From fad91a14da5c0cc5ffd6f5a939163ce0fc00be25 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 10:20:10 -0500 Subject: [PATCH 01/35] ci: add integration tests --- .buildkite/pipeline.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index 897ecb6d..4af6e8ca 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -25,3 +25,15 @@ steps: - "echo \"checking for uncommitted changes\"" - "[[ -z $(git status -s) ]]" agents: { queue: standard } + + - label: ":book: Verify helm-docs is up-to-date" + commands: + - "./scripts/helm-docs.sh" + - "echo \"checking for uncommitted changes\"" + - "[[ -z $(git status -s) ]]" + agents: { queue: standard } + + - label: ":merge: Helm Integration" + commands: + - "which kind" + agents: { queue: standard } From 820e3cb8b50fc4e725a58834a42ecbbe373b2e3f Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 11:10:47 -0500 Subject: [PATCH 02/35] introduce ci script --- .buildkite/pipeline.yaml | 5 +++-- scripts/ci/helm-integration.sh | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100755 scripts/ci/helm-integration.sh diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index 4af6e8ca..d05fe6b6 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -33,7 +33,8 @@ steps: - "[[ -z $(git status -s) ]]" agents: { queue: standard } - - label: ":merge: Helm Integration" + - label: ":jigsaw: Helm Integration" commands: - - "which kind" + - "./scripts/ci/install-helm-env.sh" + - "./scripts/ci/helm-integration.sh" agents: { queue: standard } diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh new file mode 100755 index 00000000..0a2c323c --- /dev/null +++ b/scripts/ci/helm-integration.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -euf -o pipefail + + +# Install asdf kind plugin +#asdf plugin add kind https://github.com/virtualstaticvoid/asdf-kind.git + +# Install kind via asdf +# TBD + +curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.12.0/kind-darwin-amd64 +chmod +x ./kind + +./kind cluster create From 3ddd4e15276635e7df4889cfb9021a856e6422d9 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 11:12:29 -0500 Subject: [PATCH 03/35] debug --- .buildkite/pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index d05fe6b6..fefb17d3 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -35,6 +35,6 @@ steps: - label: ":jigsaw: Helm Integration" commands: - - "./scripts/ci/install-helm-env.sh" + # - "./scripts/ci/install-helm-env.sh" - "./scripts/ci/helm-integration.sh" agents: { queue: standard } From 1f9a9c6298455fb2327200e76a8f151c9193fc22 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 11:27:33 -0500 Subject: [PATCH 04/35] install kind --- .gitignore | 1 + scripts/ci/helm-integration.sh | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index e420ee4b..52c71bb2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ target/* +kind diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 0a2c323c..b78365d2 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -9,7 +9,20 @@ set -euf -o pipefail # Install kind via asdf # TBD -curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.12.0/kind-darwin-amd64 +KIND_VERSION=0.12.0 + +if [[ `uname -a | grep -i "Linux"` && `uname -a | grep -i "x86"` ]] +then + DOWNLOADABLE=kind-linux-amd64 +elif [[ `uname -a | grep -i "Darwin"` && `uname -a | grep -i "x86"` ]] +then + DOWNLOADABLE=kind-darwin-amd64 +elif [[ `uname -a | grep -i "Darwin"` && `uname -a | grep -i "arm64"` ]] +then + DOWNLOADABLE=kind-darwin-amd64 +fi + +curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/${DOWNLOADABLE}" chmod +x ./kind -./kind cluster create +./kind create cluster From de973d6117150f601dbfea8dd81cf0ea377ad587 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 11:32:47 -0500 Subject: [PATCH 05/35] naieve attempt at rootless docker --- scripts/ci/helm-integration.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index b78365d2..8bfa665a 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -25,4 +25,8 @@ fi curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/${DOWNLOADABLE}" chmod +x ./kind +# Rootless Docker +export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock + +# Create integration cluster ./kind create cluster From 18a0a96aae96761bc831e8c397e65d6399f0bed1 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Mon, 25 Apr 2022 11:37:11 -0500 Subject: [PATCH 06/35] Use baremetal agent --- .buildkite/pipeline.yaml | 2 +- scripts/ci/helm-integration.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index fefb17d3..cb62ef85 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -37,4 +37,4 @@ steps: commands: # - "./scripts/ci/install-helm-env.sh" - "./scripts/ci/helm-integration.sh" - agents: { queue: standard } + agents: { queue: baremetal } diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 8bfa665a..c29ecca8 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -26,7 +26,7 @@ curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v${KI chmod +x ./kind # Rootless Docker -export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock +#export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock # Create integration cluster ./kind create cluster From 191460fa2170a69bdaedaecdcfd07faf853207c1 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Tue, 3 May 2022 07:32:50 -0500 Subject: [PATCH 07/35] use terraform --- .tool-versions | 1 + scripts/ci/helm-integration.sh | 29 ++++------------------------- 2 files changed, 5 insertions(+), 25 deletions(-) create mode 100644 .tool-versions diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 00000000..af81d547 --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +terraform 1.1.9 diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index c29ecca8..b021f8ea 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -3,30 +3,9 @@ set -euf -o pipefail -# Install asdf kind plugin +# Install asdf terraform plugin #asdf plugin add kind https://github.com/virtualstaticvoid/asdf-kind.git +asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git -# Install kind via asdf -# TBD - -KIND_VERSION=0.12.0 - -if [[ `uname -a | grep -i "Linux"` && `uname -a | grep -i "x86"` ]] -then - DOWNLOADABLE=kind-linux-amd64 -elif [[ `uname -a | grep -i "Darwin"` && `uname -a | grep -i "x86"` ]] -then - DOWNLOADABLE=kind-darwin-amd64 -elif [[ `uname -a | grep -i "Darwin"` && `uname -a | grep -i "arm64"` ]] -then - DOWNLOADABLE=kind-darwin-amd64 -fi - -curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/${DOWNLOADABLE}" -chmod +x ./kind - -# Rootless Docker -#export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock - -# Create integration cluster -./kind create cluster +# Install terraform via asdf +asdf install From 0c2958c04d126e276e1718445b6bd5e44eabe687 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Tue, 3 May 2022 07:37:42 -0500 Subject: [PATCH 08/35] conditionally add plugin if not installed --- scripts/ci/helm-integration.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index b021f8ea..0a860e7e 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -5,7 +5,10 @@ set -euf -o pipefail # Install asdf terraform plugin #asdf plugin add kind https://github.com/virtualstaticvoid/asdf-kind.git -asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git +TERRAFORM_CHECK=$(asdf which terraform) +if [[ $? -ne 0 ]]; then + asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git +fi # Install terraform via asdf asdf install From 803eb7dc00196468d0223f10da7776ba799cc084 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Tue, 3 May 2022 07:39:14 -0500 Subject: [PATCH 09/35] remove plugin install: --- scripts/ci/helm-integration.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 0a860e7e..c8a3ce5d 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -3,12 +3,8 @@ set -euf -o pipefail -# Install asdf terraform plugin -#asdf plugin add kind https://github.com/virtualstaticvoid/asdf-kind.git -TERRAFORM_CHECK=$(asdf which terraform) -if [[ $? -ne 0 ]]; then - asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git -fi +# Install asdf terraform plugin - managed by stateless agent configuration +# asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git # Install terraform via asdf asdf install From cc4f45ce55b06c16c0da180a694f06974e99ee2e Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Tue, 3 May 2022 07:40:19 -0500 Subject: [PATCH 10/35] use stateless agent --- .buildkite/pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index cb62ef85..fefb17d3 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -37,4 +37,4 @@ steps: commands: # - "./scripts/ci/install-helm-env.sh" - "./scripts/ci/helm-integration.sh" - agents: { queue: baremetal } + agents: { queue: standard } From 690baacf0f1e25959a0c3eafb4c0cbb4b1cdd46b Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 07:30:57 -0500 Subject: [PATCH 11/35] shamelessly borrow hashicorp's prior art --- scripts/ci/terraform/main.tf | 72 +++++++++++++++++++++++++++++++ scripts/ci/terraform/outputs.tf | 7 +++ scripts/ci/terraform/variables.tf | 28 ++++++++++++ 3 files changed, 107 insertions(+) create mode 100644 scripts/ci/terraform/main.tf create mode 100644 scripts/ci/terraform/outputs.tf create mode 100644 scripts/ci/terraform/variables.tf diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf new file mode 100644 index 00000000..a1f46669 --- /dev/null +++ b/scripts/ci/terraform/main.tf @@ -0,0 +1,72 @@ +provider "google" { + project = "${var.project}" +} + +resource "random_id" "suffix" { + byte_length = 4 +} + +data "google_container_engine_versions" "main" { + location = "${var.zone}" + version_prefix = "1.20." +} + +data "google_service_account" "gcpapi" { + account_id = "${var.gcp_service_account}" +} + +resource "google_container_cluster" "cluster" { + name = "vault-helm-dev-${random_id.suffix.dec}" + project = "${var.project}" + enable_legacy_abac = true + initial_node_count = 1 + location = "${var.zone}" + min_master_version = "${data.google_container_engine_versions.main.latest_master_version}" + node_version = "${data.google_container_engine_versions.main.latest_node_version}" + + node_config { + #service account for nodes to use + oauth_scopes = [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.read_write", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + + service_account = "${data.google_service_account.gcpapi.email}" + } +} + +resource "null_resource" "kubectl" { + count = "${var.init_cli ? 1 : 0 }" + + triggers = { + cluster = "${google_container_cluster.cluster.id}" + } + + # On creation, we want to setup the kubectl credentials. The easiest way + # to do this is to shell out to gcloud. + provisioner "local-exec" { + command = "gcloud container clusters get-credentials --zone=${var.zone} ${google_container_cluster.cluster.name}" + } + + # On destroy we want to try to clean up the kubectl credentials. This + # might fail if the credentials are already cleaned up or something so we + # want this to continue on failure. Generally, this works just fine since + # it only operates on local data. + provisioner "local-exec" { + when = "destroy" + on_failure = "continue" + command = "kubectl config get-clusters | grep ${google_container_cluster.cluster.name} | xargs -n1 kubectl config delete-cluster" + } + + provisioner "local-exec" { + when = "destroy" + on_failure = "continue" + command = "kubectl config get-contexts | grep ${google_container_cluster.cluster.name} | xargs -n1 kubectl config delete-context" + } +} diff --git a/scripts/ci/terraform/outputs.tf b/scripts/ci/terraform/outputs.tf new file mode 100644 index 00000000..6435d2b7 --- /dev/null +++ b/scripts/ci/terraform/outputs.tf @@ -0,0 +1,7 @@ +output "cluster_id" { + value = "${google_container_cluster.cluster.id}" +} + +output "cluster_name" { + value = "${google_container_cluster.cluster.name}" +} diff --git a/scripts/ci/terraform/variables.tf b/scripts/ci/terraform/variables.tf new file mode 100644 index 00000000..9e44e4ea --- /dev/null +++ b/scripts/ci/terraform/variables.tf @@ -0,0 +1,28 @@ +variable "project" { + default = "sourcegraph-ci" + + description = < Date: Thu, 5 May 2022 07:32:10 -0500 Subject: [PATCH 12/35] execute terraform commands to see if this is possible --- scripts/ci/helm-integration.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index c8a3ce5d..5c56fcb4 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -8,3 +8,7 @@ set -euf -o pipefail # Install terraform via asdf asdf install + + +asdf terraform init +asdf terraform plan From 5867bd44685613eaf79759594dadaee47c055807 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 07:34:01 -0500 Subject: [PATCH 13/35] fixup --- scripts/ci/helm-integration.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 5c56fcb4..a4e20eec 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -10,5 +10,5 @@ set -euf -o pipefail asdf install -asdf terraform init -asdf terraform plan +asdf exec terraform init +asdf exec terraform plan From 32451aaa46fcb53ce23788a3d9b2f2e8d64fb8a2 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 07:35:57 -0500 Subject: [PATCH 14/35] run from terraform directory --- scripts/ci/helm-integration.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index a4e20eec..0d8e4051 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -9,6 +9,7 @@ set -euf -o pipefail # Install terraform via asdf asdf install +cd scripts/ci/terraform asdf exec terraform init asdf exec terraform plan From 4375a3605a89c7d947f4694aaec7c73bc159b4c9 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:00:09 -0500 Subject: [PATCH 15/35] try this workaround --- scripts/ci/terraform/main.tf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf index a1f46669..df1cd997 100644 --- a/scripts/ci/terraform/main.tf +++ b/scripts/ci/terraform/main.tf @@ -45,13 +45,15 @@ resource "null_resource" "kubectl" { count = "${var.init_cli ? 1 : 0 }" triggers = { - cluster = "${google_container_cluster.cluster.id}" + cluster_id = "${google_container_cluster.cluster.id}" + cluster_name= "${google_container_cluster.cluster.name}" + } # On creation, we want to setup the kubectl credentials. The easiest way # to do this is to shell out to gcloud. provisioner "local-exec" { - command = "gcloud container clusters get-credentials --zone=${var.zone} ${google_container_cluster.cluster.name}" + command = "gcloud container clusters get-credentials --zone=${var.zone} ${self.triggers.cluster_name}" } # On destroy we want to try to clean up the kubectl credentials. This @@ -61,12 +63,12 @@ resource "null_resource" "kubectl" { provisioner "local-exec" { when = "destroy" on_failure = "continue" - command = "kubectl config get-clusters | grep ${google_container_cluster.cluster.name} | xargs -n1 kubectl config delete-cluster" + command = "kubectl config get-clusters | grep ${self.triggers.cluster_name} | xargs -n1 kubectl config delete-cluster" } provisioner "local-exec" { when = "destroy" on_failure = "continue" - command = "kubectl config get-contexts | grep ${google_container_cluster.cluster.name} | xargs -n1 kubectl config delete-context" + command = "kubectl config get-contexts | grep ${self.triggers.cluster_name} | xargs -n1 kubectl config delete-context" } } From 48a3f9a3c012f15f920c60fc0e382b2a225b3635 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:09:42 -0500 Subject: [PATCH 16/35] terraform it up --- scripts/ci/terraform/main.tf | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf index df1cd997..27ea2121 100644 --- a/scripts/ci/terraform/main.tf +++ b/scripts/ci/terraform/main.tf @@ -1,5 +1,5 @@ provider "google" { - project = "${var.project}" + project = var.project } resource "random_id" "suffix" { @@ -7,7 +7,7 @@ resource "random_id" "suffix" { } data "google_container_engine_versions" "main" { - location = "${var.zone}" + location = var.zone version_prefix = "1.20." } @@ -17,7 +17,7 @@ data "google_service_account" "gcpapi" { resource "google_container_cluster" "cluster" { name = "vault-helm-dev-${random_id.suffix.dec}" - project = "${var.project}" + project = var.project enable_legacy_abac = true initial_node_count = 1 location = "${var.zone}" @@ -42,12 +42,12 @@ resource "google_container_cluster" "cluster" { } resource "null_resource" "kubectl" { - count = "${var.init_cli ? 1 : 0 }" + count = "${var.init_cli ? 1 : 0}" triggers = { - cluster_id = "${google_container_cluster.cluster.id}" - cluster_name= "${google_container_cluster.cluster.name}" - + cluster_id = "${google_container_cluster.cluster.id}" + cluster_name = "${google_container_cluster.cluster.name}" + } # On creation, we want to setup the kubectl credentials. The easiest way @@ -61,14 +61,14 @@ resource "null_resource" "kubectl" { # want this to continue on failure. Generally, this works just fine since # it only operates on local data. provisioner "local-exec" { - when = "destroy" - on_failure = "continue" + when = destroy + on_failure = continue command = "kubectl config get-clusters | grep ${self.triggers.cluster_name} | xargs -n1 kubectl config delete-cluster" } provisioner "local-exec" { - when = "destroy" - on_failure = "continue" + when = destroy + on_failure = continue command = "kubectl config get-contexts | grep ${self.triggers.cluster_name} | xargs -n1 kubectl config delete-context" } } From 91ea49644332bcfb94f07098d9a6df15141b1dda Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:11:41 -0500 Subject: [PATCH 17/35] apply --- scripts/ci/helm-integration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 0d8e4051..2c58bbef 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -12,4 +12,4 @@ asdf install cd scripts/ci/terraform asdf exec terraform init -asdf exec terraform plan +asdf exec terraform apply -auto-approve From b18a2fc213cb3eb26e6eef3372c8ef0c56af2ca5 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:50:49 -0500 Subject: [PATCH 18/35] install kubectl --- .tool-versions | 1 + scripts/ci/helm-integration.sh | 10 ++++++++-- scripts/ci/terraform/main.tf | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.tool-versions b/.tool-versions index af81d547..04344d8c 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,2 @@ terraform 1.1.9 +kubectl 1.22.5 diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 2c58bbef..7373a48d 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -5,11 +5,17 @@ set -euf -o pipefail # Install asdf terraform plugin - managed by stateless agent configuration # asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git +asdf plugin-add kubectl https://github.com/asdf-community/asdf-kubectl.git # Install terraform via asdf asdf install +asdf reshim cd scripts/ci/terraform -asdf exec terraform init -asdf exec terraform apply -auto-approve +terraform init +terraform apply -auto-approve + +echo "TESTS would happen here" + +terraform destroy -auto-approve diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf index 27ea2121..d0bef9ed 100644 --- a/scripts/ci/terraform/main.tf +++ b/scripts/ci/terraform/main.tf @@ -47,13 +47,13 @@ resource "null_resource" "kubectl" { triggers = { cluster_id = "${google_container_cluster.cluster.id}" cluster_name = "${google_container_cluster.cluster.name}" - + project = var.project } # On creation, we want to setup the kubectl credentials. The easiest way # to do this is to shell out to gcloud. provisioner "local-exec" { - command = "gcloud container clusters get-credentials --zone=${var.zone} ${self.triggers.cluster_name}" + command = "gcloud container clusters get-credentials --zone=${var.zone} ${self.triggers.cluster_name} --project ${self.project}" } # On destroy we want to try to clean up the kubectl credentials. This From 8eb9874d87df20d995143ce78e1e0bea59b3a59a Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:52:08 -0500 Subject: [PATCH 19/35] fixup --- scripts/ci/helm-integration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 7373a48d..fcddf0f9 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -5,7 +5,7 @@ set -euf -o pipefail # Install asdf terraform plugin - managed by stateless agent configuration # asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git -asdf plugin-add kubectl https://github.com/asdf-community/asdf-kubectl.git +#asdf plugin-add kubectl https://github.com/asdf-community/asdf-kubectl.git # Install terraform via asdf asdf install From 974bab5bce934fbead66e10aaf626341dba39cda Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 08:53:56 -0500 Subject: [PATCH 20/35] fixup --- scripts/ci/terraform/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf index d0bef9ed..94049aec 100644 --- a/scripts/ci/terraform/main.tf +++ b/scripts/ci/terraform/main.tf @@ -47,13 +47,13 @@ resource "null_resource" "kubectl" { triggers = { cluster_id = "${google_container_cluster.cluster.id}" cluster_name = "${google_container_cluster.cluster.name}" - project = var.project + project = var.project } # On creation, we want to setup the kubectl credentials. The easiest way # to do this is to shell out to gcloud. provisioner "local-exec" { - command = "gcloud container clusters get-credentials --zone=${var.zone} ${self.triggers.cluster_name} --project ${self.project}" + command = "gcloud container clusters get-credentials --zone=${var.zone} ${self.triggers.cluster_name} --project=${self.triggers.project}" } # On destroy we want to try to clean up the kubectl credentials. This From 1c71cd3808027caccfbd411557d509d295ecd72f Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 09:22:08 -0500 Subject: [PATCH 21/35] install helm --- .tool-versions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.tool-versions b/.tool-versions index 04344d8c..9ec22526 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,3 @@ -terraform 1.1.9 +helm 3.7.2 kubectl 1.22.5 +terraform 1.1.9 From b994260466ad45e7ea51ccbff86f2be27fa9bd8c Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 09:33:53 -0500 Subject: [PATCH 22/35] add smoke test --- scripts/ci/helm-integration.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index fcddf0f9..9e81055a 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -11,11 +11,21 @@ set -euf -o pipefail asdf install asdf reshim +pushd $(pwd) cd scripts/ci/terraform terraform init -terraform apply -auto-approve +terraform apply -auto-approve || true -echo "TESTS would happen here" +popd -terraform destroy -auto-approve +# Smoke test, replaces manual testing +helm upgrade \ + --install \ + --create-namespace -n sourcegraph-${BUILDKITE_BUILD_NUMBER} \ + --set sourcegraph.localDevMode \ + sourcegraph charts/sourcegraph/. || true + +# Cleanup +cd scripts/ci/terraform +terraform destroy -auto-approve || true From ad9bd53deb27228d72d6d0bd2107eac619792461 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 10:04:28 -0500 Subject: [PATCH 23/35] facepalm: add the value --- scripts/ci/helm-integration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 9e81055a..f66b80b5 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -23,7 +23,7 @@ popd helm upgrade \ --install \ --create-namespace -n sourcegraph-${BUILDKITE_BUILD_NUMBER} \ - --set sourcegraph.localDevMode \ + --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true # Cleanup From 3eac95aefcf237f6e152f8cf2a55625f1b709585 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 10:31:21 -0500 Subject: [PATCH 24/35] Do a silly check --- scripts/ci/helm-integration.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index f66b80b5..bb972449 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -26,6 +26,14 @@ helm upgrade \ --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true +sleep 10 + +kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} + +sleep 10 + +kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} + # Cleanup cd scripts/ci/terraform terraform destroy -auto-approve || true From e79dfa04bb7141a007327fe72e3d6242530ad98d Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 10:45:45 -0500 Subject: [PATCH 25/35] Add wait condition for frontend to become available --- scripts/ci/helm-integration.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index bb972449..fab9a6d4 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -26,11 +26,9 @@ helm upgrade \ --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true -sleep 10 -kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} - -sleep 10 +# Wait for frontend pods to stabilize +kubectl wait --for=condition=Ready --timeout=5m pod -l app=app=sourcegraph-frontend kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} From f9f30ac3aa80aaf9f82d9ef29395495494803759 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 10:50:37 -0500 Subject: [PATCH 26/35] fixup --- scripts/ci/helm-integration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index fab9a6d4..284332b3 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -28,7 +28,7 @@ helm upgrade \ # Wait for frontend pods to stabilize -kubectl wait --for=condition=Ready --timeout=5m pod -l app=app=sourcegraph-frontend +kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} From 2d256b260e14b64e1ce496b345829dfa43608004 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 10:56:10 -0500 Subject: [PATCH 27/35] set default namespace --- scripts/ci/helm-integration.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 284332b3..1d4848a4 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -22,15 +22,21 @@ popd # Smoke test, replaces manual testing helm upgrade \ --install \ - --create-namespace -n sourcegraph-${BUILDKITE_BUILD_NUMBER} \ + --create-namespace -n sourcegraph \ --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true +# Set the default namespace +kubectl config set-context --current --namespace sourcegraph + +# Add a delay for registration to occur +sleep 5 # Wait for frontend pods to stabilize kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend -kubectl get pods -n sourcegraph-${BUILDKITE_BUILD_NUMBER} +# We would want to do actual tests here ... +kubectl get pods -n sourcegraph # Cleanup cd scripts/ci/terraform From 9d57dce5e77385c0bc950ad3a74cf75d4882235a Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 11:11:45 -0500 Subject: [PATCH 28/35] add more nodes --- scripts/ci/helm-integration.sh | 7 ++----- scripts/ci/terraform/main.tf | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 1d4848a4..68fbfdc9 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -29,14 +29,11 @@ helm upgrade \ # Set the default namespace kubectl config set-context --current --namespace sourcegraph -# Add a delay for registration to occur -sleep 5 - # Wait for frontend pods to stabilize -kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend +kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend || true # We would want to do actual tests here ... -kubectl get pods -n sourcegraph +kubectl get pods -n sourcegraph || true # Cleanup cd scripts/ci/terraform diff --git a/scripts/ci/terraform/main.tf b/scripts/ci/terraform/main.tf index 94049aec..49711bfc 100644 --- a/scripts/ci/terraform/main.tf +++ b/scripts/ci/terraform/main.tf @@ -19,7 +19,7 @@ resource "google_container_cluster" "cluster" { name = "vault-helm-dev-${random_id.suffix.dec}" project = var.project enable_legacy_abac = true - initial_node_count = 1 + initial_node_count = 3 location = "${var.zone}" min_master_version = "${data.google_container_engine_versions.main.latest_master_version}" node_version = "${data.google_container_engine_versions.main.latest_node_version}" From 5b117618c683c1ef950c13ff74a3d14274fde3ae Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 11:21:29 -0500 Subject: [PATCH 29/35] Wait up --- scripts/ci/helm-integration.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 68fbfdc9..edee43b9 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -30,10 +30,10 @@ helm upgrade \ kubectl config set-context --current --namespace sourcegraph # Wait for frontend pods to stabilize -kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend || true +kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend # We would want to do actual tests here ... -kubectl get pods -n sourcegraph || true +kubectl get pods -n sourcegraph # Cleanup cd scripts/ci/terraform From 877a291774d8afbf17117680ad1f5dc4bd92539c Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 11:45:12 -0500 Subject: [PATCH 30/35] add look-back integration testing --- scripts/ci/helm-integration.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index edee43b9..2c495a8c 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -19,7 +19,10 @@ terraform apply -auto-approve || true popd -# Smoke test, replaces manual testing +# checkout main branch +git checkout main + +# integration test: install chart at main branch ref helm upgrade \ --install \ --create-namespace -n sourcegraph \ @@ -32,6 +35,22 @@ kubectl config set-context --current --namespace sourcegraph # Wait for frontend pods to stabilize kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend +# checkout current branch +git checkout HEAD + +# verify git-fu +git status + +# integration test: install chart with changes in this branch +helm upgrade \ + --install \ + --create-namespace -n sourcegraph \ + --set sourcegraph.localDevMode=true \ + sourcegraph charts/sourcegraph/. || true + +# Wait for frontend pods to stabilize +kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend + # We would want to do actual tests here ... kubectl get pods -n sourcegraph From e37ec0c39097260958f4652879c6e199c92b02dd Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 11:54:37 -0500 Subject: [PATCH 31/35] Add change to chart --- charts/sourcegraph/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index e4a65001..02a7bea6 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -1,3 +1,4 @@ +# sample test # To customize these values, use an override file: # https://sourcegraph.com/github.com/sourcegraph/deploy-sourcegraph-helm/-/blob/charts/sourcegraph/README.md#customizations From c691a84ca1b6419a9b3c4e94fe81dc7db49fa948 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 11:57:21 -0500 Subject: [PATCH 32/35] git-fu --- scripts/ci/helm-integration.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 2c495a8c..fdafb668 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -20,7 +20,7 @@ terraform apply -auto-approve || true popd # checkout main branch -git checkout main +git checkout main charts/sourcegraph # integration test: install chart at main branch ref helm upgrade \ @@ -36,7 +36,7 @@ kubectl config set-context --current --namespace sourcegraph kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend # checkout current branch -git checkout HEAD +git checkout . # verify git-fu git status From 4c6c99f05876b10b52f45f90b72efa59ba1458da Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 12:06:02 -0500 Subject: [PATCH 33/35] exclude terraform resources --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 52c71bb2..678609e6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ target/* kind +*.terraform/** +*.tfstat +*.terraform.lock.hcl From c3fed99a63ce447da752c26e498a77513af03525 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 12:08:55 -0500 Subject: [PATCH 34/35] fixup --- scripts/ci/helm-integration.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index fdafb668..7ff52960 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -26,6 +26,7 @@ git checkout main charts/sourcegraph helm upgrade \ --install \ --create-namespace -n sourcegraph \ + --wait \ --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true @@ -36,7 +37,7 @@ kubectl config set-context --current --namespace sourcegraph kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend # checkout current branch -git checkout . +git reset HEAD --hard # verify git-fu git status @@ -45,6 +46,7 @@ git status helm upgrade \ --install \ --create-namespace -n sourcegraph \ + --wait \ --set sourcegraph.localDevMode=true \ sourcegraph charts/sourcegraph/. || true From 65bef7fe5668225cb8964ca2b4cfb84ac017cc70 Mon Sep 17 00:00:00 2001 From: Kevin Wojkovich Date: Thu, 5 May 2022 12:11:07 -0500 Subject: [PATCH 35/35] Fixup --- scripts/ci/helm-integration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-integration.sh b/scripts/ci/helm-integration.sh index 7ff52960..ec9cb96a 100755 --- a/scripts/ci/helm-integration.sh +++ b/scripts/ci/helm-integration.sh @@ -37,7 +37,7 @@ kubectl config set-context --current --namespace sourcegraph kubectl wait --for=condition=Ready --timeout=5m pod -l app=sourcegraph-frontend # checkout current branch -git reset HEAD --hard +git checkout HEAD charts/sourcegraph # verify git-fu git status