HPCC-29584 Add github action to test helm/k8s #18186
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,178 @@ | ||
| name: 'Deploy HPCC on K8s' | ||
| description: 'Builds a docker image and deploys a HPCC cluster on K8s' | ||
| inputs: | ||
| os: | ||
| description: 'Operating System' | ||
| required: false | ||
| default: 'ubuntu-22.04' | ||
| asset-name: | ||
| description: 'Asset Name' | ||
| required: false | ||
| default: 'docker-ubuntu-22_04-containerized' | ||
| platform-folder: | ||
| description: 'Platform Folder' | ||
| required: false | ||
| default: './HPCC-Platform' | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: Free additional disk space (remove Android SDK + Tools) | ||
| run: | | ||
| sudo rm -rf /usr/local/lib/android | ||
| shell: bash | ||
|
|
||
| - name: Download Package | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: ${{ inputs.asset-name }} | ||
| path: ${{ inputs.asset-name }} | ||
|
|
||
| - name: Download Support Files | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: ${{ inputs.asset-name }}-support-files | ||
| path: ${{ inputs.asset-name }}-support-files | ||
|
|
||
| - name: Install K8s | ||
| uses: balchua/[email protected] | ||
| with: | ||
| channel: '1.27/stable' | ||
| devMode: 'true' | ||
| addons: '["dns", "rbac", "hostpath-storage", "helm", "registry"]' | ||
|
|
||
| - name: Wait for registry startup | ||
| run: | | ||
| kubectl wait pods --for=jsonpath='{.status.phase}'=Running -l app=registry -n container-registry --timeout=90s | ||
| shell: bash | ||
|
|
||
| # Note: We need to move the package file due to the Dockerfile expecting it in the platform folder | ||
| - name: Find & Move Package | ||
| run: | | ||
| k8s_pkg_path=$(ls -t ./${{ inputs.asset-name }}/*.deb 2>/dev/null | head -1) | ||
| k8s_pkg_file=$(basename "$k8s_pkg_path") | ||
| mv ${k8s_pkg_path} ${{ inputs.platform-folder }}/${k8s_pkg_file} | ||
| echo "k8s_pkg_file=$k8s_pkg_file" >> $GITHUB_ENV | ||
| echo "$k8s_pkg_file" | ||
| shell: bash | ||
|
|
||
| - name: Set up Docker Buildx | ||
| id: buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: | | ||
| network=host | ||
|
|
||
| - name: Calculate vars | ||
| id: vars | ||
| run: | | ||
| community_base_ref=${{ github.event.base_ref || github.ref }} | ||
| candidate_branch=$(echo $community_base_ref | cut -d'/' -f3) | ||
| echo "candidate_branch=$candidate_branch" >> $GITHUB_OUTPUT | ||
| echo "candidate_base_branch=$(echo $candidate_branch | awk -F'.' -v OFS='.' '{ $3="x"; print }')" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: Create Docker Image (community) | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| builder: ${{ steps.buildx.outputs.name }} | ||
| file: ${{ inputs.platform-folder }}/dockerfiles/vcpkg/platform-core-ubuntu-22.04/Dockerfile | ||
| context: ${{ inputs.platform-folder }}/ | ||
| push: true | ||
| tags: localhost:32000/hpccsystems/platform-core:latest | ||
| build-args: | | ||
| PKG_FILE=${{ env.k8s_pkg_file }} | ||
| cache-from: | | ||
| type=registry,ref=hpccsystems/platform-core-${{ inputs.os }}:${{ steps.vars.outputs.candidate_base_branch }} | ||
|
|
||
| # Note: IP Address range below is the IP address range that will be made available for load balancers | ||
| # on the host machine, they aren't actual load balancers so they will not be accessible externally | ||
| - name: Enable LoadBalancers | ||
| run: | | ||
| sudo microk8s enable metallb:10.64.140.43-10.64.140.69 | ||
| shell: bash | ||
|
|
||
| - name: Create Root Certificates | ||
| run: | | ||
| echo "[req] | ||
| default_bits = 2048 | ||
| default_keyfile = ca.key | ||
| distinguished_name = dn | ||
| prompt = no | ||
| x509_extensions = x509_ca | ||
|
|
||
| [dn] | ||
| C = US | ||
| ST = GA | ||
| L = Alparetta | ||
| O = Lexis Nexis Risk | ||
| OU = Platform Development | ||
| CN = TestCluster | ||
| emailAddress = [email protected] | ||
|
|
||
| [x509_ca] | ||
| basicConstraints=CA:true,pathlen:1" > ca-req.cfg | ||
| openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -sha256 -days 1825 -out ca.crt -config ca-req.cfg | ||
| kubectl create secret tls hpcc-signing-issuer-key-pair --cert=ca.crt --key=ca.key | ||
| kubectl create secret tls hpcc-local-issuer-key-pair --cert=ca.crt --key=ca.key | ||
| sudo keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias hpcc-local-issuer -file ca.crt | ||
| shell: bash | ||
|
|
||
| - name: Install JetStack Cert Manager | ||
| run: | | ||
| sudo microk8s helm repo add jetstack https://charts.jetstack.io | ||
| sudo microk8s helm repo update | ||
| kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml | ||
| sudo microk8s helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.11.0 | ||
| shell: bash | ||
|
|
||
| - name: Install HPCC Cluster | ||
| run: | | ||
| cat <<EOF > values.yaml | ||
| certificates: | ||
| enabled: true | ||
| dafilesrv: | ||
| - name: rowservice | ||
| disabled: false | ||
| application: stream | ||
| service: | ||
| servicePort: 7600 | ||
| visibility: global | ||
| - name: spray-service | ||
| application: spray | ||
| service: | ||
| servicePort: 7300 | ||
| visibility: cluster | ||
| EOF | ||
| sudo microk8s helm install myhpcc ${{ inputs.platform-folder }}/helm/hpcc --set global.image.root=localhost:32000/hpccsystems --set global.image.version=latest -f values.yaml | ||
| shell: bash | ||
|
|
||
| - name: Wait for Deployment Rollout & Grab Service IPs | ||
| run: | | ||
| sleep 10 | ||
| deploy=$(kubectl get deploy -o name) | ||
| for i in $deploy; do kubectl rollout status $i -w --timeout=180s; done | ||
| echo "ECLWATCH_IP=$(kubectl get svc eclwatch -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | ||
| echo "ROWSERVICE_IP=$(kubectl get svc rowservice -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | ||
| echo "SQL_TO_ECL_IP=$(kubectl get svc sql2ecl -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | ||
| kubectl get pods | ||
| kubectl get svc | ||
| shell: bash | ||
|
|
||
| - name: Add Host File Entries | ||
| run: | | ||
| sudo -- sh -c -e "echo '${{ env.ECLWATCH_IP }} eclwatch.default' >> /etc/hosts"; | ||
| sudo -- sh -c -e "echo '${{ env.ROWSERVICE_IP }} rowservice.default' >> /etc/hosts"; | ||
| sudo -- sh -c -e "echo '${{ env.SQL_TO_ECL_IP }} sql2ecl.default' >> /etc/hosts"; | ||
| shell: bash | ||
|
|
||
| - name: Trust Certs | ||
| run: | | ||
| openssl s_client -showcerts -connect eclwatch.default:8010 < /dev/null | openssl x509 -outform DER > cert.der | ||
| sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias eclwatch-tls -file cert.der | ||
| openssl s_client -showcerts -connect rowservice.default:7600 < /dev/null | openssl x509 -outform DER > cert.der | ||
| sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias dafilesrv-tls -file cert.der | ||
| openssl s_client -showcerts -connect sql2ecl.default:8510 < /dev/null | openssl x509 -outform DER > cert.der | ||
| sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias sqltoecl-tls -file cert.der | ||
| shell: bash | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| name: Regression Suite on K8s | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| os: | ||
| type: string | ||
| description: 'Operating System' | ||
| required: false | ||
| default: 'ubuntu-22.04' | ||
| asset-name: | ||
| type: string | ||
| description: 'Asset Name' | ||
| required: false | ||
| default: 'docker-ubuntu-22_04-containerized' | ||
|
|
||
| jobs: | ||
| build-docker: | ||
| name: build-docker-${{ inputs.os }} | ||
| if: ${{ contains('pull_request,push', github.event_name) }} | ||
| uses: ./.github/workflows/build-docker.yml | ||
| with: | ||
| os: ${{ inputs.os }} | ||
| upload-package: true | ||
| containerized: true | ||
| asset-name: ${{ inputs.asset-name }} | ||
| secrets: inherit | ||
|
|
||
| main: | ||
| name: K8s Regression Suite | ||
| needs: build-docker | ||
| runs-on: ${{ inputs.os }} | ||
| steps: | ||
| - name: Checkout PR | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| submodules: recursive | ||
| path: ./HPCC-Platform | ||
| - name: Deploy HPCC on K8s | ||
| uses: ./HPCC-Platform/.github/actions/deploy-hpcc-k8s | ||
| with: | ||
| os: ${{ inputs.os }} | ||
| asset-name: ${{ inputs.asset-name }} | ||
| platform-folder: ./HPCC-Platform | ||
|
|
||
| succeeded: | ||
| runs-on: ${{ inputs.os }} | ||
| needs: main | ||
| steps: | ||
| - shell: "bash" | ||
| run: | | ||
| echo "...all tests passed..." | ||
|
There was a problem hiding this comment. I assume this is just a placeholder in this 'test-regression-suite-k8s' action - and some actual regression suite tests will be run from here in next changes? There was a problem hiding this comment. Right, I am planning on adding the HPCC4j unit tests as a regression suite for ESP, but hope this can provide a base for other tests against K8s as well. There was a problem hiding this comment. Right, it will be good to get this foundation merged, which will test k8s startup etc, then we can start to expand to add regression tests. |
||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curious why package needs to be moved?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question, I believe I was doing that to debug an issue and can probably just reference the original path directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jakesmith Turns out this was required. The Dockerfile looks for the pkg file in the platform directory. I added a comment noting why it was required.