From 164319d9f92f390183ed1c6cf045cc02db2a2274 Mon Sep 17 00:00:00 2001 From: Veronika Fisarova Date: Tue, 16 Apr 2024 10:10:26 +0200 Subject: [PATCH] Initial kuttl tls Signed-off-by: Veronika Fisarova --- ..._v1beta1_openstackcontrolplane_custom.yaml | 202 +++++++++++++ .../common/assert-sample-deployment.yaml | 2 - .../tests/basic-deployment/02-cleanup.yaml | 10 - .../basic-deployment/02-errors-cleanup.yaml | 1 - .../collapsed/01-assert-collapsed-cell.yaml | 235 ---------------- .../01-deploy-openstack-collapsed-cell.yaml | 5 - tests/kuttl/tests/collapsed/02-cleanup.yaml | 6 - .../tests/collapsed/02-errors-cleanup.yaml | 1 - .../01-assert-galera-3replicas.yaml | 238 ---------------- .../01-deploy-galera-3replicas.yaml | 5 - .../tests/galera-3replicas/02-cleanup.yaml | 15 - .../galera-3replicas/02-errors-cleanup.yaml | 1 - .../tests/galera-basic/01-assert-galera.yaml | 265 ------------------ .../tests/galera-basic/01-deploy-galera.yaml | 5 - .../kuttl/tests/galera-basic/02-cleanup.yaml | 12 - .../tests/galera-basic/02-errors-cleanup.yaml | 1 - .../01-assert-deploy-openstack.yaml | 0 .../01-deploy-openstack.yaml | 0 .../tests/tls/02-deploy-delete-secrets.yaml | 20 ++ .../tests/tls/certificates/custom-ca.yaml | 34 +++ 20 files changed, 256 insertions(+), 802 deletions(-) create mode 100644 config/samples/core_v1beta1_openstackcontrolplane_custom.yaml delete mode 100644 tests/kuttl/tests/basic-deployment/02-cleanup.yaml delete mode 120000 tests/kuttl/tests/basic-deployment/02-errors-cleanup.yaml delete mode 100644 tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml delete mode 100644 tests/kuttl/tests/collapsed/01-deploy-openstack-collapsed-cell.yaml delete mode 100644 tests/kuttl/tests/collapsed/02-cleanup.yaml delete mode 120000 tests/kuttl/tests/collapsed/02-errors-cleanup.yaml delete mode 100644 tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml delete mode 100644 tests/kuttl/tests/galera-3replicas/01-deploy-galera-3replicas.yaml delete mode 100644 tests/kuttl/tests/galera-3replicas/02-cleanup.yaml delete mode 120000 tests/kuttl/tests/galera-3replicas/02-errors-cleanup.yaml delete mode 100644 tests/kuttl/tests/galera-basic/01-assert-galera.yaml delete mode 100644 tests/kuttl/tests/galera-basic/01-deploy-galera.yaml delete mode 100644 tests/kuttl/tests/galera-basic/02-cleanup.yaml delete mode 120000 tests/kuttl/tests/galera-basic/02-errors-cleanup.yaml rename tests/kuttl/tests/{basic-deployment => tls}/01-assert-deploy-openstack.yaml (100%) rename tests/kuttl/tests/{basic-deployment => tls}/01-deploy-openstack.yaml (100%) create mode 100644 tests/kuttl/tests/tls/02-deploy-delete-secrets.yaml create mode 100644 tests/kuttl/tests/tls/certificates/custom-ca.yaml diff --git a/config/samples/core_v1beta1_openstackcontrolplane_custom.yaml b/config/samples/core_v1beta1_openstackcontrolplane_custom.yaml new file mode 100644 index 000000000..fd78c6e6b --- /dev/null +++ b/config/samples/core_v1beta1_openstackcontrolplane_custom.yaml @@ -0,0 +1,202 @@ +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack-basic +spec: + secret: osp-secret + storageClass: local-storage + keystone: + template: + databaseInstance: openstack + secret: osp-secret + galera: + templates: + openstack: + storageClass: local-storage + storageRequest: 500M + secret: osp-secret + replicas: 1 + openstack-cell1: + storageClass: local-storage + storageRequest: 500M + secret: osp-secret + replicas: 1 + rabbitmq: + templates: + rabbitmq: + replicas: 1 + #resources: + # requests: + # cpu: 500m + # memory: 1Gi + # limits: + # cpu: 800m + # memory: 1Gi + rabbitmq-cell1: + replicas: 1 + memcached: + templates: + memcached: + replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 + placement: + template: + databaseInstance: openstack + secret: osp-secret + glance: + template: + secret: osp-secret + databaseInstance: openstack + storageClass: "" + storageRequest: 10G + keystoneEndpoint: default + glanceAPIs: + default: + type: single + replicas: 1 + cinder: + template: + databaseInstance: openstack + secret: osp-secret + cinderAPI: + replicas: 1 + cinderScheduler: + replicas: 1 + cinderBackup: + replicas: 0 # backend needs to be configured + cinderVolumes: + volume1: + replicas: 0 # backend needs to be configured + manila: + template: + manilaAPI: + replicas: 1 + manilaScheduler: + replicas: 1 + manilaShares: + share1: + replicas: 1 + ovn: + template: + ovnDBCluster: + ovndbcluster-nb: + replicas: 1 + dbType: NB + storageRequest: 10G + ovndbcluster-sb: + replicas: 1 + dbType: SB + storageRequest: 10G + ovnNorthd: + replicas: 1 + ovnController: {} + neutron: + template: + databaseInstance: openstack + secret: osp-secret + horizon: + template: + replicas: 1 + secret: osp-secret + nova: + template: + secret: osp-secret + heat: + enabled: false + template: + databaseInstance: openstack + heatAPI: + replicas: 1 + heatEngine: + replicas: 1 + secret: osp-secret + ironic: + enabled: false + template: + databaseInstance: openstack + ironicAPI: + replicas: 1 + ironicConductors: + - replicas: 1 + storageRequest: 10G + ironicInspector: + replicas: 1 + ironicNeutronAgent: + replicas: 1 + secret: osp-secret + telemetry: + enabled: true + template: + metricStorage: + enabled: false + monitoringStack: + alertingEnabled: true + scrapeInterval: 30s + storage: + strategy: persistent + retention: 24h + persistent: + pvcStorageRequest: 20G + autoscaling: + enabled: false + aodh: + passwordSelectors: + databaseUser: aodh + databaseInstance: openstack + memcachedInstance: memcached + secret: osp-secret + heatInstance: heat + ceilometer: + enabled: true + secret: osp-secret + logging: + enabled: false + network: internalapi + ipaddr: 172.17.0.80 + port: 10514 + cloNamespace: openshift-logging + swift: + enabled: true + template: + swiftRing: + ringReplicas: 1 + swiftStorage: + replicas: 1 + swiftProxy: + replicas: 1 + octavia: + enabled: false + template: + databaseInstance: openstack + octaviaAPI: + replicas: 1 + secret: osp-secret + redis: + enabled: false + designate: + template: + databaseInstance: openstack + secret: osp-secret + designateAPI: + replicas: 1 + designateCentral: + replicas: 0 # backend needs to be configured + designateWorker: + replicas: 0 # backend needs to be configured + designateProducer: + replicas: 0 # backend needs to be configured + designateMdns: + replicas: 0 # backend needs to be configured + designateBackendbind9: + replicas: 0 # backend needs to be configured + tls: + caBundleSecretName: ca-custom \ No newline at end of file diff --git a/tests/kuttl/common/assert-sample-deployment.yaml b/tests/kuttl/common/assert-sample-deployment.yaml index 279050bfb..ab7fd5838 100644 --- a/tests/kuttl/common/assert-sample-deployment.yaml +++ b/tests/kuttl/common/assert-sample-deployment.yaml @@ -130,8 +130,6 @@ spec: secret: osp-secret serviceUser: aodh ceilometer: - passwordSelector: - service: CeilometerPassword secret: osp-secret serviceUser: ceilometer swift: diff --git a/tests/kuttl/tests/basic-deployment/02-cleanup.yaml b/tests/kuttl/tests/basic-deployment/02-cleanup.yaml deleted file mode 100644 index 41d34afad..000000000 --- a/tests/kuttl/tests/basic-deployment/02-cleanup.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: core.openstack.org/v1beta1 - kind: OpenStackControlPlane - name: openstack-basic -commands: -- script: | - oc delete --ignore-not-found=true -n $NAMESPACE pvc \ - srv-swift-storage-0 diff --git a/tests/kuttl/tests/basic-deployment/02-errors-cleanup.yaml b/tests/kuttl/tests/basic-deployment/02-errors-cleanup.yaml deleted file mode 120000 index 4d7b8362e..000000000 --- a/tests/kuttl/tests/basic-deployment/02-errors-cleanup.yaml +++ /dev/null @@ -1 +0,0 @@ -../../common/errors_cleanup_openstack.yaml \ No newline at end of file diff --git a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml b/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml deleted file mode 100644 index 212fcb05a..000000000 --- a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml +++ /dev/null @@ -1,235 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack-collapsed-cell -spec: - secret: osp-secret - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - templates: - openstack: - storageRequest: 500M - rabbitmq: - templates: - rabbitmq: - replicas: 1 - memcached: - templates: - memcached: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - databaseInstance: openstack - storageRequest: 10G - glanceAPIs: - default: - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: - external-ids: - system-id: "random" - ovn-bridge: "br-int" - ovn-encap-type: "geneve" - neutron: - template: - databaseInstance: openstack - secret: osp-secret - nova: - template: - secret: osp-secret - # This creates a collapsed cell deployment same as what OSP17 does by - # default. The conductor in cell1 acts as both the cell conductor and the - # super conductor hence cell0 conductor is disabled. Also in this - # deployment both the top level services and cell1 service will share the - # same message bus and database service instance so there is no cell - # separation implemented. - cellTemplates: - cell0: - cellDatabaseAccount: nova-cell0 - conductorServiceTemplate: - replicas: 0 - hasAPIAccess: true - cell1: - cellDatabaseAccount: nova-cell1 - cellDatabaseInstance: openstack - cellMessageBusInstance: rabbitmq - conductorServiceTemplate: - replicas: 1 - hasAPIAccess: true - ironic: - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - autoscaling: - aodh: - secret: osp-secret - serviceUser: aodh - ceilometer: - passwordSelector: - service: CeilometerPassword - secret: osp-secret - serviceUser: ceilometer - barbican: - enabled: true - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - tls: - ingress: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - enabled: true - podLevel: - enabled: true - internal: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - ovn: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: OpenStackControlPlane Barbican completed - reason: Ready - status: "True" - type: OpenStackControlPlaneBarbicanReady - - message: OpenStackControlPlane CAs completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCAReadyCondition - - message: OpenStackControlPlane Cinder completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCinderReady - - message: OpenStackControlPlane Client completed - reason: Ready - status: "True" - type: OpenStackControlPlaneClientReady - - message: OpenStackControlPlane barbican service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeBarbicanReady - - message: OpenStackControlPlane cinder service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeCinderReady - - message: OpenStackControlPlane glance service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeGlanceReady - - message: OpenStackControlPlane keystone service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeKeystoneAPIReady - - message: OpenStackControlPlane neutron service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNeutronReady - - message: OpenStackControlPlane nova service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNovaReady - - message: OpenStackControlPlane placement service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposePlacementAPIReady - - message: OpenStackControlPlane Glance completed - reason: Ready - status: "True" - type: OpenStackControlPlaneGlanceReady - - message: OpenStackControlPlane KeystoneAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlaneKeystoneAPIReady - - message: OpenStackControlPlane MariaDB completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMariaDBReady - - message: OpenStackControlPlane Memcached completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMemcachedReady - - message: OpenStackControlPlane Neutron completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNeutronReady - - message: OpenStackControlPlane Nova completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNovaReady - - message: OpenStackControlPlane OVN completed - reason: Ready - status: "True" - type: OpenStackControlPlaneOVNReady - - message: OpenStackControlPlane PlacementAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlanePlacementAPIReady - - message: OpenStackControlPlane RabbitMQ completed - reason: Ready - status: "True" - type: OpenStackControlPlaneRabbitMQReady - - message: OpenStackControlPlane Telemetry completed - reason: Ready - status: "True" - type: OpenStackControlPlaneTelemetryReady diff --git a/tests/kuttl/tests/collapsed/01-deploy-openstack-collapsed-cell.yaml b/tests/kuttl/tests/collapsed/01-deploy-openstack-collapsed-cell.yaml deleted file mode 100644 index 9f9434cb8..000000000 --- a/tests/kuttl/tests/collapsed/01-deploy-openstack-collapsed-cell.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc apply -n $NAMESPACE -f ../../../../config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml diff --git a/tests/kuttl/tests/collapsed/02-cleanup.yaml b/tests/kuttl/tests/collapsed/02-cleanup.yaml deleted file mode 100644 index 455b07e46..000000000 --- a/tests/kuttl/tests/collapsed/02-cleanup.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: core.openstack.org/v1beta1 - kind: OpenStackControlPlane - name: openstack-collapsed-cell diff --git a/tests/kuttl/tests/collapsed/02-errors-cleanup.yaml b/tests/kuttl/tests/collapsed/02-errors-cleanup.yaml deleted file mode 120000 index 4d7b8362e..000000000 --- a/tests/kuttl/tests/collapsed/02-errors-cleanup.yaml +++ /dev/null @@ -1 +0,0 @@ -../../common/errors_cleanup_openstack.yaml \ No newline at end of file diff --git a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml b/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml deleted file mode 100644 index 2902861cb..000000000 --- a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack-galera-3replicas -spec: - secret: osp-secret - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - enabled: true - templates: - openstack: - storageRequest: 500M - secret: osp-secret - replicas: 3 - openstack-cell1: - storageRequest: 500M - secret: osp-secret - replicas: 3 - rabbitmq: - templates: - rabbitmq: - replicas: 3 - rabbitmq-cell1: - replicas: 3 - memcached: - templates: - memcached: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - databaseInstance: openstack - storageRequest: 10G - glanceAPIs: - default: - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - barbican: - enabled: true - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - manila: - template: - manilaAPI: - replicas: 1 - manilaScheduler: - replicas: 1 - manilaShares: - share1: - replicas: 1 - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: - external-ids: - system-id: "random" - ovn-bridge: "br-int" - ovn-encap-type: "geneve" - neutron: - template: - databaseInstance: openstack - secret: osp-secret - horizon: - template: - replicas: 1 - secret: osp-secret - nova: - template: - secret: osp-secret - ironic: - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - autoscaling: - aodh: - secret: osp-secret - serviceUser: aodh - ceilometer: - passwordSelector: - service: CeilometerPassword - secret: osp-secret - serviceUser: ceilometer - tls: - ingress: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - enabled: true - podLevel: - enabled: true - internal: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - ovn: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: OpenStackControlPlane Barbican completed - reason: Ready - status: "True" - type: OpenStackControlPlaneBarbicanReady - - message: OpenStackControlPlane CAs completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCAReadyCondition - - message: OpenStackControlPlane Cinder completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCinderReady - - message: OpenStackControlPlane Client completed - reason: Ready - status: "True" - type: OpenStackControlPlaneClientReady - - message: OpenStackControlPlane barbican service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeBarbicanReady - - message: OpenStackControlPlane cinder service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeCinderReady - - message: OpenStackControlPlane glance service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeGlanceReady - - message: OpenStackControlPlane keystone service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeKeystoneAPIReady - - message: OpenStackControlPlane neutron service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNeutronReady - - message: OpenStackControlPlane nova service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNovaReady - - message: OpenStackControlPlane placement service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposePlacementAPIReady - - message: OpenStackControlPlane Glance completed - reason: Ready - status: "True" - type: OpenStackControlPlaneGlanceReady - - message: OpenStackControlPlane KeystoneAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlaneKeystoneAPIReady - - message: OpenStackControlPlane MariaDB completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMariaDBReady - - message: OpenStackControlPlane Memcached completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMemcachedReady - - message: OpenStackControlPlane Neutron completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNeutronReady - - message: OpenStackControlPlane Nova completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNovaReady - - message: OpenStackControlPlane OVN completed - reason: Ready - status: "True" - type: OpenStackControlPlaneOVNReady - - message: OpenStackControlPlane PlacementAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlanePlacementAPIReady - - message: OpenStackControlPlane RabbitMQ completed - reason: Ready - status: "True" - type: OpenStackControlPlaneRabbitMQReady - - message: OpenStackControlPlane Telemetry completed - reason: Ready - status: "True" - type: OpenStackControlPlaneTelemetryReady diff --git a/tests/kuttl/tests/galera-3replicas/01-deploy-galera-3replicas.yaml b/tests/kuttl/tests/galera-3replicas/01-deploy-galera-3replicas.yaml deleted file mode 100644 index 8cd3c29b8..000000000 --- a/tests/kuttl/tests/galera-3replicas/01-deploy-galera-3replicas.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc apply -n $NAMESPACE -f ../../../../config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml diff --git a/tests/kuttl/tests/galera-3replicas/02-cleanup.yaml b/tests/kuttl/tests/galera-3replicas/02-cleanup.yaml deleted file mode 100644 index 095e1978f..000000000 --- a/tests/kuttl/tests/galera-3replicas/02-cleanup.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: core.openstack.org/v1beta1 - kind: OpenStackControlPlane - name: openstack-galera-3replicas -commands: -- script: | - oc delete --ignore-not-found=true -n $NAMESPACE pvc \ - mysql-db-openstack-galera-0 \ - mysql-db-openstack-galera-1 \ - mysql-db-openstack-galera-2 \ - mysql-db-openstack-cell1-galera-0 \ - mysql-db-openstack-cell1-galera-1 \ - mysql-db-openstack-cell1-galera-2 diff --git a/tests/kuttl/tests/galera-3replicas/02-errors-cleanup.yaml b/tests/kuttl/tests/galera-3replicas/02-errors-cleanup.yaml deleted file mode 120000 index 4d7b8362e..000000000 --- a/tests/kuttl/tests/galera-3replicas/02-errors-cleanup.yaml +++ /dev/null @@ -1 +0,0 @@ -../../common/errors_cleanup_openstack.yaml \ No newline at end of file diff --git a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml b/tests/kuttl/tests/galera-basic/01-assert-galera.yaml deleted file mode 100644 index 70215f8a0..000000000 --- a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml +++ /dev/null @@ -1,265 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack-galera -spec: - secret: osp-secret - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - enabled: true - templates: - openstack: - storageRequest: 500M - secret: osp-secret - replicas: 1 - openstack-cell1: - storageRequest: 500M - secret: osp-secret - replicas: 1 - rabbitmq: - templates: - rabbitmq: - replicas: 1 - rabbitmq-cell1: - replicas: 1 - memcached: - templates: - memcached: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - databaseInstance: openstack - storageRequest: 10G - glanceAPIs: - default: - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - barbican: - enabled: true - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - manila: - template: - manilaAPI: - replicas: 1 - manilaScheduler: - replicas: 1 - manilaShares: - share1: - replicas: 1 - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: - external-ids: - system-id: "random" - ovn-bridge: "br-int" - ovn-encap-type: "geneve" - neutron: - template: - databaseInstance: openstack - secret: osp-secret - horizon: - template: - replicas: 1 - secret: osp-secret - nova: - template: - secret: osp-secret - heat: - enabled: false - template: - databaseInstance: openstack - heatAPI: - replicas: 1 - heatEngine: - replicas: 1 - secret: osp-secret - ironic: - enabled: false - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - autoscaling: - aodh: - secret: osp-secret - serviceUser: aodh - ceilometer: - passwordSelector: - service: CeilometerPassword - secret: osp-secret - serviceUser: ceilometer - swift: - enabled: true - template: - swiftRing: - ringReplicas: 1 - swiftStorage: - replicas: 1 - swiftProxy: - replicas: 1 - tls: - ingress: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - enabled: true - podLevel: - enabled: true - internal: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s - ovn: - ca: - duration: 43800h0m0s - cert: - duration: 8760h0m0s -status: - conditions: - - message: Setup complete - reason: Ready - status: "True" - type: Ready - - message: OpenStackControlPlane Barbican completed - reason: Ready - status: "True" - type: OpenStackControlPlaneBarbicanReady - - message: OpenStackControlPlane CAs completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCAReadyCondition - - message: OpenStackControlPlane Cinder completed - reason: Ready - status: "True" - type: OpenStackControlPlaneCinderReady - - message: OpenStackControlPlane Client completed - reason: Ready - status: "True" - type: OpenStackControlPlaneClientReady - - message: OpenStackControlPlane barbican service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeBarbicanReady - - message: OpenStackControlPlane cinder service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeCinderReady - - message: OpenStackControlPlane glance service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeGlanceReady - - message: OpenStackControlPlane keystone service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeKeystoneAPIReady - - message: OpenStackControlPlane neutron service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNeutronReady - - message: OpenStackControlPlane nova service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeNovaReady - - message: OpenStackControlPlane placement service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposePlacementAPIReady - - message: OpenStackControlPlane swift service exposed - reason: Ready - status: "True" - type: OpenStackControlPlaneExposeSwiftReady - - message: OpenStackControlPlane Glance completed - reason: Ready - status: "True" - type: OpenStackControlPlaneGlanceReady - - message: OpenStackControlPlane KeystoneAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlaneKeystoneAPIReady - - message: OpenStackControlPlane MariaDB completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMariaDBReady - - message: OpenStackControlPlane Memcached completed - reason: Ready - status: "True" - type: OpenStackControlPlaneMemcachedReady - - message: OpenStackControlPlane Neutron completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNeutronReady - - message: OpenStackControlPlane Nova completed - reason: Ready - status: "True" - type: OpenStackControlPlaneNovaReady - - message: OpenStackControlPlane OVN completed - reason: Ready - status: "True" - type: OpenStackControlPlaneOVNReady - - message: OpenStackControlPlane PlacementAPI completed - reason: Ready - status: "True" - type: OpenStackControlPlanePlacementAPIReady - - message: OpenStackControlPlane RabbitMQ completed - reason: Ready - status: "True" - type: OpenStackControlPlaneRabbitMQReady - - message: OpenStackControlPlane Swift completed - reason: Ready - status: "True" - type: OpenStackControlPlaneSwiftReady - - message: OpenStackControlPlane Telemetry completed - reason: Ready - status: "True" - type: OpenStackControlPlaneTelemetryReady diff --git a/tests/kuttl/tests/galera-basic/01-deploy-galera.yaml b/tests/kuttl/tests/galera-basic/01-deploy-galera.yaml deleted file mode 100644 index cacf35aa0..000000000 --- a/tests/kuttl/tests/galera-basic/01-deploy-galera.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - oc apply -n $NAMESPACE -f ../../../../config/samples/core_v1beta1_openstackcontrolplane_galera.yaml diff --git a/tests/kuttl/tests/galera-basic/02-cleanup.yaml b/tests/kuttl/tests/galera-basic/02-cleanup.yaml deleted file mode 100644 index 7dd0adf99..000000000 --- a/tests/kuttl/tests/galera-basic/02-cleanup.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: core.openstack.org/v1beta1 - kind: OpenStackControlPlane - name: openstack-galera -commands: -- script: | - oc delete --ignore-not-found=true -n $NAMESPACE pvc \ - mysql-db-openstack-galera-0 \ - mysql-db-openstack-cell1-galera-0 \ - srv-swift-storage-0 diff --git a/tests/kuttl/tests/galera-basic/02-errors-cleanup.yaml b/tests/kuttl/tests/galera-basic/02-errors-cleanup.yaml deleted file mode 120000 index 4d7b8362e..000000000 --- a/tests/kuttl/tests/galera-basic/02-errors-cleanup.yaml +++ /dev/null @@ -1 +0,0 @@ -../../common/errors_cleanup_openstack.yaml \ No newline at end of file diff --git a/tests/kuttl/tests/basic-deployment/01-assert-deploy-openstack.yaml b/tests/kuttl/tests/tls/01-assert-deploy-openstack.yaml similarity index 100% rename from tests/kuttl/tests/basic-deployment/01-assert-deploy-openstack.yaml rename to tests/kuttl/tests/tls/01-assert-deploy-openstack.yaml diff --git a/tests/kuttl/tests/basic-deployment/01-deploy-openstack.yaml b/tests/kuttl/tests/tls/01-deploy-openstack.yaml similarity index 100% rename from tests/kuttl/tests/basic-deployment/01-deploy-openstack.yaml rename to tests/kuttl/tests/tls/01-deploy-openstack.yaml diff --git a/tests/kuttl/tests/tls/02-deploy-delete-secrets.yaml b/tests/kuttl/tests/tls/02-deploy-delete-secrets.yaml new file mode 100644 index 000000000..d6c432182 --- /dev/null +++ b/tests/kuttl/tests/tls/02-deploy-delete-secrets.yaml @@ -0,0 +1,20 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + oc get secrets --namespace openstack-kuttl-tests -o json | jq -r '.items[] | select(.metadata.name | startswith("cert-") and endswith("svc") and (contains("route") | not)) | "\(.metadata.namespace) \(.metadata.name)"' > /tmp/deleted-secrets.txt + - script: | + while IFS=' ' read -r ns secret; do oc delete secret $secret -n $ns; done < /tmp/deleted-secrets.txt + - script: | + oc wait openstackcontrolplane -n openstack-kuttl-tests --for=condition=Ready --timeout=400s openstack-basic + - script: | + oc get pods --namespace openstack-kuttl-tests -o json | jq -r '.items[] | {pod: .metadata.name, volumes: [.spec.volumes[]? | select(.secret != null or (.projected != null and .projected.sources[].secret != null)) | .secret.secretName // .projected.sources[].secret.name]} | @base64' > /tmp/pods_volumes.txt + while IFS=' ' read -r ns secret; do + echo "Checking secret: $secret in namespace: $ns" + matched_pods=$(cat /tmp/pods_volumes.txt | base64 --decode | jq -r --arg SECRET_NAME "$secret" 'select(.volumes[] == $SECRET_NAME) | .pod' | tr '\n' ', ') + if [ -z "$matched_pods" ]; then + echo "ERROR: $secret not mounted in any pods." + else + echo "Pods using $secret in $ns namespace: ${matched_pods%,}" + fi + done < /tmp/deleted-secrets.txt diff --git a/tests/kuttl/tests/tls/certificates/custom-ca.yaml b/tests/kuttl/tests/tls/certificates/custom-ca.yaml new file mode 100644 index 000000000..b5d747165 --- /dev/null +++ b/tests/kuttl/tests/tls/certificates/custom-ca.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: ca-custom + labels: + combined-ca-bundle: "" +data: + ca-custom.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZVENDQWttZ0F3SUJBZ0lVZTRZdkRjVHJGc2hqR3NvQlEwTjlqSHMxd0RRWUpLb1pJaHZjTkFRRUxCUUF3ClRERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeEVqQVFCZ05WQkFjTUNWTmgKbiBGcmFuY2lzY29NUlV3RXdZRFZRUUtEQXhQY21kaGJtbDZZWFJwYjI0eE1CNFhEVEl5TURFd01UQXdNREF3TUZvWERUSXoKTURFd01UQXdNREF3TUZvd1RERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApFakFRQmdOVkJBY01DVk5oYmlCR2NtRnVZMmx6WTI5eEZUQVRCZ05WQkFvTURFOXlaMkZ1YVhwaGRHbHZiakV3CmdnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM0cndXQzd5Si96VXVpSDgvSjduK3QKbktCQnVINmVzZk9CdzFVVjFwQjhhS2h2QldHOVpEZTVhTStaeXM5SEE1R3pDUTdVZWc5Vll2VmQ1MitldTZOcwpmVkMweDkrVlRCRjQrVXd2bHp2ZVN5VXF2dDhMdXA0RXB2QjdtVjRMYzZDSWhvSGpiUm5wM0IzYnRZNVFzTnlrCllQaXk2YzFWaG1nbUU4bVQzdE1NZnQycGJpcVYxRDlvUnJmZFh6bTFObEx1MXNReTBqUjJlQW0xUFVPSTN6UTcKSFZUbktVN3ZxVzhuSi82M2RJb1lYWlJ6aThDVjZSTGt6aGoxcVk2bjFWMEVaQTNwQU8wTHJXL2dDeTFpekEveAo5QmpvWVVaaFpvYk43YTRJaDZIYlVaZWhua2I2UXVVcG5oeitxVWF3TEhoM1h2Y1NjOVFKekE4WUd4Qk53Z3dECkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCU0V3OGxKK0N0VTJOSU91L2pQZVpqdTd1VEMwREFmQmdOVkhTTUUKR0RBV2dCU0V3OGxKK0N0VTJOSU91L2pQZVpqdTd1VEMwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxRwpTSWIzRFFFQkN3VUFBNElCQVFBaVNqLzF4UmlZeEFySWg2NmNVdkZzUHdTOXY2K0g1c1JFOHErUmJJUC85WHdHCjNJN24rUzY4dGJjN2VKekg1eDdoeWJVeXAvSGdKalpvSHc3aGJjRnQwTFgzVk5GOUQ4RUdtaGxTOG93UnZsbFIKcmI3QjZSV2JNbnZidDgzckxYU2lGWVArYkQ3bTN4angvMmhZWXFCZHRucFFWMSs1NHBCVW4xa0xmRldmM2tQeApuSjk0eWhoMlJGcmw0NFIzSTdBRTBxVzBUSllWM3VZb3FrRHd1bVhTVmJrV1pCdEpybEE2U3RMazNDUmVLMXN6Cnk4WXZ2S08zWkNsWEhwQ25iQTlnRlZaeEs4OXBMSmF2UUJRWkI4NjdaSE5tY2ttWkw0UFo2KzkwRldKOVBXaVIKSFA3MXNTRldwWDlZK1E4Y1lSSHlrMEQzRytSYjNEUTlJeUZpYklXZAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t +--- +apiVersion: placement.openstack.org/v1beta1 +kind: PlacementAPI +metadata: + name: placement +spec: + serviceUser: placement + customServiceConfig: | + [DEFAULT] + debug = true + databaseInstance: openstack + databaseUser: placement + debug: + dbSync: false + service: false + preserveJobs: false + replicas: 1 + secret: placement-secret + tls: + api: + internal: + secretName: cert-internal-svc + public: + secretName: cert-public-svc + caBundleSecretName: ca-custom