From d879a9d11cd650502ac4f52b63255907743416cd Mon Sep 17 00:00:00 2001 From: diverdane Date: Fri, 23 Oct 2020 21:06:50 -0400 Subject: [PATCH] Fix test app verify for running KinD on a Mac --- 8_app_verify_authentication.sh | 64 +++++++++++++++++++++++----------- README.md | 2 +- bootstrap.env | 2 +- kubernetes/test-curl.yml | 13 +++++++ openshift/test-curl.yml | 13 +++++++ set_env_vars.sh | 2 +- utils.sh | 6 ++-- 7 files changed, 75 insertions(+), 27 deletions(-) create mode 100644 kubernetes/test-curl.yml create mode 100644 openshift/test-curl.yml diff --git a/8_app_verify_authentication.sh b/8_app_verify_authentication.sh index d7eb87c..802e636 100755 --- a/8_app_verify_authentication.sh +++ b/8_app_verify_authentication.sh @@ -42,6 +42,26 @@ announce "Validating that the deployments are functioning as expected." set_namespace "$TEST_APP_NAMESPACE_NAME" +deploy_test_curl() { + $cli delete --ignore-not-found pod/test-curl + $cli create -f ./$PLATFORM/test-curl.yml +} + +check_test_curl() { + pods_ready "test-curl" +} + +pod_curl() { + kubectl exec test-curl -- curl "$@" +} + +if [[ "$TEST_APP_LOADBALANCER_SVCS" == "false" ]]; then + echo "Deploying a test curl pod" + deploy_test_curl + echo "Waiting for test curl pod to become available" + bl_retry_constant "${RETRIES}" "${RETRY_WAIT}" check_test_curl +fi + echo "Waiting for pods to become available" check_pods(){ @@ -78,12 +98,13 @@ if [[ "$PLATFORM" == "openshift" ]]; then oc port-forward "$init_pod_with_host_outside_apps" 8084:8080 > /dev/null 2>&1 & INIT_WITH_HOST_OUTSIDE_APPS_PORT_FORWARD_PID=$! + curl_cmd=curl sidecar_url="localhost:8081" init_url="localhost:8082" secretless_url="localhost:8083" init_url_with_host_outside_apps="localhost:8084" else - if [[ "$TEST_APP_NODEPORT_SVCS" == "false" ]]; then + if [[ "$TEST_APP_LOADBALANCER_SVCS" == "true" ]]; then echo "Waiting for external IPs to become available" check_services(){ [[ -n "$(external_ip "test-app-summon-init")" ]] && @@ -93,19 +114,20 @@ else } bl_retry_constant "${RETRIES}" "${RETRY_WAIT}" check_services + curl_cmd=curl init_url=$(external_ip test-app-summon-init):8080 init_url_with_host_outside_apps=$(external_ip test-app-with-host-outside-apps-branch-summon-init):8080 sidecar_url=$(external_ip test-app-summon-sidecar):8080 secretless_url=$(external_ip test-app-secretless):8080 + else - # Else assume NodePort service type. Use a URL of the form - # : - # The IP address of any node in the cluster will work for NodePort access. - node_ip="$($cli get nodes -o jsonpath='{.items[0].status.addresses[0].address}')" - init_url="$node_ip:$(get_nodeport test-app-summon-init)" - init_url_with_host_outside_apps="$node_ip:$(get_nodeport test-app-with-host-outside-apps-branch-summon-init)" - sidecar_url="$node_ip:$(get_nodeport test-app-summon-sidecar)" - secretless_url="$node_ip:$(get_nodeport test-app-secretless)" + # Apps don't have loadbalancer services, so test by curling from + # a pod that is inside the KinD cluster. + curl_cmd=pod_curl + init_url="test-app-summon-init.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080" + init_url_with_host_outside_apps="test-app-with-host-outside-apps-branch-summon-init.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080" + sidecar_url="test-app-summon-sidecar.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080" + secretless_url="test-app-secretless.$TEST_APP_NAMESPACE_NAME.svc.cluster.local:8080" fi fi @@ -113,49 +135,49 @@ echo "Waiting for urls to be ready" check_urls(){ ( - curl -sS --connect-timeout 3 "$init_url" && - curl -sS --connect-timeout 3 "$init_url_with_host_outside_apps" && - curl -sS --connect-timeout 3 "$sidecar_url" && - curl -sS --connect-timeout 3 "$secretless_url" + $curl_cmd -sS --connect-timeout 3 "$init_url" && + $curl_cmd -sS --connect-timeout 3 "$init_url_with_host_outside_apps" && + $curl_cmd -sS --connect-timeout 3 "$sidecar_url" && + $curl_cmd -sS --connect-timeout 3 "$secretless_url" ) > /dev/null } bl_retry_constant "${RETRIES}" "${RETRY_WAIT}" check_urls echo -e "\nAdding entry to the init app\n" -curl \ +$curl_cmd \ -d '{"name": "Mr. Init"}' \ -H "Content-Type: application/json" \ "$init_url"/pet echo -e "Adding entry to the init app with host outside apps\n" -curl \ +$curl_cmd \ -d '{"name": "Mr. Init"}' \ -H "Content-Type: application/json" \ "$init_url_with_host_outside_apps"/pet echo -e "Adding entry to the sidecar app\n" -curl \ +$curl_cmd \ -d '{"name": "Mr. Sidecar"}' \ -H "Content-Type: application/json" \ "$sidecar_url"/pet echo -e "Adding entry to the secretless app\n" -curl \ +$curl_cmd \ -d '{"name": "Mr. Secretless"}' \ -H "Content-Type: application/json" \ "$secretless_url"/pet echo -e "Querying init app\n" -curl "$init_url"/pets +$curl_cmd "$init_url"/pets echo -e "\n\nQuerying init app with hosts outside apps\n" -curl "$init_url_with_host_outside_apps"/pets +$curl_cmd "$init_url_with_host_outside_apps"/pets echo -e "\n\nQuerying sidecar app\n" -curl "$sidecar_url"/pets +$curl_cmd "$sidecar_url"/pets echo -e "\n\nQuerying secretless app\n" -curl "$secretless_url"/pets +$curl_cmd "$secretless_url"/pets DETAILED_DUMP_ON_EXIT=false diff --git a/README.md b/README.md index eb57211..efe829d 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Set the following variables in your local environment: | `PLATFORM` | Set this variable to `kubernetes` or `openshift`, depending on which type of cluster you will be running the demo in. | No | `kubernetes` | `openshift` | | `TEST_APP_DATABASE` | The type of database to run with the pet store app. Supported values are `mysql`, `mssql`, and `postgres`. | Yes | - | `mysql` | | `TEST_APP_NAMESPACE_NAME` | The Kubernetes namespace in which your test app will be deployed. The demo scripts create this namespace for you if necessary. | Yes | - | `demo-namespace` | -| `TEST_APP_NODEPORT_SVCS` | Boolean to determine whether to use NodePort type service instead of LoadBalancer services. When running MiniKube or Kubernetes-in-Docker, you may want to set this to `true`. | No | `false` | `true` | +| `TEST_APP_LOADBALANCER_SVCS` | Boolean to determine whether to use LoadBalancer type service instead of NodePort services. When running MiniKube or Kubernetes-in-Docker, you may want to set this to `false`. | No | `true` | `false` | The demo scripts determine whether to use the `kubectl` or `oc` CLI based on your `PLATFORM` environment variable configuration. diff --git a/bootstrap.env b/bootstrap.env index e7a6b04..49f1811 100644 --- a/bootstrap.env +++ b/bootstrap.env @@ -5,7 +5,7 @@ export CONJUR_ACCOUNT=[Conjur account] export CONJUR_ADMIN_PASSWORD=[password of Conjur admin user] export ANNOTATION_BASED_AUTHN=[true or false, defaults to false] export CONJUR_OSS_HELM_INSTALLED=[true or false, defaults to false] -export TEST_APP_NODEPORT_SVCS=[true or false, defaults to false] +export TEST_APP_LOADBALANCER_SVCS=[true or false, defaults to true] # Set these explicitly if not using the kubernetes-conjur-deploy scripts. export CONJUR_NAMESPACE_NAME=[namespace where Conjur is deployed] diff --git a/kubernetes/test-curl.yml b/kubernetes/test-curl.yml new file mode 100644 index 0000000..c3af642 --- /dev/null +++ b/kubernetes/test-curl.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-curl + labels: + name: test-curl +spec: + containers: + - name: busyboxplus + image: radial/busyboxplus:curl + imagePullPolicy: Always + command: ["sh", "-c", "tail -f /dev/null"] diff --git a/openshift/test-curl.yml b/openshift/test-curl.yml new file mode 100644 index 0000000..c3af642 --- /dev/null +++ b/openshift/test-curl.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-curl + labels: + name: test-curl +spec: + containers: + - name: busyboxplus + image: radial/busyboxplus:curl + imagePullPolicy: Always + command: ["sh", "-c", "tail -f /dev/null"] diff --git a/set_env_vars.sh b/set_env_vars.sh index 36564ff..88e200b 100755 --- a/set_env_vars.sh +++ b/set_env_vars.sh @@ -19,6 +19,6 @@ CONFIGURE_CONJUR_MASTER="${CONFIGURE_CONJUR_MASTER:-$DEPLOY_MASTER_CLUSTER}" ANNOTATION_BASED_AUTHN="${ANNOTATION_BASED_AUTHN:-false}" CONJUR_OSS_HELM_INSTALLED="${CONJUR_OSS_HELM_INSTALLED:-false}" -TEST_APP_NODEPORT_SVCS="${TEST_APP_NODEPORT_SVCS:-false}" +TEST_APP_LOADBALANCER_SVCS="${TEST_APP_LOADBALANCER_SVCS:-true}" DOCKER_EMAIL="${DOCKER_EMAIL:-}" diff --git a/utils.sh b/utils.sh index 9605454..8cf88e2 100755 --- a/utils.sh +++ b/utils.sh @@ -92,10 +92,10 @@ get_nodeport(){ } app_service_type() { - if [[ "$TEST_APP_NODEPORT_SVCS" == "true" ]]; then - echo "NodePort" - else + if [[ "$TEST_APP_LOADBALANCER_SVCS" == "true" ]]; then echo "LoadBalancer" + else + echo "NodePort" fi }