From 9a919b7fb1f4d1e9515baf9d7f9c4f9c981ed764 Mon Sep 17 00:00:00 2001 From: Veronika Fisarova Date: Mon, 5 Feb 2024 08:50:51 +0100 Subject: [PATCH] TLS kuttl Signed-off-by: Veronika Fisarova --- .../manila.openstack.org_manilaapis.yaml | 6 - api/bases/manila.openstack.org_manilas.yaml | 21 - ...manila.openstack.org_manilaschedulers.yaml | 6 - .../manila.openstack.org_manilashares.yaml | 6 - api/v1beta1/common_types.go | 14 - api/v1beta1/manila_types.go | 4 - api/v1beta1/zz_generated.deepcopy.go | 16 - .../manila.openstack.org_manilaapis.yaml | 6 - .../bases/manila.openstack.org_manilas.yaml | 21 - ...manila.openstack.org_manilaschedulers.yaml | 6 - .../manila.openstack.org_manilashares.yaml | 6 - config/samples/layout/tls/kustomization.yaml | 15 + config/samples/layout/tls/tls.yaml | 47 ++ pkg/manila/dbsync.go | 10 +- pkg/manilaapi/statefulset.go | 37 +- pkg/manilascheduler/statefulset.go | 34 +- pkg/manilashare/statefulset.go | 34 +- test/kuttl/tests/manila-basic/01-assert.yaml | 198 ------- .../tests/manila-basic/01-deploy-manila.yaml | 5 - test/kuttl/tests/manila-basic/02-assert.yaml | 167 ------ .../manila-basic/02-scale-up-manila.yaml | 5 - test/kuttl/tests/manila-basic/03-assert.yaml | 198 ------- .../03-scale-down-manila-api.yaml | 5 - test/kuttl/tests/manila-basic/04-errors.yaml | 9 - test/kuttl/tests/manila-basic/README.md | 43 -- .../tests/manila-multibackend/01-assert.yaml | 255 --------- .../manila-multibackend/01-deploy-manila.yaml | 5 - .../tests/manila-multibackend/02-assert.yaml | 261 --------- .../02-scale-up-manila-share.yaml | 5 - .../tests/manila-multibackend/03-assert.yaml | 253 --------- .../03-scale-down-manila-share.yaml | 5 - .../04-cleanup-manila.yaml | 6 - .../tests/manila-multibackend/04-errors.yaml | 9 - .../kuttl/tests/manila-multibackend/README.md | 60 -- test/kuttl/tests/manila-tls/01-assert.yaml | 14 + .../tests/manila-tls/01-tls_certificates.yaml | 31 + .../tests/manila-tls/02-manila-deploy.yaml | 5 + test/kuttl/tests/manila-tls/03-assert.yaml | 535 ++++++++++++++++++ .../04-cleanup-manila.yaml | 0 39 files changed, 680 insertions(+), 1683 deletions(-) create mode 100644 config/samples/layout/tls/kustomization.yaml create mode 100644 config/samples/layout/tls/tls.yaml delete mode 100644 test/kuttl/tests/manila-basic/01-assert.yaml delete mode 100644 test/kuttl/tests/manila-basic/01-deploy-manila.yaml delete mode 100644 test/kuttl/tests/manila-basic/02-assert.yaml delete mode 100644 test/kuttl/tests/manila-basic/02-scale-up-manila.yaml delete mode 100644 test/kuttl/tests/manila-basic/03-assert.yaml delete mode 100644 test/kuttl/tests/manila-basic/03-scale-down-manila-api.yaml delete mode 100644 test/kuttl/tests/manila-basic/04-errors.yaml delete mode 100644 test/kuttl/tests/manila-basic/README.md delete mode 100644 test/kuttl/tests/manila-multibackend/01-assert.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/01-deploy-manila.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/02-assert.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/02-scale-up-manila-share.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/03-assert.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/03-scale-down-manila-share.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/04-cleanup-manila.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/04-errors.yaml delete mode 100644 test/kuttl/tests/manila-multibackend/README.md create mode 100644 test/kuttl/tests/manila-tls/01-assert.yaml create mode 100644 test/kuttl/tests/manila-tls/01-tls_certificates.yaml create mode 100644 test/kuttl/tests/manila-tls/02-manila-deploy.yaml create mode 100644 test/kuttl/tests/manila-tls/03-assert.yaml rename test/kuttl/tests/{manila-basic => manila-tls}/04-cleanup-manila.yaml (100%) diff --git a/api/bases/manila.openstack.org_manilaapis.yaml b/api/bases/manila.openstack.org_manilaapis.yaml index ef7c61c0..7171ef84 100644 --- a/api/bases/manila.openstack.org_manilaapis.yaml +++ b/api/bases/manila.openstack.org_manilaapis.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/api/bases/manila.openstack.org_manilas.yaml b/api/bases/manila.openstack.org_manilas.yaml index 677b4ba1..d4f52ee0 100644 --- a/api/bases/manila.openstack.org_manilas.yaml +++ b/api/bases/manila.openstack.org_manilas.yaml @@ -58,9 +58,6 @@ spec: dbPurge: default: false type: boolean - dbSync: - default: false - type: boolean type: object extraMounts: items: @@ -829,12 +826,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string @@ -963,12 +954,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string @@ -1029,12 +1014,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string diff --git a/api/bases/manila.openstack.org_manilaschedulers.yaml b/api/bases/manila.openstack.org_manilaschedulers.yaml index 5c279442..37ba87a6 100644 --- a/api/bases/manila.openstack.org_manilaschedulers.yaml +++ b/api/bases/manila.openstack.org_manilaschedulers.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/api/bases/manila.openstack.org_manilashares.yaml b/api/bases/manila.openstack.org_manilashares.yaml index 51b6f953..c5dd12f0 100644 --- a/api/bases/manila.openstack.org_manilashares.yaml +++ b/api/bases/manila.openstack.org_manilashares.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 09e92bf7..bb235a56 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -72,11 +72,6 @@ type ManilaServiceTemplate struct { // any global NodeSelector settings within the Manila CR. NodeSelector map[string]string `json:"nodeSelector,omitempty"` - // +kubebuilder:validation:Optional - // Debug - enable debug for different deploy stages. If an init container is used, it runs and the - // actual action pod gets started with sleep infinity - Debug ManilaServiceDebug `json:"debug,omitempty"` - // +kubebuilder:validation:Optional // +kubebuilder:default="# add your customization here" // CustomServiceConfig - customize the service config using this parameter to change service defaults, @@ -111,12 +106,3 @@ type PasswordSelector struct { // Service - Selector to get the manila service password from the Secret Service string `json:"service,omitempty"` } - -// ManilaServiceDebug indicates whether certain stages of Manila service -// deployment should pause in debug mode -type ManilaServiceDebug struct { - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // service enable debug - Service bool `json:"service,omitempty"` -} diff --git a/api/v1beta1/manila_types.go b/api/v1beta1/manila_types.go index 11fe50b9..30f2e71e 100644 --- a/api/v1beta1/manila_types.go +++ b/api/v1beta1/manila_types.go @@ -161,10 +161,6 @@ type DBPurge struct { // ManilaDebug contains flags related to multiple debug activities. See the // individual comments for what this means for each flag. type ManilaDebug struct { - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // DBSync pauses the dbSync container instead of executing the db_sync command. - DBSync bool `json:"dbSync,omitempty"` // +kubebuilder:validation:Optional // +kubebuilder:default=false // DBPurge increases log verbosity by executing the db_purge command with "--debug". diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 55d97ce5..584ca4a2 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -475,21 +475,6 @@ func (in *ManilaSchedulerTemplate) DeepCopy() *ManilaSchedulerTemplate { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManilaServiceDebug) DeepCopyInto(out *ManilaServiceDebug) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManilaServiceDebug. -func (in *ManilaServiceDebug) DeepCopy() *ManilaServiceDebug { - if in == nil { - return nil - } - out := new(ManilaServiceDebug) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManilaServiceTemplate) DeepCopyInto(out *ManilaServiceTemplate) { *out = *in @@ -500,7 +485,6 @@ func (in *ManilaServiceTemplate) DeepCopyInto(out *ManilaServiceTemplate) { (*out)[key] = val } } - out.Debug = in.Debug if in.CustomServiceConfigSecrets != nil { in, out := &in.CustomServiceConfigSecrets, &out.CustomServiceConfigSecrets *out = make([]string, len(*in)) diff --git a/config/crd/bases/manila.openstack.org_manilaapis.yaml b/config/crd/bases/manila.openstack.org_manilaapis.yaml index ef7c61c0..7171ef84 100644 --- a/config/crd/bases/manila.openstack.org_manilaapis.yaml +++ b/config/crd/bases/manila.openstack.org_manilaapis.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/config/crd/bases/manila.openstack.org_manilas.yaml b/config/crd/bases/manila.openstack.org_manilas.yaml index 677b4ba1..d4f52ee0 100644 --- a/config/crd/bases/manila.openstack.org_manilas.yaml +++ b/config/crd/bases/manila.openstack.org_manilas.yaml @@ -58,9 +58,6 @@ spec: dbPurge: default: false type: boolean - dbSync: - default: false - type: boolean type: object extraMounts: items: @@ -829,12 +826,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string @@ -963,12 +954,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string @@ -1029,12 +1014,6 @@ spec: items: type: string type: array - debug: - properties: - service: - default: false - type: boolean - type: object networkAttachments: items: type: string diff --git a/config/crd/bases/manila.openstack.org_manilaschedulers.yaml b/config/crd/bases/manila.openstack.org_manilaschedulers.yaml index 5c279442..37ba87a6 100644 --- a/config/crd/bases/manila.openstack.org_manilaschedulers.yaml +++ b/config/crd/bases/manila.openstack.org_manilaschedulers.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/config/crd/bases/manila.openstack.org_manilashares.yaml b/config/crd/bases/manila.openstack.org_manilashares.yaml index 51b6f953..c5dd12f0 100644 --- a/config/crd/bases/manila.openstack.org_manilashares.yaml +++ b/config/crd/bases/manila.openstack.org_manilashares.yaml @@ -54,12 +54,6 @@ spec: databaseUser: default: manila type: string - debug: - properties: - service: - default: false - type: boolean - type: object extraMounts: items: properties: diff --git a/config/samples/layout/tls/kustomization.yaml b/config/samples/layout/tls/kustomization.yaml new file mode 100644 index 00000000..8e678fb3 --- /dev/null +++ b/config/samples/layout/tls/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../bases/manila +patches: +- patch: |- + - op: replace + path: /spec/secret + value: osp-secret + - op: replace + path: /metadata/namespace + value: manila-kuttl-tests + target: + kind: Manila +- path: tls.yaml diff --git a/config/samples/layout/tls/tls.yaml b/config/samples/layout/tls/tls.yaml new file mode 100644 index 00000000..fb76717a --- /dev/null +++ b/config/samples/layout/tls/tls.yaml @@ -0,0 +1,47 @@ +apiVersion: manila.openstack.org/v1beta1 +kind: Manila +metadata: + name: manila + namespace: openstack +spec: + manilaAPI: + tls: + api: + internal: + secretName: cert-manila-internal-svc + public: + secretName: cert-manila-public-svc + caBundleSecretName: combined-ca-bundle + customServiceConfig: | + [DEFAULT] + enabled_share_protocols = cephfs + manilaShares: + share0: + customServiceConfig: | + [DEFAULT] + enabled_share_backends = cephfs + [cephfs] + driver_handles_share_servers=False + share_backend_name=cephfs + share_driver=manila.share.drivers.cephfs.driver.CephFSDriver + cephfs_conf_path=/etc/ceph/ceph.conf + cephfs_auth_id=openstack + cephfs_cluster_name=ceph + cephfs_protocol_helper_type=CEPHFS + extraMounts: + - name: v1 + region: r1 + extraVol: + - propagation: + - share0 + extraVolType: Ceph + volumes: + - name: ceph + projected: + sources: + - secret: + name: ceph-conf-files + mounts: + - name: ceph + mountPath: "/etc/ceph" + readOnly: true diff --git a/pkg/manila/dbsync.go b/pkg/manila/dbsync.go index b4447aa6..3000311e 100644 --- a/pkg/manila/dbsync.go +++ b/pkg/manila/dbsync.go @@ -1,7 +1,6 @@ package manila import ( - common "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/env" manilav1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1" batchv1 "k8s.io/api/batch/v1" @@ -68,19 +67,14 @@ func DbSyncJob(instance *manilav1.Manila, labels map[string]string, annotations }, } + args := []string{"-c", DBSyncCommand} + // add CA cert if defined if instance.Spec.ManilaAPI.TLS.CaBundleSecretName != "" { dbSyncVolume = append(dbSyncVolume, instance.Spec.ManilaAPI.TLS.CreateVolume()) dbSyncMounts = append(dbSyncMounts, instance.Spec.ManilaAPI.TLS.CreateVolumeMounts(nil)...) } - args := []string{"-c"} - if instance.Spec.Debug.DBSync { - args = append(args, common.DebugCommand) - } else { - args = append(args, DBSyncCommand) - } - runAsUser := int64(0) envVars := map[string]env.Setter{} envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS") diff --git a/pkg/manilaapi/statefulset.go b/pkg/manilaapi/statefulset.go index 7ffccbe9..9ed7afac 100644 --- a/pkg/manilaapi/statefulset.go +++ b/pkg/manilaapi/statefulset.go @@ -52,31 +52,20 @@ func StatefulSet( InitialDelaySeconds: 5, } - args := []string{"-c"} - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - livenessProbe.Exec = &corev1.ExecAction{ - Command: []string{ - "/bin/true", - }, - } - readinessProbe.Exec = livenessProbe.Exec - } else { - args = append(args, ServiceCommand) - // - // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - // - - livenessProbe.HTTPGet = &corev1.HTTPGetAction{ - Path: "/healthcheck", - Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(manila.ManilaPublicPort)}, - } - readinessProbe.HTTPGet = livenessProbe.HTTPGet + args := []string{"-c", ServiceCommand} + // + // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + // + + livenessProbe.HTTPGet = &corev1.HTTPGetAction{ + Path: "/healthcheck", + Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(manila.ManilaPublicPort)}, + } + readinessProbe.HTTPGet = livenessProbe.HTTPGet - if instance.Spec.TLS.API.Enabled(service.EndpointPublic) { - livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS - readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS - } + if instance.Spec.TLS.API.Enabled(service.EndpointPublic) { + livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS + readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS } // create Volume and VolumeMounts diff --git a/pkg/manilascheduler/statefulset.go b/pkg/manilascheduler/statefulset.go index ef537f47..3d27387a 100644 --- a/pkg/manilascheduler/statefulset.go +++ b/pkg/manilascheduler/statefulset.go @@ -57,32 +57,16 @@ func StatefulSet( InitialDelaySeconds: 5, } - args := []string{"-c"} + args := []string{"-c", ServiceCommand} var probeCommand []string - // When debugging the service container will run kolla_set_configs and - // sleep forever and the probe container will just sleep forever. - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - livenessProbe.Exec = &corev1.ExecAction{ - Command: []string{ - "/bin/true", - }, - } - startupProbe.Exec = livenessProbe.Exec - probeCommand = []string{ - "/bin/sleep", "infinity", - } - } else { - args = append(args, ServiceCommand) - livenessProbe.HTTPGet = &corev1.HTTPGetAction{ - Port: intstr.FromInt(8080), - } - startupProbe.HTTPGet = livenessProbe.HTTPGet - probeCommand = []string{ - "/usr/local/bin/container-scripts/healthcheck.py", - "scheduler", - "/etc/manila/manila.conf.d", - } + livenessProbe.HTTPGet = &corev1.HTTPGetAction{ + Port: intstr.FromInt(8080), + } + startupProbe.HTTPGet = livenessProbe.HTTPGet + probeCommand = []string{ + "/usr/local/bin/container-scripts/healthcheck.py", + "scheduler", + "/etc/manila/manila.conf.d", } envVars := map[string]env.Setter{} diff --git a/pkg/manilashare/statefulset.go b/pkg/manilashare/statefulset.go index 017984ad..713eb826 100644 --- a/pkg/manilashare/statefulset.go +++ b/pkg/manilashare/statefulset.go @@ -59,32 +59,16 @@ func StatefulSet( InitialDelaySeconds: 5, } - args := []string{"-c"} + args := []string{"-c", ServiceCommand} var probeCommand []string - // When debugging the service container will run kolla_set_configs and - // sleep forever and the probe container will just sleep forever. - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - livenessProbe.Exec = &corev1.ExecAction{ - Command: []string{ - "/bin/true", - }, - } - startupProbe.Exec = livenessProbe.Exec - probeCommand = []string{ - "/bin/sleep", "infinity", - } - } else { - args = append(args, ServiceCommand) - livenessProbe.HTTPGet = &corev1.HTTPGetAction{ - Port: intstr.FromInt(8080), - } - startupProbe.HTTPGet = livenessProbe.HTTPGet - probeCommand = []string{ - "/usr/local/bin/container-scripts/healthcheck.py", - "share", - "/etc/manila/manila.conf.d", - } + livenessProbe.HTTPGet = &corev1.HTTPGetAction{ + Port: intstr.FromInt(8080), + } + startupProbe.HTTPGet = livenessProbe.HTTPGet + probeCommand = []string{ + "/usr/local/bin/container-scripts/healthcheck.py", + "share", + "/etc/manila/manila.conf.d", } envVars := map[string]env.Setter{} diff --git a/test/kuttl/tests/manila-basic/01-assert.yaml b/test/kuttl/tests/manila-basic/01-assert.yaml deleted file mode 100644 index ca5e78cb..00000000 --- a/test/kuttl/tests/manila-basic/01-assert.yaml +++ /dev/null @@ -1,198 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - debug: - dbSync: false - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols = cephfs - debug: - service: false - replicas: 1 - resources: {} - manilaScheduler: - customServiceConfig: '# add your customization here' - debug: - service: false - replicas: 1 - resources: {} - manilaShares: - share0: - replicas: 1 - resources: {} - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - debug: - service: false - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - databaseHostname: openstack - manilaAPIReadyCount: 1 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 1 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: manila-db-purge -spec: - jobTemplate: - metadata: - labels: - service: manila - spec: - completions: 1 - parallelism: 1 - template: - spec: - containers: - - args: - - -c - - /usr/bin/manila-manage --config-dir /etc/manila/manila.conf.d - db purge 30 - command: - - /bin/bash - name: manila-db-purge - volumeMounts: - - mountPath: /etc/manila/manila.conf.d - name: db-purge-config-data - readOnly: true - serviceAccount: manila-manila - serviceAccountName: manila-manila - volumes: - - name: db-purge-config-data - secret: - defaultMode: 420 - items: - - key: 00-config.conf - path: 00-config.conf - secretName: manila-config-data - schedule: 1 0 * * * - suspend: false ---- -# when using image digests the containerImage URLs are SHA's so we verify them with a script -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -commands: - - script: | - tupleTemplate='{{ range (index .spec.template.spec.containers 1).env }}{{ .name }}{{ "#" }}{{ .value}}{{"\n"}}{{ end }}' - imageTuples=$(oc get -n openstack-operators deployment manila-operator-controller-manager -o go-template="$tupleTemplate") - # format of imageTuple is: RELATED_IMAGE_MANILA_# separated by newlines - for ITEM in $(echo $imageTuples); do - # it is an image - if echo $ITEM | grep 'RELATED_IMAGE' &> /dev/null; then - NAME=$(echo $ITEM | sed -e 's|^RELATED_IMAGE_MANILA_\([^_]*\)_.*|\1|') - IMG_FROM_ENV=$(echo $ITEM | sed -e 's|^.*#\(.*\)|\1|') - template='{{.spec.containerImage}}' - case $NAME in - API) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilaapi manila-api -o go-template="$template") - ;; - SHARE) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilashares manila-share-share0 -o go-template="$template") - ;; - SCHEDULER) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilascheduler manila-scheduler -o go-template="$template") - ;; - esac - if [ "$SERVICE_IMAGE" != "$IMG_FROM_ENV" ]; then - echo "$NAME image does not equal $VALUE" - exit 1 - fi - fi - done - exit 0 diff --git a/test/kuttl/tests/manila-basic/01-deploy-manila.yaml b/test/kuttl/tests/manila-basic/01-deploy-manila.yaml deleted file mode 100644 index 87558e4d..00000000 --- a/test/kuttl/tests/manila-basic/01-deploy-manila.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc kustomize ../../../../config/samples/layout/cephfs | oc apply -n $NAMESPACE -f - diff --git a/test/kuttl/tests/manila-basic/02-assert.yaml b/test/kuttl/tests/manila-basic/02-assert.yaml deleted file mode 100644 index c50f395d..00000000 --- a/test/kuttl/tests/manila-basic/02-assert.yaml +++ /dev/null @@ -1,167 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - debug: - dbSync: false - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols = cephfs - debug: - service: false - replicas: 3 - resources: {} - manilaScheduler: - replicas: 1 - resources: {} - manilaShares: - share0: - replicas: 1 - resources: {} - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - databaseHostname: openstack - manilaAPIReadyCount: 3 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 1 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaAPI -metadata: - finalizers: - - ManilaAPI - name: manila-api -spec: - databaseHostname: openstack - databaseUser: manila - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 3 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila -status: - readyCount: 3 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - component: manila-api - service: manila - name: manila-api - ownerReferences: - - apiVersion: manila.openstack.org/v1beta1 - kind: ManilaAPI - name: manila-api -spec: - replicas: 3 - template: - metadata: - labels: - component: manila-api - service: manila - spec: - serviceAccount: manila-manila - serviceAccountName: manila-manila -status: - availableReplicas: 3 - readyReplicas: 3 - replicas: 3 diff --git a/test/kuttl/tests/manila-basic/02-scale-up-manila.yaml b/test/kuttl/tests/manila-basic/02-scale-up-manila.yaml deleted file mode 100644 index 7dec40d3..00000000 --- a/test/kuttl/tests/manila-basic/02-scale-up-manila.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc patch manila -n $NAMESPACE manila --type='json' -p='[{"op": "replace", "path": "/spec/manilaAPI/replicas", "value":3}]' diff --git a/test/kuttl/tests/manila-basic/03-assert.yaml b/test/kuttl/tests/manila-basic/03-assert.yaml deleted file mode 100644 index ca5e78cb..00000000 --- a/test/kuttl/tests/manila-basic/03-assert.yaml +++ /dev/null @@ -1,198 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - debug: - dbSync: false - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols = cephfs - debug: - service: false - replicas: 1 - resources: {} - manilaScheduler: - customServiceConfig: '# add your customization here' - debug: - service: false - replicas: 1 - resources: {} - manilaShares: - share0: - replicas: 1 - resources: {} - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - debug: - service: false - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - databaseHostname: openstack - manilaAPIReadyCount: 1 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 1 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: manila-db-purge -spec: - jobTemplate: - metadata: - labels: - service: manila - spec: - completions: 1 - parallelism: 1 - template: - spec: - containers: - - args: - - -c - - /usr/bin/manila-manage --config-dir /etc/manila/manila.conf.d - db purge 30 - command: - - /bin/bash - name: manila-db-purge - volumeMounts: - - mountPath: /etc/manila/manila.conf.d - name: db-purge-config-data - readOnly: true - serviceAccount: manila-manila - serviceAccountName: manila-manila - volumes: - - name: db-purge-config-data - secret: - defaultMode: 420 - items: - - key: 00-config.conf - path: 00-config.conf - secretName: manila-config-data - schedule: 1 0 * * * - suspend: false ---- -# when using image digests the containerImage URLs are SHA's so we verify them with a script -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -commands: - - script: | - tupleTemplate='{{ range (index .spec.template.spec.containers 1).env }}{{ .name }}{{ "#" }}{{ .value}}{{"\n"}}{{ end }}' - imageTuples=$(oc get -n openstack-operators deployment manila-operator-controller-manager -o go-template="$tupleTemplate") - # format of imageTuple is: RELATED_IMAGE_MANILA_# separated by newlines - for ITEM in $(echo $imageTuples); do - # it is an image - if echo $ITEM | grep 'RELATED_IMAGE' &> /dev/null; then - NAME=$(echo $ITEM | sed -e 's|^RELATED_IMAGE_MANILA_\([^_]*\)_.*|\1|') - IMG_FROM_ENV=$(echo $ITEM | sed -e 's|^.*#\(.*\)|\1|') - template='{{.spec.containerImage}}' - case $NAME in - API) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilaapi manila-api -o go-template="$template") - ;; - SHARE) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilashares manila-share-share0 -o go-template="$template") - ;; - SCHEDULER) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilascheduler manila-scheduler -o go-template="$template") - ;; - esac - if [ "$SERVICE_IMAGE" != "$IMG_FROM_ENV" ]; then - echo "$NAME image does not equal $VALUE" - exit 1 - fi - fi - done - exit 0 diff --git a/test/kuttl/tests/manila-basic/03-scale-down-manila-api.yaml b/test/kuttl/tests/manila-basic/03-scale-down-manila-api.yaml deleted file mode 100644 index 6d2f250d..00000000 --- a/test/kuttl/tests/manila-basic/03-scale-down-manila-api.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc patch manila -n $NAMESPACE manila --type='json' -p='[{"op": "replace", "path": "/spec/manilaAPI/replicas", "value":1}]' diff --git a/test/kuttl/tests/manila-basic/04-errors.yaml b/test/kuttl/tests/manila-basic/04-errors.yaml deleted file mode 100644 index 5735b00d..00000000 --- a/test/kuttl/tests/manila-basic/04-errors.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# -# Check for: -# -# No Manila CR -# -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila diff --git a/test/kuttl/tests/manila-basic/README.md b/test/kuttl/tests/manila-basic/README.md deleted file mode 100644 index 64f432a7..00000000 --- a/test/kuttl/tests/manila-basic/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# manila-basic kuttl test - -The "basic" manila kuttl test is supposed to cover asserts related to the main -manila services deployed in the most common use case scenario. - -## Topology - -The target topology for this test is: - -1. one ManilaAPI object -2. one ManilaScheduler object -3. one ManilaShare object connected with a Ceph backend: the protocol used for - this use case is native CephFS - -The manila-basic steps are supposed to cover scaling up and scaling down the -ManilaAPI service. - -### Prerequisites - -As a prerequisite for this test, we assume: - -1. a running `Ceph` cluster (or a Ceph Pod deployed via the `install_yamls` - `make ceph` command) -2. an existing `MariaDB/Galera` entity in the target namespace -3. an existing `Keystone` deployed via keystone-operator -4. an existing `RabbitMQ` cluster in the target namespace -5. a running `manila-operator` deployed via the `install_yamls` `make manila` - target - -These resources can be deployed via `install_yamls` using the `kuttl_common_prep` -target provided by the default Makefile. - -### Run the manila-basic tests - -Once the kuttl requirements are satisfied, the actual tests can be executed, -against an existing namespace, via the following command: - -``` -NAMESPACE=openstack -MANILA_OPERATOR= -kubectl-kuttl test --config $MANILA_OPERATOR/kuttl-test.yaml \ - $MANILA_OPERATOR/test/kuttl/tests/ --namespace $NAMESPACE | tee -a $HOME/kuttl.log -``` diff --git a/test/kuttl/tests/manila-multibackend/01-assert.yaml b/test/kuttl/tests/manila-multibackend/01-assert.yaml deleted file mode 100644 index 198b71dc..00000000 --- a/test/kuttl/tests/manila-multibackend/01-assert.yaml +++ /dev/null @@ -1,255 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - debug: - dbSync: false - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols=nfs,cephfs,cifs - debug: - service: false - replicas: 1 - resources: {} - manilaScheduler: - customServiceConfig: '# add your customization here' - debug: - service: false - replicas: 1 - resources: {} - manilaShares: - share0: - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - replicas: 1 - share1: - customServiceConfig: | - [DEFAULT] - enabled_share_backends=cephfsnfs - [cephfsnfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_nfs_cluster_id=cephfs - cephfs_protocol_helper_type=NFS - replicas: 0 - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - databaseHostname: openstack - manilaAPIReadyCount: 1 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 1 - share1: 0 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: manila-db-purge -spec: - jobTemplate: - metadata: - labels: - service: manila - spec: - completions: 1 - parallelism: 1 - template: - spec: - containers: - - args: - - -c - - /usr/bin/manila-manage --config-dir /etc/manila/manila.conf.d - db purge 30 - command: - - /bin/bash - name: manila-db-purge - volumeMounts: - - mountPath: /etc/manila/manila.conf.d - name: db-purge-config-data - readOnly: true - serviceAccount: manila-manila - serviceAccountName: manila-manila - volumes: - - name: db-purge-config-data - secret: - defaultMode: 420 - items: - - key: 00-config.conf - path: 00-config.conf - secretName: manila-config-data - schedule: 1 0 * * * - suspend: false ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaShare -metadata: - name: manila-share-share0 -spec: - databaseHostname: openstack - databaseUser: manila - debug: - service: false - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 1 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila - transportURLSecret: rabbitmq-transport-url-manila-manila-transport -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: Deployment completed - reason: Ready - status: "True" - type: DeploymentReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - - message: Input data complete - reason: Ready - status: "True" - type: TLSInputReady - readyCount: 1 ---- -# when using image digests the containerImage URLs are SHA's so we verify them with a script -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -commands: - - script: | - tupleTemplate='{{ range (index .spec.template.spec.containers 1).env }}{{ .name }}{{ "#" }}{{ .value}}{{"\n"}}{{ end }}' - imageTuples=$(oc get -n openstack-operators deployment manila-operator-controller-manager -o go-template="$tupleTemplate") - # format of imageTuple is: RELATED_IMAGE_MANILA_# separated by newlines - for ITEM in $(echo $imageTuples); do - # it is an image - if echo $ITEM | grep 'RELATED_IMAGE' &> /dev/null; then - NAME=$(echo $ITEM | sed -e 's|^RELATED_IMAGE_MANILA_\([^_]*\)_.*|\1|') - IMG_FROM_ENV=$(echo $ITEM | sed -e 's|^.*#\(.*\)|\1|') - template='{{.spec.containerImage}}' - case $NAME in - API) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilaapi manila-api -o go-template="$template") - ;; - SHARE) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilashares manila-share-share0 -o go-template="$template") - ;; - SCHEDULER) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilascheduler manila-scheduler -o go-template="$template") - ;; - esac - if [ "$SERVICE_IMAGE" != "$IMG_FROM_ENV" ]; then - echo "$NAME image does not equal $VALUE" - exit 1 - fi - fi - done - exit 0 diff --git a/test/kuttl/tests/manila-multibackend/01-deploy-manila.yaml b/test/kuttl/tests/manila-multibackend/01-deploy-manila.yaml deleted file mode 100644 index d3eeb574..00000000 --- a/test/kuttl/tests/manila-multibackend/01-deploy-manila.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc kustomize ../../../../config/samples/layout/multibackend | oc apply -n $NAMESPACE -f - diff --git a/test/kuttl/tests/manila-multibackend/02-assert.yaml b/test/kuttl/tests/manila-multibackend/02-assert.yaml deleted file mode 100644 index 9fbc8693..00000000 --- a/test/kuttl/tests/manila-multibackend/02-assert.yaml +++ /dev/null @@ -1,261 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols=nfs,cephfs,cifs - replicas: 1 - resources: {} - manilaScheduler: - replicas: 1 - resources: {} - manilaShares: - share0: - replicas: 1 - resources: {} - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - share1: - customServiceConfig: | - [DEFAULT] - enabled_share_backends=cephfsnfs - [cephfsnfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_nfs_cluster_id=cephfs - cephfs_protocol_helper_type=NFS - replicas: 1 - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - manilaAPIReadyCount: 1 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 1 - share1: 1 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaAPI -metadata: - finalizers: - - ManilaAPI - name: manila-api -spec: - databaseUser: manila - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 1 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila -status: - readyCount: 1 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - component: manila-api - service: manila - name: manila-api - ownerReferences: - - apiVersion: manila.openstack.org/v1beta1 - kind: ManilaAPI - name: manila-api -spec: - replicas: 1 - template: - metadata: - labels: - component: manila-api - service: manila - spec: - serviceAccount: manila-manila - serviceAccountName: manila-manila -status: - availableReplicas: 1 - readyReplicas: 1 - replicas: 1 ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaShare -metadata: - name: manila-share-share0 -spec: - databaseUser: manila - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 1 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila - transportURLSecret: rabbitmq-transport-url-manila-manila-transport -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: Deployment completed - reason: Ready - status: "True" - type: DeploymentReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - - message: Input data complete - reason: Ready - status: "True" - type: TLSInputReady - readyCount: 1 ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaShare -metadata: - name: manila-share-share1 -spec: - databaseUser: manila - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 1 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila - transportURLSecret: rabbitmq-transport-url-manila-manila-transport -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: Deployment completed - reason: Ready - status: "True" - type: DeploymentReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - - message: Input data complete - reason: Ready - status: "True" - type: TLSInputReady - readyCount: 1 diff --git a/test/kuttl/tests/manila-multibackend/02-scale-up-manila-share.yaml b/test/kuttl/tests/manila-multibackend/02-scale-up-manila-share.yaml deleted file mode 100644 index ee43447b..00000000 --- a/test/kuttl/tests/manila-multibackend/02-scale-up-manila-share.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc patch manila -n $NAMESPACE manila --type='json' -p='[{"op": "replace", "path": "/spec/manilaShares/share1/replicas", "value":1}]' diff --git a/test/kuttl/tests/manila-multibackend/03-assert.yaml b/test/kuttl/tests/manila-multibackend/03-assert.yaml deleted file mode 100644 index 678c5a67..00000000 --- a/test/kuttl/tests/manila-multibackend/03-assert.yaml +++ /dev/null @@ -1,253 +0,0 @@ -# -# Check for: -# -# - 1 manilaAPI -# - 2 manilaScheduler -# - 3 manilaShares -# - 4 extraMounts - -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila -spec: - customServiceConfig: | - [DEFAULT] - debug = true - databaseInstance: openstack - databaseUser: manila - debug: - dbSync: false - manilaAPI: - customServiceConfig: | - [DEFAULT] - enabled_share_protocols=nfs,cephfs,cifs - debug: - service: false - replicas: 1 - resources: {} - manilaScheduler: - customServiceConfig: '# add your customization here' - debug: - service: false - replicas: 1 - resources: {} - manilaShares: - share0: - replicas: 0 - resources: {} - customServiceConfig: | - [DEFAULT] - enabled_share_backends = cephfs - [cephfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_conf_path=/etc/ceph/ceph.conf - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_protocol_helper_type=CEPHFS - share1: - replicas: 1 - customServiceConfig: | - [DEFAULT] - enabled_share_backends=cephfsnfs - [cephfsnfs] - driver_handles_share_servers=False - share_backend_name=cephfs - share_driver=manila.share.drivers.cephfs.driver.CephFSDriver - cephfs_auth_id=openstack - cephfs_cluster_name=ceph - cephfs_nfs_cluster_id=cephfs - cephfs_protocol_helper_type=NFS - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - preserveJobs: false - rabbitMqClusterName: rabbitmq - secret: osp-secret - serviceUser: manila -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: CronJob completed - reason: Ready - status: "True" - type: CronJobReady - - message: DB create completed - reason: Ready - status: "True" - type: DBReady - - message: DBsync completed - reason: Ready - status: "True" - type: DBSyncReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaAPIReady - - message: Setup complete - reason: Ready - status: "True" - type: ManilaSchedulerReady - - message: Deployment completed - reason: Ready - status: "True" - type: ManilaShareReady - - message: " Memcached instance has been provisioned" - reason: Ready - status: "True" - type: MemcachedReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: RabbitMqTransportURL successfully created - reason: Ready - status: "True" - type: RabbitMqTransportURLReady - - message: RoleBinding created - reason: Ready - status: "True" - type: RoleBindingReady - - message: Role created - reason: Ready - status: "True" - type: RoleReady - - message: ServiceAccount created - reason: Ready - status: "True" - type: ServiceAccountReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - databaseHostname: openstack - manilaAPIReadyCount: 1 - manilaSchedulerReadyCount: 1 - manilaSharesReadyCounts: - share0: 0 - share1: 1 - transportURLSecret: rabbitmq-transport-url-manila-manila-transport ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: manila-db-purge -spec: - jobTemplate: - metadata: - labels: - service: manila - spec: - completions: 1 - parallelism: 1 - template: - spec: - containers: - - args: - - -c - - /usr/bin/manila-manage --config-dir /etc/manila/manila.conf.d - db purge 30 - command: - - /bin/bash - name: manila-db-purge - volumeMounts: - - mountPath: /etc/manila/manila.conf.d - name: db-purge-config-data - readOnly: true - serviceAccount: manila-manila - serviceAccountName: manila-manila - volumes: - - name: db-purge-config-data - secret: - defaultMode: 420 - items: - - key: 00-config.conf - path: 00-config.conf - secretName: manila-config-data - schedule: 1 0 * * * - suspend: false ---- -apiVersion: manila.openstack.org/v1beta1 -kind: ManilaShare -metadata: - name: manila-share-share1 -spec: - databaseUser: manila - passwordSelectors: - database: ManilaDatabasePassword - service: ManilaPassword - replicas: 1 - resources: {} - secret: osp-secret - serviceAccount: manila-manila - serviceUser: manila - transportURLSecret: rabbitmq-transport-url-manila-manila-transport -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: Deployment completed - reason: Ready - status: "True" - type: DeploymentReady - - message: Input data complete - reason: Ready - status: "True" - type: InputReady - - message: NetworkAttachments completed - reason: Ready - status: "True" - type: NetworkAttachmentsReady - - message: Service config create completed - reason: Ready - status: "True" - type: ServiceConfigReady - - message: Input data complete - reason: Ready - status: "True" - type: TLSInputReady - readyCount: 1 ---- -# when using image digests the containerImage URLs are SHA's so we verify them with a script -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -commands: - - script: | - tupleTemplate='{{ range (index .spec.template.spec.containers 1).env }}{{ .name }}{{ "#" }}{{ .value}}{{"\n"}}{{ end }}' - imageTuples=$(oc get -n openstack-operators deployment manila-operator-controller-manager -o go-template="$tupleTemplate") - # format of imageTuple is: RELATED_IMAGE_MANILA_# separated by newlines - for ITEM in $(echo $imageTuples); do - # it is an image - if echo $ITEM | grep 'RELATED_IMAGE' &> /dev/null; then - NAME=$(echo $ITEM | sed -e 's|^RELATED_IMAGE_MANILA_\([^_]*\)_.*|\1|') - IMG_FROM_ENV=$(echo $ITEM | sed -e 's|^.*#\(.*\)|\1|') - template='{{.spec.containerImage}}' - case $NAME in - API) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilaapi manila-api -o go-template="$template") - ;; - SHARE) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilashares manila-share-share1 -o go-template="$template") - ;; - SCHEDULER) - SERVICE_IMAGE=$(oc get -n $NAMESPACE manilascheduler manila-scheduler -o go-template="$template") - ;; - esac - if [ "$SERVICE_IMAGE" != "$IMG_FROM_ENV" ]; then - echo "$NAME image does not equal $VALUE" - exit 1 - fi - fi - done - exit 0 diff --git a/test/kuttl/tests/manila-multibackend/03-scale-down-manila-share.yaml b/test/kuttl/tests/manila-multibackend/03-scale-down-manila-share.yaml deleted file mode 100644 index 28173f97..00000000 --- a/test/kuttl/tests/manila-multibackend/03-scale-down-manila-share.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc patch manila -n $NAMESPACE manila --type='json' -p='[{"op": "replace", "path": "/spec/manilaShares/share0/replicas", "value":0}]' diff --git a/test/kuttl/tests/manila-multibackend/04-cleanup-manila.yaml b/test/kuttl/tests/manila-multibackend/04-cleanup-manila.yaml deleted file mode 100644 index 884b9d39..00000000 --- a/test/kuttl/tests/manila-multibackend/04-cleanup-manila.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: manila.openstack.org/v1beta1 - kind: Manila - name: manila diff --git a/test/kuttl/tests/manila-multibackend/04-errors.yaml b/test/kuttl/tests/manila-multibackend/04-errors.yaml deleted file mode 100644 index 5735b00d..00000000 --- a/test/kuttl/tests/manila-multibackend/04-errors.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# -# Check for: -# -# No Manila CR -# -apiVersion: manila.openstack.org/v1beta1 -kind: Manila -metadata: - name: manila diff --git a/test/kuttl/tests/manila-multibackend/README.md b/test/kuttl/tests/manila-multibackend/README.md deleted file mode 100644 index 5f876189..00000000 --- a/test/kuttl/tests/manila-multibackend/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# manila-multibackend kuttl test - -The "multibackend" manila kuttl test is supposed to cover asserts related to the -main manila services deployed, as well as scaling up and scaling down multiple -`ManilaShares` instances connected to different backends. -To make things simpler and easy to test in the `openstack-k8s-operators` context, -two `ManilaShares` instances are connected to the same `Ceph` cluster using two -different protocols: - -1. `share0` is connected to `Ceph` using the `native-CephFS` protocol -2. `share1` is connected to `Ceph` using the `CephNFS` protocol - -The test starts deploying a basic `ManilaShare` where only `share0` is active -(step1). -The second step scales the ManilaShare instances enabling `share1` (`replicas: 1`): -the asserts checks that both shares are available and the `manila-share` containers -match what's defined in the `CSV`. -The third step scales `share0` down, and asserts that only share1 is available. -The use case tested by this scenario ends deleting the `manila` resources (the -main CR is removed) and checks that the environment is clean. - -## Topology - -The target topology for this test is: - -1. one ManilaAPI object -2. one ManilaScheduler object -3. two ManilaShare objects: both are connected with a Ceph clusters with two different protocols: - a. `share0` is connected to `Ceph` using the `native-CephFS` protocol - b. `share1` is connected to `Ceph` using the `CephNFS` protocol - -The manila-multibackend steps are supposed to cover scaling up and scaling down -ManilaShares (both `share0` and `share1`). - -### Prerequisites - -As a prerequisite for this test, we assume: - -1. a running `Ceph` cluster (or a Ceph Pod deployed via the `install_yamls` - `make ceph` command) -2. an existing `MariaDB/Galera` entity in the target namespace -3. an existing `Keystone` deployed via keystone-operator -4. an existing `RabbitMQ` cluster in the target namespace -5. a running `manila-operator` deployed via the `install_yamls` `make manila` - target - -These resources can be deployed via `install_yamls` using the `kuttl_common_prep` -target provided by the default Makefile. - -### Run the manila-basic tests - -Once the kuttl requirements are satisfied, the actual tests can be executed, -against an existing namespace, via the following command: - -``` -NAMESPACE=openstack -MANILA_OPERATOR= -kubectl-kuttl test --config $MANILA_OPERATOR/kuttl-test.yaml \ - $MANILA_OPERATOR/test/kuttl/tests/ --namespace $NAMESPACE | tee -a $HOME/kuttl.log -``` diff --git a/test/kuttl/tests/manila-tls/01-assert.yaml b/test/kuttl/tests/manila-tls/01-assert.yaml new file mode 100644 index 00000000..8d5a6043 --- /dev/null +++ b/test/kuttl/tests/manila-tls/01-assert.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-manila-internal-svc +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-manila-public-svc +--- +apiVersion: v1 +kind: Secret +metadata: + name: combined-ca-bundle diff --git a/test/kuttl/tests/manila-tls/01-tls_certificates.yaml b/test/kuttl/tests/manila-tls/01-tls_certificates.yaml new file mode 100644 index 00000000..8f6f8797 --- /dev/null +++ b/test/kuttl/tests/manila-tls/01-tls_certificates.yaml @@ -0,0 +1,31 @@ +# Hardcoded certs secret, so kuttl doesn't require cert-manager at test runtime +apiVersion: v1 +kind: Secret +metadata: + name: combined-ca-bundle + labels: + service: manila +data: + tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNLZ0F3SUJBZ0lRUHhtRFFscmxjNTNhb215RVU5MU9pakFLQmdncWhrak9QUVFEQWpBZU1Sd3cKR2dZRFZRUURFeE5yZFhSMGJDMXpaV3htYzJsbmJtVmtMV05oTUI0WERUSXpNVEF4T0RFeU1EazFNMW9YRFRJMApNREV4TmpFeU1EazFNMW93SGpFY01Cb0dBMVVFQXhNVGEzVjBkR3d0YzJWc1puTnBaMjVsWkMxallUQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSVdJY0JiR0cveEg4Lzlkc2lMbkJCdnRqcEZoQ2JRM3U4R0EKZXBVcnhTY25XM0hrZ2hrc1BCVE12M3NCeGdnVFQwL0Eva0dtazRYTkJ0dElnbUZJaFBpalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFKaDd3VklFYjgxcFlsCkl3RDAraTBwSnlCTjNqQUtCZ2dxaGtqT1BRUURBZ05KQURCR0FpRUF2a3h5RzZjNzltSDlRWHRIVWFSM014REkKUUVRRGVtL1hZR3VGY1ZCUDJpQUNJUUNFeEZqeStQUTBkNFU5dEJacTVOd1gzdmxibnQxVlNCYWE5VFIrNkNkbAozdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tIyByb290Y2EtaW50ZXJuYWwKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNhZ0F3SUJBZ0lRUWxlcTNZcDBtU2kwVDNiTm03Q29UVEFLQmdncWhrak9QUVFEQWpBZ01SNHcKSEFZRFZRUURFeFZ5YjI5MFkyRXRhM1YwZEd3dGFXNTBaWEp1WVd3d0hoY05NalF3TVRFMU1URTBOelUwV2hjTgpNelF3TVRFeU1URTBOelUwV2pBZ01SNHdIQVlEVlFRREV4VnliMjkwWTJFdGEzVjBkR3d0YVc1MFpYSnVZV3d3CldUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTRk9rNHJPUldVUGhoTjUrK09EN1I2MW5Gb1lBY0QKenpvUS91SW93NktjeGhwRWNQTDFxb3ZZUGxUYUJabEh3c2FpNE50VHA4aDA1RHVRSGZKOE9JNXFvMEl3UURBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXE3TGtFSk1TCm1MOVpKWjBSOUluKzZkclhycEl3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVlN1K00ydnZ3QlF3eTJHMVlhdkkKQld2RGtSNlRla0I5U0VqdzJIblRSMWtDSUZSNFNkWGFPQkFGWjVHa2RLWCtSY2IzaDFIZm52eFJEVW96bTl2agphenp3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KIyByb290Y2EtcHVibGljCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZXpDQ0FTS2dBd0lCQWdJUU5IREdZc0JzNzk4aWJERDdxL28ybGpBS0JnZ3Foa2pPUFFRREFqQWVNUnd3CkdnWURWUVFERXhOeWIyOTBZMkV0YTNWMGRHd3RjSFZpYkdsak1CNFhEVEkwTURFeE5URXdNVFV6TmxvWERUTTAKTURFeE1qRXdNVFV6Tmxvd0hqRWNNQm9HQTFVRUF4TVRjbTl2ZEdOaExXdDFkSFJzTFhCMVlteHBZekJaTUJNRwpCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkQ3OGF2WHFocmhDNXc4czlXa2Q0SXBiZUV1MDNDUitYWFVkCmtEek9SeXhhOXdjY0lkRGl2YkdKakpGWlRUY1ZtYmpxMUJNWXNqcjEyVUlFNUVUM1ZscWpRakJBTUE0R0ExVWQKRHdFQi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUS0ppeldVSjllVUtpMQpkczBscjZjNnNEN0VCREFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUJJWndZcTYxQnFNSmFCNlVjRm9Sc3hlY3dICjV6L3pNT2RyT3llMG1OaThKZ0lnUUxCNHdES3JwZjl0WDJsb00rMHVUb3BBRFNZSW5yY2ZWdTRGQnVZVTNJZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-manila-internal-svc + labels: + service: manila +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkVENDQVJxZ0F3SUJBZ0lRTkZUVDE2eTc0RGJaOGJTL25ESDBkakFLQmdncWhrak9QUVFEQWpBYU1SZ3cKRmdZRFZRUURFdzl5YjI5MFkyRXRhVzUwWlhKdVlXd3dIaGNOTWpRd01URXdNVFV5T0RBMFdoY05NalF3TkRBNQpNVFV5T0RBMFdqQWFNUmd3RmdZRFZRUURFdzl5YjI5MFkyRXRhVzUwWlhKdVlXd3dXVEFUQmdjcWhrak9QUUlCCkJnZ3Foa2pPUFFNQkJ3TkNBQVFjK2d5OVFCNmw1NFNBQlkxUTJKZWx5MEhSTGEvMzlkRUxzU2RhNnJDRENKQWwKWjJ2bGlGbUo5WVlJNCtSbGRIejJWNXYvYjBpK2x0RjcxMGZ1OHJTbW8wSXdRREFPQmdOVkhROEJBZjhFQkFNQwpBcVF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeUsyc0hXaUxHNnR6bWlVbENkUmhsRTJLCnNHSXdDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSzVtTi9zQlBVcXAwckd1QjhnMVRxY21KR3ZMVUpyNjlnaEEKaEozMldCT1BBaUVBbEtwU0dVTzhac25UcVQrQ1hWbXNuWkxBcVJMV1NhbUI5U2NyczNDZ05zWT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNhekNDQWhHZ0F3SUJBZ0lSQU1GRmpzWkpHY3BuaVBFNXNmQytrOEV3Q2dZSUtvWkl6ajBFQXdJd0dqRVkKTUJZR0ExVUVBeE1QY205dmRHTmhMV2x1ZEdWeWJtRnNNQjRYRFRJME1ERXhOVEV4TkRnMU1sb1hEVE0wTURFeApNakV4TkRnMU1sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNRzhQSWwzCnc4RXdXMHdUUG5qRURpU2dTdVI4WHJaajcrSjYyUkJMTHJ3ZUxKdWd1Wm1MaUh3M09uSldWa0hEOVpaZzlYSGUKbGZ6UDY3Wi8rYXBNMzJ5VWJTVUcrRjlBdXlGMHRTK2lPODFkUFRSY1luNzVBK0xWdnk1UkVpOGIvTFkzNTNPbgpxUEhuK2kyeTNLUC9HZkhjSi9lVlVXNFJkV2wyTHEyejRtRDRUK2twS0VwSnRGSTJQa2lrSVNOV2RRdmtEeW1WClF3a1B3U01FVy9yaEdGL2s3b0gvVWtwdy9wU1N1R0M2a1lpSnlwOTFHT0xCMlVoc254Z3dLelh5VS9MdGFrZXoKS2RHSFUvNUNLTTRKczg0ZnlNTDBBNXMxalpZQXZEWkVLNEgvYVpCb3EzV0NoQ1R4WWhIOVVuczhIQy9KbHJCMApHaitwVHNuaEc2cUlFQ2tDQXdFQUFhT0JoakNCZ3pBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3CkNnWUlLd1lCQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVElyYXdkYUlzYnEzT2EKSlNVSjFHR1VUWXF3WWpBdEJnTlZIUkVCQWY4RUl6QWhnaDlyWlhsemRHOXVaUzFwYm5SbGNtNWhiQzV2Y0dWdQpjM1JoWTJzdWMzWmpNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJRTFJYXcxcnRnU0ROZmxBSjJRek9VQjJxU1llCk03ZWdsaXZLVW01cmVOZThBaUVBMU93SGcwQ1YxOUNhYUpSSi9SS25UcXNJTGhNdjBEUVNPdnFwbWc0MWZDTT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd2J3OGlYZkR3VEJiVEJNK2VNUU9KS0JLNUh4ZXRtUHY0bnJaRUVzdXZCNHNtNkM1Cm1ZdUlmRGM2Y2xaV1FjUDFsbUQxY2Q2Vi9NL3J0bi81cWt6ZmJKUnRKUWI0WDBDN0lYUzFMNkk3elYwOU5GeGkKZnZrRDR0Vy9MbEVTTHh2OHRqZm5jNmVvOGVmNkxiTGNvLzhaOGR3bjk1VlJiaEYxYVhZdXJiUGlZUGhQNlNrbwpTa20wVWpZK1NLUWhJMVoxQytRUEtaVkRDUS9CSXdSYit1RVlYK1R1Z2Y5U1NuRCtsSks0WUxxUmlJbktuM1VZCjRzSFpTR3lmR0RBck5mSlQ4dTFxUjdNcDBZZFQva0lvemdtenpoL0l3dlFEbXpXTmxnQzhOa1FyZ2Y5cGtHaXIKZFlLRUpQRmlFZjFTZXp3Y0w4bVdzSFFhUDZsT3llRWJxb2dRS1FJREFRQUJBb0lCQVFDQ0hweUdNK05OY040UQo1V2Z6RXJMeEZKdlloRlBVcXFDbWU1NG9uR1ppUU4zekZPc3pYbzBuNkt3ZnVTOHI4cUtUQXNJM1hhbGRhSVRIClNZTDFSN1pVSmdoOGN3Y0VhdVNFbnU5R2MrODRpbVFlTStLUHAwNWQzdlFOOXJPQTRvcEVGSjRtaHJnbzZZYVYKaE9rK1dJc2piNXVFWlV5UTRiYjdRejRzdW9IVVlDYXFkVGlqU1lYQzNOd092YUlwa3pTNEo0cU5CUlhyYnNWSwowaGt4ZFNIY1hKNEREN0hybktpcEsxT2xUbUVObVZYbmlaNnRPcWc2eUNFeXFteWN0UnlUVTZRRzVPbVM2clJVCm82Z25EclA1TlgwRUhuakY3b1lka0JVbGJxWk96UHVGbG5CdUVKOFpTUEtOZHA5ejhuS3lqbGJiL0YxWGRDdEkKZERhVUhmREZBb0dCQVBFZkZZbDhPb2VhU21oSElKcGpxd3RCanYrRjFuOXNJbHNuZWNyQ1JmN243RW53d1hXaQpReStXQ3l6aDJGRVVad1dod2RQeXFJT3NVaG1vaXBIQmN3NlVUaW9xalM4SlpvSDlURFBQUEd5OXIwMHZwRkNuCnFkdjNXMkhWVytRckMrWk1nc2ZKdUlTTnFtbFdFeHpCNFBJQWRHQTdKVzFMY0ZCcG1Zd25DdXZyQW9HQkFNMncKbS94cVRhMmgySjFnNUI0elE5UnBhM280SEoyL2pTaHEzNW9heVNGNWJDYWtnWGRxek0yU0FwQ0x4dzlvY3doRAp3WWRaMWliaHl6b1dDQVZZZ0RlaXViUi96ZTN3Nzk4NktScUNmNnptMk5HOEoxODVDZDdKSjBiaTZBTTgvalpTCnFqWkJIK0FqanF2aFFJM0FMMEdzNlFvc2Z3L3hOL2k1cG00UWM5TTdBb0dBZjZCbFpQVmxnWnN3WVV1c3ZTdWUKUUlIOTc5Qm12ZUY5dWVRR09rVmtpVTAzSzlnTWZuaFp1WmxnNXV2UDlQS29xVGw2Zi9aRUxoWUxDdHZFSk94UgpPMWxTbWswVmw5MFE3aU1scjVLMHVCWWE4TzhUdVVGVnprRjZsQ2s3ejJUZGtwUFM4VzhiaE1YN2VtLytBODIzCmhFQ3JXTGhWMGlrSkZQY2dPQ2YrUnVzQ2dZQTYvcld1cnhxNmUxb3l3WENNVE8zZWhhSUMrd2NTSTdlcjZRTmIKSXVXZlNVRkEwQndtRVNiT3ExczY5Q3hTK2dWTVVJcTRkSWJjdmhSWkE2cW5SZHY0bVI2a2E2ZTM0RXdjZllUKwppb0Z1S1FQMUcvODY2NVF1SndteDVqRGZoT1h3MU1MbkxzU2l0L0FhMGs5K21LbTFMNC9qa0NHZGcvVW16TEMwCmp0bDVzd0tCZ0VPTVI3ODVLT2hyNXFoWmE2b0MvU25JeEptS1FxTWdXU0NGV1pGMDZrVlRnSmthb1hwUEl0bUIKOUZGbE1nTTJSeC91S2V3YTNDSTdQK240ek1uYSswTmhDL0RwNkMxVFVsVWlrcnJYQ3I5a1NPR2dXaEFISDljTwozRENvdkhOcE1PaG51dnhoMlpDeTdYbjFJeGgxWXdlYnVobFZzeTFvR0tDQ0lJb00rOVg1Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-manila-public-svc + labels: + service: manila +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlekNDQVNLZ0F3SUJBZ0lRTkhER1lzQnM3OThpYkREN3EvbzJsakFLQmdncWhrak9QUVFEQWpBZU1Sd3cKR2dZRFZRUURFeE55YjI5MFkyRXRhM1YwZEd3dGNIVmliR2xqTUI0WERUSTBNREV4TlRFd01UVXpObG9YRFRNMApNREV4TWpFd01UVXpObG93SGpFY01Cb0dBMVVFQXhNVGNtOXZkR05oTFd0MWRIUnNMWEIxWW14cFl6QlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRDc4YXZYcWhyaEM1dzhzOVdrZDRJcGJlRXUwM0NSK1hYVWQKa0R6T1J5eGE5d2NjSWREaXZiR0pqSkZaVFRjVm1ianExQk1Zc2pyMTJVSUU1RVQzVmxxalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlRLSml6V1VKOWVVS2kxCmRzMGxyNmM2c0Q3RUJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRUFpQklad1lxNjFCcU1KYUI2VWNGb1JzeGVjd0gKNXovek1PZHJPeWUwbU5pOEpnSWdRTEI0d0RLcnBmOXRYMmxvTSswdVRvcEFEU1lJbnJjZlZ1NEZCdVlVM0lnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNiVENDQWhPZ0F3SUJBZ0lSQUtacXlMbUhLNC9VRTZmMi9LNWxiQnN3Q2dZSUtvWkl6ajBFQXdJd0hqRWMKTUJvR0ExVUVBeE1UY205dmRHTmhMV3QxZEhSc0xYQjFZbXhwWXpBZUZ3MHlOREF4TVRVeE1ESXdOVFJhRncwegpOREF4TVRJeE1ESXdOVFJhTUFBd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMxCjhDcFJRVG1abHNzSUlmZ2hIK2ltUUtFMFdZVlJOeS8vMVM0aDVtV2tBcUZiVkhoUmptbFJ2cCtQUWpKOU16TDUKMXpXdmYxandEQ2pzYUxvL2FwSW9OSXJIcjN4TTRoYWl0emU0RjFwZzNoL3MvblExNWN5Q2U5dHdHR0RuWEllMwo2djBuNE9LNnAwSWJjcVk2Q1RBMTBwcGJZa3V6bzdVRkx6ZWxsc1ZhRlhzZ21JWDg4bTRXNmNBTi84cjJPWUI3Ck9HM0ZNOXAxSUFxT0hyT21EelFlTldqOUVjQy9TSCs5MGg4c1FyY1pvMWtWa1g1b2tpSUhDZjRlc2o3Q08rTGgKR3lsTmZyRzl6QTlPM0c3QVNDWVdPVWwyZTBhNHhZbE9QMmI4ejFEV3NIMTBVYXVsZHlRQXNtbkhtaW1VNzBmKwpEazZkQ1hXVHN4cGZ2cXphOVR4YkFnTUJBQUdqZ1lRd2dZRXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkCkpRUU1NQW9HQ0NzR0FRVUZCd01CTUF3R0ExVWRFd0VCL3dRQ01BQXdId1lEVlIwakJCZ3dGb0FVeWlZczFsQ2YKWGxDb3RYYk5KYStuT3JBK3hBUXdLd1lEVlIwUkFRSC9CQ0V3SDRJZGEyVjVjM1J2Ym1VdGNIVmliR2xqTG05dwpaVzV6ZEdGamF5NXpkbU13Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnTzAzT2JmNm9uV2RiZG4xa282OVpuTFhMCmtQSHFYU3VRNlcxTDFvY3NDR3NDSVFEakEyVm9pWVdYN0hzSjVGNkZYV3FsZnl0RmduVVgvTmhvT1lIVnB2TWQKSGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdGZBcVVVRTVtWmJMQ0NINElSL29wa0NoTkZtRlVUY3YvOVV1SWVabHBBS2hXMVI0ClVZNXBVYjZmajBJeWZUTXkrZGMxcjM5WThBd283R2k2UDJxU0tEU0t4Njk4VE9JV29yYzN1QmRhWU40ZjdQNTAKTmVYTWdudmJjQmhnNTF5SHQrcjlKK0RpdXFkQ0czS21PZ2t3TmRLYVcySkxzNk8xQlM4M3BaYkZXaFY3SUppRgovUEp1RnVuQURmL0s5am1BZXpodHhUUGFkU0FLamg2enBnODBIalZvL1JIQXYwaC92ZElmTEVLM0dhTlpGWkYrCmFKSWlCd24rSHJJK3dqdmk0UnNwVFg2eHZjd1BUdHh1d0VnbUZqbEpkbnRHdU1XSlRqOW0vTTlRMXJCOWRGR3IKcFhja0FMSnB4NW9wbE85SC9nNU9uUWwxazdNYVg3NnMydlU4V3dJREFRQUJBb0lCQUd0eVdvdUNLYkk3Qzh6Ugp3dWhOSCtpUFlxUzMrYlB0RTd2UytsdXE1WHZtMGNST0xvQjd5bGNzYks3K09UTVhlWk56TlpGZmMvYlFONXJtCmZwZlZLRnYySzcraU01WjBMMG9KU2k2K0cvSDVQSUdLQkxlUDd5ZGdYa2ZsSGRXRkgrSE9OWlBIakI4UGlFc04KZW4zcnp6ejZFNDdFamxDWTdkOFI4NXNuWDRYREN2bG1CQnhvcnpqVERuK1dTWWpKS09SSk5zY3oxQXFYR1VjVwpQaHRNYkwybC8zN2hPbTA4SjRRWXowTWduOWE5VUFXLzFNS2lXbHVpc1NHNG9YaFNPS1hkdk1IS3VxS09sUDJzCk9xWjBlR3JBNmpKdWlmZVY2Q2NIU2p3VUgwdHpiMmdZQVM2cm5RQlREbFkxR1I4Skx0YWhWREtqdUwyV0hjclkKbHhCOGZBRUNnWUVBMWpxc01weFo5cG9LNkpmRDZzVTU0ZUU1UWlNYlB0MERRZjlYU1J6NW5zQXlraHdKWEZDVwpKWTNiU3BhcGREeEgzakpDQ0VzN3NSWUhUeDRzNVJQSldtWC9oZTFwVEs4TDVlaFV2TmVudG5nVTB3aE4rZVEzCjl4Sk1VbHVYdGkvU0FpNi9jQk5HY1ZjQjFGRStmVzY0VDhqYVVQakRrL0Z2dFRXOXkzZnNVZnNDZ1lFQTJXbXMKYStuZ2RaS24rVTlCMlFCTXB0K0RLL0txNVF6RW1qZDVMSjJMb3FLUjhGbjlpVVZoUVljUEpobDJVV3VjTTl0RQp0QUlYdEY0anVUejlqUUNMMGQ5a09DeCswdTBKUFZJejdlVmFFVGs1enF0azRsTnhVUkJhQ3pCUEJkdjZJd3BDCkR4UXJWRXBXYlMra1JvYTNKSElOdHdjUWt2Nk50N1JIajd1WEVTRUNnWUJsREozbTdZc2Q0QUZmUHg4Qm9YQXgKRkt5T2ZzSytQei9uSkl0R2lHMVNMWFJ0S041ZGRnR3N5eUh5SitqY1ZBYk9UMFNJWnZ4TUJva0NEOGk3Y1Q3Ygo3aHErVUlNSDBkVzU1NEg0NVh4TmZJek9FaSs5dktHTllFc3gyZFJROG5PTDVnTVUyWEt6eVllcVgzd3JiRXR5CkR0cXpzUE9IMkMySiswU0FNaHY5ZXdLQmdRQ2szeWs5TUwvaUNWUk9rTmNybTdtRk5xeS9rQ2dleU43eTRDeUoKTS9RbllrZHYwSjZmRWJrZU96QzJ3TXBrRmtuL1hVR3RqSVN6YUV5STlnS0ZnaXVGL1hWL3orWmhTQllncFl6eAoxR0xIK3ZDbWxIMU4wTjkzRFFKcng3ZTFoc3NhOVhXQS85ZVg5VU96UzFTMWt3V2hvc2haeXdhN29rU1FVaXVPCmlVQ1hZUUtCZ1FEUVZUVHc3WUY3QzNTVmg5OWRObUdTaHV2LzZ2aTJmNDlOMklGMURNQ1haaEpoOUVZck9TV2kKY05oakxGRFhmdzVlZlFURWU3Ykx5bTJGVDd0YnZFSm5USHFyakVuUDRUWExqZnczL3RiQ3RxWVNZRlRqdThFUApadHVwd21ZWjhFVU1pSnVHS2l2SExmSjk2dy8xR21BOHVCZUVtV05YRW9FUU1ySmxuM3g5d3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/test/kuttl/tests/manila-tls/02-manila-deploy.yaml b/test/kuttl/tests/manila-tls/02-manila-deploy.yaml new file mode 100644 index 00000000..6da54441 --- /dev/null +++ b/test/kuttl/tests/manila-tls/02-manila-deploy.yaml @@ -0,0 +1,5 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + oc kustomize ../../../../config/samples/layout/tls | oc apply -n $NAMESPACE -f - diff --git a/test/kuttl/tests/manila-tls/03-assert.yaml b/test/kuttl/tests/manila-tls/03-assert.yaml new file mode 100644 index 00000000..4e664ac9 --- /dev/null +++ b/test/kuttl/tests/manila-tls/03-assert.yaml @@ -0,0 +1,535 @@ +apiVersion: manila.openstack.org/v1beta1 +kind: Manila +metadata: + name: manila + namespace: manila-kuttl-tests +spec: + customServiceConfig: | + [DEFAULT] + debug = true + databaseInstance: openstack + databaseUser: manila + dbPurge: + age: 30 + schedule: 1 0 * * * + extraMounts: + - extraVol: + - extraVolType: Ceph + mounts: + - mountPath: /etc/ceph + name: ceph + readOnly: true + propagation: + - share0 + volumes: + - name: ceph + projected: + sources: + - secret: + name: ceph-conf-files + name: v1 + region: r1 + manilaAPI: + customServiceConfig: | + [DEFAULT] + enabled_share_protocols = cephfs + override: {} + replicas: 1 + resources: {} + tls: + api: + internal: + secretName: cert-manila-internal-svc + public: + secretName: cert-manila-public-svc + caBundleSecretName: combined-ca-bundle + manilaScheduler: + customServiceConfig: '# add your customization here' + replicas: 1 + resources: {} + manilaShares: + share0: + customServiceConfig: | + [DEFAULT] + enabled_share_backends = cephfs + [cephfs] + driver_handles_share_servers=False + share_backend_name=cephfs + share_driver=manila.share.drivers.cephfs.driver.CephFSDriver + cephfs_conf_path=/etc/ceph/ceph.conf + cephfs_auth_id=openstack + cephfs_cluster_name=ceph + cephfs_protocol_helper_type=CEPHFS + replicas: 1 + resources: {} + memcachedInstance: memcached + passwordSelectors: + database: ManilaDatabasePassword + service: ManilaPassword + preserveJobs: false + rabbitMqClusterName: rabbitmq + secret: osp-secret + serviceUser: manila +status: + conditions: + - message: Setup complete + reason: Ready + status: "True" + type: Ready + - message: CronJob completed + reason: Ready + status: "True" + type: CronJobReady + - message: DB create completed + reason: Ready + status: "True" + type: DBReady + - message: DBsync completed + reason: Ready + status: "True" + type: DBSyncReady + - message: Input data complete + reason: Ready + status: "True" + type: InputReady + - message: Setup complete + reason: Ready + status: "True" + type: ManilaAPIReady + - message: Setup complete + reason: Ready + status: "True" + type: ManilaSchedulerReady + - message: Deployment completed + reason: Ready + status: "True" + type: ManilaShareReady + - message: " Memcached instance has been provisioned" + reason: Ready + status: "True" + type: MemcachedReady + - message: NetworkAttachments completed + reason: Ready + status: "True" + type: NetworkAttachmentsReady + - message: RabbitMqTransportURL successfully created + reason: Ready + status: "True" + type: RabbitMqTransportURLReady + - message: RoleBinding created + reason: Ready + status: "True" + type: RoleBindingReady + - message: Role created + reason: Ready + status: "True" + type: RoleReady + - message: ServiceAccount created + reason: Ready + status: "True" + type: ServiceAccountReady + - message: Service config create completed + reason: Ready + status: "True" + type: ServiceConfigReady + databaseHostname: openstack + manilaAPIReadyCount: 1 + manilaSchedulerReadyCount: 1 + manilaSharesReadyCounts: + share0: 1 + transportURLSecret: rabbitmq-transport-url-manila-manila-transport +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: manila-db-purge +spec: + jobTemplate: + metadata: + labels: + service: manila + spec: + completions: 1 + parallelism: 1 + template: + spec: + containers: + - args: + - -c + - /usr/bin/manila-manage --config-dir /etc/manila/manila.conf.d + db purge 30 + command: + - /bin/bash + name: manila-db-purge + volumeMounts: + - mountPath: /etc/manila/manila.conf.d + name: db-purge-config-data + readOnly: true + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + serviceAccount: manila-manila + serviceAccountName: manila-manila + volumes: + - name: db-purge-config-data + secret: + defaultMode: 420 + items: + - key: 00-config.conf + path: 00-config.conf + secretName: manila-config-data + - name: combined-ca-bundle + secret: + defaultMode: 292 + secretName: combined-ca-bundle + schedule: 1 0 * * * + suspend: false +--- +apiVersion: manila.openstack.org/v1beta1 +kind: ManilaShare +metadata: + name: manila-share-share0 +spec: + databaseHostname: openstack + databaseUser: manila + passwordSelectors: + database: ManilaDatabasePassword + service: ManilaPassword + replicas: 1 + resources: {} + secret: osp-secret + serviceAccount: manila-manila + serviceUser: manila + transportURLSecret: rabbitmq-transport-url-manila-manila-transport +status: + conditions: + - message: Setup complete + reason: Ready + status: "True" + type: Ready + - message: Deployment completed + reason: Ready + status: "True" + type: DeploymentReady + - message: Input data complete + reason: Ready + status: "True" + type: InputReady + - message: NetworkAttachments completed + reason: Ready + status: "True" + type: NetworkAttachmentsReady + - message: Service config create completed + reason: Ready + status: "True" + type: ServiceConfigReady + - message: Input data complete + reason: Ready + status: "True" + type: TLSInputReady + readyCount: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: manila-api + namespace: manila-kuttl-tests +spec: + replicas: 1 + selector: + matchLabels: + component: manila-api + service: manila + template: + metadata: + labels: + component: manila-api + service: manila + spec: + serviceAccountName: manila-manila + containers: + - args: + - --single-child + - -- + - /usr/bin/tail + - -n+1 + - -F + - /var/log/manila/manila-api.log + volumeMounts: + - name: logs + mountPath: /var/log/manila + - args: + - -c + - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start + volumeMounts: + - mountPath: /etc/machine-id + name: etc-machine-id + readOnly: true + - mountPath: /etc/localtime + name: etc-localtime + readOnly: true + - mountPath: /var/lib/config-data/default + name: config-data + - mountPath: /etc/manila/manila.conf.d + name: config-data-custom + readOnly: true + - mountPath: /var/lib/kolla/config_files/config.json + name: config-data + readOnly: true + subPath: manila-api-config.json + - mountPath: /var/log/manila + name: logs + - mountPath: /usr/local/bin/container-scripts + name: scripts + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + - mountPath: /var/lib/config-data/tls/certs/internal.crt + name: internal-tls-certs + readOnly: true + subPath: tls.crt + - mountPath: /var/lib/config-data/tls/private/internal.key + name: internal-tls-certs + readOnly: true + subPath: tls.key + - mountPath: /var/lib/config-data/tls/certs/public.crt + name: public-tls-certs + readOnly: true + subPath: tls.crt + - mountPath: /var/lib/config-data/tls/private/public.key + name: public-tls-certs + readOnly: true + subPath: tls.key + volumes: + - name: etc-machine-id + hostPath: + path: /etc/machine-id + - name: etc-localtime + hostPath: + path: /etc/localtime + - name: scripts + secret: + secretName: manila-scripts + - name: config-data + secret: + secretName: manila-config-data + - name: config-data-custom + secret: + secretName: manila-api-config-data + - name: logs + emptyDir: {} + - name: combined-ca-bundle + secret: + defaultMode: 292 + secretName: combined-ca-bundle + - name: internal-tls-certs + secret: + defaultMode: 256 + secretName: cert-manila-internal-svc + - name: public-tls-certs + secret: + defaultMode: 256 + secretName: cert-manila-public-svc +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: manila-share-share0 + namespace: manila-kuttl-tests +spec: + replicas: 1 + selector: + matchLabels: + component: manila-share + service: manila + template: + metadata: + labels: + component: manila-share + service: manila + spec: + serviceAccountName: manila-manila + containers: + - args: + - -c + - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start + volumeMounts: + - mountPath: /etc/machine-id + name: etc-machine-id + - mountPath: /etc/localtime + name: etc-localtime + readOnly: true + - mountPath: /var/lib/config-data/default + name: config-data + readOnly: true + - mountPath: /usr/local/bin/container-scripts + name: scripts + readOnly: true + - mountPath: /etc/ceph + name: ceph + readOnly: true + - mountPath: /etc/manila/manila.conf.d + name: config-data-custom + readOnly: true + - mountPath: /var/lib/manila + name: var-lib-manila + readOnly: true + subPath: manila-share-config.json + - mountPath: /var/lib/kolla/config_files/config.json + name: config-data + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + subPath: tls-ca-bundle.pem + - command: + - /usr/local/bin/container-scripts/healthcheck.py + - share + - /etc/manila/manila.conf.d + volumeMounts: + - mountPath: /etc/machine-id + name: etc-machine-id + - mountPath: /etc/localtime + name: etc-localtime + readOnly: true + - mountPath: /var/lib/config-data/default + name: config-data + readOnly: true + - mountPath: /usr/local/bin/container-scripts + name: scripts + readOnly: true + - mountPath: /etc/ceph + name: ceph + readOnly: true + - mountPath: /etc/manila/manila.conf.d + name: config-data-custom + readOnly: true + - mountPath: /var/lib/manila + name: var-lib-manila + readOnly: true + subPath: manila-share-config.json + - mountPath: /var/lib/kolla/config_files/config.json + name: config-data + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + subPath: tls-ca-bundle.pem + volumes: + - name: etc-machine-id + hostPath: + path: /etc/machine-id + - name: etc-localtime + hostPath: + path: /etc/localtime + - name: scripts + secret: + secretName: manila-scripts + - name: config-data + secret: + secretName: manila-config-data + - name: ceph + projected: + sources: + - secret: + name: ceph-conf-files + - name: var-lib-manila + hostPath: + path: /var/lib/manila + - name: config-data-custom + secret: + secretName: manila-share-share0-config-data + - name: combined-ca-bundle + secret: + secretName: combined-ca-bundle +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: manila-scheduler + namespace: manila-kuttl-tests +spec: + replicas: 1 + selector: + matchLabels: + component: manila-scheduler + service: manila + template: + metadata: + labels: + component: manila-scheduler + service: manila + spec: + serviceAccountName: manila-manila + containers: + - args: + - -c + - /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start + volumeMounts: + - mountPath: /etc/machine-id + name: etc-machine-id + - mountPath: /etc/localtime + name: etc-localtime + readOnly: true + - mountPath: /var/lib/config-data/default + name: config-data + readOnly: true + - mountPath: /usr/local/bin/container-scripts + name: scripts + readOnly: true + - mountPath: /etc/manila/manila.conf.d + name: config-data-custom + readOnly: true + - mountPath: /var/lib/kolla/config_files/config.json + name: config-data + readOnly: true + subPath: manila-scheduler-config.json + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + subPath: tls-ca-bundle.pem + - command: + - /usr/local/bin/container-scripts/healthcheck.py + - scheduler + - /etc/manila/manila.conf.d + volumeMounts: + - mountPath: /etc/machine-id + name: etc-machine-id + readOnly: true + - mountPath: /etc/localtime + name: etc-localtime + readOnly: true + - mountPath: /var/lib/config-data/default + name: config-data + readOnly: true + - mountPath: /usr/local/bin/container-scripts + name: scripts + readOnly: true + - mountPath: /etc/manila/manila.conf.d + name: config-data-custom + readOnly: true + - mountPath: /var/lib/kolla/config_files/config.json + name: config-data + readOnly: true + subPath: manila-scheduler-config.json + - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + name: combined-ca-bundle + readOnly: true + subPath: tls-ca-bundle.pem + volumes: + - name: etc-machine-id + hostPath: + path: /etc/machine-id + - name: etc-localtime + hostPath: + path: /etc/localtime + - name: scripts + secret: + secretName: manila-scripts + - name: config-data + secret: + secretName: manila-config-data + - name: config-data-custom + secret: + secretName: manila-scheduler-config-data + - name: combined-ca-bundle + secret: + secretName: combined-ca-bundle diff --git a/test/kuttl/tests/manila-basic/04-cleanup-manila.yaml b/test/kuttl/tests/manila-tls/04-cleanup-manila.yaml similarity index 100% rename from test/kuttl/tests/manila-basic/04-cleanup-manila.yaml rename to test/kuttl/tests/manila-tls/04-cleanup-manila.yaml