chore!: extract smoketest into independent module (#116)

README.md

@@ -12,9 +12,8 @@ The final state is a regional gke cluster running on a private network with a ba
 - `bootstrap` - Enables required APIs and provisions the initial "inception" service account as well as the GCS bucket to store all terraform state required in all other phases. This step should be executed 1 time only and not automated.
 - `inception` - Provisions all security sensitive resourced like the vpc network, bastion, roles, service accounts etc.
 - `platform` - Provisions the gke cluster itself
-- `services` - Deploys the [ingress-nginx](https://github.com/kubernetes/ingress-nginx) and [cert-manager](https://cert-manager.io/docs/) charts onto the k8s cluster - basic dependencies for everything else that will be deployed to kubernetes.
 
-The `bootstrap`, `inception` and `platform` modules currently only support GCP while the `services` module is IaaS independent.
+The `bootstrap`, `inception` and `platform` modules currently only support GCP.
 In the future additional versions of the first 3 modules will be developped to support other IaaSes.
 
 The structure of the modules is intended to support continous delivery.

ci/commons.lib.yml

@@ -20,8 +20,8 @@
 #@   return testflight_group_name(cloud) + "-postgresql"
 #@ end
 
-#@ def testflight_services_job_name(cloud):
-#@   return testflight_group_name(cloud) + "-services"
+#@ def testflight_smoketest_job_name(cloud):
+#@   return testflight_group_name(cloud) + "-smoketest"
 #@ end
 
 #@ def testflight_cleanup_postgresql_job_name(cloud):

ci/gcp.lib.yml

@@ -5,7 +5,7 @@
 #@   "testflight_inception_job_name",
 #@   "testflight_platform_job_name",
 #@   "testflight_postgresql_job_name",
-#@   "testflight_services_job_name",
+#@   "testflight_smoketest_job_name",
 #@   "testflight_cleanup_job_name",
 #@   "testflight_cleanup_postgresql_job_name",
 #@   "bump_repos_job_name",
@@ -35,7 +35,7 @@ source:
   - modules/inception/gcp
   - modules/platform/gcp
   - modules/postgresql/gcp
-  - modules/services
+  - modules/smoketest/gcp
   uri: #@ data.values.git_uri
   branch: #@ data.values.git_branch
   private_key: #@ data.values.github_private_key
@@ -158,8 +158,8 @@ plan:
 on_failure: #@ slack_failure_notification()
 #@ end
 
-#@ def gcp_testflight_services_job():
-name: #@ testflight_services_job_name("gcp")
+#@ def gcp_testflight_smoketest_job():
+name: #@ testflight_smoketest_job_name("gcp")
 serial: true
 plan:
 - get: gcp-testflight-lock
@@ -177,7 +177,7 @@ plan:
   - get: gcp-testflight-uid
     passed:
     - #@ testflight_platform_job_name("gcp")
-- task: services
+- task: smoketest
   config:
     platform: linux
     image_resource: #@ task_image_config()
@@ -190,7 +190,7 @@ plan:
       path: testflight-uid
     params: #@ gcp_testflight_task_params()
     run:
-      path: pipeline-tasks/ci/tasks/gcp/services.sh
+      path: pipeline-tasks/ci/tasks/gcp/smoketest.sh
 - #@ slack_success_notification()
 on_failure: #@ slack_failure_notification()
 #@ end
@@ -238,22 +238,22 @@ serial: true
 plan:
 - get: gcp-testflight-lock
   passed:
-  - #@ testflight_services_job_name("gcp")
+  - #@ testflight_smoketest_job_name("gcp")
   - #@ testflight_cleanup_postgresql_job_name("gcp")
 - in_parallel:
   - get: #@ modules_resource_name("gcp")
     trigger: true
     passed:
-    - #@ testflight_services_job_name("gcp")
+    - #@ testflight_smoketest_job_name("gcp")
     - #@ testflight_cleanup_postgresql_job_name("gcp")
   - get: repo
     passed:
-    - #@ testflight_services_job_name("gcp")
+    - #@ testflight_smoketest_job_name("gcp")
     - #@ testflight_cleanup_postgresql_job_name("gcp")
   - { get: pipeline-tasks }
   - get: gcp-testflight-uid
     passed:
-    - #@ testflight_services_job_name("gcp")
+    - #@ testflight_smoketest_job_name("gcp")
     - #@ testflight_cleanup_postgresql_job_name("gcp")
 - task: teardown
   config:
@@ -435,7 +435,7 @@ source:
 - #@ gcp_testflight_bootstrap_job()
 - #@ gcp_testflight_inception_job()
 - #@ gcp_testflight_platform_job()
-- #@ gcp_testflight_services_job()
+- #@ gcp_testflight_smoketest_job()
 - #@ gcp_testflight_postgresql_job()
 - #@ gcp_testflight_cleanup_postgresql_job()
 - #@ gcp_testflight_cleanup_job()

ci/pipeline.yml

@@ -1,12 +1,12 @@
 #@ load("@ytt:data", "data")
 
-#@ load("commons.lib.yml", 
+#@ load("commons.lib.yml",
 #@   "testflight_group_name",
 #@   "testflight_bootstrap_job_name",
 #@   "testflight_inception_job_name",
 #@   "testflight_platform_job_name",
 #@   "testflight_postgresql_job_name",
-#@   "testflight_services_job_name",
+#@   "testflight_smoketest_job_name",
 #@   "testflight_cleanup_job_name",
 #@   "testflight_cleanup_postgresql_job_name",
 #@   "bump_repos_job_name",
@@ -30,7 +30,7 @@ groups:
   - #@ testflight_bootstrap_job_name(cloud)
   - #@ testflight_inception_job_name(cloud)
   - #@ testflight_platform_job_name(cloud)
-  - #@ testflight_services_job_name(cloud)
+  - #@ testflight_smoketest_job_name(cloud)
   - #@ testflight_cleanup_job_name(cloud)
   #@ if cloud == "gcp":
   - #@ testflight_postgresql_job_name(cloud)
@@ -47,7 +47,7 @@ groups:
   - #@ testflight_bootstrap_job_name(cloud)
   - #@ testflight_inception_job_name(cloud)
   - #@ testflight_platform_job_name(cloud)
-  - #@ testflight_services_job_name(cloud)
+  - #@ testflight_smoketest_job_name(cloud)
   - #@ testflight_cleanup_job_name(cloud)
   #@ if cloud == "gcp":
   - #@ testflight_postgresql_job_name(cloud)

ci/tasks/gcp/services.sh → ci/tasks/gcp/smoketest.sh

@@ -28,7 +28,7 @@ export ADDITIONAL_SSH_OPTS="-o StrictHostKeyChecking=no -i ${CI_ROOT}/login.ssh"
 gcloud compute os-login ssh-keys add --key-file=${CI_ROOT}/login.ssh.pub
 
 cp ${CI_ROOT}/gcloud-creds.json ./
-bin/prep-services.sh
+bin/prep-smoketest.sh
 
 set +e
 for i in {1..60}; do
@@ -38,4 +38,4 @@ for i in {1..60}; do
 done
 set -e
 
-gcloud compute ssh --ssh-key-file=${CI_ROOT}/login.ssh ${bastion_name} --zone=${bastion_zone} -- "cd repo/examples/gcp; export GOOGLE_APPLICATION_CREDENTIALS=\$(pwd)/gcloud-creds.json; echo yes | make initial-services && echo yes | make services"
+gcloud compute ssh --ssh-key-file=${CI_ROOT}/login.ssh ${bastion_name} --zone=${bastion_zone} -- "cd repo/examples/gcp; export GOOGLE_APPLICATION_CREDENTIALS=\$(pwd)/gcloud-creds.json; echo yes | make smoketest"

ci/tasks/gcp/teardown.sh

@@ -22,9 +22,9 @@ bastion_zone="$(cd inception && terraform output bastion_zone | jq -r)"
 export BASTION_USER="sa_$(cat ${CI_ROOT}/gcloud-creds.json  | jq -r '.client_id')"
 export ADDITIONAL_SSH_OPTS="-o StrictHostKeyChecking=no -i ${CI_ROOT}/login.ssh"
 
-bin/prep-services.sh
+bin/prep-smoketest.sh
 
-gcloud compute ssh --ssh-key-file=${CI_ROOT}/login.ssh ${bastion_name} --zone=${bastion_zone} -- "cd repo/examples/gcp; export GOOGLE_APPLICATION_CREDENTIALS=\$(pwd)/gcloud-creds.json; echo yes | make destroy-services"
+gcloud compute ssh --ssh-key-file=${CI_ROOT}/login.ssh ${bastion_name} --zone=${bastion_zone} -- "cd repo/examples/gcp; export GOOGLE_APPLICATION_CREDENTIALS=\$(pwd)/gcloud-creds.json; echo yes | make destroy-smoketest"
 
 echo yes | make destroy-platform
 echo yes | GOOGLE_CREDENTIALS=$(cat inception-sa-creds.json) make destroy-inception

examples/gcp/Makefile

@@ -14,13 +14,9 @@ platform:
 	cd platform \
 		&& $(TF) apply
 
-initial-services:
-	cd services \
+smoketest:
+	cd smoketest \
 		&& $(TF) init \
-		&& $(TF) apply -target module.services.helm_release.cert_manager
-
-services:
-	cd services \
 		&& $(TF) apply
 
 postgresql:
@@ -35,8 +31,8 @@ destroy-inception:
 		&& $(TF) state rm module.inception.google_storage_bucket_iam_policy.policy || true
 	cd inception && $(TF) destroy
 
-destroy-services:
-	cd services \
+destroy-smoketest:
+	cd smoketest \
 		&& $(TF) destroy
 
 destroy-platform:
@@ -51,4 +47,4 @@ destroy-postgresql:
 	cd postgresql \
 		&& $(TF) destroy
 
-.PHONY: bootstrap inception platform services postgresql
+.PHONY: bootstrap inception platform smoketest postgresql

examples/gcp/README.md

@@ -86,26 +86,3 @@ $ gcloud compute ssh ${bastion_name} --zone=${bastion_zone} --project=${gcp_proj
 <select 2fa method>
 $ <bastion-user>@<bastion-name>
 ```
-
-## Services phase
-
-The [`services`](./services/main.tf) phase will bring up a few global dependencies that are pre-requisits for the galoy helm charts to function.
-To bring them up you must first sync the local code to the bastion via:
-```
-bin/prep-services.sh
-```
-Once the code has been uploaded you should ssh onto the bastion and login to gcloud from there:
-```
-$ gcloud compute ssh ${bastion_name} --zone=${bastion_zone} --project=${gcp_project}
-$ gcloud auth login
-(...)
-$ kauth
-$ gcloud auth application-default login
-```
-Once you have completed the authentication you should be able to talk to k8s and execute the rollout of the services phase:
-```
-$ k get ns
-$ cd repo/examples/gcp
-$ make initial-services
-$ make services
-```

examples/gcp/bin/prep-services.sh → examples/gcp/bin/prep-smoketest.sh

@@ -27,13 +27,13 @@ cluster_ca_cert="$(terraform output -json cluster_ca_cert | jq -r)"
 
 popd
 
-pushd services
+pushd smoketest
 
 cat <<EOF > terraform.tf
 terraform {
   backend "gcs" {
     bucket = "${tf_state_bucket_name}"
-    prefix = "${name_prefix}/services"
+    prefix = "${name_prefix}/smoketest"
   }
 }
 EOF

modules/inception/gcp/tf-state-bucket.tf

@@ -57,8 +57,8 @@ data "google_iam_policy" "tf_state_access" {
       ]
 
       condition {
-        title      = "${local.name_prefix}/services"
-        expression = "resource.name.startsWith(\"projects/_/buckets/${google_storage_bucket.tf_state.name}/objects/${local.name_prefix}/services\")"
+        title      = "${local.name_prefix}/smoketest"
+        expression = "resource.name.startsWith(\"projects/_/buckets/${google_storage_bucket.tf_state.name}/objects/${local.name_prefix}/smoketest\")"
       }
     }
   }

modules/smoketest/gcp/output.tf

@@ -0,0 +1,9 @@
+output "smoketest_kubeconfig" {
+  value = base64encode(templatefile("${path.module}/kubeconfig.tmpl.yml",
+    { name : "smoketest",
+      namespace : local.smoketest_namespace,
+      cert : local.cluster_ca_cert,
+      endpoint : local.cluster_endpoint,
+      token = data.kubernetes_secret.smoketest_token.data.token
+  }))
+}

modules/smoketest/gcp/variables.tf

@@ -0,0 +1,17 @@
+variable "name_prefix" {}
+variable "cluster_endpoint" {}
+variable "cluster_ca_cert" {}
+
+variable "smoketest_cronjob" { default = false }
+
+locals {
+  name_prefix      = var.name_prefix
+  cluster_endpoint = var.cluster_endpoint
+  cluster_ca_cert  = var.cluster_ca_cert
+
+  smoketest_namespace    = "${local.name_prefix}-smoketest"
+  smoketest_name         = "smoketest"
+  smoketest_cronjob      = var.smoketest_cronjob
+  smoketest_cronjob_name = "${local.smoketest_name}-cronjob"
+  galoy_namespace        = "${local.name_prefix}-galoy"
+}