Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVOPS-2178 add Wallarm Node group 4.8 #263

Merged
merged 6 commits into from
Sep 20, 2023
Merged

DEVOPS-2178 add Wallarm Node group 4.8 #263

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c827b8d
DEVOPS-2178: Add Wallarm Node group
Aug 30, 2023
8c3d8bf
DEVOPS-2178: Update local dev-env to use Wallarm feature
Aug 30, 2023
9085cb8
DEVOPS-2178: Debug register-node
Sep 5, 2023
a517652
DEVOPS-2178: Add more logs regarding wallarm specific files
Sep 7, 2023
de9c876
DEVOPS-2178: set default value of controller.wallarm.nodeGroup to def…
Sep 20, 2023
914f740
DEVOPS-2178: set on sync node in register-node script
Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions build/dev-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,11 @@ if [[ ${KUBE_CLIENT_VERSION} -lt 24 ]]; then
exit 1
fi

echo "[dev-env] building image"
make build image
docker tag "${REGISTRY}/ingress-controller:${TAG}" "${DEV_IMAGE}"
if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then
echo "[dev-env] building image"
make build image
docker tag "${REGISTRY}/ingress-controller:${TAG}" "${DEV_IMAGE}"
fi

export K8S_VERSION=${K8S_VERSION:-v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f}

Expand All @@ -85,6 +87,10 @@ controller:
repository: ${REGISTRY}/ingress-controller
tag: ${TAG}
digest:
wallarm:
enabled: true
apiHost: ${WALLARM_API_HOST}
token: ${WALLARM_API_TOKEN}
config:
worker-processes: "1"
podLabels:
Expand Down
8 changes: 5 additions & 3 deletions charts/ingress-nginx/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,9 +217,7 @@ Create the name of the controller service account to use
- sh
- -c
- >
/opt/wallarm/ruby/usr/share/wallarm-common/synccloud --one-time &&
/opt/wallarm/ruby/usr/share/wallarm-common/sync-ip-lists --one-time -l STDOUT &&
/opt/wallarm/ruby/usr/share/wallarm-common/sync-ip-lists-source --one-time -l STDOUT {{- if eq .Values.controller.wallarm.fallback "on" }} || true {{- end }};
/opt/wallarm/ruby/usr/share/wallarm-common/register-node --force --batch --no-export-env {{- if eq .Values.controller.wallarm.fallback "on" }} || true {{- end }};
timeout 10m /opt/wallarm/ruby/usr/share/wallarm-common/export-environment -l STDOUT || true
env:
{{- include "wallarm.credentials" . | nindent 2 }}
Expand All @@ -233,6 +231,10 @@ Create the name of the controller service account to use
value: www-data
- name: WALLARM_INGRESS_CONTROLLER_VERSION
value: {{ .Chart.Version | quote }}
{{- if .Values.controller.wallarm.nodeGroup }}
- name: WALLARM_LABELS
value: "group={{ .Values.controller.wallarm.nodeGroup }}"
{{- end }}
volumeMounts:
- mountPath: /etc/wallarm
name: wallarm
Expand Down
4 changes: 4 additions & 0 deletions charts/ingress-nginx/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,6 +738,10 @@ controller:
apiPort: 443
apiSSL: true
token: ""
## The name of Node group, required if API token is used to register the Node
## https://docs.wallarm.com/user-guides/nodes/nodes/#api-and-node-tokens-for-node-creation
##
nodeGroup: "defaultIngressGroup"
## Existing secret feature allows to pull Wallarm API token from existing Kubernetes secret
## https://docs.wallarm.com/admin-en/configure-kubernetes-en/#controllerwallarmexistingsecret
##
Expand Down
26 changes: 25 additions & 1 deletion test/smoke/run-smoke-suite.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,26 @@ PYTEST_WORKERS="${PYTEST_WORKERS:-10}"
#TODO We need it here just to don't let test fail. Remove this variable when test will be fixed.
HOSTNAME_OLD_NODE="smoke-tests-old-node"

function get_logs_and_fail() {
get_logs
exit 1
}

function get_logs() {
echo "###### Init container logs ######"
kubectl logs -l "app.kubernetes.io/component=controller" -c addnode --tail=-1
echo "###### Controller container logs ######"
kubectl logs -l "app.kubernetes.io/component=controller" -c controller --tail=-1
echo "###### Cron container logs ######"
kubectl logs -l "app.kubernetes.io/component=controller" -c cron --tail=-1
echo "###### List directory /etc/wallarm"
kubectl exec "${POD}" -c controller -- sh -c "ls -lah /etc/wallarm && cat /etc/wallarm/node.yaml" || true
echo "###### List directory /var/lib/nginx/wallarm"
kubectl exec "${POD}" -c controller -- sh -c "ls -lah /var/lib/nginx/wallarm && ls -lah /var/lib/nginx/wallarm/shm" || true
echo "###### List directory /var/lib/wallarm-acl"
kubectl exec "${POD}" -c controller -- sh -c "ls -lah /var/lib/wallarm-acl" || true
}

declare -a mandatory
mandatory=(
CLIENT_ID
Expand Down Expand Up @@ -68,7 +88,7 @@ fi

echo "Retrieving Wallarm Node UUID ..."
POD=$(kubectl get pod -l "app.kubernetes.io/component=controller" -o=name | cut -d/ -f 2)
NODE_UUID=$(kubectl logs "${POD}" -c addnode | grep 'Registered new instance' | awk -F 'instance ' '{print $2}')
NODE_UUID=$(kubectl exec "${POD}" -c controller -- cat /etc/wallarm/node.yaml | grep uuid | awk '{print $2}')
echo "UUID: ${NODE_UUID}"

echo "Deploying pytest pod ..."
Expand All @@ -90,5 +110,9 @@ kubectl run pytest \

kubectl wait --for=condition=Ready pods --all --timeout=60s

echo "Getting logs ..."
get_logs

echo "Run smoke tests ..."
trap get_logs_and_fail ERR
kubectl exec pytest ${EXEC_ARGS} -- pytest -n ${PYTEST_WORKERS} ${PYTEST_ARGS}