diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index bf176647..dda00312 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -16,8 +16,25 @@ on: - "sec-scanners-config.yaml" jobs: + wait-until-build-succeeds: + runs-on: ubuntu-latest + steps: + - name: Wait for the 'pull-eventing-manager-build' job to succeed + uses: kyma-project/wait-for-commit-status-action@2b3ffe09af8b6f40e1213d5fb7f91a7bd41ffb20 + with: + context: "pull-eventing-manager-build" + commit_ref: "${{ github.event.pull_request.head.sha }}" # Note: 'github.event.pull_request.head.sha' is not same as 'github.sha' on pull requests. + timeout: 600000 # 10 minutes in milliseconds + # The check interval is kept long otherwise it will exhaust the GitHub rate limit (More info: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting) + check_interval: 60000 # 1 minute in milliseconds + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + GITHUB_OWNER: "${{ github.repository_owner }}" + GITHUB_REPO: "eventing-manager" + nats: runs-on: ubuntu-latest + needs: wait-until-build-succeeds steps: - uses: actions/checkout@v4 @@ -45,19 +62,6 @@ jobs: run: | make install IMG=$MANAGER_IMAGE - - name: Wait for the 'pull-eventing-manager-build' job to succeed - uses: kyma-project/wait-for-commit-status-action@2b3ffe09af8b6f40e1213d5fb7f91a7bd41ffb20 - with: - context: "pull-eventing-manager-build" - commit_ref: "${{ github.event.pull_request.head.sha }}" # Note: 'github.event.pull_request.head.sha' is not same as 'github.sha' on pull requests. - timeout: 600000 # 10 minutes in milliseconds - # The check interval is kept long otherwise it will exhaust the GitHub rate limit (More info: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting) - check_interval: 60000 # 1 minute in milliseconds - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - GITHUB_OWNER: "${{ github.repository_owner }}" - GITHUB_REPO: "eventing-manager" - - name: Deploy the controller to the cluster run: | kubectl create ns kyma-system || true @@ -95,6 +99,7 @@ jobs: PeerAuthentication: runs-on: ubuntu-latest + needs: wait-until-build-succeeds steps: - uses: actions/checkout@v4 @@ -118,19 +123,6 @@ jobs: run: | make install IMG=$MANAGER_IMAGE - - name: Wait for the 'pull-eventing-manager-build' job to succeed - uses: kyma-project/wait-for-commit-status-action@2b3ffe09af8b6f40e1213d5fb7f91a7bd41ffb20 - with: - context: "pull-eventing-manager-build" - commit_ref: "${{ github.event.pull_request.head.sha }}" # Note: 'github.event.pull_request.head.sha' is not same as 'github.sha' on pull requests. - timeout: 600000 # 10 minutes in milliseconds - # The check interval is kept long otherwise it will exhaust the GitHub rate limit (More info: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting) - check_interval: 60000 # 1 minute in milliseconds - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - GITHUB_OWNER: "${{ github.repository_owner }}" - GITHUB_REPO: "eventing-manager" - - name: Deploy the controller to the cluster run: | kubectl create ns kyma-system || true @@ -144,3 +136,30 @@ jobs: if: failure() run: | kubectl get peerauthentications.security.istio.io -A -o yaml + + backend-switching: + runs-on: ubuntu-latest + needs: wait-until-build-succeeds + + steps: + - uses: actions/checkout@v4 + + - name: Cache Binaries + id: cache-binaries + uses: actions/cache@v3 + with: + path: bin + key: ${{ runner.os }}-bin + + - name: Install Kyma CLI + run: | + make kyma + + - name: Provision Gardener Cluster + run: | + make -C hack/ci/ provision-gardener-cluster + kubectl version + kubectl cluster-info + kubectl get nodes -o wide + + diff --git a/hack/ci/Makefile b/hack/ci/Makefile index 5b2ed831..cc199cbe 100644 --- a/hack/ci/Makefile +++ b/hack/ci/Makefile @@ -83,3 +83,28 @@ install-k3d-tools: ## Create k3d with kyma CRDs. .PHONY: apply-peerauthentication-crd apply-peerauthentication-crd: kubectl apply -f ../../config/crd/for-tests/security.istio.io_peerauthentication.yaml + +.PHONY: deploy-latest-released-nats-manager +deploy-latest-released-nats-manager: + $(eval LATEST_NATS_VERSION := $(shell curl -s https://api.github.com/repos/kyma-project/nats-manager/releases/latest | jq -r '.tag_name')) + @echo "Deploying NATS Manager: ${LATEST_NATS_VERSION}" + kubectl apply -f https://github.com/kyma-project/nats-manager/releases/latest/download/nats-manager.yaml + kubectl apply -f https://github.com/kyma-project/nats-manager/releases/latest/download/nats-default-cr.yaml + +.PHONY: wait-nats-cr-ready +wait-nats-cr-ready: + kubectl wait nats.operator.kyma-project.io -n kyma-system eventing-nats --timeout=300s --for=jsonpath='{.status.state}'=Ready + +.PHONY: wait-eventing-cr-ready +wait-eventing-cr-ready: + kubectl wait eventing.operator.kyma-project.io -n kyma-system eventing --timeout=300s --for=jsonpath='{.status.state}'=Ready + +.PHONY: wait-eventing-cr-ready-with-backend +wait-eventing-cr-ready-with-backend: + kubectl wait eventing.operator.kyma-project.io -n kyma-system eventing --timeout=300s --for=jsonpath='{.status.state}'=Ready --for=jsonpath='{.status.activeBackend}'=${ACTIVE_BACKEND} + +.PHONY: provision-gardener-cluster +provision-gardener-cluster: + PROJECT_ROOT="${PROJECT_ROOT}" ${PROJECT_ROOT}/scripts/provision-gardener-aws.sh + + diff --git a/scripts/gardener/aws.sh b/scripts/gardener/aws.sh new file mode 100755 index 00000000..6903c42c --- /dev/null +++ b/scripts/gardener/aws.sh @@ -0,0 +1,112 @@ +#!/usr/bin/env bash + +#Permissions: In order to run this script you need to use a service account with permissions equivalent to the following GCP roles: +# - Compute Admin +# - Service Account User +# - Service Account Admin +# - Service Account Token Creator +# - Make sure the service account is enabled for the Google Identity and Access Management API. + +source "${PROJECT_ROOT}/scripts/utils/log.sh" +source "${PROJECT_ROOT}/scripts/utils/utils.sh" + +gardener::init() { + requiredVars=( + GARDENER_REGION + GARDENER_ZONES + GARDENER_KUBECONFIG + GARDENER_PROJECT_NAME + GARDENER_PROVIDER_SECRET_NAME + GARDENER_CLUSTER_VERSION + ) + utils::check_required_vars "${requiredVars[@]}" + + # set default values + if [ -z "$MACHINE_TYPE" ]; then + export MACHINE_TYPE="m5.xlarge" + fi +} + +gardener::provision_cluster() { + log::info "Provision cluster: \"${CLUSTER_NAME}\"" + if [ "${#CLUSTER_NAME}" -gt 9 ]; then + log::error "Provided cluster name is too long" + return 1 + fi + + # decreasing attempts to 2 because we will try to create new cluster from scratch on exit code other than 0 + kyma provision gardener aws \ + --secret "${GARDENER_PROVIDER_SECRET_NAME}" \ + --name "${CLUSTER_NAME}" \ + --project "${GARDENER_PROJECT_NAME}" \ + --credentials "${GARDENER_KUBECONFIG}" \ + --region "${GARDENER_REGION}" \ + --zones "${GARDENER_ZONES}" \ + --type "${MACHINE_TYPE}" \ + --scaler-max 4 \ + --scaler-min 2 \ + --kube-version="${GARDENER_CLUSTER_VERSION}" \ + --attempts 1 \ + --verbose \ + --hibernation-start "" +} + +gardener::cleanup() { + log::info "Deprovision cluster: \"${CLUSTER_NAME}\"" + gardener::deprovision_cluster \ + -p "${GARDENER_PROJECT_NAME}" \ + -c "${CLUSTER_NAME}" \ + -f "${GARDENER_KUBECONFIG}" +} + +# gardener::deprovision_cluster removes a Gardener cluster +# +# Arguments: +# +# required: +# p - project name +# c - cluster name +# f - kubeconfig file path +function gardener::deprovision_cluster() { + local OPTIND + local projectName + local clusterName + local kubeconfigFile + local namespace + local wait="false" + + while getopts ":p:c:f:w:" opt; do + case $opt in + p) + projectName="$OPTARG" ;; + c) + clusterName="$OPTARG" ;; + f) + kubeconfigFile="$OPTARG" ;; + w) + wait=${OPTARG:-$wait} ;; + \?) + echo "Invalid option: -$OPTARG" >&2; exit 1 ;; + :) + echo "Option -$OPTARG argument not provided" >&2 ;; + esac + done + + + utils::check_empty_arg "$projectName" "Project name is empty. Exiting..." + utils::check_empty_arg "$clusterName" "Cluster name is empty. Exiting..." + utils::check_empty_arg "$kubeconfigFile" "Kubeconfig file path is empty. Exiting..." + + log::info "Deprovision cluster: ${clusterName}" + + namespace="garden-${projectName}" + + kubectl annotate shoot "${clusterName}" confirmation.gardener.cloud/deletion=true \ + --overwrite \ + -n "${namespace}" \ + --kubeconfig "${kubeconfigFile}" + kubectl delete shoot "${clusterName}" \ + --wait="${wait}" \ + --kubeconfig "${kubeconfigFile}" \ + -n "${namespace}" +} diff --git a/scripts/provision-gardener-aws.sh b/scripts/provision-gardener-aws.sh new file mode 100755 index 00000000..92e3973b --- /dev/null +++ b/scripts/provision-gardener-aws.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +source "${PROJECT_ROOT}/scripts/gardener/aws.sh" + +gardener::init + +gardener::provision_cluster diff --git a/scripts/utils/log.sh b/scripts/utils/log.sh new file mode 100755 index 00000000..7e5cff32 --- /dev/null +++ b/scripts/utils/log.sh @@ -0,0 +1,85 @@ +#!/usr/bin/env bash + +# log::date returns the current date in format expected by logs +function log::date { + date +"%Y-%m-%d %T %Z" +} + +# log::dump_trace prints stacktrace when an error occurs. +# +log::dump_trace() { + local frame=1 line func source n=0 + while caller "$frame"; do + ((frame++)) + done | while read -r line func source; do + ((n++ == 0)) && { + printf 'Encountered an error\n' + } + printf '%4s at %s\n' " " "$func ($source:$line)" + done +} + +# log::banner prints message with INFO level in banner form for easier spotting in log files +# +# Arguments: +# $* - Message +function log::banner { + local logdate + logdate=$(log::date) + local scriptname + scriptname=${BASH_SOURCE[1]:-$1} + echo -e "${logdate} [INFO] *************************************************************************************" + echo -e "${logdate} [INFO] [$scriptname] * $*" + echo -e "${logdate} [INFO] *************************************************************************************" +} + +# log::info prints message with info level +# +# Arguments: +# $* - Message +function log::info { + local funcname # get function that called this + local scriptname + funcname=${FUNCNAME[1]} + scriptname=${BASH_SOURCE[1]:-$1} + echo -e "$(log::date) [INFO] PID:$$ --- [$scriptname] $funcname:${BASH_LINENO[1]} $*" +} + +# log::success prints a message with info level +# +# Arguments: +# $* - Message +function log::success { + local logdate + logdate=$(log::date) + echo -e "${logdate} [INFO] =====================================================================================" + echo -e "${logdate} [INFO] = SUCCESS =" + echo -e "${logdate} [INFO] =====================================================================================" + echo -e "${logdate} [INFO] = $*" + echo -e "${logdate} [INFO] =====================================================================================" +} + +# log::warn prints a message with warning level +# +# Arguments: +# $* - Message +function log::warn { + local funcname # get function that called this + local scriptname + funcname=${FUNCNAME[1]} + scriptname=${BASH_SOURCE[1]:-$1} + echo -e "$(log::date) [WARN] PID:$$ --- [$scriptname] $funcname:${BASH_LINENO[1]} $*" +} + +# log::error prints a message with error level +# +# Arguments: +# $* - Message +function log::error { + local funcname # get function that called this + local scriptname + funcname=${FUNCNAME[1]} + scriptname=${BASH_SOURCE[1]:-$1} + >&2 echo -e "$(log::date) [ERROR] PID:$$ --- [$scriptname] $funcname:${BASH_LINENO[1]} $*" + >&2 log::dump_trace +} \ No newline at end of file diff --git a/scripts/utils/utils.sh b/scripts/utils/utils.sh new file mode 100755 index 00000000..27c2b9e5 --- /dev/null +++ b/scripts/utils/utils.sh @@ -0,0 +1,19 @@ + +source "${PROJECT_ROOT}/scripts/utils/log.sh" + +# utils::check_required_vars checks if all provided variables are initialized +# Arguments +# $1 - list of variables +function utils::check_required_vars() { + log::info "Checks if all provided variables are initialized" + local discoverUnsetVar=false + for var in "$@"; do + if [ -z "${!var}" ] ; then + log::warn "ERROR: $var is not set" + discoverUnsetVar=true + fi + done + if [ "${discoverUnsetVar}" = true ] ; then + exit 1 + fi +}