels:
+    name: test-curl
+spec:
+  containers:
+  - name: busyboxplus
+    image: radial/busyboxplus:curl
+    imagePullPolicy: Always
+    command: ["sh", "-c", "tail -f /dev/null"]

set_env_vars.sh

@@ -19,6 +19,6 @@ CONFIGURE_CONJUR_MASTER="${CONFIGURE_CONJUR_MASTER:-$DEPLOY_MASTER_CLUSTER}"
 
 ANNOTATION_BASED_AUTHN="${ANNOTATION_BASED_AUTHN:-false}"
 CONJUR_OSS_HELM_INSTALLED="${CONJUR_OSS_HELM_INSTALLED:-false}"
-TEST_APP_NODEPORT_SVCS="${TEST_APP_NODEPORT_SVCS:-false}"
+TEST_APP_LOADBALANCER_SVCS="${TEST_APP_LOADBALANCER_SVCS:-true}"
 
 DOCKER_EMAIL="${DOCKER_EMAIL:-}"

utils.sh

@@ -92,10 +92,10 @@ get_nodeport(){
 }
 
 app_service_type() {
-  if [[ "$TEST_APP_NODEPORT_SVCS" == "true" ]]; then
-    echo "NodePort"
-  else
+  if [[ "$TEST_APP_LOADBALANCER_SVCS" == "true" ]]; then
     echo "LoadBalancer"
+  else
+    echo "NodePort"
   fi
 }