Commit Graph

1711 Commits

Author SHA1 Message Date
Ryan Richard
4cb0fd3949 Use a DaemonSet instead of a Deployment to deploy our app
- For high availability reasons, we would like our app to scale linearly
  with the size of the control plane. Using a DaemonSet allows us to run
  one pod on each node-role.kubernetes.io/master node.
- The hope is that the Service that we create should load balance
  between these pods appropriately.
2020-08-11 17:55:34 -07:00
Ryan Richard
e0f0eca512 Add another assertion to certs_manager_test.go 2020-08-11 17:33:06 -07:00
Ryan Richard
bfabcdcdd1 Add unittest_no_race option to module.sh
- Because the race detector is slow when running on a laptop and
  sometimes you want quick feedback
2020-08-11 17:28:00 -07:00
Andrew Keesler
224b59e740
test/integration: bump (another) cert expiration delta to help flake
Related: 553b519.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 17:22:25 -04:00
Andrew Keesler
553b519d0f
test/integration: bump cert expiration delta to help flake
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 16:09:31 -04:00
Ryan Richard
b80f3148fd
Merge pull request #43 from suzerain-io/cert_controllers
Refactor cert generation code into controllers
2020-08-11 12:36:30 -07:00
Andrew Keesler
d6e745203d
Revert "Add a FAKE API change to test codegen verification in CI"
This reverts commit 28a500fce9.
2020-08-11 14:57:14 -04:00
Aram Price
0806074d94
hack/update-codegen.sh: really fix symlink paths
This is totally gonna be it.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:50:43 -04:00
Aram Price
13d4a38eca
hack/update-codegen.sh: fix symlink paths
Wow fun times with symlinks. We *think* this script should work in CI
now...but we'll see.

Previously we were seeing a false positive where even though the generated
code was out of date, the CI step did not report failure.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:41:04 -04:00
Ryan Richard
5ec1fbd1ca Add an assertion that the private key and cert chain match in certs_manager_test.go
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-11 10:39:50 -07:00
Ryan Richard
fadd718d08 Add integration and more unit tests
- Add integration test for serving cert auto-generation and rotation
- Add unit test for `WithInitialEvent` of the cert manager controller
- Move UpdateAPIService() into the `apicerts` package, since that is
  the only user of the function.
2020-08-11 10:14:57 -07:00
Andrew Keesler
28a500fce9
Add a FAKE API change to test codegen verification in CI
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 11:19:52 -04:00
Andrew Keesler
745775bf4b
Merge pull request #44 from ankeesler/verify-in-ci
hack/verify-codegen.sh: make this script runnable from CI
2020-08-11 11:00:49 -04:00
Andrew Keesler
ce3de2b516
hack/verify-codegen.sh: updates to be run in CI
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 10:18:47 -04:00
Ryan Richard
8034ef24ff Fix a mistake from the previous commit
- Got the order of multiple return values backwards, which was caught
  by the integration tests
2020-08-10 19:34:45 -07:00
Ryan Richard
626fc6aa8d Merge branch 'main' into cert_controllers 2020-08-10 19:01:36 -07:00
Ryan Richard
cc9ae23a0c Add tests for the new cert controllers and some other small refactorings
- Add a unit test for each cert controller
- Make DynamicTLSServingCertProvider an interface and use a mutex
  internally
- Create a shared ToPEM function instead of having two very similar
  functions
- Move the ObservableWithInformerOption test helper to testutils
- Rename some variables and imports
2020-08-10 18:53:53 -07:00
Matt Moyer
7152ffd730
Merge pull request #48 from mattmoyer/extend-dependabot-config
Add additional go.mod directories to dependabot.
2020-08-10 12:11:27 -05:00
Matt Moyer
6300898810 Add additional go.mod directories to dependabot.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 12:09:32 -05:00
Matt Moyer
7c8876a812
Merge pull request #47 from suzerain-io/dependabot/docker/golang-1.14.7-alpine
Bump golang from 1.14.6-alpine to 1.14.7-alpine
2020-08-10 12:00:28 -05:00
dependabot[bot]
b3df59ca13
Bump golang from 1.14.6-alpine to 1.14.7-alpine
Bumps golang from 1.14.6-alpine to 1.14.7-alpine.

Signed-off-by: dependabot[bot] <support@github.com>
2020-08-10 16:46:08 +00:00
Matt Moyer
b4130af2bf
Merge pull request #46 from mattmoyer/downgrade-base-image
Temporarily downgrade our Docker base image to trigger dependabot.
2020-08-10 11:45:35 -05:00
Matt Moyer
5394008d6f Temporarily downgrade our Docker base image to trigger dependabot.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:44:47 -05:00
Matt Moyer
3583f7a09f
Merge pull request #45 from mattmoyer/add-dependabot-config
Add dependabot YAML configuration.
2020-08-10 11:38:35 -05:00
Matt Moyer
df3c387f2e Add dependabot YAML configuration.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:37:52 -05:00
Andrew Keesler
fa0533fae9
hack/module.sh: update usage with unittest command
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-10 10:18:36 -04:00
Ryan Richard
86c3f89b2e First draft of moving API server TLS cert generation to controllers
- Refactors the existing cert generation code into controllers
  which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
  for cert expiration, and no leader election to allow for
  multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
  code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00
Ryan Richard
b00cec954e Pre-factor server.go
- No functional changes
- Move all the stuff about clients and controllers into the controller
  package
- Add more comments and organize the code more into more helper
  functions to make each function smaller
2020-08-07 14:49:04 -07:00
Matt Moyer
b379d5148c
Merge pull request #42 from mattmoyer/monorepo-deux
🚝Monorepo!🚝 (redux)
2020-08-06 21:07:50 -05:00
Matt Moyer
aecd005c60 Disable ./hack/verify-codegen.sh in CI since we don't have Docker available yet.
This seems fixable but not in a trivial way from what I could tell.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:52:28 -05:00
Matt Moyer
6dd331b21d Use Go's -short flag as a way to avoid running integration tests.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:44:14 -05:00
Matt Moyer
c4bbb64622 Fix latent linter issues.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:42:20 -05:00
Matt Moyer
7143058462 Update hack scripts to use new docker workflow.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
c5d5914866 Split up into multiple modules.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
af656d4b02 Our new directory structure is deeper, so expand this search.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
aram price
9e9868bd16 Add hack/module.sh script to run module tasks
The script knows `tidy`, `lint`, and `test`
2020-08-06 20:09:15 -05:00
Matt Moyer
cbe4c1b370 Pull placeholder-name-api back into this repo as a library.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
ad55f9e310 Pull placeholder-name-client-go back into this repo as a library.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 19:38:13 -05:00
Andrew Keesler
0b4590b237 Now that we have a testutil package, put ioutil.go into it
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-06 15:19:09 -07:00
Ryan Richard
f10c61f591 Add request logging to the create LoginRequest endpoint
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-06 15:14:30 -07:00
Andrew Keesler
31e6d8fbb1
Drop main module dependency on test module
I suppose we could solve this other ways, but this utility was
only used in one place right now, so it is easiest to copy it over.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-06 10:29:04 -04:00
Ryan Richard
dd278b46a8 Build with CGO_ENABLED=0 in Dockerfile
- Not strictly necessary at the moment because both our build layer
  and our run layer are based on alpine, but static linking our binary
  will help us later when we want to base our run image on something
  closer to scratch
2020-08-05 17:43:24 -07:00
Andrew Keesler
da5b509cc6 Stop using $PLACEHOLDER_NAME_TEST_INTEGRATION
Instead, make the integration tests a separate module. You can't run
these tests by accident because they will not run at all when you
`go test` from the top-level directory. You will need to `cd test`
before using `go test` in order to run the integration tests.

Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-05 14:15:45 -07:00
Matt Moyer
2b573d8642
Merge pull request #41 from mattmoyer/lint-cleanup
Clean up some lint errors that we missed before.
2020-08-05 09:48:19 -05:00
Matt Moyer
519484816d Clean up some lint errors that we missed before.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-05 09:26:50 -05:00
Ryan Richard
6da420d865
Merge pull request #40 from cfryanr/garbage_collection_bug
Garbage collection bug fix
2020-08-04 17:29:26 -07:00
Ryan Richard
f8567450ee Increase test timeout to avoid CI flakes 2020-08-04 17:28:16 -07:00
Ryan Richard
08961919b5 Fix a garbage collection bug
- Previously the golang code would create a Service and an APIService.
  The APIService would be given an owner reference which pointed to
  the namespace in which the app was installed.
- This prevented the app from being uninstalled. The namespace would
  refuse to delete, so `kapp delete` or `kubectl delete` would fail.
- The new approach is to statically define the Service and an APIService
  in the deployment.yaml, except for the caBundle of the APIService.
  Then the golang code will perform an update to add the caBundle at
  runtime.
- When the user uses `kapp deploy` or `kubectl apply` either tool will
  notice that the caBundle is not declared in the yaml and will
  therefore avoid editing that field.
- When the user uses `kapp delete` or `kubectl delete` either tool will
  destroy the objects because they are statically declared with names
  in the yaml, just like all of the other objects. There are no
  ownerReferences used, so nothing should prevent the namespace from
  being deleted.
- This approach also allows us to have less golang code to maintain.
- In the future, if our golang controllers want to dynamically add
  an Ingress or other objects, they can still do that. An Ingress
  would point to our statically defined Service as its backend.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-04 16:46:27 -07:00
Andrew Keesler
92939cf118 Indent pod template annotations correctly in deployment.yaml
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 14:52:08 -07:00
Andrew Keesler
fb843aa15b Indent pod template annotations correctly in deployment.yaml
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 14:34:10 -07:00