Merge pull request #33 from BrownUniversity/31-add-tests-for-nfs-volumes

chore: add tests for nfs volumes
BrownUniversity · Dec 14, 2023 · c86a383 · c86a383
2 parents 5ec7070 + ffa559b
commit c86a383
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 27 deletions.
diff --git a/.github/workflows/kitchen-tests.yml b/.github/workflows/kitchen-tests.yml
@@ -78,15 +78,54 @@ jobs:
           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
           cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
 
-  test:
+  test-sample-jhub:
     needs: [docker]
-    if: "!contains(github.event.commits[0].message, '[skip ci]')"
+    if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
     runs-on: self-hosted
     container:
       image: "${{ needs.docker.outputs.full_image_id }}"
     steps:
       - uses: actions/checkout@v3
-
+
+      - name: Create Credential File
+        run: |
+          echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json
+        env:
+          GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }}
+      - name: Create TLS Files
+        run: |
+          echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer
+          echo "$JUPYTERHUB_TLS_KEY" > /tmp/tls.key
+        env:
+          JUPYTERHUB_TLS_CER: ${{ secrets.JUPYTERHUB_TLS_CER }}
+          JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }}
+      - name: Authorize service account
+        run: |
+          gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json
+          kubectl config view
+          ls -la /tmp
+      - name: Run Kitchen
+        run: kitchen test sample-jhub
+        env:
+          TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }}
+          TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }}
+          TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }}
+          INFOBLOX_USERNAME: ${{ secrets.INFOBLOX_JHUB_USER }}
+          INFOBLOX_PASSWORD: ${{ secrets.INFOBLOX_JHUB_PSWD }}
+          INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }}
+          TF_VAR_site_certificate_file: /tmp/tls.cer
+          TF_VAR_site_certificate_key_file: /tmp/tls.key
+          USE_GKE_GCLOUD_AUTH_PLUGIN: true
+
+  test-sample-jhub-nfs:
+    needs: [docker]
+    if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }}
+    runs-on: self-hosted
+    container:
+      image: "${{ needs.docker.outputs.full_image_id }}"
+    steps:
+      - uses: actions/checkout@v3
+
       - name: Create Credential File
         run: |
           echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json
@@ -105,7 +144,7 @@ jobs:
           kubectl config view
           ls -la /tmp
       - name: Run Kitchen
-        run: kitchen test
+        run: kitchen test nfs
         env:
           TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }}
           TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }}

diff --git a/.kitchen.yml b/.kitchen.yml
@@ -16,5 +16,11 @@
         driver:
           name: terraform
           root_module_directory: examples/sample-jhub
-          command_timeout: 12000
+          command_timeout: 24000
+          parallelism: 1
+      - name: nfs
+        driver:
+          name: terraform
+          root_module_directory: examples/sample-jhub-nfs
+          command_timeout: 24000
           parallelism: 1
diff --git a/examples/sample-jhub-nfs/main.tf b/examples/sample-jhub-nfs/main.tf
@@ -16,9 +16,7 @@ module "sample-jhub" {
   source = "../../"
 
   # ---------------- PROJECT VARIABLES -----------------------
-  project_name      = "jhub-${local.jhub_tenant}"
-  random_project_id = false
-
+  project_name = "jhub-${local.jhub_tenant}"
 
   # The following variables need to be included in secrets.auto.tfvars
   org_id          = var.org_id
@@ -30,6 +28,7 @@ module "sample-jhub" {
   record_domain   = local.jhub_domain
 
   # ---------------- CLUSTER VARIABLES -----------------------
+  kubernetes_version         = 1.27
   regional                   = false
   region                     = local.gcp_region
   gcp_zone                   = local.gcp_zone
@@ -67,8 +66,8 @@ module "sample-jhub" {
   shared_storage_capacity = 2
 
   # ---------------- HELM/JHUB VARIABLES -----------------------
-  jhub_helm_version   = "1.2.0"
-  helm_deploy_timeout = 2000
+  jhub_helm_version   = "3.0.0-beta.3.git.6259.h5b6e57ed"
+  helm_deploy_timeout = 4000
   helm_values_file    = "./values.yaml"
 
   # ---------------- CRONJOB VARIABLES -----------------------

diff --git a/examples/sample-jhub-nfs/values.yaml b/examples/sample-jhub-nfs/values.yaml
@@ -1,3 +1,7 @@
+hub:
+  db:
+    pvc:
+      storageClassName: standard-rwo
 prePuller:
   continuous:
     enabled: true
@@ -11,40 +15,41 @@ scheduling:
     replicas: 1
   userPods:
     nodeAffinity:
-      matchNodePurpose: require: 
-singleuser: 
+      matchNodePurpose: require
+singleuser:
   memory:
     limit: 1G
     guarantee: 512M
   cpu:
     limit: 1
     guarantee: 0.05
   image:
-    name: gcr.io/jupyterhub-docker-images/jupyterhub-scipy
-    tag: phys1600-spring2020
+    name: gcr.io/jupyterhub-docker-images/mpa2065
+    tag: latest
     pullPolicy: Always
   defaultUrl: "/lab"
   lifecycleHooks:
     postStart:
       exec:
-        command: ["/bin/sh", "-c", "chmod -f 600 /home/jovyan/.ssh/id_rsa || true;"]
+        command:
+          ["/bin/sh", "-c", "chmod -f 600 /home/jovyan/.ssh/id_rsa || true;"]
   #----Needed for shared NFS Volume
   extraEnv:
     CHOWN_HOME: "yes"
-    CHOWN_HOME_OPTS: '-R'
+    CHOWN_HOME_OPTS: "-R"
     # GRANT_SUDO: "yes"
     CHOWN_EXTRA: "/home/jovyan/shared"
-    CHOWN_EXTRA_OPTS: '-R'
+    CHOWN_EXTRA_OPTS: "-R"
   uid: 0
   fsGid: 0
   cmd: "start-singleuser.sh"
   storage:
     extraVolumes:
-      - name: jupyterhub-shared
+      - name: jhub-nfs-volume
         persistentVolumeClaim:
           claimName: nfs-volume
     extraVolumeMounts:
-      - name: jupyterhub-shared
+      - name: jhub-nfs-volume
         mountPath: /home/jovyan/shared
   #----End of shared NFS Volume
 proxy:
@@ -55,7 +60,6 @@ proxy:
       name: jupyterhub-tls
       key: tls.key
       crt: tls.crt
-
 # proxy:
 #   https:
-#     enabled: true
+#     enabled: true
diff --git a/modules/helm-jhub/main.tf b/modules/helm-jhub/main.tf
@@ -114,13 +114,13 @@ resource "helm_release" "jhub" {
   # This is to set the NFS-shared related variables 
   # Syntax didn't work out, but we should revisit as having it in the Helm values file doesn't
   # allow us to set the name according to the variables
-  #   dynamic "set" {
-  #     for_each = var.use_shared_volume == false ? {} : local.share_volume_helm
-  #     content {
-  #       name  = set.key
-  #       value = set.value
-  #     }
+  # dynamic "set" {
+  #   for_each = var.use_shared_volume == false ? {} : local.share_volume_helm
+  #   content {
+  #     name  = set.key
+  #     value = set.value
   #   }
+  # }
 
   depends_on = [local.helm_release_wait_condition, module.shared-nfs]
 }

diff --git a/modules/shared-nfs/versions.tf b/modules/shared-nfs/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    google      = ">= 4.72.0, <5.0.0"
+    google-beta = ">= 4.72.0, <5.0.0"
+    kubernetes  = ">= 2.22.0"
+    helm        = ">= 2.10.1"
+    random = {
+      source  = "hashicorp/random"
+      version = "3.5.1"
+    }
+  }
+}