diff --git a/charts/hedera-network/templates/rbac/pod-monitor-role.yaml b/charts/hedera-network/templates/rbac/pod-monitor-role.yaml deleted file mode 100644 index dd8ccbd8e..000000000 --- a/charts/hedera-network/templates/rbac/pod-monitor-role.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pod-monitoring-role - namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} -rules: - - apiGroups: [ "" ] - resources: - - pods - - pods/log - - secrets - verbs: - - get - - list - - apiGroups: [ "" ] - resources: - - pods/exec - verbs: - - create - - apiGroups: [ "gateway.networking.k8s.io" ] - resources: - - gatewayclasses - - gateways - - httproutes - - tcproutes - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: pod-monitoring-role-binding - namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} -subjects: - - kind: ServiceAccount - name: pod-monitor - namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} -roleRef: - kind: ClusterRole - name: pod-monitoring-role - apiGroup: rbac.authorization.k8s.io diff --git a/charts/hedera-network/templates/rbac/pod-monitor.yaml b/charts/hedera-network/templates/rbac/pod-monitor.yaml new file mode 100644 index 000000000..d6912a9b8 --- /dev/null +++ b/charts/hedera-network/templates/rbac/pod-monitor.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-monitor + namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pod-monitor-role-binding + namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} +subjects: + - kind: ServiceAccount + name: pod-monitor + namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} +roleRef: + kind: ClusterRole + name: {{ $.Values.tester.clusterRoleName }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/hedera-network/templates/rbac/service-accounts.yaml b/charts/hedera-network/templates/rbac/service-accounts.yaml deleted file mode 100644 index 0e4b26311..000000000 --- a/charts/hedera-network/templates/rbac/service-accounts.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pod-monitor - namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} diff --git a/charts/hedera-network/values.yaml b/charts/hedera-network/values.yaml index 59edad64e..5f33fbdca 100644 --- a/charts/hedera-network/values.yaml +++ b/charts/hedera-network/values.yaml @@ -26,6 +26,7 @@ terminationGracePeriodSeconds: 10 # helm test container tester: + clusterRoleName: "pod-monitor-role" # this is a shared cluster role for all namespaces image: registry: "ghcr.io" repository: "hashgraph/full-stack-testing/kubectl-bats" @@ -36,7 +37,7 @@ tester: # gateway-api configuration gatewayApi: gatewayClass: - name: "fst-gateway-class" + name: "fst-gateway-class" # this is a shared gateway class for all namespaces gateway: name: "fst" enable: "true" diff --git a/dev/Makefile b/dev/Makefile index f5133ed47..9e1f761a5 100644 --- a/dev/Makefile +++ b/dev/Makefile @@ -59,21 +59,26 @@ uninstall-chart: update-helm-dependencies: helm dependency update ../charts/hedera-network -.PHONY: deploy-common -deploy-common: update-helm-dependencies deploy-gateway-api deploy-prometheus-operator deploy-minio-operator-if-required +.PHONY: deploy-shared +deploy-shared: update-helm-dependencies deploy-gateway-api deploy-prometheus-operator deploy-minio-operator-if-required + source "${SCRIPTS_DIR}/main.sh" && deploy_shared -.PHONY: destroy-common -destroy-common: destroy-gateway-api destroy-prometheus-operator undeploy-minio-operator +.PHONY: destroy-shared +destroy-shared: + -$(MAKE) source "${SCRIPTS_DIR}/main.sh" && destroy_shared + -$(MAKE) undeploy-minio-operator + -$(MAKE) destroy-prometheus-operator + -$(MAKE) destroy-gateway-api .PHONY: deploy-chart deploy-chart: - $(MAKE) deploy-common + $(MAKE) deploy-shared $(MAKE) install-chart .PHONY: destroy-chart destroy-chart: -$(MAKE) uninstall-chart - -$(MAKE) destroy-common + -$(MAKE) destroy-shared .PHONY: deploy-network deploy-network: deploy-chart diff --git a/dev/common-resources/pod-monitor-role.yaml b/dev/common-resources/pod-monitor-role.yaml new file mode 100644 index 000000000..016ba65b2 --- /dev/null +++ b/dev/common-resources/pod-monitor-role.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pod-monitor-role + labels: + fullstack.hedera.com/type: cluster-role +rules: + - apiGroups: [ "" ] + resources: + - pods + - pods/log + - secrets + verbs: + - get + - list + - apiGroups: [ "" ] + resources: + - pods/exec + verbs: + - create + - apiGroups: [ "gateway.networking.k8s.io" ] + resources: + - gatewayclasses + - gateways + - httproutes + - tcproutes + verbs: + - get + - list \ No newline at end of file diff --git a/dev/scripts/env.sh b/dev/scripts/env.sh index a19e502de..266b79170 100644 --- a/dev/scripts/env.sh +++ b/dev/scripts/env.sh @@ -6,10 +6,11 @@ readonly SCRIPT_DIR readonly TMP_DIR="${SCRIPT_DIR}/../temp" readonly CHART_DIR="${SCRIPT_DIR}/../../charts/hedera-network" +POD_MONITOR_ROLE="${POD_MONITOR_ROLE:-pod-monitor-role}" +GATEWAY_CLASS_NAME="${GATEWAY_CLASS_NAME:-fst-gateway-class}" # telemetry related env variables readonly COMMON_RESOURCES="${SCRIPT_DIR}/../common-resources" -readonly GATEWAY_CLASS_NAME="fst-gateway-class" readonly GATEWAY_API_DIR="${SCRIPT_DIR}/../gateway-api" readonly TELEMETRY_DIR="${SCRIPT_DIR}/../telemetry" readonly PROMETHEUS_DIR="${TELEMETRY_DIR}/prometheus" diff --git a/dev/scripts/gateway.sh b/dev/scripts/gateway.sh index 0779182be..4c3b76321 100644 --- a/dev/scripts/gateway.sh +++ b/dev/scripts/gateway.sh @@ -67,33 +67,6 @@ function deploy_gateway_api_crd() { fi } -function deploy_fst_gateway_class() { - echo "" - echo "Installing FST Gateway Class: ${GATEWAY_CLASS_NAME}" - echo "-----------------------------------------------------------------------------------------------------" - local fst_gateway_class_type=$(kubectl get gc "${GATEWAY_CLASS_NAME}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') - if [[ ! "${fst_gateway_class_type}" = "gateway-class" ]]; then - kubectl create -f "${COMMON_RESOURCES}/fst-gateway.yaml" - kubectl wait --for=condition=Accepted gc "${GATEWAY_CLASS_NAME}" --timeout=300s - else - echo "FST Gateway Class '${GATEWAY_CLASS_NAME}' is already installed" - echo "" - fi -} - -function destroy_fst_gateway_class() { - echo "" - echo "Uninstalling FST Gateway Class: ${GATEWAY_CLASS_NAME}" - echo "-----------------------------------------------------------------------------------------------------" - local fst_gateway_class_type=$(kubectl get gc "${GATEWAY_CLASS_NAME}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') - if [[ ! "${fst_gateway_class_type}" = "gateway-class" ]]; then - kubectl delete -f "${COMMON_RESOURCES}/fst-gateway.yaml" - sleep 2s - fi - echo "FST Gateway Class '${GATEWAY_CLASS_NAME}' is uninstalled" - echo "" -} - function deploy_envoy_gateway_api() { echo "" echo "Installing Envoy Gateway API" @@ -107,8 +80,6 @@ function deploy_envoy_gateway_api() { echo "" fi - deploy_fst_gateway_class - get_gateway_status } @@ -135,8 +106,6 @@ function destroy_envoy_gateway_api() { echo "-----------------------------------------------------------------------------------------------------" get_gateway_status - destroy_fst_gateway_class - # Uninstall helm chart local helm_chart=$(helm list --all-namespaces | grep envoy-gateway) if [[ "${helm_chart}" ]]; then diff --git a/dev/scripts/main.sh b/dev/scripts/main.sh index 3baaa6a8d..d551a8371 100644 --- a/dev/scripts/main.sh +++ b/dev/scripts/main.sh @@ -28,6 +28,86 @@ function destroy_cluster() { kubectl delete ns "${NAMESPACE}" || true } +function deploy_shared() { + deploy_pod_monitor_role + deploy_fst_gateway_class +} + +function destroy_shared() { + destroy_pod_monitor_role + destroy_fst_gateway_class +} + +function deploy_pod_monitor_role() { + setup_kubectl_context + + echo "Installing pod monitor role: ${POD_MONITOR_ROLE}" + echo "-----------------------------------------------------------------------------------------------------" + local pod_monitor_role=$(kubectl get ClusterRole "${POD_MONITOR_ROLE}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') + if [[ -z "${pod_monitor_role}" ]]; then + kubectl create -f "${COMMON_RESOURCES}/pod-monitor-role.yaml" + else + echo "Pod monitor role '${POD_MONITOR_ROLE}' is already installed" + echo "" + fi + + echo "-----------------------Pod Monitor Role------------------------------------------------------------------------------" + kubectl get clusterrole "${POD_MONITOR_ROLE}" -o wide + echo "" +} + +function destroy_pod_monitor_role() { + setup_kubectl_context + + echo "Uninstalling pod monitor role: ${POD_MONITOR_ROLE}" + echo "-----------------------------------------------------------------------------------------------------" + local pod_monitor_role=$(kubectl get ClusterRole "${POD_MONITOR_ROLE}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') + if [[ -n "${pod_monitor_role}" ]]; then + kubectl delete -f "${COMMON_RESOURCES}/pod-monitor-role.yaml" + fi + + echo "-----------------------Pod Monitor Role------------------------------------------------------------------------------" + kubectl get clusterrole "${POD_MONITOR_ROLE}" -o wide + + echo "Pod monitor role '${POD_MONITOR_ROLE}' is uninstalled" + echo "" +} + +function deploy_fst_gateway_class() { + echo "" + echo "Installing FST Gateway Class: ${GATEWAY_CLASS_NAME}" + echo "-----------------------------------------------------------------------------------------------------" + local fst_gateway_class_type=$(kubectl get gc "${GATEWAY_CLASS_NAME}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') + if [[ ! "${fst_gateway_class_type}" = "gateway-class" ]]; then + kubectl create -f "${COMMON_RESOURCES}/fst-gateway.yaml" + kubectl wait --for=condition=Accepted gc "${GATEWAY_CLASS_NAME}" --timeout=300s + else + echo "FST Gateway Class '${GATEWAY_CLASS_NAME}' is already installed" + echo "" + fi + + echo "-----------------------Gateway Class------------------------------------------------------------------------------" + kubectl get gatewayclass + echo "" +} + +function destroy_fst_gateway_class() { + echo "" + echo "Uninstalling FST Gateway Class: ${GATEWAY_CLASS_NAME}" + echo "-----------------------------------------------------------------------------------------------------" + local fst_gateway_class_type=$(kubectl get gc "${GATEWAY_CLASS_NAME}" -o jsonpath='{.metadata.labels.fullstack\.hedera\.com\/type}') + if [[ ! "${fst_gateway_class_type}" = "gateway-class" ]]; then + kubectl delete -f "${COMMON_RESOURCES}/fst-gateway.yaml" + sleep 2s + fi + + echo "-----------------------Gateway Class------------------------------------------------------------------------------" + kubectl get gatewayclass + + echo "FST Gateway Class '${GATEWAY_CLASS_NAME}' is uninstalled" + echo "" +} + function install_chart() { local node_setup_script=$1 [[ -z "${node_setup_script}" ]] && echo "ERROR: [install_chart] Node setup script name is required" && return 1 diff --git a/dev/scripts/template.env b/dev/scripts/template.env index b25b0b7f0..a54ca6f95 100644 --- a/dev/scripts/template.env +++ b/dev/scripts/template.env @@ -5,5 +5,8 @@ HELM_RELEASE_NAME="fst" NMT_VERSION=v2.0.0-alpha.0 PLATFORM_VERSION=v0.39.1 +POD_MONITOR_ROLE="${POD_MONITOR_ROLE:-pod-monitor-role}" +GATEWAY_CLASS_NAME="${GATEWAY_CLASS_NAME:-fst-gateway-class}" + #NODE_NAMES=(node0 node1 node2 node3) NODE_NAMES=(node0)