diff --git a/.holo/branches/helm-chart/_paws-data-pipeline.toml b/.holo/branches/helm-chart/_paws-data-pipeline.toml new file mode 100644 index 00000000..24b02242 --- /dev/null +++ b/.holo/branches/helm-chart/_paws-data-pipeline.toml @@ -0,0 +1,3 @@ +[holomapping] +root = "src/helm-chart" +files = "**" \ No newline at end of file diff --git a/.holo/config.toml b/.holo/config.toml new file mode 100644 index 00000000..bfef5f7c --- /dev/null +++ b/.holo/config.toml @@ -0,0 +1,2 @@ +[holospace] +name = "paws-data-pipeline" diff --git a/src/client/default.conf.template b/src/client/default.conf.template index 69001c5d..9814d341 100644 --- a/src/client/default.conf.template +++ b/src/client/default.conf.template @@ -1,6 +1,6 @@ upstream backend { #server paws-compose-server:5000; - server ${PAWS_API_HOST}:5000; + server server:5000; } server { diff --git a/src/docker-compose.yml b/src/docker-compose.yml index 64eb814d..0d98825d 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -34,7 +34,7 @@ services: - server environment: - CHOKIDAR_USEPOLLING=true - - PAWS_API_HOST=paws-compose-server + - PAWS_API_HOST=server # paws-compose-server stdin_open: true diff --git a/src/helm-chart/.helmignore b/src/helm-chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/src/helm-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/src/helm-chart/Chart.yaml b/src/helm-chart/Chart.yaml new file mode 100644 index 00000000..45d2bdc6 --- /dev/null +++ b/src/helm-chart/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: paws-datapipeline +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 0.8.0 diff --git a/src/helm-chart/templates/NOTES.txt b/src/helm-chart/templates/NOTES.txt new file mode 100644 index 00000000..5084c4b3 --- /dev/null +++ b/src/helm-chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helm-chart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helm-chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helm-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/src/helm-chart/templates/_helpers.tpl b/src/helm-chart/templates/_helpers.tpl new file mode 100644 index 00000000..a68e2b52 --- /dev/null +++ b/src/helm-chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm-chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm-chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm-chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm-chart.labels" -}} +helm.sh/chart: {{ include "helm-chart.chart" . }} +{{ include "helm-chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm-chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "helm-chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helm-chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "helm-chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml new file mode 100644 index 00000000..0361a386 --- /dev/null +++ b/src/helm-chart/templates/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "helm-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "helm-chart.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "helm-chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + {{- with .Values.db }} + - name: {{ $.Chart.Name }}-db + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + env: + - name: POSTGRES_DB + value: paws + envFrom: + - secretRef: + name: db-pass + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + # volumeMounts: + # - name: {{ $.Release.Name }}-db + # mountPath: /var/lib/postgresql/data + # subPath: postgresql-data + {{- end }} + {{- with .Values.server }} + - name: {{ $.Chart.Name }}-server + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + envFrom: + - secretRef: + name: api-server-pws + - secretRef: + name: db-pass + ports: + - containerPort: 5000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/user/test + port: 5000 + readinessProbe: + httpGet: + path: /api/user/test + port: 5000 + {{- end }} + + {{- with .Values.client }} + - name: {{ $.Chart.Name }}-client + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/src/helm-chart/templates/hpa.yaml b/src/helm-chart/templates/hpa.yaml new file mode 100644 index 00000000..92316eba --- /dev/null +++ b/src/helm-chart/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm-chart.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/src/helm-chart/templates/ingress.yaml b/src/helm-chart/templates/ingress.yaml new file mode 100644 index 00000000..a1075832 --- /dev/null +++ b/src/helm-chart/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "helm-chart.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/src/helm-chart/templates/service.yaml b/src/helm-chart/templates/service.yaml new file mode 100644 index 00000000..50310712 --- /dev/null +++ b/src/helm-chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "helm-chart.selectorLabels" . | nindent 4 }} diff --git a/src/helm-chart/templates/serviceaccount.yaml b/src/helm-chart/templates/serviceaccount.yaml new file mode 100644 index 00000000..2429af4e --- /dev/null +++ b/src/helm-chart/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "helm-chart.serviceAccountName" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/src/helm-chart/templates/tests/test-connection.yaml b/src/helm-chart/templates/tests/test-connection.yaml new file mode 100644 index 00000000..d15d37ea --- /dev/null +++ b/src/helm-chart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "helm-chart.fullname" . }}-test-connection" + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "helm-chart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml new file mode 100644 index 00000000..b6c27089 --- /dev/null +++ b/src/helm-chart/values.yaml @@ -0,0 +1,108 @@ +# Default values for helm-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +server: + image: + repository: ghcr.io/codeforphilly/paws-data-pipeline/server + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "2.21" + +client: + image: + repository: ghcr.io/codeforphilly/paws-data-pipeline/client + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "2.21" + +db: + image: + repository: postgres + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "13.2-alpine" + + +storage: + db: 1Gi + server: 1Gi + +imagePullSecrets: + - name: regcred +nameOverride: "paws-datapipeline" +fullnameOverride: "paws-dp-chart" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +hostAliases: + - ip: "127.0.0.1" + hostnames: + - "server" + - "paws-compose-db" + - "client" + + +service: + type: NodePort #ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/src/k8s_conf/_pv_claims.yaml b/src/k8s_conf/_pv_claims.yaml new file mode 100644 index 00000000..47679df9 --- /dev/null +++ b/src/k8s_conf/_pv_claims.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: src-archive + name: src-archive +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml new file mode 100644 index 00000000..6be5e572 --- /dev/null +++ b/src/k8s_conf/api_server.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + name: server +spec: + ports: + - name: "5000" + port: 5000 + targetPort: 5000 + selector: + io.kompose.service: server +status: + loadBalancer: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + name: server +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: server + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + spec: + initContainers: + - name: wait-for-db + image: groundnuty/k8s-wait-for:v1.3 + imagePullPolicy: Always + args: + - "service" + - "paws-compose-db" + + containers: + - env: + - name: FLASK_ENV + value: development + image: localhost:5000/src-server:latest + imagePullPolicy: "IfNotPresent" + name: server #paws-compose-server + ports: + - containerPort: 5000 + resources: {} + volumeMounts: + - mountPath: /app/static/raw_data + name: src-archive + envFrom: + - secretRef: + name: api-server-pws-7c66bb2cf7 + - secretRef: + name: db-pass-762dk6hmhm + restartPolicy: Always + serviceAccountName: "" + imagePullSecrets: + - name: regcred + volumes: + - name: src-archive + persistentVolumeClaim: + claimName: src-archive +status: {} diff --git a/src/k8s_conf/db_server.yaml b/src/k8s_conf/db_server.yaml new file mode 100644 index 00000000..5ff1924d --- /dev/null +++ b/src/k8s_conf/db_server.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + name: paws-compose-db +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + io.kompose.service: paws-compose-db +status: + loadBalancer: {} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-configuration + labels: + app: postgres +data: + POSTGRES_DB: paws + POSTGRES_USER: postgres + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + name: paws-compose-db +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: paws-compose-db + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + spec: + containers: + - env: + - name: POSTGRES_DB + value: paws + envFrom: + - secretRef: + name: db-pass-762dk6hmhm + image: postgres:11-alpine # localhost:5000/postgres:11.3-alpine + imagePullPolicy: "" + name: paws-compose-db + ports: + - containerPort: 5432 + resources: {} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres + restartPolicy: Always + serviceAccountName: "" + volumes: + - name: postgres + persistentVolumeClaim: + claimName: postgres +status: {} diff --git a/src/k8s_conf/front_end.yaml b/src/k8s_conf/front_end.yaml new file mode 100644 index 00000000..aa77db00 --- /dev/null +++ b/src/k8s_conf/front_end.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + name: client +spec: + ports: + - name: "80" + port: 80 + targetPort: 80 + selector: + io.kompose.service: client +status: + loadBalancer: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + name: client +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: client + strategy: {} + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + spec: + containers: + - env: + - name: CHOKIDAR_USEPOLLING + value: "true" + - name: PAWS_API_HOST + value: "server" + image: localhost:5000/src-client:latest + imagePullPolicy: "IfNotPresent" + name: paws-compose-client + ports: + - containerPort: 3000 + resources: {} + stdin: true + restartPolicy: Always + serviceAccountName: "" + volumes: null + imagePullSecrets: + - name: regcred +status: {} diff --git a/src/k8s_conf/kind_w_reg.sh b/src/k8s_conf/kind_w_reg.sh new file mode 100644 index 00000000..d30327f1 --- /dev/null +++ b/src/k8s_conf/kind_w_reg.sh @@ -0,0 +1,82 @@ +#!/bin/sh +# +# Adapted from: +# https://github.com/kubernetes-sigs/kind/commits/master/site/static/examples/kind-with-registry.sh +# +# Copyright 2020 The Kubernetes Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit + +# desired cluster name; default is "kind" +KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" + +kind_version=$(kind version) +kind_network='kind' +reg_name='kind-registry' +reg_port='5000' +case "${kind_version}" in + "kind v0.7."* | "kind v0.6."* | "kind v0.5."*) + kind_network='bridge' + ;; +esac + +# create registry container unless it already exists +running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" +if [ "${running}" != 'true' ]; then + docker run \ + -d --restart=always -p "${reg_port}:5000" --name "${reg_name}" \ + registry:2 +fi + +reg_host="${reg_name}" +if [ "${kind_network}" = "bridge" ]; then + reg_host="$(docker inspect -f '{{.NetworkSettings.IPAddress}}' "${reg_name}")" +fi +echo "Registry Host: ${reg_host}" + +# create a cluster with the local registry enabled in containerd +cat <>>>>>>>>>>>>>>>> Creating cluster. Now's a good time to go get coffee >>>>>>>>>>>>>>>>>" +kind create cluster + +# Assumes kustomization.yaml lives in server/secets +echo " "; echo ">>>>>>>>>>>>>>>>> Create and add secrets to k8s environment >>>>>>>>>>>>>>>>>" +kubectl apply -k server/secrets + +echo " "; echo ">>>>>>>>>>>>>>>>> Build images >>>>>>>>>>>>>>>>>" +docker-compose build + +# So pods, specifically 'wait_for', have read access to API +echo " "; echo ">>>>>>>>>>>>>>>>> Give pods access to k8s API >>>>>>>>>>>>>>>>>" +kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods,services,deployments +kubectl create rolebinding default-pod-reader --role=pod-reader --serviceaccount=default:default --namespace=default + +echo " "; echo ">>>>>>>>>>>>>>>>> Tag and push client container image >>>>>>>>>>>>>>>>>" +docker tag src_client localhost:5000/src-client:latest +kind load docker-image localhost:5000/src-client:latest + +echo " "; echo ">>>>>>>>>>>>>>>>> Tag and push server container image >>>>>>>>>>>>>>>>>" +docker tag src_server localhost:5000/src-server:latest +kind load docker-image localhost:5000/src-server:latest + +echo " "; echo ">>>>>>>>>>>>>>>>> Apply k8s deployment files to launch containers >>>>>>>>>>>>>>>>>" +kubectl apply -f k8s_conf + +echo " "; echo ">>>>>>>>>>>>>>>>> Wait 20s in hopes that client service/container is live >>>>>>>>>>>>>>>>>" +sleep 20 + +echo " "; echo ">>>>>>>>>>>>>>>>> Forwarding port 80 from cluster to localhost >>>>>>>>>>>>>>>>>" +echo "'>>>>>>>>>>>>>>>>> Forwarding...' means it's working and will forward until ^C " +echo ">>>>>>>>>>>>>>>>> To restart port-forwarding, 'kubectl port-forward service/client 80:80 '" +kubectl port-forward service/client 80:80 +echo " "; echo ">>>>>>>>>>>>>>>>> ^- Failed? Try running 'kubectl port-forward service/client 80:80' >>>>>>>>>>>>>>>>>" \ No newline at end of file diff --git a/src/server/test_api.py b/src/server/test_api.py index 1de33117..8d7509f5 100644 --- a/src/server/test_api.py +++ b/src/server/test_api.py @@ -1,11 +1,17 @@ import pytest, socket, requests, os -from secrets import BASEUSER_PW, BASEADMIN_PW + +try: + from secrets import BASEUSER_PW, BASEADMIN_PW +except ImportError: + BASEUSER_PW = os.environ['BASEUSER_PW'] + BASEADMIN_PW = os.environ['BASEADMIN_PW'] + jwt_token = '' # -# Run 'pytest' from the command line +# Run 'pytest' from the command line (-v gives helpful details) # # Running pytest can result in six different exit codes: # 0 - All tests were collected and passed successfully @@ -68,9 +74,6 @@ def test_client_dns(): assert len(gai) > 0 # Simple API tests ################################################ - - - def test_usertest(): """Verify liveness test works""" response = requests.get(SERVER_URL + "/api/user/test") @@ -136,6 +139,10 @@ def test_inact_userblocked(state: State): assert response.status_code == 401 + + + + ### Admin-level tests ###################################### def test_adminlogin(state: State): @@ -201,6 +208,28 @@ def test_check_badusernames(state: State): assert is_user == 0 +def test_admin_currentFiles(state: State): + """Verify admin user can get Current Files list""" + + b_string = 'Bearer ' + state.state['base_admin'] + assert len(b_string) > 24 + auth_hdr = {'Authorization' : b_string} + + response = requests.get(SERVER_URL + "/api/listCurrentFiles", headers=auth_hdr) + assert response.status_code == 200 + + +def test_admin_statistics(state: State): + """360 view Statistics""" + + b_string = 'Bearer ' + state.state['base_admin'] + assert len(b_string) > 24 + auth_hdr = {'Authorization' : b_string} + + response = requests.get(SERVER_URL + "/api/statistics", headers=auth_hdr) + assert response.status_code == 200 + + def test_usergetusers(state: State): """Verify logged-in base_user *cannot* use JWT to get user list """ # Build auth string value including token from state