diff --git a/releasenotes/notes/tacker.yaml b/releasenotes/notes/tacker.yaml index 33094ebf11..0659dc3683 100644 --- a/releasenotes/notes/tacker.yaml +++ b/releasenotes/notes/tacker.yaml @@ -7,4 +7,5 @@ tacker: - 0.1.4 Enable custom annotations for Openstack secrets - 0.1.5 Update images used by default - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default + - 0.1.7 Add Tacker Test Job ... diff --git a/tacker/Chart.yaml b/tacker/Chart.yaml index 9a8b9f1770..87e81856b2 100644 --- a/tacker/Chart.yaml +++ b/tacker/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Tacker name: tacker -version: 0.1.6 +version: 0.1.7 home: https://docs.openstack.org/tacker/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Tacker/OpenStack_Project_Tacker_vertical.png sources: diff --git a/tacker/templates/bin/_tacker-test.sh.tpl b/tacker/templates/bin/_tacker-test.sh.tpl new file mode 100644 index 0000000000..1036aaa5e2 --- /dev/null +++ b/tacker/templates/bin/_tacker-test.sh.tpl @@ -0,0 +1,26 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +openstack secret list + +openstack --help + +openstack vim list + +openstack vnflcm list --os-tacker-api-version 1 + diff --git a/tacker/templates/configmap-bin.yaml b/tacker/templates/configmap-bin.yaml index c436f27201..2dbc3c6632 100644 --- a/tacker/templates/configmap-bin.yaml +++ b/tacker/templates/configmap-bin.yaml @@ -12,6 +12,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} --- apiVersion: v1 data: @@ -23,6 +24,8 @@ data: {{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} db-init.py: | {{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + tacker-test.sh: | +{{ tuple "bin/_tacker-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} db-sync.sh: | {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ks-endpoints.sh: | @@ -36,4 +39,4 @@ data: kind: ConfigMap metadata: name: tacker-bin -{{- end }} \ No newline at end of file +{{- end }} diff --git a/tacker/templates/pod-test.yaml b/tacker/templates/pod-test.yaml new file mode 100644 index 0000000000..79a827893b --- /dev/null +++ b/tacker/templates/pod-test.yaml @@ -0,0 +1,73 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_test }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.static.tests }} + +{{- $mounts_tacker_tests := .Values.pod.mounts.tacker_tests.tacker_tests }} +{{- $mounts_tacker_tests_init := .Values.pod.mounts.tacker_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + labels: +{{ tuple $envAll "tacker" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ dict "envAll" $envAll "podName" "tacker-test" "containerNames" (list "init" "tacker-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} +spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} +{{ if $envAll.Values.pod.tolerations.tacker.enabled }} +{{ tuple $envAll "tacker" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} +{{ end }} + restartPolicy: Never + initContainers: +{{ tuple $envAll "tests" $mounts_tacker_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + containers: + - name: tacker-test +{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ dict "envAll" $envAll "application" "test" "container" "tacker_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + command: + - /tmp/tacker-test.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: tacker-bin + mountPath: /tmp/tacker-test.sh + subPath: tacker-test.sh + readOnly: true +{{ if $mounts_tacker_tests.volumeMounts }}{{ toYaml $mounts_tacker_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: tacker-bin + configMap: + name: tacker-bin + defaultMode: 0555 +{{ if $mounts_tacker_tests.volumes }}{{ toYaml $mounts_tacker_tests.volumes | indent 4 }}{{ end }} +{{- end }} + diff --git a/tacker/values.yaml b/tacker/values.yaml index 2725d11c11..1087fa1bb4 100644 --- a/tacker/values.yaml +++ b/tacker/values.yaml @@ -24,12 +24,20 @@ labels: job: node_selector_key: openstack-control-plane node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2 +# Set to false to upgrade using helm2 +helm3_hook: true images: pull_policy: IfNotPresent tags: tacker_server: docker.io/openstackhelm/tacker:2024.1-ubuntu_jammy tacker_conductor: docker.io/openstackhelm/tacker:2024.1-ubuntu_jammy + scripted_test: docker.io/openstackhelm/openstack-client:2024.1 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy tacker_db_sync: docker.io/openstackhelm/tacker:2024.1-ubuntu_jammy @@ -72,6 +80,10 @@ dependencies: service: identity - endpoint: internal service: key_manager + tests: + services: + - endpoint: internal + service: identity db_drop: services: - endpoint: internal @@ -105,12 +117,20 @@ pod: security_context: server: pod: - runAsUser: 42424 - runAsNonRoot: true + runAsUser: 0 + runAsNonRoot: false conductor: pod: - runAsUser: 42424 - runAsNonRoot: true + runAsUser: 0 + runAsNonRoot: false + test: + pod: + runAsUser: 0 + runAsNonRoot: false + container: + tacker_test: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true lifecycle: termination_grace_period: server: @@ -175,11 +195,23 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" mounts: tacker_db_sync: tacker_db_sync: volumeMounts: volumes: + tacker_tests: + init_container: null + tacker_tests: + volumeMounts: + volumes: storage: storageClass: general @@ -458,7 +490,7 @@ conf: composite:tackerapi_v1_0: use: call:tacker.auth:pipeline_factory noauth: cors request_id catch_errors extensions tackerapiapp_v1_0 - keystone: cors request_id catch_errors alarm_receiver authtoken keystonecontext extensions tackerapiapp_v1_0 + keystone: cors request_id catch_errors authtoken keystonecontext extensions tackerapiapp_v1_0 composite:vnfpkgmapi_v1: use: call:tacker.auth:pipeline_factory noauth: cors request_id catch_errors vnfpkgmapp_v1 @@ -490,8 +522,6 @@ conf: paste.filter_factory: oslo_middleware:RequestId.factory filter:catch_errors: paste.filter_factory: oslo_middleware:CatchErrors.factory - filter:alarm_receiver: - paste.filter_factory: tacker.alarm_receiver:AlarmReceiver.factory filter:keystonecontext: paste.filter_factory: tacker.auth:TackerKeystoneContext.factory filter:authtoken: @@ -515,13 +545,13 @@ conf: app:vnffmaapp_v1: paste.app_factory: tacker.sol_refactored.api.router:VnffmAPIRouterV1.factory app:prometheus_auto_scaling: - paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:AutoScalingRouter.factory + paste.app_factory: tacker.sol_refactored.api.router:AutoScalingRouter.factory app:prometheus_fm: - paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:FmAlertRouter.factory + paste.app_factory: tacker.sol_refactored.api.router:FmAlertRouter.factory app:prometheus_pm: - paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:PmEventRouter.factory + paste.app_factory: tacker.sol_refactored.api.router:PmEventRouter.factory app:server_notification: - paste.app_factory: tacker.sol_refactored.api.server_notification_router:ServerNotificationRouter.factory + paste.app_factory: tacker.sol_refactored.api.router:ServerNotificationRouter.factory logging: loggers: keys: @@ -601,6 +631,7 @@ manifests: job_ks_service: true job_ks_user: true job_rabbit_init: true + pod_test: true pvc: true secret_db: true secret_keystone: true diff --git a/zuul.d/2024.1.yaml b/zuul.d/2024.1.yaml index 3a05a1fc31..8688cbecf0 100644 --- a/zuul.d/2024.1.yaml +++ b/zuul.d/2024.1.yaml @@ -153,3 +153,13 @@ container_distro_name: ubuntu container_distro_version: jammy feature_gates: tls + +- job: + name: openstack-helm-tacker-2024-1-ubuntu_jammy + parent: openstack-helm-tacker + nodeset: openstack-helm-1node-32GB-ubuntu_jammy + vars: + osh_params: + openstack_release: "2024.1" + container_distro_name: ubuntu + container_distro_version: jammy diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index b778771f19..e9ba2f2af1 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -380,3 +380,4 @@ - ./tools/deployment/component/barbican/barbican.sh - ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh - ./tools/deployment/component/tacker/tacker.sh + - ./tools/deployment/common/run-helm-tests.sh tacker diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index ea85f2f3ae..adde73f864 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -42,6 +42,7 @@ - openstack-helm-compute-kit-cilium-metallb-2024-1-ubuntu_jammy # 1 node + 2 nodes - openstack-helm-compute-kit-flannel-metallb-2024-1-ubuntu_jammy # 1 node + 2 nodes - openstack-helm-horizon-2024-1-ubuntu_jammy # 1 node + - openstack-helm-tacker-2024-1-ubuntu_jammy gate: jobs: - openstack-helm-lint