Skip to content

Commit

Permalink
[Feat] Uses clusterIP instead of LoadBalancer service (canonical#31)
Browse files Browse the repository at this point in the history
  • Loading branch information
gruyaume authored Aug 21, 2023
1 parent b364af5 commit 28954c2
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 83 deletions.
5 changes: 2 additions & 3 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,8 @@ jobs:
uses: charmed-kubernetes/actions-operator@main
with:
provider: microk8s
- name: Enable LoadBalancer
run: /usr/bin/sg microk8s -c "microk8s enable metallb:10.0.1.1-10.0.1.3"

channel: 1.27-strict/stable
juju-channel: 3.1/stable
- name: Run integration tests
run: tox -e integration
- name: Archive charmcraft logs
Expand Down
7 changes: 3 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,10 @@ sudo snap install vault
### Initialise Vault

Identify the vault unit by setting the ``VAULT_ADDR`` environment variable
based on the IP address of the unit. This can be discovered from `kubectl get services`
output (column 'EXTERNAL-IP'). Here we'll use '10.0.0.126':
based on the IP address of the unit.

```bash
export VAULT_ADDR="http://10.0.0.126:8200"
export VAULT_ADDR="http://10.1.182.39:8200"
```

Initialise Vault by specifying the number of unseal keys that should get
Expand Down Expand Up @@ -161,7 +160,7 @@ Vault initialization and unsealing can be done using Vault's Python API client:
import hvac

# Setup
vault = hvac.Client(url="http://10.0.0.126:8200")
vault = hvac.Client(url="http://10.1.182.39:8200")

# Initialise
initialize_response = vault.sys.initialize(secret_shares=1, secret_threshold=1)
Expand Down
3 changes: 1 addition & 2 deletions src/charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,7 @@ def __init__(self, *args):
self.framework.observe(self.on.authorise_charm_action, self._on_authorise_charm_action)
self.service_patcher = KubernetesServicePatch(
charm=self,
ports=[ServicePort(name="vault", port=8200)],
service_type="LoadBalancer",
ports=[ServicePort(name="vault", port=self.VAULT_PORT)],
)

def _on_certificate_creation_request(self, event: CertificateCreationRequestEvent) -> None:
Expand Down
43 changes: 0 additions & 43 deletions tests/integration/kubernetes.py

This file was deleted.

45 changes: 16 additions & 29 deletions tests/integration/test_integration.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
import yaml
from pytest_operator.plugin import OpsTest

from tests.integration.kubernetes import Kubernetes
from tests.integration.vault import Vault

logger = logging.getLogger(__name__)
Expand All @@ -21,32 +20,22 @@
APPLICATION_NAME = "vault-k8s"


class TestVaultK8s:
@staticmethod
async def wait_for_load_balancer_address(
kubernetes: Kubernetes, timeout: int = 60
) -> Optional[str]:
"""Waits for LoadBalancer address to be available and returns it.
async def get_unit_address(ops_test: OpsTest, app_name: str, unit_num: int) -> str:
"""Get unit's IP address for any application.
Args:
kubernetes: Kubernetes object.
timeout: Timeout (seconds).
Args:
ops_test: OpsTest
app_name: string name of application
unit_num: integer number of a juju unit
Returns:
str: LoadBalancer address.
Returns:
str: Unit's IP address
"""
status = await ops_test.model.get_status() # type: ignore[union-attr]
return status["applications"][app_name]["units"][f"{app_name}/{unit_num}"]["address"]

Raises:
TimeoutError: If LoadBalancer address is not available after timeout.
"""
initial_time = time.time()
while time.time() - initial_time < timeout:
if load_balancer_address := kubernetes.get_load_balancer_address(
service_name=APPLICATION_NAME
):
return load_balancer_address
time.sleep(5)
raise TimeoutError("Timed out waiting for Loadbalancer address to be available.")

class TestVaultK8s:
@staticmethod
async def initialize_vault(vault: Vault, timeout: int = 60) -> Optional[Tuple[str, str]]:
"""Initializes Vault.
Expand Down Expand Up @@ -105,26 +94,24 @@ async def build_and_deploy(self, ops_test: OpsTest):
async def post_deployment_tasks(self, ops_test: OpsTest) -> str:
"""Runs post deployment tasks as explained in the README.md.
Retrieves Vault's LoadBalancer address, initializes Vault and generates a token for
the charm.
Retrieves Vault's unit address, initializes Vault and generates a token for the charm.
Args:
ops_test: Ops test Framework.
Returns:
str: Generated token.
"""
kubernetes = Kubernetes(namespace=ops_test.model_name) # type: ignore[arg-type]
load_balancer_address = await self.wait_for_load_balancer_address(kubernetes=kubernetes)
vault = Vault(url=f"http://{load_balancer_address}:8200")
unit_address = await get_unit_address(ops_test, app_name=APPLICATION_NAME, unit_num=0)
vault = Vault(url=f"http://{unit_address}:8200")
unseal_key, root_token = await self.initialize_vault(vault=vault) # type: ignore[misc]
vault.set_token(root_token)
vault.unseal(unseal_key=unseal_key)
generated_token = vault.generate_token(ttl="5m")
return generated_token

@pytest.mark.abort_on_fail
async def test_given_no_config_when_deploy_then_status_is_blocked( # noqa: E501
async def test_given_no_config_when_deploy_then_status_is_blocked(
self, ops_test: OpsTest, build_and_deploy
):
await ops_test.model.wait_for_idle( # type: ignore[union-attr]
Expand Down
2 changes: 1 addition & 1 deletion tests/unit/test_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
class TestCharm(unittest.TestCase):
@patch(
"charm.KubernetesServicePatch",
lambda charm, ports, service_type: None,
lambda charm, ports: None,
)
def setUp(self):
self.harness = testing.Harness(VaultCharm)
Expand Down
2 changes: 1 addition & 1 deletion tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ commands =
[testenv:integration]
description = Run integration tests
deps =
juju<3.1
juju
pytest
pytest-operator
-r{toxinidir}/requirements.txt
Expand Down

0 comments on commit 28954c2

Please sign in to comment.