fix: crash in operator console for missing fsGroup (#2211)
Bonus: Add support for "fsGroupChangePolicy" Bonus: keep only github actions in workflow folder
This commit is contained in:
Harshavardhana
GitHub
94
.github/workflows/common.sh
vendored
94
.github/workflows/common.sh
vendored
@@ -1,94 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
# Copyright (C) 2022, MinIO, Inc.
|
||||
#
|
||||
# This code is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License, version 3,
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
|
||||
yell() { echo "$0: $*" >&2; }
|
||||
|
||||
die() {
|
||||
yell "$*"
|
||||
(kind delete cluster || true ) && exit 111
|
||||
}
|
||||
|
||||
try() { "$@" || die "cannot $*"; }
|
||||
|
||||
function setup_kind() {
|
||||
# TODO once feature is added: https://github.com/kubernetes-sigs/kind/issues/1300
|
||||
echo "kind: Cluster" > kind-config.yaml
|
||||
echo "apiVersion: kind.x-k8s.io/v1alpha4" >> kind-config.yaml
|
||||
echo "nodes:" >> kind-config.yaml
|
||||
echo " - role: control-plane" >> kind-config.yaml
|
||||
echo " - role: worker" >> kind-config.yaml
|
||||
echo " - role: worker" >> kind-config.yaml
|
||||
echo " - role: worker" >> kind-config.yaml
|
||||
echo " - role: worker" >> kind-config.yaml
|
||||
try kind create cluster --config kind-config.yaml
|
||||
echo "Kind is ready"
|
||||
try kubectl get nodes
|
||||
}
|
||||
|
||||
function install_operator() {
|
||||
echo "Installing Current Operator"
|
||||
|
||||
# TODO: Compile the current branch and create an overlay to use that image version
|
||||
try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/resources"
|
||||
|
||||
echo "Waiting for k8s api"
|
||||
sleep 10
|
||||
echo "Waiting for Operator Pods to come online (2m timeout)"
|
||||
|
||||
try kubectl wait --namespace minio-operator \
|
||||
--for=condition=ready pod \
|
||||
--selector=name=minio-operator \
|
||||
--timeout=120s
|
||||
}
|
||||
|
||||
function destroy_kind() {
|
||||
kind delete cluster
|
||||
}
|
||||
|
||||
function check_tenant_status() {
|
||||
# Check MinIO is accessible
|
||||
|
||||
waitdone=0
|
||||
totalwait=0
|
||||
while true; do
|
||||
waitdone=$(kubectl -n $1 get pods -l v1.min.io/tenant=$2 --no-headers | wc -l)
|
||||
if [ "$waitdone" -ne 0 ]; then
|
||||
echo "Found $waitdone pods"
|
||||
break
|
||||
fi
|
||||
sleep 5
|
||||
totalwait=$((totalwait + 5))
|
||||
if [ "$totalwait" -gt 305 ]; then
|
||||
echo "Unable to create tenant after 5 minutes, exiting."
|
||||
try false
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Waiting for pods to be ready. (5m timeout)"
|
||||
|
||||
USER=$(kubectl -n $1 get secrets $2-env-configuration -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_USER="' | sed -e 's/export MINIO_ROOT_USER="//g' | sed -e 's/"//g')
|
||||
PASSWORD=$(kubectl -n $1 get secrets $2-env-configuration -o go-template='{{index .data "config.env"|base64decode }}' | grep 'export MINIO_ROOT_PASSWORD="' | sed -e 's/export MINIO_ROOT_PASSWORD="//g' | sed -e 's/"//g')
|
||||
|
||||
try kubectl wait --namespace $1 \
|
||||
--for=condition=ready pod \
|
||||
--selector=v1.min.io/tenant=$2 \
|
||||
--timeout=300s
|
||||
|
||||
echo "Tenant is created successfully, proceeding to validate 'mc admin info minio/'"
|
||||
|
||||
kubectl run admin-mc -i --tty --image minio/mc --command -- bash -c "until (mc alias set minio/ https://minio.$1.svc.cluster.local $USER $PASSWORD); do echo \"...waiting... for 5secs\" && sleep 5; done; mc admin info minio/;"
|
||||
|
||||
echo "Done."
|
||||
}
|
||||
8
.github/workflows/console-sa-secret.yaml
vendored
8
.github/workflows/console-sa-secret.yaml
vendored
@@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: console-sa-secret
|
||||
namespace: minio-operator
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: console-sa
|
||||
type: kubernetes.io/service-account-token
|
||||
72
.github/workflows/deploy-tenant.sh
vendored
72
.github/workflows/deploy-tenant.sh
vendored
@@ -1,72 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
# Copyright (C) 2022, MinIO, Inc.
|
||||
#
|
||||
# This code is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License, version 3,
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
|
||||
# This script requires: kubectl, kind
|
||||
|
||||
SCRIPT_DIR=$(dirname "$0")
|
||||
export SCRIPT_DIR
|
||||
|
||||
source "${SCRIPT_DIR}/common.sh"
|
||||
|
||||
function install_tenants() {
|
||||
echo "Installing tenants"
|
||||
|
||||
# Install lite & kes tenants
|
||||
try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/tenant-lite"
|
||||
try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/tenant-kes-encryption"
|
||||
|
||||
echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled"
|
||||
waitdone=0
|
||||
totalwait=0
|
||||
while true; do
|
||||
waitdone=$(kubectl -n tenant-lite get pods -l v1.min.io/tenant=storage-lite --no-headers | wc -l)
|
||||
if [ "$waitdone" -ne 0 ]; then
|
||||
echo "Found $waitdone pods"
|
||||
break
|
||||
fi
|
||||
sleep 5
|
||||
totalwait=$((totalwait + 5))
|
||||
if [ "$totalwait" -gt 300 ]; then
|
||||
echo "Tenant never created statefulset after 5 minutes"
|
||||
try false
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Waiting for tenant pods to come online (5m timeout)"
|
||||
try kubectl wait --namespace tenant-lite \
|
||||
--for=condition=ready pod \
|
||||
--selector="v1.min.io/tenant=storage-lite" \
|
||||
--timeout=300s
|
||||
|
||||
echo "Build passes basic tenant creation"
|
||||
}
|
||||
|
||||
|
||||
function main() {
|
||||
destroy_kind
|
||||
setup_kind
|
||||
install_operator
|
||||
install_tenants
|
||||
check_tenant_status tenant-lite storage-lite
|
||||
kubectl proxy &
|
||||
# Beginning Kubernetes 1.24 ----> Service Account Token Secrets are not
|
||||
# automatically generated, to generate them manually, users must manually
|
||||
# create the secret, for our examples where we lead people to get the JWT
|
||||
# from the console-sa service account, they additionally need to manually
|
||||
# generate the secret via
|
||||
kubectl apply -f "${SCRIPT_DIR}/console-sa-secret.yaml"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
2
.github/workflows/jobs.yaml
vendored
2
.github/workflows/jobs.yaml
vendored
@@ -193,7 +193,7 @@ jobs:
|
||||
curl -sLO "https://dl.k8s.io/release/v1.23.1/bin/linux/amd64/kubectl" -o kubectl
|
||||
chmod +x kubectl
|
||||
mv kubectl /usr/local/bin
|
||||
"${GITHUB_WORKSPACE}/.github/workflows/deploy-tenant.sh"
|
||||
"${GITHUB_WORKSPACE}/tests/deploy-tenant.sh"
|
||||
echo "start ---> make test-operator-integration";
|
||||
make test-operator-integration;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user