From edb401264a137c54add798801e906dcb1c8e47ee Mon Sep 17 00:00:00 2001 From: Bret Mogilefsky Date: Wed, 22 Dec 2021 23:33:59 -0800 Subject: [PATCH 01/19] Factor out KinD-specific configuration generate-env.sh now works whether you're using a KinD cluster or a real one in your kubeconfig --- .github/workflows/test.yml | 2 +- Makefile | 15 +++++++------- README.md | 30 +++++++++++++++++++--------- generate-env.sh | 37 +++++++++++++++++++++-------------- generate-examples.sh | 4 ++-- terraform/provision/README.md | 2 +- 6 files changed, 54 insertions(+), 36 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a3d7c29..b0eef0c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,7 +38,7 @@ jobs: fetch-depth: '0' - name: Build the brokerpak and set up the test environment - run: make build test-env-up + run: make build kind-up - name: Stop for debugging if: github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled diff --git a/Makefile b/Makefile index fa98942..479f72a 100644 --- a/Makefile +++ b/Makefile @@ -84,7 +84,7 @@ demo-down: examples.json ## Clean up data left over from tests and demos -@helm uninstall example 2>/dev/null ; true -@kubectl delete secret basic-auth1 2>/dev/null ; true -test-env-up: ## Set up a Kubernetes test environment using KinD +kind-up: ## Set up a Kubernetes test environment using KinD # Creating a temporary Kubernetes cluster to test against with KinD @kind create cluster --config kind-config.yaml --name datagov-broker-test # Grant cluster-admin permissions to the `system:serviceaccount:default:default` Service. @@ -99,20 +99,19 @@ test-env-up: ## Set up a Kubernetes test environment using KinD --selector=app.kubernetes.io/component=controller \ --timeout=270s # Install the ZooKeeper and Solr operators using Helm - # TODO: Update the CRD installation in the eks-brokerpak as well kubectl create -f https://solr.apache.org/operator/downloads/crds/v0.4.0/all-with-dependencies.yaml @helm install --namespace kube-system --repo https://solr.apache.org/charts --version 0.4.0 solr solr-operator -.env: $(HOME)/.kube/config generate-env.sh - @echo Generating a .env file containing k8s config for the broker - @./generate-env.sh > .env +.env: generate-env.sh + @echo Generating a .env file containing the k8s config needed by the broker + @./generate-env.sh -test-env-down: ## Tear down the Kubernetes test environment in KinD +kind-down: ## Tear down the Kubernetes test environment in KinD kind delete cluster --name datagov-broker-test @rm .env -all: clean build test-env-up up test down test-env-down ## Clean and rebuild, start test environment, run the broker, run the examples, and tear the broker and test env down -.PHONY: all clean build up down test test-env-up test-env-down +all: clean build kind-up up test down kind-down ## Clean and rebuild, start local test environment, run the broker, run the examples, and tear the broker and test env down +.PHONY: all clean build up down test kind-up kind-down # Output documentation for top-level targets # Thanks to https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html diff --git a/README.md b/README.md index 110fc0e..bfed651 100644 --- a/README.md +++ b/README.md @@ -43,35 +43,45 @@ down Bring the cloud-service-broker service down test Execute the brokerpak examples against the running broker demo-up Provision a SolrCloud instance and output the bound credentials demo-down Clean up data left over from tests and demos -test-env-up Set up a Kubernetes test environment using KinD -test-env-down Tear down the Kubernetes test environment in KinD +kind-up Set up a local Kubernetes test environment using KinD +kind-down Tear down the Kubernetes test environment in KinD all Clean and rebuild, start test environment, run the broker, run the examples, and tear the broker and test env down help This help ``` Notable targets are described below. -## Operating a test/demo Kubernetes environment +## Providing a test/demo Kubernetes environment -### Creating the environment +To use an existing Kubernetes cluster for testing: + +- Ensure that the [solr-operator Helm chart](https://artifacthub.io/packages/helm/apache-solr/solr-operator) is installed (at least 0.5.0) +- Ensure that the [ingress-nginx Helm chart](https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx) is installed +- Set the `SOLR_DOMAIN_NAME` environment variable to the subdomain where `ingress-nginx` resources will be mapped +- Set the `KUBECONFIG` environment variable to point to the kubeconfig file for the cluster +- If your kubeconfig describes multiple clusters, make sure the current cluster is set to the right one + +If you don't have an existing Kubernetes cluster, you can create a local test environment in Docker using the Makefile. + +### Creating a local k8s environment for testing Create a temporary Kubernetes cluster to test against with KinD: ```bash -make test-env-up +make kind-up ``` -### Tearing down the environment +### Tearing down the local k8s environment -Run +Run ```bash -make test-env-down +make kind-down ``` ## Iterating on the Terraform code -To work with the Terraform and KinD cluster directly (eg not through the CSB or brokerpak), you can generate an appropriate .tfvars file by running: +To work with the Terraform and target cluster directly (eg not through the CSB or brokerpak), you can generate an appropriate .tfvars file by running: ```bash make .env @@ -79,6 +89,8 @@ make .env From that point on, you can `cd terraform/provision` and iterate with `terraform init/plan/apply/etc`. The same configuration is also available in `terraform/bind`. +(Note if you've been working with the broker the configuration will probably already exist.) + ## Building and starting the brokerpak (while the test environment is available) Run diff --git a/generate-env.sh b/generate-env.sh index 4be25a7..b074028 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -3,31 +3,38 @@ set -e CURRENT_CONTEXT=$(kubectl config current-context) -SOLR_CLUSTER_CA_CERTIFICATE=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'${CURRENT_CONTEXT}'")) .cluster["certificate-authority-data"]') -SOLR_TOKEN=$(kubectl get secret $( kubectl get serviceaccount default -n default -o json | jq -r '.secrets[0].name' ) -n default -o json | jq -r .data.token) +CURRENT_CLUSTER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'"${CURRENT_CONTEXT}"'")) .context.cluster') +SOLR_CLUSTER_CA_CERTIFICATE=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["certificate-authority-data"]') +SOLR_TOKEN=$(kubectl get secret "$( kubectl get serviceaccount default -n default -o json | jq -r '.secrets[0].name' )" -n default -o json | jq -r .data.token) +SOLR_SERVER=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["server"]') -# We need the Docker-internal control plane URL to be resolved for the CSB -# when running in a container -SOLR_DOCKER_SERVER=$(kind get kubeconfig --internal --name=$(kind get clusters | grep datagov-broker-test) | grep server | cut -d ' ' -f 6-) +SOLR_DOMAIN_NAME=${SOLR_DOMAIN_NAME:-ing.local.domain} -# We need the localhost control plan URL to be used for direct access when we -# work outside the CSB -SOLR_LOCALHOST_SERVER=$(kind get kubeconfig --name=$(kind get clusters | grep datagov-broker-test) | grep server | cut -d ' ' -f 6-) +if [ "${CURRENT_CLUSTER}" = "kind-datagov-broker-test" ] ; then + # If the test cluster is in KinD we need the CSB to use + # a control plane URL resolvable from inside the CSB Docker container + SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) +else + # Otherwise it's the same as the normal server control plane URL + SOLR_CP_SERVER=${SOLR_SERVER} +fi # Generate the environment variables needed for configuring the CSB running in Docker -echo SOLR_SERVER=${SOLR_DOCKER_SERVER} > .env -echo SOLR_TOKEN=${SOLR_TOKEN} >> .env -echo SOLR_CLUSTER_CA_CERTIFICATE=${SOLR_CLUSTER_CA_CERTIFICATE} >> .env -echo SOLR_NAMESPACE=default >> .env -echo SOLR_DOMAIN_NAME=ing.local.domain >> .env +cat > .env << HEREDOC +SOLR_CP_SERVER=${SOLR_CP_SERVER} +SOLR_TOKEN=${SOLR_TOKEN} +SOLR_CLUSTER_CA_CERTIFICATE=${SOLR_CLUSTER_CA_CERTIFICATE} +SOLR_NAMESPACE=default +SOLR_DOMAIN_NAME=${SOLR_DOMAIN_NAME} +HEREDOC # Generate terraform.tfvars needed for mucking about directly with terraform/provision cat > terraform/provision/terraform.tfvars << HEREDOC -server="${SOLR_LOCALHOST_SERVER}" +server="${SOLR_SERVER}" token="${SOLR_TOKEN}" cluster_ca_certificate="${SOLR_CLUSTER_CA_CERTIFICATE}" namespace="default" -domain_name="ing.local.domain" +domain_name="${SOLR_DOMAIN_NAME}" replicas=3 solrImageTag="8.6" solrJavaMem="-Xms300m -Xmx300m" diff --git a/generate-examples.sh b/generate-examples.sh index be5c4c1..36c8db0 100755 --- a/generate-examples.sh +++ b/generate-examples.sh @@ -7,8 +7,8 @@ CURRENT_CONTEXT=$(kubectl config current-context) CLUSTER_CA_CERTIFICATE=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'${CURRENT_CONTEXT}'")) .cluster["certificate-authority-data"]') TOKEN=$(kubectl get secret $( kubectl get serviceaccount default -n default -o json | jq -r '.secrets[0].name' ) -n default -o json | jq -r .data.token) -# We need the Docker-internal control plane URL to be resolved -SERVER=$(kind get kubeconfig --internal --name=$(kind get clusters | grep datagov-broker-test) | grep server | cut -d ' ' -f 6-) +CURRENT_CLUSTER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'${CURRENT_CONTEXT}'")) .context.cluster') +SERVER=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'${CURRENT_CLUSTER}'")) .cluster["server"]') template() { file=examples.json-template diff --git a/terraform/provision/README.md b/terraform/provision/README.md index b46446e..619ab9a 100644 --- a/terraform/provision/README.md +++ b/terraform/provision/README.md @@ -1,6 +1,6 @@ # How to iterate on the provisioning code -**WARNING: Communication to the KIND Cluster doesn't currently exist from this +**WARNING: Communication to the KinD Cluster doesn't currently exist from this container. This needs to be established before terraform can work in this container.** From 4215780fc6ea7ac010fba6d1274adf46b43115bd Mon Sep 17 00:00:00 2001 From: Bret Mogilefsky Date: Thu, 23 Dec 2021 00:16:23 -0800 Subject: [PATCH 02/19] Remove the need for permission to list namespaces --- .gitignore | 1 + terraform/provision/data.tf | 6 ------ terraform/provision/main.tf | 4 ++-- 3 files changed, 3 insertions(+), 8 deletions(-) delete mode 100644 terraform/provision/data.tf diff --git a/.gitignore b/.gitignore index 22c0eb3..fd789a8 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,4 @@ examples.json tee .ash_history .terraform.d/ +terraform/provision/.cache diff --git a/terraform/provision/data.tf b/terraform/provision/data.tf deleted file mode 100644 index 3d977da..0000000 --- a/terraform/provision/data.tf +++ /dev/null @@ -1,6 +0,0 @@ -data "kubernetes_namespace" "namespace" { - metadata { - name = var.namespace - } -} - diff --git a/terraform/provision/main.tf b/terraform/provision/main.tf index 34c596d..ee7542a 100644 --- a/terraform/provision/main.tf +++ b/terraform/provision/main.tf @@ -26,7 +26,7 @@ resource "helm_release" "solrcloud" { name = local.cloud_name chart = "solr" repository = "https://solr.apache.org/charts" - namespace = data.kubernetes_namespace.namespace.id + namespace = var.namespace cleanup_on_fail = true atomic = true wait = true @@ -64,7 +64,7 @@ resource "helm_release" "solrcloud" { } command = <<-EOF sleep 30 - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) wait --for=condition=ready --timeout=3600s -n ${data.kubernetes_namespace.namespace.id} pod -l solr-cloud=${local.cloud_name} + kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) wait --for=condition=ready --timeout=3600s -n ${var.namespace} pod -l solr-cloud=${local.cloud_name} EOF } From 062a2ed7fd37e3661a945fa7cad737794266bb4f Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 10:45:46 -0500 Subject: [PATCH 03/19] fix: ignore 'rm' error if file to delete does not exist --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 479f72a..f33ca78 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ check: clean: SHELL:=./test_env_load clean: down ## Bring down the broker service if it's up and clean out the database @docker rm -f csb-service-$${SERVICE_NAME} - @rm datagov-services-pak-*.brokerpak + @rm -f datagov-services-pak-*.brokerpak # Origin of the subdirectory dependency solution: # https://stackoverflow.com/questions/14289513/makefile-rule-that-depends-on-all-files-under-a-directory-including-within-subd#comment19860124_14289872 From f1312506a22bb2c431f4741ecffb1204aedbb55c Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 10:46:30 -0500 Subject: [PATCH 04/19] cleanup: remove reference to deleted file --- solr-cloud.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/solr-cloud.yml b/solr-cloud.yml index fbb6b73..d74ccc8 100644 --- a/solr-cloud.yml +++ b/solr-cloud.yml @@ -101,7 +101,6 @@ provision: outputs: [] template_refs: main: terraform/provision/main.tf - data: terraform/provision/data.tf outputs: terraform/provision/outputs.tf providers: terraform/provision/providers.tf variables: terraform/provision/variables.tf From 77437195977e986e941af9dc7d6a4c5cc54be527 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 10:47:24 -0500 Subject: [PATCH 05/19] new: get kube token from current context; update solr.server env reference --- generate-env.sh | 2 ++ manifest.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/generate-env.sh b/generate-env.sh index b074028..041151a 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -4,8 +4,10 @@ set -e CURRENT_CONTEXT=$(kubectl config current-context) CURRENT_CLUSTER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'"${CURRENT_CONTEXT}"'")) .context.cluster') +CURRENT_USER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'"${CURRENT_CONTEXT}"'")) .context.user') SOLR_CLUSTER_CA_CERTIFICATE=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["certificate-authority-data"]') SOLR_TOKEN=$(kubectl get secret "$( kubectl get serviceaccount default -n default -o json | jq -r '.secrets[0].name' )" -n default -o json | jq -r .data.token) +SOLR_TOKEN=$(echo -n `kubectl config view --raw -o json | jq -r '.users[]| select(.name | contains("'"${CURRENT_USER}"'")) .user["token"]'` | base64 -w 0) SOLR_SERVER=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["server"]') SOLR_DOMAIN_NAME=${SOLR_DOMAIN_NAME:-ing.local.domain} diff --git a/manifest.yml b/manifest.yml index cdbc18d..215c9c6 100644 --- a/manifest.yml +++ b/manifest.yml @@ -30,7 +30,7 @@ service_definitions: parameters: [] required_env_variables: [] env_config_mapping: - SOLR_SERVER: solr.server + SOLR_CP_SERVER: solr.server SOLR_CLUSTER_CA_CERTIFICATE: solr.cluster_ca_certificate SOLR_TOKEN: solr.token SOLR_NAMESPACE: solr.namespace From 25e2a70ffee7ba2aa80c7c121bf61332085b45ef Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 17:31:08 -0500 Subject: [PATCH 06/19] new: update default solr image to 8.11; fix solr auth binding --- solr-cloud.yml | 4 ++-- terraform/bind/main.tf | 14 ++++---------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/solr-cloud.yml b/solr-cloud.yml index d74ccc8..4c4c880 100644 --- a/solr-cloud.yml +++ b/solr-cloud.yml @@ -29,7 +29,7 @@ provision: - field_name: solrImageTag required: false type: string - details: "Tag for the Solr Docker image to use, defaults to 8.6. See https://hub.docker.com/_/solr?tab=tags (or your configured solrImageRepo) for options" + details: "Tag for the Solr Docker image to use, defaults to 8.11. See https://hub.docker.com/_/solr?tab=tags (or your configured solrImageRepo) for options" - field_name: solrJavaMem required: false type: string @@ -83,7 +83,7 @@ provision: overwrite: false type: string - name: solrImageTag - default: "6.6.6-slim" + default: "8.11-slim" overwrite: false type: string - name: solrJavaMem diff --git a/terraform/bind/main.tf b/terraform/bind/main.tf index df4712b..3bb4e54 100644 --- a/terraform/bind/main.tf +++ b/terraform/bind/main.tf @@ -70,23 +70,20 @@ resource "null_resource" "manage_solr_user" { # Can't reuse containers because they are left in an unpredictable state after a single run # Wait for the command to run before deleting the container command = <<-EOF - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) run temp1 --image=curlimages/curl -- \ + kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) exec ${self.triggers.cloud_name}-solrcloud-0 -- curl \ -s -f -L \ -o /dev/null \ -w "%%{http_code}\n" \ --user admin:$${ADMIN_PASSWORD} \ 'http://${self.triggers.cloud_name}-solrcloud-common/solr/admin/authentication' \ -H 'Content-type:application/json' --data "$CREATE_USER_JSON" - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) run temp2 --image=curlimages/curl -- \ + kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) exec ${self.triggers.cloud_name}-solrcloud-0 -- curl \ -s -f -L \ -o /dev/null \ -w "%%{http_code}\n" \ --user admin:$${ADMIN_PASSWORD} \ 'http://${self.triggers.cloud_name}-solrcloud-common/solr/admin/authorization' \ -H 'Content-type:application/json' --data "$SET_ROLE_JSON" - sleep 10 - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) delete pod temp2 - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) delete pod temp1 EOF } @@ -103,23 +100,20 @@ resource "null_resource" "manage_solr_user" { # Can't reuse containers because they are left in an unpredictable state after a single run # Wait for the command to run before deleting the container command = <<-EOF - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) run temp1 --image=curlimages/curl -- \ + kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) exec ${self.triggers.cloud_name}-solrcloud-0 -- curl \ -s -f -L \ -o /dev/null \ -w "%%{http_code}\n" \ --user admin:$ADMIN_PASSWORD \ 'http://${self.triggers.cloud_name}-solrcloud-common/solr/admin/authorization' \ -H 'Content-type:application/json' --data "$CLEAR_ROLE_JSON" - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) run temp2 --image=curlimages/curl -- \ + kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) exec ${self.triggers.cloud_name}-solrcloud-0 -- curl \ -s -f -L \ -o /dev/null \ -w "%%{http_code}\n" \ --user admin:$ADMIN_PASSWORD \ 'http://${self.triggers.cloud_name}-solrcloud-common/solr/admin/authentication' \ -H 'Content-type:application/json' --data "$DELETE_USER_JSON" - sleep 10 - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) delete pod temp2 - kubectl --kubeconfig <(echo $KUBECONFIG | base64 -d) delete pod temp1 EOF } From b041d78f714a6202fd5ca20a1f4c9625fe70b582 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 19:23:46 -0500 Subject: [PATCH 07/19] cleanup: remove reference to deleted items --- terraform/bind/data.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/terraform/bind/data.tf b/terraform/bind/data.tf index d59129f..c4528b7 100644 --- a/terraform/bind/data.tf +++ b/terraform/bind/data.tf @@ -1,9 +1,3 @@ -data "kubernetes_namespace" "namespace" { - metadata { - name = var.namespace - } -} - # Derive the ingress hostname that's used for connecting to the exposed SolrCloud data "kubernetes_ingress" "solrcloud-ingress" { metadata { From 19032f9783a53ae0a6a18a4e80af973b1c709a23 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 21:50:00 -0500 Subject: [PATCH 08/19] update: local KiND to use solr operator 0.5.0 --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index f33ca78..b99e8e5 100644 --- a/Makefile +++ b/Makefile @@ -99,8 +99,8 @@ kind-up: ## Set up a Kubernetes test environment using KinD --selector=app.kubernetes.io/component=controller \ --timeout=270s # Install the ZooKeeper and Solr operators using Helm - kubectl create -f https://solr.apache.org/operator/downloads/crds/v0.4.0/all-with-dependencies.yaml - @helm install --namespace kube-system --repo https://solr.apache.org/charts --version 0.4.0 solr solr-operator + kubectl create -f https://solr.apache.org/operator/downloads/crds/v0.5.0/all-with-dependencies.yaml + @helm install --namespace kube-system --repo https://solr.apache.org/charts --version 0.5.0 solr solr-operator .env: generate-env.sh @echo Generating a .env file containing the k8s config needed by the broker From 943010532e8d5c06e5ea8a6ae2cfa6b217ca0809 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Thu, 23 Dec 2021 21:50:43 -0500 Subject: [PATCH 09/19] revert: parameters to get KiND cluster to be functional --- generate-env.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/generate-env.sh b/generate-env.sh index 041151a..12c5665 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -6,16 +6,19 @@ CURRENT_CONTEXT=$(kubectl config current-context) CURRENT_CLUSTER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'"${CURRENT_CONTEXT}"'")) .context.cluster') CURRENT_USER=$(kubectl config view --raw -o json | jq -r '.contexts[]| select(.name | contains("'"${CURRENT_CONTEXT}"'")) .context.user') SOLR_CLUSTER_CA_CERTIFICATE=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["certificate-authority-data"]') -SOLR_TOKEN=$(kubectl get secret "$( kubectl get serviceaccount default -n default -o json | jq -r '.secrets[0].name' )" -n default -o json | jq -r .data.token) SOLR_TOKEN=$(echo -n `kubectl config view --raw -o json | jq -r '.users[]| select(.name | contains("'"${CURRENT_USER}"'")) .user["token"]'` | base64 -w 0) SOLR_SERVER=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.name | contains("'"${CURRENT_CLUSTER}"'")) .cluster["server"]') SOLR_DOMAIN_NAME=${SOLR_DOMAIN_NAME:-ing.local.domain} -if [ "${CURRENT_CLUSTER}" = "kind-datagov-broker-test" ] ; then +if [ "${CURRENT_CLUSTER}" == *"kind-datagov-broker-test"* ]; then # If the test cluster is in KinD we need the CSB to use # a control plane URL resolvable from inside the CSB Docker container + CURRENT_USER=kind-datagov-broker-test + CURRENT_CONTEXT=kind-datagov-broker-test + SOLR_SERVER=$(kind get kubeconfig --name=$(kind get clusters | grep datagov-broker-test) | grep server | cut -d ' ' -f 6-) SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) + SOLR_TOKEN=$(echo -n `kubectl config view --raw -o json | jq -r '.users[]| select(.name | contains("'"${CURRENT_USER}"'")) .user["client-key-data"]'` | base64 -w 0) else # Otherwise it's the same as the normal server control plane URL SOLR_CP_SERVER=${SOLR_SERVER} From 4153ba8d1e99428a0d204f653ee173d9b3e2b7bb Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 10:30:49 -0500 Subject: [PATCH 10/19] fix/docs: get solr token from secrets for kind cluster; update references in readme --- README.md | 7 +++++++ generate-env.sh | 10 ++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bfed651..5632ee2 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,13 @@ docs. Huge props go to @josephlewis42 of Google for publishing and publicizing the brokerpak concept, and to the Pivotal team running with the concept! +### Related Docs + +- [Solr Helm Chart](https://artifacthub.io/packages/helm/apache-solr/solr) +- [Solr Operator Helm Chart](https://artifacthub.io/packages/helm/apache-solr/solr-operator) +- [Solr Official Docs](https://solr.apache.org/guide/8_11/) +- [Solr Operator SolrCloud CRD](https://github.com/apache/solr-operator/blob/main/docs/solr-cloud/solr-cloud-crd.md) + ## Prerequisites 1. `make` is used for executing docker commands in a meaningful build cycle. diff --git a/generate-env.sh b/generate-env.sh index 12c5665..c63863d 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -11,14 +11,12 @@ SOLR_SERVER=$(kubectl config view --raw -o json | jq -r '.clusters[]| select(.na SOLR_DOMAIN_NAME=${SOLR_DOMAIN_NAME:-ing.local.domain} -if [ "${CURRENT_CLUSTER}" == *"kind-datagov-broker-test"* ]; then +if [[ "${CURRENT_CLUSTER}" == "kind-datagov-broker-test" ]]; then # If the test cluster is in KinD we need the CSB to use # a control plane URL resolvable from inside the CSB Docker container CURRENT_USER=kind-datagov-broker-test - CURRENT_CONTEXT=kind-datagov-broker-test - SOLR_SERVER=$(kind get kubeconfig --name=$(kind get clusters | grep datagov-broker-test) | grep server | cut -d ' ' -f 6-) - SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) - SOLR_TOKEN=$(echo -n `kubectl config view --raw -o json | jq -r '.users[]| select(.name | contains("'"${CURRENT_USER}"'")) .user["client-key-data"]'` | base64 -w 0) + SOLR_CP_SERVER=$(kind get kubeconfig --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) + SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .data.token | tr -d '"') else # Otherwise it's the same as the normal server control plane URL SOLR_CP_SERVER=${SOLR_SERVER} @@ -35,7 +33,7 @@ HEREDOC # Generate terraform.tfvars needed for mucking about directly with terraform/provision cat > terraform/provision/terraform.tfvars << HEREDOC -server="${SOLR_SERVER}" +server="${SOLR_CP_SERVER}" token="${SOLR_TOKEN}" cluster_ca_certificate="${SOLR_CLUSTER_CA_CERTIFICATE}" namespace="default" From a005fb7bfc3e37e9c3a6a709ae8833fa4f1e9c5d Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 10:34:45 -0500 Subject: [PATCH 11/19] fix: I don't know how to describe this, but it works --- generate-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-env.sh b/generate-env.sh index c63863d..559c33b 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -15,7 +15,7 @@ if [[ "${CURRENT_CLUSTER}" == "kind-datagov-broker-test" ]]; then # If the test cluster is in KinD we need the CSB to use # a control plane URL resolvable from inside the CSB Docker container CURRENT_USER=kind-datagov-broker-test - SOLR_CP_SERVER=$(kind get kubeconfig --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) + SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .data.token | tr -d '"') else # Otherwise it's the same as the normal server control plane URL From 5b592cc854841877a22a92c3bdbd66c6cde2d964 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 10:51:31 -0500 Subject: [PATCH 12/19] revert: name of solr.server env var name --- generate-env.sh | 2 +- manifest.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-env.sh b/generate-env.sh index 559c33b..d900bc7 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -24,7 +24,7 @@ fi # Generate the environment variables needed for configuring the CSB running in Docker cat > .env << HEREDOC -SOLR_CP_SERVER=${SOLR_CP_SERVER} +SOLR_SERVER=${SOLR_CP_SERVER} SOLR_TOKEN=${SOLR_TOKEN} SOLR_CLUSTER_CA_CERTIFICATE=${SOLR_CLUSTER_CA_CERTIFICATE} SOLR_NAMESPACE=default diff --git a/manifest.yml b/manifest.yml index 215c9c6..cdbc18d 100644 --- a/manifest.yml +++ b/manifest.yml @@ -30,7 +30,7 @@ service_definitions: parameters: [] required_env_variables: [] env_config_mapping: - SOLR_CP_SERVER: solr.server + SOLR_SERVER: solr.server SOLR_CLUSTER_CA_CERTIFICATE: solr.cluster_ca_certificate SOLR_TOKEN: solr.token SOLR_NAMESPACE: solr.namespace From e814a05fdc3bdde4966109347929f66b5a821034 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 10:52:27 -0500 Subject: [PATCH 13/19] fix: explicitly call make .env --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b0eef0c..ca546fa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -47,7 +47,7 @@ jobs: limit-access-to-actor: true - name: Start the broker and run the tests - run: make up test + run: make .env up test - name: Clean up if there was a failure if: ${{ failure() }} From b476a03414d6bcd5c2ce9872170ff75cee1e8401 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 12:01:27 -0500 Subject: [PATCH 14/19] fix: SOLR_TOKEN on github actions is a bit different; also, curl seems to only be in 8.11? --- generate-env.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/generate-env.sh b/generate-env.sh index d900bc7..2d7f81e 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -17,6 +17,11 @@ if [[ "${CURRENT_CLUSTER}" == "kind-datagov-broker-test" ]]; then CURRENT_USER=kind-datagov-broker-test SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .data.token | tr -d '"') + if [ -z "$SOLR_TOKEN" ]; then + # The format of the secret is different if there are more than one token associated with a secret. + # The first token works reliably + SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .items[0].data.token | tr -d '"') + fi else # Otherwise it's the same as the normal server control plane URL SOLR_CP_SERVER=${SOLR_SERVER} @@ -39,7 +44,7 @@ cluster_ca_certificate="${SOLR_CLUSTER_CA_CERTIFICATE}" namespace="default" domain_name="${SOLR_DOMAIN_NAME}" replicas=3 -solrImageTag="8.6" +solrImageTag="8.11" solrJavaMem="-Xms300m -Xmx300m" cloud_name="example" solrCpu="1000m" From 7760f0b0da2d4328fdda9a926b0b4f22cdaee24f Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 15:28:32 -0500 Subject: [PATCH 15/19] new: try to use custom docker image with solr and curl --- examples.json-template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples.json-template b/examples.json-template index c8fae2d..a5cb5d4 100644 --- a/examples.json-template +++ b/examples.json-template @@ -5,7 +5,7 @@ "service_name": "solr-cloud", "service_id": "b9013a91-9ce8-4c18-8035-a135a8cd6ff9", "plan_id": "e35e9675-413f-4f42-83de-ad5003357e77", - "provision_params": {"solrJavaMem":"-Xms300m -Xmx300m", "solrMem":"1G", "solrCpu":"1000m", "cloud_name":"demo"}, + "provision_params": {"solrJavaMem":"-Xms300m -Xmx300m", "solrMem":"1G", "solrCpu":"1000m", "cloud_name":"demo", "solrImageRepo":"ghcr.io/gsa/catalog.data.gov.solr", "solrImageTag":"8-curl"}, "bind_params": {} } -] \ No newline at end of file +] From c44ea71d89e9f24017b538642da6e99845f58fd4 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 15:47:35 -0500 Subject: [PATCH 16/19] fix: SOLR_TOKEN would be 'null' if the first command fails, not unset --- generate-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-env.sh b/generate-env.sh index 2d7f81e..5bca1ae 100755 --- a/generate-env.sh +++ b/generate-env.sh @@ -17,7 +17,7 @@ if [[ "${CURRENT_CLUSTER}" == "kind-datagov-broker-test" ]]; then CURRENT_USER=kind-datagov-broker-test SOLR_CP_SERVER=$(kind get kubeconfig --internal --name="$(kind get clusters | grep datagov-broker-test)" | grep server | cut -d ' ' -f 6-) SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .data.token | tr -d '"') - if [ -z "$SOLR_TOKEN" ]; then + if [[ "$SOLR_TOKEN" == "null" ]]; then # The format of the secret is different if there are more than one token associated with a secret. # The first token works reliably SOLR_TOKEN=$(kubectl get secret $(kubectl get secrets | grep -oh "default-token-[a-z]*\s") -o json | jq .items[0].data.token | tr -d '"') From 8784d1f9b34131be34c0735cf4c2bf479c64c957 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 15:58:11 -0500 Subject: [PATCH 17/19] noop: test durability of tests.. --- examples.json-template | 1 + 1 file changed, 1 insertion(+) diff --git a/examples.json-template b/examples.json-template index a5cb5d4..e0966ee 100644 --- a/examples.json-template +++ b/examples.json-template @@ -9,3 +9,4 @@ "bind_params": {} } ] + From 736fe2df4fe7d725e04d9a223d193b507856104d Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 16:42:44 -0500 Subject: [PATCH 18/19] port: fix from https://github.com/GSA/datagov-brokerpak-solr/tree/bugfix/nginx-request-size --- terraform/provision/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/provision/main.tf b/terraform/provision/main.tf index ee7542a..c1aa252 100644 --- a/terraform/provision/main.tf +++ b/terraform/provision/main.tf @@ -45,6 +45,7 @@ resource "helm_release" "solrcloud" { "replicas" = var.replicas # How many replicas you want "solrOptions.javaMemory" = var.solrJavaMem # How much memory to give each replica "solrOptions.security.authenticationType" = "Basic" + "ingressOptions.annotations.nginx\\.ingress\\.kubernetes\\.io/proxy-body-size" = 999m } content { name = set.key From d4c4e96a2782e898f2e76d0882775446f9637724 Mon Sep 17 00:00:00 2001 From: Nicholas Kumia Date: Tue, 28 Dec 2021 17:03:18 -0500 Subject: [PATCH 19/19] fix: make option a string for terraform --- terraform/provision/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/provision/main.tf b/terraform/provision/main.tf index c1aa252..e43aa9c 100644 --- a/terraform/provision/main.tf +++ b/terraform/provision/main.tf @@ -45,7 +45,7 @@ resource "helm_release" "solrcloud" { "replicas" = var.replicas # How many replicas you want "solrOptions.javaMemory" = var.solrJavaMem # How much memory to give each replica "solrOptions.security.authenticationType" = "Basic" - "ingressOptions.annotations.nginx\\.ingress\\.kubernetes\\.io/proxy-body-size" = 999m + "ingressOptions.annotations.nginx\\.ingress\\.kubernetes\\.io/proxy-body-size" = "999m" } content { name = set.key