diff --git a/tests/templates/kuttl/client-spooling/00-assert.yaml.j2 b/tests/templates/kuttl/client-spooling/00-assert.yaml.j2 new file mode 100644 index 0000000..50b1d4c --- /dev/null +++ b/tests/templates/kuttl/client-spooling/00-assert.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +{% endif %} diff --git a/tests/templates/kuttl/client-spooling/00-install-vector-aggregator-discovery-configmap.yaml.j2 b/tests/templates/kuttl/client-spooling/00-install-vector-aggregator-discovery-configmap.yaml.j2 new file mode 100644 index 0000000..2d6a0df --- /dev/null +++ b/tests/templates/kuttl/client-spooling/00-install-vector-aggregator-discovery-configmap.yaml.j2 @@ -0,0 +1,9 @@ +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +data: + ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }} +{% endif %} diff --git a/tests/templates/kuttl/client-spooling/00-patch-ns.yaml.j2 b/tests/templates/kuttl/client-spooling/00-patch-ns.yaml.j2 new file mode 100644 index 0000000..67185ac --- /dev/null +++ b/tests/templates/kuttl/client-spooling/00-patch-ns.yaml.j2 @@ -0,0 +1,9 @@ +{% if test_scenario['values']['openshift'] == 'true' %} +# see https://github.com/stackabletech/issues/issues/566 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl patch namespace $NAMESPACE -p '{"metadata":{"labels":{"pod-security.kubernetes.io/enforce":"privileged"}}}' + timeout: 120 +{% endif %} diff --git a/tests/templates/kuttl/client-spooling/00-rbac.yaml.j2 b/tests/templates/kuttl/client-spooling/00-rbac.yaml.j2 new file mode 100644 index 0000000..4abbf4f --- /dev/null +++ b/tests/templates/kuttl/client-spooling/00-rbac.yaml.j2 @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: trino-lb +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: trino-lb +subjects: + - kind: ServiceAccount + name: trino-lb +roleRef: + kind: Role + name: trino-lb + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: trino-lb + labels: + app.kubernetes.io/name: trino-lb +rules: + - apiGroups: + - trino.stackable.tech + resources: + - trinoclusters + verbs: + - get + - list + - watch + - patch + - apiGroups: + - trino.stackable.tech + resources: + - trinoclusters/status + verbs: + - get diff --git a/tests/templates/kuttl/client-spooling/00-trino-lb-certificates.yaml b/tests/templates/kuttl/client-spooling/00-trino-lb-certificates.yaml new file mode 100644 index 0000000..187a0ca --- /dev/null +++ b/tests/templates/kuttl/client-spooling/00-trino-lb-certificates.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: Secret +metadata: + name: trino-lb-certificates +# Copied from example-configs/self-signed-certs +stringData: + cert.pem: | + -----BEGIN CERTIFICATE----- + MIIDkzCCAnugAwIBAgIUXVYkRCrM/ge03DVymDtXCuybp7gwDQYJKoZIhvcNAQEL + BQAwWTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM + GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X + DTIxMDczMTE0MjIxMloXDTIyMDczMTE0MjIxMlowWTELMAkGA1UEBhMCVVMxEzAR + BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 + IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A + MIIBCgKCAQEA02V5ZjmqLB/VQwTarrz/35qsa83L+DbAoa0001+jVmmC+G9Nufi0 + daroFWj/Uicv2fZWETU8JoZKUrX4BK9og5cg5rln/CtBRWCUYIwRgY9R/CdBGPn4 + kp+XkSJaCw74ZIyLy/Zfux6h8ES1m9YRnBza+s7U+ImRBRf4MRPtXQ3/mqJxAZYq + dOnKnvssRyD2qutgVTAxwMUvJWIivRhRYDj7WOpS4CEEeQxP1iH1/T5P7FdtTGdT + bVBABCA8JhL96uFGPpOYHcM/7R5EIA3yZ5FNg931QzoDITjtXGtQ6y9/l/IYkWm6 + J67RWcN0IoTsZhz0WNU4gAeslVtJLofn8QIDAQABo1MwUTAdBgNVHQ4EFgQUzFnK + NfS4LAYuKeWwHbzooER0yZ0wHwYDVR0jBBgwFoAUzFnKNfS4LAYuKeWwHbzooER0 + yZ0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAk4O+e9jia59W + ZwetN4GU7OWcYhmOgSizRSs6u7mTfp62LDMt96WKU3THksOnZ44HnqWQxsSfdFVU + XJD12tjvVU8Z4FWzQajcHeemUYiDze8EAh6TnxnUcOrU8IcwiKGxCWRY/908jnWg + +MMscfMCMYTRdeTPqD8fGzAlUCtmyzH6KLE3s4Oo/r5+NR+Uvrwpdvb7xe0MwwO9 + Q/zR4N8ep/HwHVEObcaBofE1ssZLksX7ZgCP9wMgXRWpNAtC5EWxMbxYjBfWFH24 + fDJlBMiGJWg8HHcxK7wQhFh+fuyNzE+xEWPsI9VL1zDftd9x8/QsOagyEOnY8Vxr + AopvZ09uEQ== + -----END CERTIFICATE----- + key.pem: | + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTZXlmOaosH9VD + BNquvP/fmqxrzcv4NsChrTTTX6NWaYL4b025+LR1qugVaP9SJy/Z9lYRNTwmhkpS + tfgEr2iDlyDmuWf8K0FFYJRgjBGBj1H8J0EY+fiSn5eRIloLDvhkjIvL9l+7HqHw + RLWb1hGcHNr6ztT4iZEFF/gxE+1dDf+aonEBlip06cqe+yxHIPaq62BVMDHAxS8l + YiK9GFFgOPtY6lLgIQR5DE/WIfX9Pk/sV21MZ1NtUEAEIDwmEv3q4UY+k5gdwz/t + HkQgDfJnkU2D3fVDOgMhOO1ca1DrL3+X8hiRabonrtFZw3QihOxmHPRY1TiAB6yV + W0kuh+fxAgMBAAECggEADltu8k1qTFLhJgsXWxTFAAe+PBgfCT2WuaRM2So+qqjB + 12Of0MieYPt5hbK63HaC3nfHgqWt7yPhulpXfOH45C8IcgMXl93MMg0MJr58leMI + +2ojFrIrerHSFm5R1TxwDEwrVm/mMowzDWFtQCc6zPJ8wNn5RuP48HKfTZ3/2fjw + zEjSwPO2wFMfo1EJNTjlI303lFbdFBs67NaX6puh30M7Tn+gznHKyO5a7F57wkIt + fkgnEy/sgMedQlwX7bRpUoD6f0fZzV8Qz4cHFywtYErczZJh3VGitJoO/VCIDdty + RPXOAqVDd7EpP1UUehZlKVWZ0OZMEfRgKbRCel5abQKBgQDwgwrIQ5+BiZv6a0VT + ETeXB+hRbvBinRykNo/RvLc3j1enRh9/zO/ShadZIXgOAiM1Jnr5Gp8KkNGca6K1 + myhtad7xYPODYzNXXp6T1OPgZxHZLIYzVUj6ypXeV64Te5ZiDaJ1D49czsq+PqsQ + XRcgBJSNpFtDFiXWpjXWfx8PxwKBgQDhAnLY5Sl2eeQo+ud0MvjwftB/mN2qCzJY + 5AlQpRI4ThWxJgGPuHTR29zVa5iWNYuA5LWrC1y/wx+t5HKUwq+5kxvs+npYpDJD + ZX/w0Glc6s0Jc/mFySkbw9B2LePedL7lRF5OiAyC6D106Sc9V2jlL4IflmOzt4CD + ZTNbLtC6hwKBgHfIzBXxl/9sCcMuqdg1Ovp9dbcZCaATn7ApfHd5BccmHQGyav27 + k7XF2xMJGEHhzqcqAxUNrSgV+E9vTBomrHvRvrd5Ec7eGTPqbBA0d0nMC5eeFTh7 + wV0miH20LX6Gjt9G6yJiHYSbeV5G1+vOcTYBEft5X/qJjU7aePXbWh0BAoGBAJlV + 5tgCCuhvFloK6fHYzqZtdT6O+PfpW20SMXrgkvMF22h2YvgDFrDwqKRUB47NfHzg + 3yBpxNH1ccA5/w97QO8w3gX3h6qicpJVOAPusu6cIBACFZfjRv1hyszOZwvw+Soa + Fj5kHkqTY1YpkREPYS9V2dIW1Wjic1SXgZDw7VM/AoGAP/cZ3ZHTSCDTFlItqy5C + rIy2AiY0WJsx+K0qcvtosPOOwtnGjWHb1gdaVdfX/IRkSsX4PAOdnsyidNC5/l/m + y8oa+5WEeGFclWFhr4dnTA766o8HrM2UjIgWWYBF2VKdptGnHxFeJWFUmeQC/xeW + w37pCS7ykL+7gp7V0WShYsw= + -----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/client-spooling/01-minio-secrets.yaml b/tests/templates/kuttl/client-spooling/01-minio-secrets.yaml new file mode 100644 index 0000000..a6cab2a --- /dev/null +++ b/tests/templates/kuttl/client-spooling/01-minio-secrets.yaml @@ -0,0 +1,63 @@ +# Copied from trino-operator kuttl tests +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-credentials + labels: + secrets.stackable.tech/class: s3-credentials-class +stringData: + accessKey: minioAccessKey + secretKey: minioSecretKey + # The following two entries are used by the Bitnami chart for MinIO to + # set up credentials for accessing buckets managed by the MinIO tenant. + root-user: minioAccessKey + root-password: minioSecretKey +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: s3-credentials-class +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: minio-tls-certificates +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-tls-certificates + labels: + secrets.stackable.tech/class: minio-tls-certificates +# Have a look at the folder certs on how to create this +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lVTmpxdUdZV3R5SjVhNnd5MjNIejJHUmNNbHdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVFl4TWpVeE1ESmEKR0E4eU1USXpNRFV5TXpFeU5URXdNbG93ZXpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4S0RBbUJnTlZCQW9NSDFOMFlXTnJZV0pzClpTQlRhV2R1YVc1bklFRjFkR2h2Y21sMGVTQkpibU14RlRBVEJnTlZCQU1NREhOMFlXTnJZV0pzWlM1a1pUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOblYvdmJ5M1JvNTdhMnF2UVJubjBqZQplS01VMitGMCtsWk5DQXZpR1VENWJtOGprOTFvUFpuazBiaFFxZXlFcm1EUzRXVDB6ZXZFUklCSkpEamZMMEQ4CjQ2QmU3UGlNS2UwZEdqb3FJM3o1Y09JZWpjOGFMUEhTSWxnTjZsVDNmSXJ1UzE2Y29RZ0c0dWFLaUhGNStlV0YKRFJVTGR1NmRzWXV6NmRLanFSaVVPaEh3RHd0VUprRHdQditFSXRxbzBIK01MRkxMWU0wK2xFSWFlN2RONUNRNQpTbzVXaEwyY3l2NVZKN2xqL0VBS0NWaUlFZ0NtekRSRGNSZ1NTald5SDRibjZ5WDIwMjZmUEl5V0pGeUVkTC82CmpBT0pBRERSMEd5aE5PWHJFZXFob2NTTW5JYlFWcXdBVDBrTWh1WFN2d3Zscm5MeVRwRzVqWm00bFVNMzRrTUMKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRkVJM1JNTWl5aUJqeVExUlM4bmxPUkpWZDFwQk1COEdBMVVkSXdRWQpNQmFBRkVJM1JNTWl5aUJqeVExUlM4bmxPUkpWZDFwQk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBSHRLUlhkRmR0VWh0VWpvZG1ZUWNlZEFEaEhaT2hCcEtpbnpvdTRicmRrNEhmaEYKTHIvV0ZsY1JlbWxWNm1Cc0xweU11SytUZDhaVUVRNkpFUkx5NmxTL2M2cE9HeG5CNGFDbEU4YXQrQytUakpBTwpWbTNXU0k2VlIxY0ZYR2VaamxkVlE2eGtRc2tNSnpPN2RmNmlNVFB0VjVSa01lSlh0TDZYYW1FaTU0ckJvZ05ICk5yYStFSkJRQmwvWmU5ME5qZVlidjIwdVFwWmFhWkZhYVNtVm9OSERwQndsYTBvdXkrTWpPYkMzU3BnT3ExSUMKUGwzTnV3TkxWOFZiT3I1SHJoUUFvS21nU05iM1A4dmFUVnV4L1gwWWZqeS9TN045a1BCYUs5bUZqNzR6d1Y5dwpxU1ExNEtsNWpPM1YzaHJHV1laRWpET2diWnJyRVgxS1hFdXN0K1E9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR5RENDQXJDZ0F3SUJBZ0lVQ0kyUE5OcnR6cDZRbDdHa3VhRnhtRGE2VUJvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVFl4TWpVeE1ESmEKR0E4eU1USXpNRFV5TXpFeU5URXdNbG93WGpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4RWpBUUJnTlZCQW9NQ1ZOMFlXTnJZV0pzClpURU9NQXdHQTFVRUF3d0ZiV2x1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFDanluVnorWEhCOE9DWTRwc0VFWW1qb2JwZHpUbG93d2NTUU4rWURQQ2tCZW9yMFRiODdFZ0x6SksrSllidQpwb1hCbE5JSlBRYW93SkVvL1N6U2s4ZnUyWFNNeXZBWlk0RldHeEp5Mnl4SXh2UC9pYk9HT1l1aVBHWEsyNHQ2ClpjR1RVVmhhdWlaR1Nna1dyZWpXV2g3TWpGUytjMXZhWVpxQitRMXpQczVQRk1sYzhsNVYvK2I4WjdqTUppODQKbU9mSVB4amt2SXlKcjVVa2VGM1VmTHFKUzV5NExGNHR5NEZ0MmlBZDdiYmZIYW5mdlltdjZVb0RWdE1YdFdvMQpvUVBmdjNzaFdybVJMenc2ZXVJQXRiWGM1Q2pCeUlha0NiaURuQVU4cktnK0IxSjRtdlFnckx3bzNxUHJ5Smd4ClNkaWRtWjJtRVI3RXorYzVCMG0vTGlJaEFnTUJBQUdqWHpCZE1Cc0dBMVVkRVFRVU1CS0NCVzFwYm1sdmdnbHMKYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRkpRMGdENWtFdFFyK3REcERTWjdrd1o4SDVoR01COEdBMVVkSXdRWQpNQmFBRkVJM1JNTWl5aUJqeVExUlM4bmxPUkpWZDFwQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQmNkaGQrClI0Sm9HdnFMQms1OWRxSVVlY2N0dUZzcmRQeHNCaU9GaFlOZ1pxZWRMTTBVTDVEenlmQUhmVk8wTGZTRURkZFgKUkpMOXlMNytrTVUwVDc2Y3ZkQzlYVkFJRTZIVXdUbzlHWXNQcXN1eVpvVmpOcEVESkN3WTNDdm9ubEpWZTRkcQovZ0FiSk1ZQitUU21ZNXlEUHovSkZZL1haellhUGI3T2RlR3VqYlZUNUl4cDk3QXBTOFlJaXY3M0Mwd1ViYzZSCmgwcmNmUmJ5a1NRVWg5dmdWZFhSU1I4RFQzV0NmZHFOek5CWVh2OW1xZlc1ejRzYkdqK2wzd1VsL0kzRi9tSXcKZnlPNEN0aTRha2lHVkhsZmZFeTB3a3pWYUJ4aGNYajJJM0JVVGhCNFpxamxzc2llVmFGa3d2WG1teVJUMG9FVwo1SCtOUEhjcXVTMXpQc2NsCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2p5blZ6K1hIQjhPQ1kKNHBzRUVZbWpvYnBkelRsb3d3Y1NRTitZRFBDa0Jlb3IwVGI4N0VnTHpKSytKWWJ1cG9YQmxOSUpQUWFvd0pFbwovU3pTazhmdTJYU015dkFaWTRGV0d4SnkyeXhJeHZQL2liT0dPWXVpUEdYSzI0dDZaY0dUVVZoYXVpWkdTZ2tXCnJlaldXaDdNakZTK2MxdmFZWnFCK1ExelBzNVBGTWxjOGw1Vi8rYjhaN2pNSmk4NG1PZklQeGprdkl5SnI1VWsKZUYzVWZMcUpTNXk0TEY0dHk0RnQyaUFkN2JiZkhhbmZ2WW12NlVvRFZ0TVh0V28xb1FQZnYzc2hXcm1STHp3NgpldUlBdGJYYzVDakJ5SWFrQ2JpRG5BVThyS2crQjFKNG12UWdyTHdvM3FQcnlKZ3hTZGlkbVoybUVSN0V6K2M1CkIwbS9MaUloQWdNQkFBRUNnZ0VBQWQzdDVzdUNFMjdXY0llc3NxZ3NoSFAwZHRzKyswVzF6K3h6WC8xTnhPRFkKWVhWNkJmbi9mRHJ4dFQ4aVFaZ2VVQzJORTFQaHZveXJXdWMvMm9xYXJjdEd1OUFZV29HNjJLdG9VMnpTSFdZLwpJN3VERTFXV2xOdlJZVFdOYW5DOGV4eGpRRzE4d0RKWjFpdFhTeEl0NWJEM3lrL3dUUlh0dCt1SnpyVjVqb2N1CmNoeERMd293aXUxQWo2ZFJDWk5CejlUSnh5TnI1ME5ZVzJVWEJhVC84N1hyRkZkSndNVFZUMEI3SE9uRzdSQlYKUWxLdzhtcVZiYU5lbmhjdk1qUjI5c3hUekhSK2p4SU8zQndPNk9Hai9PRmhGQllVN1RMWGVsZDFxb2UwdmIyRwpiOGhQcEd1cHRyNUF0OWx3MXc1d1EzSWdpdXRQTkg1cXlEeUNwRWw2RVFLQmdRRGNkYnNsT2ZLSmo3TzJMQXlZCkZ0a1RwaWxFMFYzajBxbVE5M0lqclY0K0RSbUxNRUIyOTk0MDdCVVlRUWoxL0RJYlFjb1oyRUVjVUI1cGRlSHMKN0RNRUQ2WExIYjJKVTEyK2E3c1d5Q05kS2VjZStUNy9JYmxJOFR0MzQwVWxIUTZ6U01TRGNqdmZjRkhWZ3YwcwpDYWpoRng3TmtMRVhUWnI4ZlQzWUloajR2UUtCZ1FDK01nWjFVbW9KdzlJQVFqMnVJVTVDeTl4aldlWURUQU8vCllhWEl6d2xnZTQzOE1jYmI0Y04yU2FOU0dEZ1Y3bnU1a3FpaWhwalBZV0lpaU9CcDlrVFJIWE9kUFc0N3N5ZUkKdDNrd3JwMnpWbFVnbGNNWlo2bW1WM1FWYUFOWmdqVTRSU3Y0ZS9WeFVMamJaYWZqUHRaUnNqWkdwSzBZVTFvdApWajhJZVE3Zk5RS0JnQ1ArWk11ekpsSW5VQ1FTRlF4UHpxbFNtN0pNckpPaHRXV2h3TlRxWFZTc050dHV5VmVqCktIaGpneDR1b0JQcFZSVDJMTlVEWmI0RnByRjVPYVhBK3FOVEdyS0s3SU1iUlZidHArSVVVeEhHNGFGQStIUVgKUVhVVFRhNUpRT1RLVmJnWHpWM1lyTVhTUk1valZNcDMyVWJHeTVTc1p2MXpBamJ2QzhYWjYxSFJBb0dBZEJjUQp2aGU1eFpBUzVEbUtjSGkvemlHa3ViZXJuNk9NUGdxYUtJSEdsVytVOExScFR0ajBkNFRtL1Rydk1PUEovVEU1CllVcUtoenBIcmhDaCtjdHBvY0k2U1dXdm5SenpLbzNpbVFaY0Y1VEFqUTBjY3F0RmI5UzlkRHR5bi9YTUNqYWUKYWlNdll5VUVVRll5TFpDelBGWnNycDNoVVpHKzN5RmZoQXB3TzJrQ2dZQkh3WWFQSWRXNld3NytCMmhpbjBvdwpqYTNjZXN2QTRqYU1Qd1NMVDhPTnRVMUdCU01md2N6TWJuUEhMclJ2Qjg3bjlnUGFSMndRR1VtckZFTzNMUFgvCmtSY09HcFlCSHBEWEVqRGhLa1dkUnVMT0ZnNEhMWmRWOEFOWmxRMFZTY0U4dTNkRERVTzg5cEdEbjA4cVRBcmwKeDlreHN1ZEVWcmtlclpiNVV4RlZxUT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +--- +apiVersion: s3.stackable.tech/v1alpha1 +kind: S3Connection +metadata: + name: minio +spec: + host: minio + port: 9000 + accessStyle: Path + credentials: + secretClass: s3-credentials-class + tls: + verification: + server: + caCert: + secretClass: minio-tls-certificates diff --git a/tests/templates/kuttl/client-spooling/02-assert.yaml b/tests/templates/kuttl/client-spooling/02-assert.yaml new file mode 100644 index 0000000..4d24ed7 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/02-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: v1 +kind: Service +metadata: + name: minio diff --git a/tests/templates/kuttl/client-spooling/02-install-minio.yaml.j2 b/tests/templates/kuttl/client-spooling/02-install-minio.yaml.j2 new file mode 100644 index 0000000..03de9a7 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/02-install-minio.yaml.j2 @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: >- + helm install minio + --namespace $NAMESPACE + --version 17.0.19 + -f 02_helm-bitnami-minio-values.yaml + oci://registry-1.docker.io/bitnamicharts/minio + timeout: 240 diff --git a/tests/templates/kuttl/client-spooling/02_helm-bitnami-minio-values.yaml.j2 b/tests/templates/kuttl/client-spooling/02_helm-bitnami-minio-values.yaml.j2 new file mode 100644 index 0000000..ed921b6 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/02_helm-bitnami-minio-values.yaml.j2 @@ -0,0 +1,79 @@ +--- +global: + security: + allowInsecureImages: true + +image: + repository: bitnamilegacy/minio +clientImage: + repository: bitnamilegacy/minio-client +defaultInitContainers: + volumePermissions: # volumePermissions moved under defaultInitContainers starting with Chart version 17.0.0 + enabled: false + image: + repository: bitnamilegacy/os-shell +console: + image: + repository: bitnamilegacy/minio-object-browser + +mode: standalone +disableWebUI: false +extraEnvVars: + - name: BITNAMI_DEBUG + value: "true" + - name: MINIO_LOG_LEVEL + value: DEBUG + +provisioning: + enabled: true + buckets: + - name: trino + resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 400m + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false + +# volumePermissions can be removed starting with Chart version 17.0.0, moved under defaultInitContainers +volumePermissions: + enabled: false + image: + repository: bitnamilegacy/os-shell + +podSecurityContext: + enabled: false + +containerSecurityContext: + enabled: false + +persistence: + enabled: false + +resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 400m + +auth: + existingSecret: minio-credentials + +service: + type: NodePort + +tls: + enabled: true + autoGenerated: + enabled: false + existingCASecret: minio-tls-certificates + existingSecret: minio-tls-certificates + server: + existingSecret: minio-tls-certificates diff --git a/tests/templates/kuttl/client-spooling/10-assert.yaml b/tests/templates/kuttl/client-spooling/10-assert.yaml new file mode 100644 index 0000000..266135a --- /dev/null +++ b/tests/templates/kuttl/client-spooling/10-assert.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 720 +commands: + - script: kubectl -n $NAMESPACE wait --for=condition=available=true trinoclusters.trino.stackable.tech/trino-client-spooling --timeout 719s diff --git a/tests/templates/kuttl/client-spooling/10-install-trino-catalogs.j2 b/tests/templates/kuttl/client-spooling/10-install-trino-catalogs.j2 new file mode 100644 index 0000000..c09e225 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/10-install-trino-catalogs.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpch + labels: + trino: trino-client-spooling +spec: + connector: + tpch: {} diff --git a/tests/templates/kuttl/client-spooling/10-install-trino.yaml.j2 b/tests/templates/kuttl/client-spooling/10-install-trino.yaml.j2 new file mode 100644 index 0000000..7122d22 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/10-install-trino.yaml.j2 @@ -0,0 +1,80 @@ +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCluster +metadata: + name: trino-client-spooling +spec: + image: +{% if test_scenario['values']['trino-client-spooling'].find(",") > 0 %} + custom: "{{ test_scenario['values']['trino-client-spooling'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['trino-client-spooling'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['trino-client-spooling'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: + catalogLabelSelector: + matchLabels: + trino: trino-client-spooling + authentication: + - authenticationClass: trino-users-auth + clientProtocol: + spooling: + location: s3://trino/spooling/ + filesystem: + s3: + connection: + reference: minio +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + coordinators: + config: + resources: + cpu: + min: 250m + max: "1" + memory: + limit: 2Gi + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + configOverrides: + config.properties: + protocol.spooling.retrieval-mode: {{ test_scenario['values']['client-spooling-retrieval-mode'] }} + roleGroups: + default: + replicas: 1 + workers: + config: + resources: + cpu: + min: 250m + max: "1" + memory: + limit: 3Gi + gracefulShutdownTimeout: 2m # Let the test run faster + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 +--- +apiVersion: authentication.stackable.tech/v1alpha1 +kind: AuthenticationClass +metadata: + name: trino-users-auth +spec: + provider: + static: + userCredentialsSecret: + name: trino-users +--- +apiVersion: v1 +kind: Secret +metadata: + name: trino-users +type: kubernetes.io/opaque +stringData: + admin: adminadmin + alice: alicealice + bob: bobbob diff --git a/tests/templates/kuttl/client-spooling/20-assert.yaml b/tests/templates/kuttl/client-spooling/20-assert.yaml new file mode 100644 index 0000000..61126f0 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/20-assert.yaml @@ -0,0 +1,7 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trino-lb +status: + replicas: 3 + readyReplicas: 3 diff --git a/tests/templates/kuttl/client-spooling/20-install-trino-lb.j2 b/tests/templates/kuttl/client-spooling/20-install-trino-lb.j2 new file mode 100644 index 0000000..a57517c --- /dev/null +++ b/tests/templates/kuttl/client-spooling/20-install-trino-lb.j2 @@ -0,0 +1,74 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl -n $NAMESPACE create secret generic trino-lb-config --from-file=trino-lb-config.yaml=20_trino-lb-config.yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trino-lb +spec: + # I'm a bit surprised that 3 replicas work in combination with inMemory persistence :) + # Maybe Kubernetes is sticky for some reason, maybe trino-clients will retry call until they get + # to the correct trino-lb instance... + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: trino-lb + template: + metadata: + labels: + app.kubernetes.io/name: trino-lb + spec: + containers: + - name: trino-lb + image: {{ test_scenario['values']['trino-lb'] }} + imagePullPolicy: IfNotPresent + command: ["trino-lb", "--config-file", "/etc/stackable/trino-lb/config/trino-lb-config.yaml"] + ports: + - containerPort: 8080 + - containerPort: 8443 + - containerPort: 9090 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 256Mi + volumeMounts: + - mountPath: /etc/stackable/trino-lb/config/ + name: config + - mountPath: /certificates/ + name: certificates + volumes: + - name: config + secret: + secretName: trino-lb-config + - name: certificates + secret: + secretName: trino-lb-certificates + serviceAccountName: trino-lb +--- +apiVersion: v1 +kind: Service +metadata: + name: trino-lb +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: trino-lb + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + name: http + - protocol: TCP + port: 8443 + targetPort: 8443 + name: https + - protocol: TCP + port: 9090 + targetPort: 9090 + name: metrics diff --git a/tests/templates/kuttl/client-spooling/20_trino-lb-config.yaml.j2 b/tests/templates/kuttl/client-spooling/20_trino-lb-config.yaml.j2 new file mode 100644 index 0000000..ea94ad3 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/20_trino-lb-config.yaml.j2 @@ -0,0 +1,22 @@ +trinoLb: + externalAddress: https://trino-lb:8443 + tls: + enabled: true + certPemFile: /certificates/cert.pem + keyPemFile: /certificates/key.pem + persistence: + inMemory: {} +trinoClusterGroups: + default: + maxRunningQueries: 5 + trinoClusters: + - name: trino-client-spooling + endpoint: https://trino-client-spooling-coordinator:8443 + credentials: + username: admin + password: adminadmin +trinoClusterGroupsIgnoreCert: true + +# Route all queries to the "default" cluster group +routers: [] +routingFallback: default diff --git a/tests/templates/kuttl/client-spooling/30-assert.yaml b/tests/templates/kuttl/client-spooling/30-assert.yaml new file mode 100644 index 0000000..b533736 --- /dev/null +++ b/tests/templates/kuttl/client-spooling/30-assert.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: test-queries +status: + succeeded: 1 diff --git a/tests/templates/kuttl/client-spooling/30-test-queries.yaml.j2 b/tests/templates/kuttl/client-spooling/30-test-queries.yaml.j2 new file mode 100644 index 0000000..376746c --- /dev/null +++ b/tests/templates/kuttl/client-spooling/30-test-queries.yaml.j2 @@ -0,0 +1,62 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: test-queries +spec: + template: + spec: + containers: + - name: test-queries + # image: oci.stackable.tech/sdp/trino-cli:476-stackable0.0.0-dev + image: oci.stackable.tech/sdp/trino-cli:{{ test_scenario['values']['trino-client-spooling'] }}-stackable0.0.0-dev + command: + - /bin/bash + - -x + - -euo + - pipefail + - -c + - | + # Query Trinos and trino-lb + COORDINATORS=( + "https://trino-client-spooling-coordinator:8443" + "https://trino-lb:8443" + ) + + export TRINO_USER="alice" + export TRINO_PASSWORD="alicealice" + QUERY="select count(*) from tpch.sf1.customer" + + for COORDINATOR in "${COORDINATORS[@]}"; do + echo "$QUERY" | java -jar trino-cli-executable.jar --server $COORDINATOR --insecure --user $TRINO_USER --password + done + + # Send multiple queries in parallel to trino-lb + NUM_REQUESTS=10 + TRINO_LB_ADDRESS="https://trino-lb:8443" + + pids=() + + for ((i = 1; i <= NUM_REQUESTS; i++)); do + echo "$QUERY" | java -jar trino-cli-executable.jar --server $TRINO_LB_ADDRESS --insecure --user $TRINO_USER --password & + pids+=("$!") + done + + # Wait for all processes to complete and check exit codes + for pid in "${pids[@]}"; do + if ! wait "$pid"; then + echo "One of the requests failed with a non-zero exit code." + exit 1 + fi + done + + echo "Submitting queries with big result set to trigger client spooling" + # Test big query result, so client spooling is used + BIG_RESULT_QUERY="SELECT * FROM tpch.sf100.customer" + for COORDINATOR in "${COORDINATORS[@]}"; do + echo "Running query with big result set against $COORDINATOR" + echo "$BIG_RESULT_QUERY" | java -jar trino-cli-executable.jar --server $COORDINATOR --insecure --user $TRINO_USER --password > /dev/null + done + + echo "All queries completed successfully." + restartPolicy: OnFailure diff --git a/tests/templates/kuttl/smoke/00-trino-lb-certificates.yaml b/tests/templates/kuttl/smoke/00-trino-lb-certificates.yaml index 3a69c2b..187a0ca 100644 --- a/tests/templates/kuttl/smoke/00-trino-lb-certificates.yaml +++ b/tests/templates/kuttl/smoke/00-trino-lb-certificates.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: trino-lb-certificates -# Copied from example-configs/self-singed-certs +# Copied from example-configs/self-signed-certs stringData: cert.pem: | -----BEGIN CERTIFICATE----- diff --git a/tests/templates/kuttl/smoke/10-install-trinos.yaml.j2 b/tests/templates/kuttl/smoke/10-install-trinos.yaml.j2 index 5fc62a6..6217546 100644 --- a/tests/templates/kuttl/smoke/10-install-trinos.yaml.j2 +++ b/tests/templates/kuttl/smoke/10-install-trinos.yaml.j2 @@ -43,7 +43,7 @@ spec: max: "1" memory: limit: 3Gi - gracefulShutdownTimeout: 60s # Let the test run faster + gracefulShutdownTimeout: 2m # Let the test run faster logging: enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} roleGroups: diff --git a/tests/templates/kuttl/smoke/50-assert.yaml b/tests/templates/kuttl/smoke/50-assert.yaml index 32690b9..58fc586 100644 --- a/tests/templates/kuttl/smoke/50-assert.yaml +++ b/tests/templates/kuttl/smoke/50-assert.yaml @@ -1,4 +1,8 @@ --- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- apiVersion: batch/v1 kind: Job metadata: diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 6959b54..5e366e9 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -2,7 +2,8 @@ dimensions: - name: trino-lb values: - - oci.stackable.tech/stackable/trino-lb:0.5.0 + - oci.stackable.tech/stackable/trino-lb:dev + # - oci.stackable.tech/stackable/trino-lb:0.5.0 - name: trino values: - "451" @@ -14,9 +15,12 @@ dimensions: - name: trino-latest values: - "470" - # To use a custom image, add a comma and the full name after the product version - # - 470,oci.stackable.tech/sdp/trino:470-stackable0.0.0-dev - # However, watch out, you need to tweak the trino-cli image + # As not all Trino versions support client spooling, we have an extra dimension + - name: trino-client-spooling + values: + # According to https://docs.stackable.tech/home/nightly/trino/usage-guide/client-spooling-protocol/ + # > The client spooling protocol was introduced in Trino 466 but it only works reliably starting with Trino 476. + - "476" - name: trino-lb-https values: - "true" @@ -26,12 +30,21 @@ dimensions: - inMemory - redis - postgres + - name: client-spooling-retrieval-mode + values: + - STORAGE # Trino default setting + - COORDINATOR_PROXY # In case trino clients don't have access to S3, the coordinator can proxy it. tests: - name: smoke dimensions: - trino-lb - trino - persistence + - name: client-spooling + dimensions: + - trino-lb + - trino-client-spooling + - client-spooling-retrieval-mode # TODOS # 1. Restart trino-lb deployment to make sure persistence is kept