Skip to content

Commit

Permalink
fix: allow to deploy Kong EE in DBLess mode (#757)
Browse files Browse the repository at this point in the history
  • Loading branch information
programmer04 authored Jul 25, 2023
1 parent ae6ce7b commit 208cdc1
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 34 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

## v0.34.0

- Fix KTF to properly deploy Kong Gateway Enterprise in DBLess mode
[#757](https://github.com/Kong/kubernetes-testing-framework/pull/757)

## v0.33.0

- Make `KustomizeDeployForCluster` and `KustomizeDeleteForCluster` always
Expand Down
48 changes: 23 additions & 25 deletions pkg/clusters/addons/kong/addon.go
Original file line number Diff line number Diff line change
Expand Up @@ -299,39 +299,39 @@ func (a *Addon) Deploy(ctx context.Context, cluster clusters.Cluster) error {
a.deployArgs = append(a.deployArgs, "--set", fmt.Sprintf("env.log_level=%s", a.proxyLogLevel))
}

// deploy licenses and other configurations for enterprise mode
// Deploy licenses and other configurations for enterprise mode.
if a.proxyEnterpriseEnabled {
// deploy the license as a Kubernetes secret to enable enterprise features for the proxy
// Set the enterprise defaults helm installation values.
a.deployArgs = append(a.deployArgs, enterpriseDefaults()...)
// Deploy the license as a Kubernetes secret to enable enterprise features for the proxy.
if err := deployKongEnterpriseLicenseSecret(ctx, cluster, a.namespace, DefaultEnterpriseLicenseSecretName, a.proxyEnterpriseLicenseJSON); err != nil {
return err
}

// deploy the superadmin password as a Kubernetes secret adjacent to the proxy pod and configure
// the chart to use that secret to configure controller auth to the admin API.
a.proxyEnterpriseSuperAdminPassword, err = deployEnterpriseSuperAdminPasswordSecret(ctx, cluster, a.namespace, a.proxyEnterpriseSuperAdminPassword)
if err != nil {
return err
}
if !a.ingressControllerDisabled {
a.deployArgs = append(a.deployArgs,
"--set", fmt.Sprintf("ingressController.env.kong_admin_token.valueFrom.secretKeyRef.name=%s", DefaultEnterpriseAdminPasswordSecretName),
)
a.deployArgs = append(a.deployArgs,
"--set", "ingressController.env.kong_admin_token.valueFrom.secretKeyRef.key=password",
)
// For DB-less mode, admin password can't be configured because there is nowhere for it to be stored.
if a.proxyDBMode != DBLESS {
// Deploy the superadmin password as a Kubernetes secret adjacent to the proxy pod and configure
// the chart to use that secret to configure controller auth to the admin API.
a.proxyEnterpriseSuperAdminPassword, err = deployEnterpriseSuperAdminPasswordSecret(ctx, cluster, a.namespace, a.proxyEnterpriseSuperAdminPassword)
if err != nil {
return err
}
a.deployArgs = append(a.deployArgs, "--set", fmt.Sprintf("env.password.valueFrom.secretKeyRef.name=%s", DefaultEnterpriseAdminPasswordSecretName))
a.deployArgs = append(a.deployArgs, "--set", "env.password.valueFrom.secretKeyRef.key=password")
a.deployArgs = append(a.deployArgs, "--set", "enterprise.rbac.enabled=true", "--set", "env.enforce_rbac=on")
if !a.ingressControllerDisabled {
a.deployArgs = append(
a.deployArgs,
"--set", fmt.Sprintf("ingressController.env.kong_admin_token.valueFrom.secretKeyRef.name=%s", DefaultEnterpriseAdminPasswordSecretName),
)
a.deployArgs = append(a.deployArgs, "--set", "ingressController.env.kong_admin_token.valueFrom.secretKeyRef.key=password")
}
}
a.deployArgs = append(a.deployArgs,
"--set", fmt.Sprintf("env.password.valueFrom.secretKeyRef.name=%s", DefaultEnterpriseAdminPasswordSecretName),
)
a.deployArgs = append(a.deployArgs, "--set", "env.password.valueFrom.secretKeyRef.key=password")

// deploy the admin session configuration needed for enterprise enabled mode
// Deploy the admin session configuration needed for enterprise enabled mode.
if err := deployKongEnterpriseAdminGUISessionConf(ctx, cluster, a.namespace); err != nil {
return err
}

// set the enterprise defaults helm installation values
a.deployArgs = append(a.deployArgs, enterpriseDefaults()...)
}

for name, value := range a.proxyEnvVars {
Expand Down Expand Up @@ -557,8 +557,6 @@ func defaults() []string {
func enterpriseDefaults() []string {
return []string{
"--set", "enterprise.enabled=true",
"--set", "enterprise.rbac.enabled=true",
"--set", "env.enforce_rbac=on",
"--set", "admin.annotations.konghq.com/protocol=http",
"--set", fmt.Sprintf("enterprise.license_secret=%s", DefaultEnterpriseLicenseSecretName),
}
Expand Down
34 changes: 25 additions & 9 deletions test/integration/enterprise_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (

func TestKongEnterprisePostgres(t *testing.T) {
SkipEnterpriseTestIfNoEnv(t)
t.Parallel()

licenseJSON := prepareKongEnterpriseLicense(t)

Expand All @@ -40,6 +39,20 @@ func TestKongEnterprisePostgres(t *testing.T) {
deployAndTestKongEnterprise(t, kongAddon, adminPassword)
}

func TestKongEnterpriseDBLess(t *testing.T) {
SkipEnterpriseTestIfNoEnv(t)

licenseJSON := prepareKongEnterpriseLicense(t)

t.Log("configuring the testing environment")
kongAddon := kongaddon.NewBuilder().
WithProxyAdminServiceTypeLoadBalancer().
WithProxyEnterpriseEnabled(licenseJSON).
Build()

deployAndTestKongEnterprise(t, kongAddon, "")
}

// deployAndTestKongEnterprise deploys a Kong Enterprise cluster and tests it for basic functionality.
// It works for both DB-less and DB-mode deployments (configuration of kongAddon). For DB-less set adminPassword to "".
// It verifies that workspace (enterprise feature) can be successfully created.
Expand Down Expand Up @@ -97,26 +110,29 @@ func deployAndTestKongEnterprise(t *testing.T, kongAddon *kongaddon.Addon, admin
t, httpClient, req, test.WithStatusCode(http.StatusOK), test.WithBodyContains("<title>httpbin.org</title>"),
)

const workspaceToCreate = "test-workspace"
const consumerGroupToCreate = "test-consumer-group"
if adminPassword != "" {
t.Log("verifying enterprise workspace API functionality using /workspaces (works only for dbmode)")
t.Log("verifying enterprise consumer groups API functionality using /consumer_groups (works only for dbmode)")
req, err = http.NewRequestWithContext(
ctx, http.MethodPost, adminURL.JoinPath("/workspaces").String(),
strings.NewReader(fmt.Sprintf(`{"name": "%s"}`, workspaceToCreate)),
ctx, http.MethodPost, adminURL.JoinPath("/consumer_groups").String(),
strings.NewReader(fmt.Sprintf(`{"name": "%s"}`, consumerGroupToCreate)),
)
require.NoError(t, err)
decorateRequestWithAdminPassword(t, req, adminPassword)
} else {
t.Log("verifying enterprise workspace API functionality using /config (works only for dblessmode)")
t.Fatal("not implemented yet")
t.Log("verifying enterprise consumer groups API functionality using /config (works only for dblessmode)")
req, err = http.NewRequestWithContext(
ctx, http.MethodPost, adminURL.JoinPath("/config").String(),
strings.NewReader(fmt.Sprintf(`{"_format_version": "3.0", "consumer_groups": [{"name": "%s"}]}`, consumerGroupToCreate)),
)
}
req.Header.Set("Content-Type", "application/json")
test.EventuallyExpectResponse(t, httpClient, req, test.WithStatusCode(http.StatusCreated))

t.Log("verifying that the workspace was indeed created")
t.Log("verifying that the consumer group was indeed created")
req, err = http.NewRequestWithContext(
ctx, http.MethodGet,
adminURL.JoinPath("/workspaces/").JoinPath(workspaceToCreate).String(),
adminURL.JoinPath("/consumer_groups/").JoinPath(consumerGroupToCreate).String(),
nil,
)
require.NoError(t, err)
Expand Down

0 comments on commit 208cdc1

Please sign in to comment.