diff --git a/CHANGELOG.md b/CHANGELOG.md index d495f6f5..6f7165ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file. - Generate OLM bundle for Release 23.4.0 ([#238]). - Add support for Spark 3.4.0 ([#243]). +- Add support for using custom certificates when accessing S3 with TLS ([#247]). +- Use bitnami charts for testing S3 access with TLS ([#247]). ### Changed @@ -25,6 +27,7 @@ All notable changes to this project will be documented in this file. [#238]: https://github.com/stackabletech/spark-k8s-operator/pull/238 [#241]: https://github.com/stackabletech/spark-k8s-operator/pull/241 [#243]: https://github.com/stackabletech/spark-k8s-operator/pull/243 +[#247]: https://github.com/stackabletech/spark-k8s-operator/pull/247 ## [23.4.0] - 2023-04-17 diff --git a/docs/modules/spark-k8s/pages/usage-guide/s3.adoc b/docs/modules/spark-k8s/pages/usage-guide/s3.adoc index c668328a..39ea9c0d 100644 --- a/docs/modules/spark-k8s/pages/usage-guide/s3.adoc +++ b/docs/modules/spark-k8s/pages/usage-guide/s3.adoc @@ -2,6 +2,8 @@ You can specify S3 connection details directly inside the `SparkApplication` specification or by referring to an external `S3Bucket` custom resource. +== S3 access using credentials + To specify S3 connection details directly as part of the `SparkApplication` resource you add an inline connection configuration as shown below. [source,yaml] @@ -17,7 +19,7 @@ s3connection: # <1> <1> Entry point for the S3 connection configuration. <2> Connection host. <3> Optional connection port. -<4> Name of the `Secret` object expected to contain the following keys: `ACCESS_KEY_ID` and `SECRET_ACCESS_KEY` +<4> Name of the `Secret` object expected to contain the following keys: `accessKey` and `secretKey` It is also possible to configure the connection details as a separate Kubernetes resource and only refer to that object from the `SparkApplication` like this: @@ -46,3 +48,44 @@ spec: ---- This has the advantage that one connection configuration can be shared across `SparkApplications` and reduces the cost of updating these details. + +== S3 access with TLS + +A custom certificate can also be used for S3 access. In the example below, a Secret containing a custom certificate is referenced, which will used a to create a custom truststore which is used by Spark for S3-bucket access: + +[source,yaml] +---- +--- +apiVersion: s3.stackable.tech/v1alpha1 +kind: S3Connection +metadata: + name: s3-connection-resource +spec: + host: test-minio + port: 9000 + accessStyle: Path + credentials: + secretClass: minio-credentials-class # <1> + tls: + verification: + server: + caCert: + secretClass: minio-tls-certificates # <2> +---- +<1> Name of the `Secret` object expected to contain the following keys: `accessKey` and `secretKey` (as in the previous example). +<2> Name of the `Secret` object containing the custom certificate. The certificate should comprise the 3 files named as shown below: + +[source,yaml] +---- +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-tls-certificates + labels: + secrets.stackable.tech/class: minio-tls-certificates +data: + ca.crt: ... + tls.crt: ... + tls.key: ... +---- \ No newline at end of file diff --git a/rust/crd/src/constants.rs b/rust/crd/src/constants.rs index 00cd4f85..1460e3b3 100644 --- a/rust/crd/src/constants.rs +++ b/rust/crd/src/constants.rs @@ -28,6 +28,13 @@ pub const LOG4J2_CONFIG_FILE: &str = "log4j2.properties"; pub const ACCESS_KEY_ID: &str = "accessKey"; pub const SECRET_ACCESS_KEY: &str = "secretKey"; pub const S3_SECRET_DIR_NAME: &str = "/stackable/secrets"; +pub const SYSTEM_TRUST_STORE: &str = "/etc/pki/java/cacerts"; +pub const STACKABLE_TRUST_STORE: &str = "/stackable/truststore"; +pub const STACKABLE_TRUST_STORE_NAME: &str = "stackable-truststore"; +pub const STACKABLE_TLS_STORE_PASSWORD: &str = "changeit"; +pub const SYSTEM_TRUST_STORE_PASSWORD: &str = "changeit"; +pub const STACKABLE_MOUNT_PATH_TLS: &str = "/stackable/mount_server_tls"; +pub const STACKABLE_MOUNT_NAME_TLS: &str = "servertls"; pub const MIN_MEMORY_OVERHEAD: u32 = 384; pub const JVM_OVERHEAD_FACTOR: f32 = 0.1; diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index 5cd4c287..a17d8733 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -4,6 +4,7 @@ pub mod affinity; pub mod constants; pub mod history; pub mod s3logdir; +pub mod tlscerts; use std::{ cmp::max, @@ -18,7 +19,7 @@ use s3logdir::S3LogDir; use serde::{Deserialize, Serialize}; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ - builder::VolumeBuilder, + builder::{SecretOperatorVolumeSourceBuilder, VolumeBuilder}, commons::{ affinity::{StackableAffinity, StackableAffinityFragment}, resources::{ @@ -332,6 +333,21 @@ impl SparkApplication { .build(), ); + if let Some(cert_secrets) = tlscerts::tls_secret_names(s3conn, s3logdir) { + result.push( + VolumeBuilder::new(STACKABLE_TRUST_STORE_NAME) + .with_empty_dir(None::, Some(Quantity("5Mi".to_string()))) + .build(), + ); + for cert_secret in cert_secrets { + result.push( + VolumeBuilder::new(cert_secret) + .ephemeral(SecretOperatorVolumeSourceBuilder::new(cert_secret).build()) + .build(), + ); + } + } + result } @@ -427,6 +443,22 @@ impl SparkApplication { ..VolumeMount::default() }); + if let Some(cert_secrets) = tlscerts::tls_secret_names(s3conn, s3logdir) { + mounts.push(VolumeMount { + name: STACKABLE_TRUST_STORE_NAME.into(), + mount_path: STACKABLE_TRUST_STORE.into(), + ..VolumeMount::default() + }); + for cert_secret in cert_secrets { + let secret_dir = format!("{STACKABLE_MOUNT_PATH_TLS}/{cert_secret}"); + mounts.push(VolumeMount { + name: cert_secret.to_string(), + mount_path: secret_dir, + ..VolumeMount::default() + }); + } + } + mounts } @@ -508,6 +540,12 @@ impl SparkApplication { } } + // s3 with TLS + if tlscerts::tls_secret_names(s3conn, s3_log_dir).is_some() { + submit_cmd.push(format!("--conf spark.driver.extraJavaOptions=\"-Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE}/truststore.p12 -Djavax.net.ssl.trustStorePassword={STACKABLE_TLS_STORE_PASSWORD} -Djavax.net.ssl.trustStoreType=pkcs12 -Djavax.net.debug=ssl,handshake\"")); + submit_cmd.push(format!("--conf spark.executor.extraJavaOptions=\"-Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE}/truststore.p12 -Djavax.net.ssl.trustStorePassword={STACKABLE_TLS_STORE_PASSWORD} -Djavax.net.ssl.trustStoreType=pkcs12 -Djavax.net.debug=ssl,handshake\"")); + } + // repositories and packages arguments if let Some(deps) = self.spec.deps.clone() { submit_cmd.extend( @@ -675,7 +713,11 @@ impl SparkApplication { Ok(format!("{}m", original_memory - deduction)) } - pub fn env(&self) -> Vec { + pub fn env( + &self, + s3conn: &Option, + s3logdir: &Option, + ) -> Vec { let tmp = self.spec.env.as_ref(); let mut e: Vec = tmp.iter().flat_map(|e| e.iter()).cloned().collect(); if self.requirements().is_some() { @@ -687,6 +729,25 @@ impl SparkApplication { value_from: None, }); } + if tlscerts::tls_secret_names(s3conn, s3logdir).is_some() { + e.push(EnvVar { + name: "STACKABLE_TLS_STORE_PASSWORD".to_string(), + value: Some(STACKABLE_TLS_STORE_PASSWORD.to_string()), + value_from: None, + }); + } + if let Some(s3logdir) = s3logdir { + if tlscerts::tls_secret_name(&s3logdir.bucket.connection).is_some() { + e.push(EnvVar { + name: "SPARK_DAEMON_JAVA_OPTS".to_string(), + value: Some(format!( + "-Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE}/truststore.p12 -Djavax.net.ssl.trustStorePassword={STACKABLE_TLS_STORE_PASSWORD} -Djavax.net.ssl.trustStoreType=pkcs12" + )), + value_from: None, + }); + } + } + e } @@ -811,6 +872,7 @@ pub enum SparkContainer { Requirements, Spark, Vector, + Tls, } #[derive(Clone, Debug, Default, Fragment, JsonSchema, PartialEq)] diff --git a/rust/crd/src/s3logdir.rs b/rust/crd/src/s3logdir.rs index 3f3b029a..04cca134 100644 --- a/rust/crd/src/s3logdir.rs +++ b/rust/crd/src/s3logdir.rs @@ -4,8 +4,10 @@ use crate::{ LogFileDirectorySpec::{self, S3}, S3LogFileDirectorySpec, }, + tlscerts, }; use stackable_operator::{ + builder::{SecretOperatorVolumeSourceBuilder, VolumeBuilder}, commons::{ s3::{InlinedS3BucketSpec, S3AccessStyle}, secret_class::SecretClassVolume, @@ -79,9 +81,7 @@ impl S3LogDir { TlsVerification::Server(server_verification) => { match &server_verification.ca_cert { CaCert::WebPki {} => {} - CaCert::SecretClass(_) => { - return S3TlsCaVerificationNotSupportedSnafu.fail() - } + CaCert::SecretClass(_) => {} } } } @@ -120,6 +120,7 @@ impl S3LogDir { ); } } + result } @@ -177,6 +178,35 @@ impl S3LogDir { ) } + pub fn volumes(&self) -> Vec { + let mut volumes: Vec = self.credentials_volume().into_iter().collect(); + + if let Some(secret_name) = tlscerts::tls_secret_name(&self.bucket.connection) { + volumes.push( + VolumeBuilder::new(secret_name) + .ephemeral(SecretOperatorVolumeSourceBuilder::new(secret_name).build()) + .build(), + ); + } + volumes + } + + pub fn volume_mounts(&self) -> Vec { + let mut volume_mounts: Vec = + self.credentials_volume_mount().into_iter().collect(); + + if let Some(secret_name) = tlscerts::tls_secret_name(&self.bucket.connection) { + let secret_dir = format!("{STACKABLE_MOUNT_PATH_TLS}/{secret_name}"); + + volume_mounts.push(VolumeMount { + name: secret_name.to_string(), + mount_path: secret_dir, + ..VolumeMount::default() + }); + } + volume_mounts + } + pub fn credentials_volume(&self) -> Option { self.credentials() .map(|credentials| credentials.to_volume(credentials.secret_class.as_ref())) diff --git a/rust/crd/src/tlscerts.rs b/rust/crd/src/tlscerts.rs new file mode 100644 index 00000000..022312ad --- /dev/null +++ b/rust/crd/src/tlscerts.rs @@ -0,0 +1,62 @@ +use stackable_operator::commons::{ + s3::S3ConnectionSpec, + tls::{CaCert, TlsVerification}, +}; + +use crate::{ + constants::{ + STACKABLE_MOUNT_PATH_TLS, STACKABLE_TLS_STORE_PASSWORD, STACKABLE_TRUST_STORE, + SYSTEM_TRUST_STORE, SYSTEM_TRUST_STORE_PASSWORD, + }, + s3logdir::S3LogDir, +}; + +pub fn tls_secret_name(s3conn: &Option) -> Option<&str> { + if let Some(conn) = s3conn.as_ref() { + if let Some(tls) = &conn.tls { + if let TlsVerification::Server(verification) = &tls.verification { + if let CaCert::SecretClass(secret_name) = &verification.ca_cert { + return Some(secret_name); + } + } + } + } + None +} + +pub fn tls_secret_names<'a>( + s3conn: &'a Option, + s3logdir: &'a Option, +) -> Option> { + let mut names = Vec::new(); + + if let Some(secret_name) = tls_secret_name(s3conn) { + names.push(secret_name); + } + + if let Some(logdir) = s3logdir { + if let Some(secret_name) = tls_secret_name(&logdir.bucket.connection) { + names.push(secret_name); + } + } + if names.is_empty() { + None + } else { + Some(names) + } +} + +pub fn create_key_and_trust_store() -> Vec { + vec![ + format!("keytool -importkeystore -srckeystore {SYSTEM_TRUST_STORE} -srcstoretype jks -srcstorepass {SYSTEM_TRUST_STORE_PASSWORD} -destkeystore {STACKABLE_TRUST_STORE}/truststore.p12 -deststoretype pkcs12 -deststorepass {STACKABLE_TLS_STORE_PASSWORD} -noprompt"), + ] +} + +pub fn add_cert_to_stackable_truststore(secret_name: &str) -> Vec { + vec![ + format!("echo [{STACKABLE_MOUNT_PATH_TLS}/{secret_name}/ca.crt] Adding cert..."), + format!("keytool -importcert -file {STACKABLE_MOUNT_PATH_TLS}/{secret_name}/ca.crt -alias stackable-{secret_name} -keystore {STACKABLE_TRUST_STORE}/truststore.p12 -storepass {STACKABLE_TLS_STORE_PASSWORD} -noprompt"), + format!("echo [{STACKABLE_MOUNT_PATH_TLS}/{secret_name}/ca.crt] Checking for cert..."), + format!("keytool -list -keystore {STACKABLE_TRUST_STORE}/truststore.p12 -storepass {STACKABLE_TLS_STORE_PASSWORD} -noprompt | grep stackable"), + ] +} diff --git a/rust/operator-binary/src/history_controller.rs b/rust/operator-binary/src/history_controller.rs index c7859003..e33beae8 100644 --- a/rust/operator-binary/src/history_controller.rs +++ b/rust/operator-binary/src/history_controller.rs @@ -6,7 +6,8 @@ use stackable_operator::{ api::{ apps::v1::{StatefulSet, StatefulSetSpec}, core::v1::{ - ConfigMap, PodSecurityContext, Service, ServiceAccount, ServicePort, ServiceSpec, + ConfigMap, EnvVar, PodSecurityContext, Service, ServiceAccount, ServicePort, + ServiceSpec, }, rbac::v1::{ClusterRole, RoleBinding, RoleRef, Subject}, }, @@ -31,6 +32,7 @@ use stackable_spark_k8s_crd::{ constants::*, history::{HistoryConfig, SparkHistoryServer, SparkHistoryServerContainer}, s3logdir::S3LogDir, + tlscerts, }; use std::time::Duration; use std::{collections::BTreeMap, sync::Arc}; @@ -338,7 +340,7 @@ fn build_stateful_set( ) .build(), ) - .add_volumes(s3_log_dir.credentials_volume().into_iter().collect()) + .add_volumes(s3_log_dir.volumes()) .metadata_builder(|m| { m.with_recommended_labels(labels( shs, @@ -361,17 +363,8 @@ fn build_stateful_set( .command(vec!["/bin/bash".to_string()]) .args(command_args(s3_log_dir)) .add_container_port("http", 18080) - // This env var prevents the history server from detaching itself from the - // start script because this leads to the Pod terminating immediately. - .add_env_var("SPARK_NO_DAEMONIZE", "true") - .add_env_var("SPARK_DAEMON_CLASSPATH", "/stackable/spark/extra-jars/*") - .add_env_var( - "SPARK_HISTORY_OPTS", - format!( - "-Dlog4j.configurationFile={VOLUME_MOUNT_PATH_LOG_CONFIG}/{LOG4J2_CONFIG_FILE}" - ), - ) - .add_volume_mounts(s3_log_dir.credentials_volume_mount().into_iter()) + .add_env_vars(env_vars(s3_log_dir)) + .add_volume_mounts(s3_log_dir.volume_mounts()) .add_volume_mount("config", "/stackable/spark/conf") .add_volume_mount(VOLUME_MOUNT_NAME_LOG_CONFIG, VOLUME_MOUNT_PATH_LOG_CONFIG) .add_volume_mount(VOLUME_MOUNT_NAME_LOG, VOLUME_MOUNT_PATH_LOG) @@ -537,18 +530,57 @@ fn command_args(s3logdir: &S3LogDir) -> Vec { if let Some(secret_dir) = s3logdir.credentials_mount_path() { command.extend(vec![ format!("export AWS_ACCESS_KEY_ID=\"$(cat {secret_dir}/{ACCESS_KEY_ID})\""), - "&&".to_string(), format!("export AWS_SECRET_ACCESS_KEY=\"$(cat {secret_dir}/{SECRET_ACCESS_KEY})\""), - "&&".to_string(), ]); } + + if let Some(secret_name) = tlscerts::tls_secret_name(&s3logdir.bucket.connection) { + command.extend(vec![format!("mkdir -p {STACKABLE_TRUST_STORE}")]); + command.extend(tlscerts::create_key_and_trust_store()); + command.extend(tlscerts::add_cert_to_stackable_truststore(secret_name)); + } + command.extend(vec![ - "/stackable/spark/sbin/start-history-server.sh".to_string(), - "--properties-file".to_string(), - HISTORY_CONFIG_FILE_NAME_FULL.to_string(), + format!("/stackable/spark/sbin/start-history-server.sh --properties-file {HISTORY_CONFIG_FILE_NAME_FULL}"), ]); - vec![String::from("-c"), command.join(" ")] + vec![String::from("-c"), command.join(" && ")] +} + +fn env_vars(s3logdir: &S3LogDir) -> Vec { + let mut vars: Vec = vec![]; + + // This env var prevents the history server from detaching itself from the + // start script because this leads to the Pod terminating immediately. + vars.push(EnvVar { + name: "SPARK_NO_DAEMONIZE".to_string(), + value: Some("true".into()), + value_from: None, + }); + vars.push(EnvVar { + name: "SPARK_DAEMON_CLASSPATH".to_string(), + value: Some("/stackable/spark/extra-jars/*".into()), + value_from: None, + }); + vars.push(EnvVar { + name: "SPARK_HISTORY_OPTS".to_string(), + value: Some(format!( + "-Dlog4j.configurationFile={VOLUME_MOUNT_PATH_LOG_CONFIG}/{LOG4J2_CONFIG_FILE}" + )), + value_from: None, + }); + // if TLS is enabled build truststore + if tlscerts::tls_secret_name(&s3logdir.bucket.connection).is_some() { + vars.push(EnvVar { + name: "SPARK_DAEMON_JAVA_OPTS".to_string(), + value: Some(format!( + "-Djavax.net.ssl.trustStore={STACKABLE_TRUST_STORE}/truststore.p12 -Djavax.net.ssl.trustStorePassword={STACKABLE_TLS_STORE_PASSWORD} -Djavax.net.ssl.trustStoreType=pkcs12 -Djavax.net.debug=ssl,handshake" + )), + value_from: None, + }); + } + + vars } fn labels<'a, T>( diff --git a/rust/operator-binary/src/spark_k8s_controller.rs b/rust/operator-binary/src/spark_k8s_controller.rs index 3d6dcdf0..fd2e8cd1 100644 --- a/rust/operator-binary/src/spark_k8s_controller.rs +++ b/rust/operator-binary/src/spark_k8s_controller.rs @@ -1,10 +1,11 @@ -use std::{sync::Arc, time::Duration}; +use std::{sync::Arc, time::Duration, vec}; use stackable_spark_k8s_crd::{ - constants::*, s3logdir::S3LogDir, SparkApplication, SparkApplicationRole, SparkContainer, - SparkStorageConfig, SubmitJobContainer, + constants::*, s3logdir::S3LogDir, tlscerts, SparkApplication, SparkApplicationRole, + SparkContainer, SparkStorageConfig, SubmitJobContainer, }; +use crate::product_logging::{self, resolve_vector_aggregator_address}; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{ConfigMapBuilder, ContainerBuilder, ObjectMetaBuilder, PodBuilder, VolumeBuilder}, @@ -42,8 +43,6 @@ use stackable_operator::{ }; use strum::{EnumDiscriminants, IntoStaticStr}; -use crate::product_logging::{self, resolve_vector_aggregator_address}; - pub struct Ctx { pub client: stackable_operator::client::Client, } @@ -148,6 +147,7 @@ pub async fn reconcile(spark_application: Arc, ctx: Arc) _ => None, }; + // check early for valid verification options if let Some(conn) = opt_s3conn.as_ref() { if let Some(tls) = &conn.tls { match &tls.verification { @@ -155,9 +155,7 @@ pub async fn reconcile(spark_application: Arc, ctx: Arc) TlsVerification::Server(server_verification) => { match &server_verification.ca_cert { CaCert::WebPki {} => {} - CaCert::SecretClass(_) => { - return S3TlsCaVerificationNotSupportedSnafu.fail() - } + CaCert::SecretClass(_) => {} } } } @@ -202,7 +200,7 @@ pub async fn reconcile(spark_application: Arc, ctx: Arc) .as_deref() .context(ObjectHasNoSparkImageSnafu)?; - let env_vars = spark_application.env(); + let env_vars = spark_application.env(&opt_s3conn, &s3logdir); let driver_config = spark_application .driver_config() @@ -305,6 +303,8 @@ pub async fn reconcile(spark_application: Arc, ctx: Arc) fn init_containers( spark_application: &SparkApplication, logging: &Logging, + s3conn: &Option, + s3logdir: &Option, ) -> Result> { let mut jcb = ContainerBuilder::new(&SparkContainer::Job.to_string()) .context(IllegalContainerNameSnafu)?; @@ -368,10 +368,33 @@ fn init_containers( if let Some(image_pull_policy) = spark_application.spark_image_pull_policy() { rcb.image_pull_policy(image_pull_policy.to_string()); } + rcb.build() }); - Ok(vec![job_container, requirements_container] + // if TLS is enabled, build TrustStore and put secret inside. + let mut tcb = ContainerBuilder::new(&SparkContainer::Tls.to_string()) + .context(IllegalContainerNameSnafu)?; + let mut args = Vec::new(); + + let tls_container = tlscerts::tls_secret_names(s3conn, s3logdir).map(|cert_secrets| { + args.extend(tlscerts::create_key_and_trust_store()); + for cert_secret in cert_secrets { + args.extend(tlscerts::add_cert_to_stackable_truststore(cert_secret)); + tcb.add_volume_mount( + cert_secret, + format!("{STACKABLE_MOUNT_PATH_TLS}/{cert_secret}"), + ); + } + tcb.image(spark_image); + tcb.command(vec!["/bin/bash".to_string(), "-c".to_string()]); + tcb.args(vec![args.join(" && ")]); + tcb.add_volume_mount(STACKABLE_TRUST_STORE_NAME, STACKABLE_TRUST_STORE); + tcb.build() + }); + tracing::info!("Args [{:#?}]", args); + + Ok(vec![job_container, requirements_container, tls_container] .into_iter() .flatten() .collect()) @@ -383,9 +406,10 @@ fn pod_template( config: &PodTemplateConfig, volumes: &[Volume], env: &[EnvVar], + s3conn: &Option, + s3logdir: &Option, ) -> Result { let container_name = SparkContainer::Spark.to_string(); - let mut cb = ContainerBuilder::new(&container_name).context(IllegalContainerNameSnafu)?; cb.add_volume_mounts(config.volume_mounts.clone()) .add_env_vars(env.to_vec()) @@ -424,7 +448,8 @@ fn pod_template( pb.affinity(&config.affinity); - let init_containers = init_containers(spark_application, &config.logging).unwrap(); + let init_containers = + init_containers(spark_application, &config.logging, s3conn, s3logdir).unwrap(); for init_container in init_containers { pb.add_init_container(init_container.clone()); @@ -489,7 +514,14 @@ fn pod_template_config_map( .build(), ); - let template = pod_template(spark_application, config, volumes.as_ref(), env)?; + let template = pod_template( + spark_application, + config, + volumes.as_ref(), + env, + s3conn, + s3logdir, + )?; let mut cm_builder = ConfigMapBuilder::new(); diff --git a/tests/templates/kuttl/spark-history-server/00-secrets.yaml.j2 b/tests/templates/kuttl/spark-history-server/00-secrets.yaml.j2 new file mode 100644 index 00000000..fbf06a10 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/00-secrets.yaml.j2 @@ -0,0 +1,78 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: s3-credentials-class +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: s3-credentials + labels: + secrets.stackable.tech/class: s3-credentials-class +stringData: + accessKey: spark + secretKey: sparkspark +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: history-credentials-class +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: history-credentials + labels: + secrets.stackable.tech/class: history-credentials-class +stringData: + accessKey: spark + secretKey: sparkspark +--- +apiVersion: v1 +kind: Secret +metadata: + name: centralized-minio-users +type: Opaque +stringData: + username1: | + username=spark + password=sparkspark + disabled=false + policies=readwrite,consoleAdmin,diagnostics + setPolicies=false + +{% if test_scenario['values']['s3-use-tls'] == 'true' %} +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: minio-tls-eventlog +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-tls-eventlog + labels: + secrets.stackable.tech/class: minio-tls-eventlog +# Have a look at the folder certs on how to create this: ensure the common name matches the minio instance! +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lVZEhBWE16UHJaTGx1TURPNlhrT1ozQUdJaGlzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVGt4TlRJek16UmEKR0E4eU1USXpNRFV5TmpFMU1qTXpORm93ZXpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4S0RBbUJnTlZCQW9NSDFOMFlXTnJZV0pzClpTQlRhV2R1YVc1bklFRjFkR2h2Y21sMGVTQkpibU14RlRBVEJnTlZCQU1NREhOMFlXTnJZV0pzWlM1a1pUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOR0Jqang2K1lCSm1jOUJaeE5QdnlnRwo2b3VGWFNlajBFWVFISlRyQStZWW5VeGV4eEwyYUU2R2hHTEJWTEYzYkFpUXErbUV0WDlZZGdaRFhBTy9aS1N6Cjl5dXBXY2dkR1B0Uk9qQ0RYdE1SY1pWNFhBRVNsODBRZkVhL041U2ZjTHJBM0JNNWp3YzlrcGR5TXgzOWJkbEEKRExvMlN2d0czTmdOeUpWZkRaS2N5MExFZThnaHFOVFcwSHhKN3FMdHFhb0cycVl2SUVUaDUyd3RzOTUyYlZWMgo3aW9kOUhZWUx2dzFVdzQ1bXM4bXViYldVTHNRMXNORmxRTDAvOU1SakdMREM2RHc5NW9wMzA4MkxXU0NHZ0JMCis4eCtCVTVoUFRGeDN6VFZDVFI1WCtvS0Y4SjlOREZmcjVLK1lUZE5QMG5PRUdOcXcrdDBQcWYyR3N4MWFnOEMKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRkFNMFNKaTB3WWpIcWwzVDYwVk0xb251VWhCTk1COEdBMVVkSXdRWQpNQmFBRkFNMFNKaTB3WWpIcWwzVDYwVk0xb251VWhCTk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBRXVsdzVqeUlpQmFNNHVzSlFaYUNoV1BPZlFqbzBoRGNFL2REWnZNSjVhMEF4WEkKWHFOd284c3B1WlAzSkY4cks3SlpmYmdKcjJzV2FYUFZCR3hENk56WTBpTWhCMTFQNVZOZ3JpczFFeDJCTmZCdQpGSitvUHdjNnBGWjVsbTl3SVpKRk9USXk1djRyOG1tVCtscnFSYzZERG1LWlpCWVB0NVE1a1pXQm54TmlLTGVHCnVaYXhONFVCRnBLdlpqOHdRMi81amxGWXh6R3Z3NjRPVTIvN3N0NGJuU2NWbEhYa0cvWHJsYVg4NmJoREFUcDYKeEtsQWxhMkJEeVhJRWs1R2Rma2lmTG1VRTZZSGozUUJBd0prMkFYQTNMaElGY2NxRkNwclFLblpJcHNuSjRzMwprNXZSWDVibWkyUGhLc2Y3bmR5M0tMaHVUYlBQcnE2UGtuZkpzd3c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyakNDQXNLZ0F3SUJBZ0lVRlI3RHEvdlhUSUpXcEE2MEppL0paUTFKRzlVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVGt4TlRJek16UmEKR0E4eU1USXpNRFV5TmpFMU1qTXpORm93WnpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4RWpBUUJnTlZCQW9NQ1ZOMFlXTnJZV0pzClpURVhNQlVHQTFVRUF3d09aWFpsYm5Sc2IyY3RiV2x1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFESFN6NEJ5UzRORjM0emhleXBDMllsTCt5VEtEbC9WQVBEaHF1dE5TZTh2MkdzdXJZdgpDVDdjZmw2MzFETHc5eHc4NlVDRzVKMVc3a25uZGNlMExEcGhwWmNiUVUzcVNMcisxRG1HdHc5MWdKclFoREg5CjhiZXgxbkN1NExVSllWdldCVGg2TUNhdFVkYmdvb09DNGExdHJmeDJ5VHhDZEZ5cVlHUm1SeU9oNVFxZEF1VlIKWjV0bG9FU1BJRFVJVnhVQk1iZ1BlbUt6L0hhK2xkcDhkVzZTS1ZqWml1TnZxaTI5UkU0bUNyLzR4TXlMZWwwVgp1TllNcHFPcVprWEczbVpqVWhsRWpSSThJMSs1OU13WVBYZVowS1hKK2J6cmw4SWZVNU15NkZHRkkvalovVXBxCnIxcitOYU9zWmY4MXMvK0dyUi95UkJ2bkNaWlBOS0tpVWFpUkFnTUJBQUdqYURCbU1DUUdBMVVkRVFRZE1CdUMKRG1WMlpXNTBiRzluTFcxcGJtbHZnZ2xzYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRk55aTMrb0ZRNHpKaWdCdQo2VjJEejVWNnB6Z09NQjhHQTFVZEl3UVlNQmFBRkFNMFNKaTB3WWpIcWwzVDYwVk0xb251VWhCTk1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUURIeEhJNzZoZUt1cndBRUZQelVoNjdiT2ViM0UxeGtyb0RnR29ZZzIyOWJCVXgKS0JPZWJvUUhuK0JjTEtCeUFXcEphWnBIajAzTldOS0IxcTM4YUx6UXpqbkhlMDZCWU9IQ1kwRFJsREZ1YlhnMgpUQXQyb25vN1ZWNStVTnNGSU5ONnFuWFlDSnV3L2N2WnJVZ3p2MXI5dDJyWnhHVllaVWppeEJRMjRrK0hsdnlGClN6WnBjU3Y1ZlRPMGd6ZUJTaEZkR09FME1HU0x5RGZoT1ZoZGRhanRyN0E1NEVITFFkME5BcXNKQjB3blo4eEgKZWZ4VGhZTktxZEJkaitZd0xGMFk0TWtDaGYva2t4dEhLT012Q2lBS0F3YkEwZ25hT0RDeEd2VEZiSFFFOW5zMgpCQUZqblZKNGh3aTQzeDkxOTFjQnVqOGdZQkdpaUh1NCtGRlNXMXNSCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREhTejRCeVM0TkYzNHoKaGV5cEMyWWxMK3lUS0RsL1ZBUERocXV0TlNlOHYyR3N1cll2Q1Q3Y2ZsNjMxREx3OXh3ODZVQ0c1SjFXN2tubgpkY2UwTERwaHBaY2JRVTNxU0xyKzFEbUd0dzkxZ0pyUWhESDk4YmV4MW5DdTRMVUpZVnZXQlRoNk1DYXRVZGJnCm9vT0M0YTF0cmZ4MnlUeENkRnlxWUdSbVJ5T2g1UXFkQXVWUlo1dGxvRVNQSURVSVZ4VUJNYmdQZW1Lei9IYSsKbGRwOGRXNlNLVmpaaXVOdnFpMjlSRTRtQ3IvNHhNeUxlbDBWdU5ZTXBxT3Faa1hHM21aalVobEVqUkk4STErNQo5TXdZUFhlWjBLWEorYnpybDhJZlU1TXk2RkdGSS9qWi9VcHFyMXIrTmFPc1pmODFzLytHclIveVJCdm5DWlpQCk5LS2lVYWlSQWdNQkFBRUNnZ0VBQVNTUUFHYit2dXZaSVJyaDc1bjVjZW9GZ0haSEJxRTA1SkdVa1ZHa1JzRisKOGhSdnhDTW9uMjl3MC90cE41OG1JLzRITFFMWmVXQzBUeW5LYlhEQnZMSzhOQ2QrcHJMWU1pc0Z3YTFSN3crLwp5NFZ2aXpRUU5HcU5NcjZHZ1QxVC8wMGdQTmlpOXlSWWora1VxWnJwVVg5QmV1Mm1YUi94VWxlTFNkZ2JkdU9nCmpidGJEcTZTNE9GTTVsUEdId09CZXRHVVhVbHd1NENrTTZCQngrYnZPK2UrOXIwZ3BhdFp3QUl4U2djcFR0TkcKVnJqdjdaVmtGK0JwMElZaEUwRCtIc25uemw5cUlZN2hTWEZpQWd2WlJ3bXBndnByMGh2UVl4ZHRqZkpkc0tRYQpRcWo5MnBNYmZJMlZNNjJHbFhFbEcxQXpxZmJDTGsrZHJtc2tXdnpyUVFLQmdRRDhkTm1HQndLL2dpMk9vM1AyCmNQTlZIaDh6M3A3Z2VwM3lmbEZFZ0RkUGhBWk5TUHRkN0NNeU9PUmh0ZDRYdGJWampGRlR2VzB6aVR5ancvL0QKOUgvdWNES1AycjNmcjZJbHNmQ2hBWVd3SlI4eVlGU1V0VUp6TjV3Zmdnb2phUHdUWDZzVE5oMkFNOGtlU3RiegpjSFNRQVd3SjVUUEVoODRKTTNJazlhcXBVUUtCZ1FES0YxMG9tWE5WOEM4S0lZbjI5S0JXWVNNcWZnelcyNyt6CjRVVWVIWGxyZ0JSblVxNHE3UklneDg4alZqSDJrTDZwbFlQMVJ6ZjVBemZOUjNkQnFCYkdHRkRRNEdZcDdNSUwKbmpzZmJkWnN6cHZmNGNBemVXR2RlZ3NOeEpkcDFrNEdhL2ppa0psNTg4MDBSUUd3NVdmdTdvQTlVY29KbFhERwpReTBmbjhjN1FRS0JnUUROQkgvYVRqczNGeHEwS1oxMDEwbGxLRzhpaW5udnh1UWFGK2NiZ0J4cTRNYlZZSjF5Ckt1QnlXcTF0aEdwMlNzU2hzVVFpZzBUNWcwdlJtc3hNY0hTc1NFVm5lYmFVdjJjb3daYXV5ak90VnBnOUt1bkYKVW1aQ2R6aThoYmlDQlRJZzhhSldtYTNmZlM2cEFSSUs1SnBra0NNUzdpWGFSb2RXQllkKzZGck40UUtCZ0NKdQpoS0xNTWtoc0diZWlLejEyUkhNekxhaXB2VXBHT28xTlRsZHBNaXpNcjYxQyt3VzVTcU5uSjdXZmsvZXNoYStqCkY4Nk1pYzdWYTRhQUxLTjFIaHcyUEY2NlBPM2J0dHYvNDViaFFlMWI3bGJnd2J5RGE4eEc1T2M5bllhY3lzSngKVndCVEhyTVdoTm5vLy9iQnYwbUlQVFUxWURUdHp6OFladkhDYVZHQkFvR0FPcGVpaXV1MG1xRXBQR1dXZ0Z5RQplb2FrQ1E5a21MLzM3aTlBaGh4dXI3Q1pvS01kU1B2SHJ2S1Q1UVB4d1UvQ1YweUpBNlpTOWszVzN5bUJlcHNRCjlkMlh1azVDYlp0cVBIWDdoYmxwUExiK1BzTlg0L2JReEJLdTBRR3EzMkJsQU9yMnlFNHBpWFE3YzZRMHQ2MnEKOFlZd1ZaWG1obWdDSTgxMXlkWG9oM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +{% endif %} \ No newline at end of file diff --git a/tests/templates/kuttl/spark-history-server/02-s3-secret.yaml b/tests/templates/kuttl/spark-history-server/02-s3-secret.yaml deleted file mode 100644 index aa1eb9d7..00000000 --- a/tests/templates/kuttl/spark-history-server/02-s3-secret.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: minio-credentials - labels: - secrets.stackable.tech/class: spark-history-server-s3-credentials-class -stringData: - accessKey: minioAccessKey - secretKey: minioSecretKey - # The following two entries are used by the Bitnami chart for MinIO to - # set up credentials for accessing buckets managed by the MinIO tenant. - root-user: minioAccessKey - root-password: minioSecretKey ---- -apiVersion: secrets.stackable.tech/v1alpha1 -kind: SecretClass -metadata: - name: spark-history-server-s3-credentials-class -spec: - backend: - k8sSearch: - searchNamespace: - pod: {} ---- -apiVersion: v1 -kind: Secret -metadata: - name: history-credentials - labels: - secrets.stackable.tech/class: history-credentials-class -stringData: - accessKey: eventLogAccessKey - secretKey: eventLogSecretKey - # The following two entries are used by the Bitnami chart for MinIO to - # set up credentials for accessing buckets managed by the MinIO tenant. - root-user: eventLogAccessKey - root-password: eventLogSecretKey ---- -apiVersion: secrets.stackable.tech/v1alpha1 -kind: SecretClass -metadata: - name: history-credentials-class -spec: - backend: - k8sSearch: - searchNamespace: - pod: {} diff --git a/tests/templates/kuttl/spark-history-server/03-assert.yaml b/tests/templates/kuttl/spark-history-server/03-assert.yaml index 34cce1da..7218a47d 100644 --- a/tests/templates/kuttl/spark-history-server/03-assert.yaml +++ b/tests/templates/kuttl/spark-history-server/03-assert.yaml @@ -25,12 +25,3 @@ metadata: app: minio-client status: phase: Running ---- -apiVersion: v1 -kind: Pod -metadata: - name: eventlog-minio-client - labels: - app: eventlog-minio-client -status: - phase: Running diff --git a/tests/templates/kuttl/spark-history-server/03-setup-minio.yaml b/tests/templates/kuttl/spark-history-server/03-setup-minio.yaml index c88715cc..62341947 100644 --- a/tests/templates/kuttl/spark-history-server/03-setup-minio.yaml +++ b/tests/templates/kuttl/spark-history-server/03-setup-minio.yaml @@ -3,17 +3,19 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - script: >- - helm install test-minio + helm install eventlog-minio --namespace $NAMESPACE - --version 11.9.2 - -f helm-bitnami-minio-values.yaml + --version 12.6.4 + -f helm-bitnami-eventlog-minio-values.yaml --repo https://charts.bitnami.com/bitnami minio + timeout: 240 - script: >- - helm install eventlog-minio + helm install test-minio --namespace $NAMESPACE - --version 11.9.2 - -f helm-bitnami-eventlog-minio-values.yaml + --version 12.6.4 + -f helm-bitnami-minio-values.yaml --repo https://charts.bitnami.com/bitnami minio + timeout: 240 --- apiVersion: v1 kind: Pod @@ -25,60 +27,5 @@ spec: restartPolicy: Never containers: - name: minio-client - image: docker.io/bitnami/minio-client:2022.8.11-debian-11-r3 - command: ["bash", "-c", "sleep infinity"] - stdin: true - tty: true - env: - - name: MINIO_SERVER_ACCESS_KEY - valueFrom: - secretKeyRef: - name: minio-credentials - key: root-user - optional: false - - name: MINIO_SERVER_SECRET_KEY - valueFrom: - secretKeyRef: - name: minio-credentials - key: root-password - optional: false - - name: MINIO_SERVER_HOST - value: test-minio - - name: MINIO_SERVER_PORT_NUMBER - value: "9000" - - name: MINIO_SERVER_SCHEME - value: http ---- -apiVersion: v1 -kind: Pod -metadata: - name: eventlog-minio-client - labels: - app: eventlog-minio-client -spec: - restartPolicy: Never - containers: - - name: minio-client - image: docker.io/bitnami/minio-client:2022.8.11-debian-11-r3 + image: docker.io/bitnami/minio-client:2023.5.18-debian-11-r2 command: ["bash", "-c", "sleep infinity"] - stdin: true - tty: true - env: - - name: MINIO_SERVER_ACCESS_KEY - valueFrom: - secretKeyRef: - name: history-credentials - key: root-user - optional: false - - name: MINIO_SERVER_SECRET_KEY - valueFrom: - secretKeyRef: - name: history-credentials - key: root-password - optional: false - - name: MINIO_SERVER_HOST - value: eventlog-minio - - name: MINIO_SERVER_PORT_NUMBER - value: "9000" - - name: MINIO_SERVER_SCHEME - value: http diff --git a/tests/templates/kuttl/spark-history-server/04-prepare-bucket.yaml.j2 b/tests/templates/kuttl/spark-history-server/04-prepare-bucket.yaml.j2 index 87436a23..d9d05fea 100644 --- a/tests/templates/kuttl/spark-history-server/04-prepare-bucket.yaml.j2 +++ b/tests/templates/kuttl/spark-history-server/04-prepare-bucket.yaml.j2 @@ -5,8 +5,5 @@ commands: # give minio enough time to start - command: sleep 10 - command: kubectl cp -n $NAMESPACE spark-examples_{{ test_scenario['values']['spark'].split('-stackable')[0] }}.jar minio-client:/tmp/spark-examples.jar - - command: kubectl exec -n $NAMESPACE minio-client -- sh -c 'mc alias set test-minio http://test-minio:9000 $$MINIO_SERVER_ACCESS_KEY $$MINIO_SERVER_SECRET_KEY' - - command: kubectl exec -n $NAMESPACE minio-client -- mc mb test-minio/my-bucket - - command: kubectl exec -n $NAMESPACE eventlog-minio-client -- sh -c 'mc alias set eventlog-minio http://eventlog-minio:9000 $$MINIO_SERVER_ACCESS_KEY $$MINIO_SERVER_SECRET_KEY' - - command: kubectl exec -n $NAMESPACE eventlog-minio-client -- mc mb eventlog-minio/spark-logs/eventlogs + - command: kubectl exec -n $NAMESPACE minio-client -- mc --insecure alias set test-minio http://test-minio:9000 spark sparkspark - command: kubectl exec -n $NAMESPACE minio-client -- mc cp /tmp/spark-examples.jar test-minio/my-bucket diff --git a/tests/templates/kuttl/spark-history-server/05-s3-connection.yaml b/tests/templates/kuttl/spark-history-server/05-s3-connection.yaml.j2 similarity index 74% rename from tests/templates/kuttl/spark-history-server/05-s3-connection.yaml rename to tests/templates/kuttl/spark-history-server/05-s3-connection.yaml.j2 index 097ac6d8..42d785da 100644 --- a/tests/templates/kuttl/spark-history-server/05-s3-connection.yaml +++ b/tests/templates/kuttl/spark-history-server/05-s3-connection.yaml.j2 @@ -8,7 +8,7 @@ spec: port: 9000 accessStyle: Path credentials: - secretClass: spark-history-server-s3-credentials-class + secretClass: s3-credentials-class --- apiVersion: s3.stackable.tech/v1alpha1 kind: S3Connection @@ -20,6 +20,13 @@ spec: accessStyle: Path credentials: secretClass: history-credentials-class +{% if test_scenario['values']['s3-use-tls'] == 'true' %} + tls: + verification: + server: + caCert: + secretClass: minio-tls-eventlog +{% endif %} --- apiVersion: s3.stackable.tech/v1alpha1 kind: S3Bucket diff --git a/tests/templates/kuttl/spark-history-server/06-deploy-history-server.yaml.j2 b/tests/templates/kuttl/spark-history-server/06-deploy-history-server.yaml.j2 index c1c1245e..e57d720c 100644 --- a/tests/templates/kuttl/spark-history-server/06-deploy-history-server.yaml.j2 +++ b/tests/templates/kuttl/spark-history-server/06-deploy-history-server.yaml.j2 @@ -1,4 +1,24 @@ --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: spark-history-log-config +data: + log4j2.properties: |- + appenders = CONSOLE + + appender.CONSOLE.type = Console + appender.CONSOLE.name = CONSOLE + appender.CONSOLE.target = SYSTEM_ERR + appender.CONSOLE.layout.type = PatternLayout + appender.CONSOLE.layout.pattern = %d{ISO8601} %p [%t] %c - %m%n + appender.CONSOLE.filter.threshold.type = ThresholdFilter + appender.CONSOLE.filter.threshold.level = DEBUG + + rootLogger.level=DEBUG + rootLogger.appenderRefs = CONSOLE + rootLogger.appenderRef.CONSOLE.ref = CONSOLE +--- apiVersion: spark.stackable.tech/v1alpha1 kind: SparkHistoryServer metadata: @@ -21,6 +41,10 @@ spec: config: logging: enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + containers: + spark-history: + custom: + configMap: spark-history-log-config roleGroups: default: replicas: 1 diff --git a/tests/templates/kuttl/spark-history-server/certs/ca.crt b/tests/templates/kuttl/spark-history-server/certs/ca.crt new file mode 100644 index 00000000..beb286d0 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/ca.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUdHAXMzPrZLluMDO6XkOZ3AGIhiswDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNTIzMzRa +GA8yMTIzMDUyNjE1MjMzNFowezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGBjjx6+YBJmc9BZxNPvygG +6ouFXSej0EYQHJTrA+YYnUxexxL2aE6GhGLBVLF3bAiQq+mEtX9YdgZDXAO/ZKSz +9yupWcgdGPtROjCDXtMRcZV4XAESl80QfEa/N5SfcLrA3BM5jwc9kpdyMx39bdlA +DLo2SvwG3NgNyJVfDZKcy0LEe8ghqNTW0HxJ7qLtqaoG2qYvIETh52wts952bVV2 +7iod9HYYLvw1Uw45ms8mubbWULsQ1sNFlQL0/9MRjGLDC6Dw95op3082LWSCGgBL ++8x+BU5hPTFx3zTVCTR5X+oKF8J9NDFfr5K+YTdNP0nOEGNqw+t0Pqf2Gsx1ag8C +AwEAAaNTMFEwHQYDVR0OBBYEFAM0SJi0wYjHql3T60VM1onuUhBNMB8GA1UdIwQY +MBaAFAM0SJi0wYjHql3T60VM1onuUhBNMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAEulw5jyIiBaM4usJQZaChWPOfQjo0hDcE/dDZvMJ5a0AxXI +XqNwo8spuZP3JF8rK7JZfbgJr2sWaXPVBGxD6NzY0iMhB11P5VNgris1Ex2BNfBu +FJ+oPwc6pFZ5lm9wIZJFOTIy5v4r8mmT+lrqRc6DDmKZZBYPt5Q5kZWBnxNiKLeG +uZaxN4UBFpKvZj8wQ2/5jlFYxzGvw64OU2/7st4bnScVlHXkG/XrlaX86bhDATp6 +xKlAla2BDyXIEk5GdfkifLmUE6YHj3QBAwJk2AXA3LhIFccqFCprQKnZIpsnJ4s3 +k5vRX5bmi2PhKsf7ndy3KLhuTbPPrq6PknfJsww= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-history-server/certs/client.crt.pem b/tests/templates/kuttl/spark-history-server/certs/client.crt.pem new file mode 100644 index 00000000..19ba9f4f --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/client.crt.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIUFR7Dq/vXTIJWpA60Ji/JZQ1JG9UwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNTIzMzRa +GA8yMTIzMDUyNjE1MjMzNFowZzELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJs +ZTEXMBUGA1UEAwwOZXZlbnRsb2ctbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDHSz4ByS4NF34zheypC2YlL+yTKDl/VAPDhqutNSe8v2GsurYv +CT7cfl631DLw9xw86UCG5J1W7knndce0LDphpZcbQU3qSLr+1DmGtw91gJrQhDH9 +8bex1nCu4LUJYVvWBTh6MCatUdbgooOC4a1trfx2yTxCdFyqYGRmRyOh5QqdAuVR +Z5tloESPIDUIVxUBMbgPemKz/Ha+ldp8dW6SKVjZiuNvqi29RE4mCr/4xMyLel0V +uNYMpqOqZkXG3mZjUhlEjRI8I1+59MwYPXeZ0KXJ+bzrl8IfU5My6FGFI/jZ/Upq +r1r+NaOsZf81s/+GrR/yRBvnCZZPNKKiUaiRAgMBAAGjaDBmMCQGA1UdEQQdMBuC +DmV2ZW50bG9nLW1pbmlvgglsb2NhbGhvc3QwHQYDVR0OBBYEFNyi3+oFQ4zJigBu +6V2Dz5V6pzgOMB8GA1UdIwQYMBaAFAM0SJi0wYjHql3T60VM1onuUhBNMA0GCSqG +SIb3DQEBCwUAA4IBAQDHxHI76heKurwAEFPzUh67bOeb3E1xkroDgGoYg229bBUx +KBOeboQHn+BcLKByAWpJaZpHj03NWNKB1q38aLzQzjnHe06BYOHCY0DRlDFubXg2 +TAt2ono7VV5+UNsFINN6qnXYCJuw/cvZrUgzv1r9t2rZxGVYZUjixBQ24k+HlvyF +SzZpcSv5fTO0gzeBShFdGOE0MGSLyDfhOVhddajtr7A54EHLQd0NAqsJB0wnZ8xH +efxThYNKqdBdj+YwLF0Y4MkChf/kkxtHKOMvCiAKAwbA0gnaODCxGvTFbHQE9ns2 +BAFjnVJ4hwi43x9191cBuj8gYBGiiHu4+FFSW1sR +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-history-server/certs/client.csr.pem b/tests/templates/kuttl/spark-history-server/certs/client.csr.pem new file mode 100644 index 00000000..b0480aff --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/client.csr.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC4zCCAcsCAQAwZzELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1I +b2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJsZTEXMBUG +A1UEAwwOZXZlbnRsb2ctbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDHSz4ByS4NF34zheypC2YlL+yTKDl/VAPDhqutNSe8v2GsurYvCT7cfl63 +1DLw9xw86UCG5J1W7knndce0LDphpZcbQU3qSLr+1DmGtw91gJrQhDH98bex1nCu +4LUJYVvWBTh6MCatUdbgooOC4a1trfx2yTxCdFyqYGRmRyOh5QqdAuVRZ5tloESP +IDUIVxUBMbgPemKz/Ha+ldp8dW6SKVjZiuNvqi29RE4mCr/4xMyLel0VuNYMpqOq +ZkXG3mZjUhlEjRI8I1+59MwYPXeZ0KXJ+bzrl8IfU5My6FGFI/jZ/Upqr1r+NaOs +Zf81s/+GrR/yRBvnCZZPNKKiUaiRAgMBAAGgNzA1BgkqhkiG9w0BCQ4xKDAmMCQG +A1UdEQQdMBuCDmV2ZW50bG9nLW1pbmlvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL +BQADggEBAGVoyPbKlZXfmRgaI/mEsaefwLbshyP/W6Q5+n3rEvahAw3d3EzjqfC1 +Xs+qoKdU4toB3SdJ8CfKzrE0irONLgE5MsPOzQd0EIQpBaL9yRX8226QGMyaki+0 +OPlkjHulE+71fCSDPXWZZTUjUroryWagoHESkXpT8PjuP+mWbGnzl9qN2QnVcWJB +eLKhLChpZrGhDrdpaUQMKXhfu60rfAsvj7H/kjE5ZUfBl/yFDrd+W9gG7OBBCvtG +2dIGiKOlScxtOw0l/M32FzqwlQovo5q/lsj7XYm2cJx1xEsiJMELEOU16IGx9/4v +b2DIhlmdiuU0+B6KnGvRZR4Dqx7kH5E= +-----END CERTIFICATE REQUEST----- diff --git a/tests/templates/kuttl/spark-history-server/certs/client.key.pem b/tests/templates/kuttl/spark-history-server/certs/client.key.pem new file mode 100644 index 00000000..79bbded3 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/client.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHSz4ByS4NF34z +heypC2YlL+yTKDl/VAPDhqutNSe8v2GsurYvCT7cfl631DLw9xw86UCG5J1W7knn +dce0LDphpZcbQU3qSLr+1DmGtw91gJrQhDH98bex1nCu4LUJYVvWBTh6MCatUdbg +ooOC4a1trfx2yTxCdFyqYGRmRyOh5QqdAuVRZ5tloESPIDUIVxUBMbgPemKz/Ha+ +ldp8dW6SKVjZiuNvqi29RE4mCr/4xMyLel0VuNYMpqOqZkXG3mZjUhlEjRI8I1+5 +9MwYPXeZ0KXJ+bzrl8IfU5My6FGFI/jZ/Upqr1r+NaOsZf81s/+GrR/yRBvnCZZP +NKKiUaiRAgMBAAECggEAASSQAGb+vuvZIRrh75n5ceoFgHZHBqE05JGUkVGkRsF+ +8hRvxCMon29w0/tpN58mI/4HLQLZeWC0TynKbXDBvLK8NCd+prLYMisFwa1R7w+/ +y4VvizQQNGqNMr6GgT1T/00gPNii9yRYj+kUqZrpUX9Beu2mXR/xUleLSdgbduOg +jbtbDq6S4OFM5lPGHwOBetGUXUlwu4CkM6BBx+bvO+e+9r0gpatZwAIxSgcpTtNG +Vrjv7ZVkF+Bp0IYhE0D+Hsnnzl9qIY7hSXFiAgvZRwmpgvpr0hvQYxdtjfJdsKQa +Qqj92pMbfI2VM62GlXElG1AzqfbCLk+drmskWvzrQQKBgQD8dNmGBwK/gi2Oo3P2 +cPNVHh8z3p7gep3yflFEgDdPhAZNSPtd7CMyOORhtd4XtbVjjFFTvW0ziTyjw//D +9H/ucDKP2r3fr6IlsfChAYWwJR8yYFSUtUJzN5wfggojaPwTX6sTNh2AM8keStbz +cHSQAWwJ5TPEh84JM3Ik9aqpUQKBgQDKF10omXNV8C8KIYn29KBWYSMqfgzW27+z +4UUeHXlrgBRnUq4q7RIgx88jVjH2kL6plYP1Rzf5AzfNR3dBqBbGGFDQ4GYp7MIL +njsfbdZszpvf4cAzeWGdegsNxJdp1k4Ga/jikJl58800RQGw5Wfu7oA9UcoJlXDG +Qy0fn8c7QQKBgQDNBH/aTjs3Fxq0KZ1010llKG8iinnvxuQaF+cbgBxq4MbVYJ1y +KuByWq1thGp2SsShsUQig0T5g0vRmsxMcHSsSEVnebaUv2cowZauyjOtVpg9KunF +UmZCdzi8hbiCBTIg8aJWma3ffS6pARIK5JpkkCMS7iXaRodWBYd+6FrN4QKBgCJu +hKLMMkhsGbeiKz12RHMzLaipvUpGOo1NTldpMizMr61C+wW5SqNnJ7Wfk/esha+j +F86Mic7Va4aALKN1Hhw2PF66PO3bttv/45bhQe1b7lbgwbyDa8xG5Oc9nYacysJx +VwBTHrMWhNno//bBv0mIPTU1YDTtzz8YZvHCaVGBAoGAOpeiiuu0mqEpPGWWgFyE +eoakCQ9kmL/37i9Ahhxur7CZoKMdSPvHrvKT5QPxwU/CV0yJA6ZS9k3W3ymBepsQ +9d2Xuk5CbZtqPHX7hblpPLb+PsNX4/bQxBKu0QGq32BlAOr2yE4piXQ7c6Q0t62q +8YYwVZXmhmgCI811ydXoh3Y= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-history-server/certs/generate.sh b/tests/templates/kuttl/spark-history-server/certs/generate.sh new file mode 100755 index 00000000..4c3d0757 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/generate.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +echo "Creating client cert" +FQDN="eventlog-minio" + +echo "Creating Root Certificate Authority" +openssl genrsa \ + -out root-ca.key.pem \ + 2048 + +echo "Self-signing the Root Certificate Authority" +openssl req \ + -x509 \ + -new \ + -nodes \ + -key root-ca.key.pem \ + -days 36500 \ + -out root-ca.crt.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable Signing Authority Inc/CN=stackable.de" + +openssl genrsa \ + -out client.key.pem \ + 2048 + +echo "Creating the CSR" +openssl req -new \ + -key client.key.pem \ + -out client.csr.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable/CN=${FQDN}" \ + -addext "subjectAltName = DNS:${FQDN}, DNS:localhost" + +echo "Signing the client cert with the root ca" +openssl x509 \ + -req -in client.csr.pem \ + -CA root-ca.crt.pem \ + -CAkey root-ca.key.pem \ + -CAcreateserial \ + -out client.crt.pem \ + -days 36500 \ + -copy_extensions copy + +echo "Copying the files to match the api of the secret-operator" +cp root-ca.crt.pem ca.crt +cp client.key.pem tls.key +cp client.crt.pem tls.crt + +echo "To create a k8s secret run" +echo "kubectl create secret generic foo --from-file=ca.crt --from-file=tls.crt --from-file=tls.key" diff --git a/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.pem b/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.pem new file mode 100644 index 00000000..beb286d0 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUdHAXMzPrZLluMDO6XkOZ3AGIhiswDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNTIzMzRa +GA8yMTIzMDUyNjE1MjMzNFowezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGBjjx6+YBJmc9BZxNPvygG +6ouFXSej0EYQHJTrA+YYnUxexxL2aE6GhGLBVLF3bAiQq+mEtX9YdgZDXAO/ZKSz +9yupWcgdGPtROjCDXtMRcZV4XAESl80QfEa/N5SfcLrA3BM5jwc9kpdyMx39bdlA +DLo2SvwG3NgNyJVfDZKcy0LEe8ghqNTW0HxJ7qLtqaoG2qYvIETh52wts952bVV2 +7iod9HYYLvw1Uw45ms8mubbWULsQ1sNFlQL0/9MRjGLDC6Dw95op3082LWSCGgBL ++8x+BU5hPTFx3zTVCTR5X+oKF8J9NDFfr5K+YTdNP0nOEGNqw+t0Pqf2Gsx1ag8C +AwEAAaNTMFEwHQYDVR0OBBYEFAM0SJi0wYjHql3T60VM1onuUhBNMB8GA1UdIwQY +MBaAFAM0SJi0wYjHql3T60VM1onuUhBNMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAEulw5jyIiBaM4usJQZaChWPOfQjo0hDcE/dDZvMJ5a0AxXI +XqNwo8spuZP3JF8rK7JZfbgJr2sWaXPVBGxD6NzY0iMhB11P5VNgris1Ex2BNfBu +FJ+oPwc6pFZ5lm9wIZJFOTIy5v4r8mmT+lrqRc6DDmKZZBYPt5Q5kZWBnxNiKLeG +uZaxN4UBFpKvZj8wQ2/5jlFYxzGvw64OU2/7st4bnScVlHXkG/XrlaX86bhDATp6 +xKlAla2BDyXIEk5GdfkifLmUE6YHj3QBAwJk2AXA3LhIFccqFCprQKnZIpsnJ4s3 +k5vRX5bmi2PhKsf7ndy3KLhuTbPPrq6PknfJsww= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.srl b/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.srl new file mode 100644 index 00000000..be4d1f7c --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/root-ca.crt.srl @@ -0,0 +1 @@ +576A0FFE70A083083D71BD244D0AAF58D16797F9 diff --git a/tests/templates/kuttl/spark-history-server/certs/root-ca.key.pem b/tests/templates/kuttl/spark-history-server/certs/root-ca.key.pem new file mode 100644 index 00000000..74720570 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/root-ca.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRgY48evmASZnP +QWcTT78oBuqLhV0no9BGEByU6wPmGJ1MXscS9mhOhoRiwVSxd2wIkKvphLV/WHYG +Q1wDv2Sks/crqVnIHRj7UTowg17TEXGVeFwBEpfNEHxGvzeUn3C6wNwTOY8HPZKX +cjMd/W3ZQAy6Nkr8BtzYDciVXw2SnMtCxHvIIajU1tB8Se6i7amqBtqmLyBE4eds +LbPedm1Vdu4qHfR2GC78NVMOOZrPJrm21lC7ENbDRZUC9P/TEYxiwwug8PeaKd9P +Ni1kghoAS/vMfgVOYT0xcd801Qk0eV/qChfCfTQxX6+SvmE3TT9JzhBjasPrdD6n +9hrMdWoPAgMBAAECggEACFgVbvw43AP9FRTrmDMjZQ04IdwVvzfrhMwseek4S7Ls +ROKQzC+113bNEVUrhzE/Q2y7pBPN2hIPCqXRJYcQaOzlVGmsx+cSG8764dFsS+dp +yNm1KbJwtaaemdS7encKhC2dNkN4b6yN85aFSar9HoYfW6VA7EkRBPvbjXNuih8T +wnDgtTwQSuMyL8v5VMRlyH/aFIJnEZ/IH1LXASh9GUFM+XyqZ1yyXMzMxix2a6Mc +4hyIiEBB29HeXhzTw5TWofHT2Ci0hGKlUN2VwNTrGyW7sHQQqLAj8igmup4rdEW7 +OgIEKccSDw2lzHHaDQoMpvSPXcFxMnUoQYg7Z9uXdQKBgQDiyIroc4a4knBT7yCj +av/zAMJZrMPYPc4y0LSnUjIsOnxgCz7tW8ZOKebe0FsEodwBxeAXTeaR8jcipODb +vamP9n1Sj0jNnbeaaQomcReQoIaY3idxryIv0QMY5DNK8LM9U0+aIeg/17pGMfsF +7vE7y8jCMr1zCOexe9a/wSY/uwKBgQDsfzJzQ6j+Yy0FmY1rP/9hBDjCY7zCmzB/ ++mZVPYK4n0u9wh/qxZpvFYG1e4VgHBvNcof0RRaTuqwfGeEFjsBZhTAmbWM/Ng0d +VwEOrKsxRvkbHp3eTMx3tpGBZ7TYU5Q61vId7F+M+upLFEOLg9mqXx8mcAWCU3vb +c+aCWSrHvQKBgGLKY6CROt3KhP47TCeEJA0yhndUCFh5zApc2mWNK+gSbj3UiEwT +z5YbMMRdVVj2PYXUMiNUvx1Su2vvETkILQZWpQ9C9b8EdofgPBi06UQKebe8BsjC +Nw1Haqb8Oc/qfNo5IZMONEMjcbTEbwqNpS6cPk9ClT64YV3yiYEs3cGjAoGBAMC0 +3M0jgt7WvWbkumF8IoJRSFbNopAImLqPtTccChqaYsNbHVrWbYK6yZix7/pirRz5 +iGK4sS7rWzl0gvFeYsoPRy7oz4hAaOtRa+EjPdPHe1Bn4Ee12J5ru6DwemITqKNR +ZrSPWUStaKCJAIj8hS7Yl69gdHy/vhsSE/B+6+cZAoGARDw7dSjY2dZy55ARXSLN +fXqasrLpzWHccyL6myVuBJKpD5IMdDxIqqj6KXVAeoxqWKi2N2/o08pjs2Yv30oN +3vWV7TigagpUXbOqVWAXS4VkG1KIe0hgE+S8zgVtIh+hC0K2I6nwKzoINB4EB/Ui +0DTlakDUUe/O8jabMdrJhAI= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-history-server/certs/tls.crt b/tests/templates/kuttl/spark-history-server/certs/tls.crt new file mode 100644 index 00000000..19ba9f4f --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/tls.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIUFR7Dq/vXTIJWpA60Ji/JZQ1JG9UwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNTIzMzRa +GA8yMTIzMDUyNjE1MjMzNFowZzELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJs +ZTEXMBUGA1UEAwwOZXZlbnRsb2ctbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDHSz4ByS4NF34zheypC2YlL+yTKDl/VAPDhqutNSe8v2GsurYv +CT7cfl631DLw9xw86UCG5J1W7knndce0LDphpZcbQU3qSLr+1DmGtw91gJrQhDH9 +8bex1nCu4LUJYVvWBTh6MCatUdbgooOC4a1trfx2yTxCdFyqYGRmRyOh5QqdAuVR +Z5tloESPIDUIVxUBMbgPemKz/Ha+ldp8dW6SKVjZiuNvqi29RE4mCr/4xMyLel0V +uNYMpqOqZkXG3mZjUhlEjRI8I1+59MwYPXeZ0KXJ+bzrl8IfU5My6FGFI/jZ/Upq +r1r+NaOsZf81s/+GrR/yRBvnCZZPNKKiUaiRAgMBAAGjaDBmMCQGA1UdEQQdMBuC +DmV2ZW50bG9nLW1pbmlvgglsb2NhbGhvc3QwHQYDVR0OBBYEFNyi3+oFQ4zJigBu +6V2Dz5V6pzgOMB8GA1UdIwQYMBaAFAM0SJi0wYjHql3T60VM1onuUhBNMA0GCSqG +SIb3DQEBCwUAA4IBAQDHxHI76heKurwAEFPzUh67bOeb3E1xkroDgGoYg229bBUx +KBOeboQHn+BcLKByAWpJaZpHj03NWNKB1q38aLzQzjnHe06BYOHCY0DRlDFubXg2 +TAt2ono7VV5+UNsFINN6qnXYCJuw/cvZrUgzv1r9t2rZxGVYZUjixBQ24k+HlvyF +SzZpcSv5fTO0gzeBShFdGOE0MGSLyDfhOVhddajtr7A54EHLQd0NAqsJB0wnZ8xH +efxThYNKqdBdj+YwLF0Y4MkChf/kkxtHKOMvCiAKAwbA0gnaODCxGvTFbHQE9ns2 +BAFjnVJ4hwi43x9191cBuj8gYBGiiHu4+FFSW1sR +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-history-server/certs/tls.key b/tests/templates/kuttl/spark-history-server/certs/tls.key new file mode 100644 index 00000000..79bbded3 --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/certs/tls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHSz4ByS4NF34z +heypC2YlL+yTKDl/VAPDhqutNSe8v2GsurYvCT7cfl631DLw9xw86UCG5J1W7knn +dce0LDphpZcbQU3qSLr+1DmGtw91gJrQhDH98bex1nCu4LUJYVvWBTh6MCatUdbg +ooOC4a1trfx2yTxCdFyqYGRmRyOh5QqdAuVRZ5tloESPIDUIVxUBMbgPemKz/Ha+ +ldp8dW6SKVjZiuNvqi29RE4mCr/4xMyLel0VuNYMpqOqZkXG3mZjUhlEjRI8I1+5 +9MwYPXeZ0KXJ+bzrl8IfU5My6FGFI/jZ/Upqr1r+NaOsZf81s/+GrR/yRBvnCZZP +NKKiUaiRAgMBAAECggEAASSQAGb+vuvZIRrh75n5ceoFgHZHBqE05JGUkVGkRsF+ +8hRvxCMon29w0/tpN58mI/4HLQLZeWC0TynKbXDBvLK8NCd+prLYMisFwa1R7w+/ +y4VvizQQNGqNMr6GgT1T/00gPNii9yRYj+kUqZrpUX9Beu2mXR/xUleLSdgbduOg +jbtbDq6S4OFM5lPGHwOBetGUXUlwu4CkM6BBx+bvO+e+9r0gpatZwAIxSgcpTtNG +Vrjv7ZVkF+Bp0IYhE0D+Hsnnzl9qIY7hSXFiAgvZRwmpgvpr0hvQYxdtjfJdsKQa +Qqj92pMbfI2VM62GlXElG1AzqfbCLk+drmskWvzrQQKBgQD8dNmGBwK/gi2Oo3P2 +cPNVHh8z3p7gep3yflFEgDdPhAZNSPtd7CMyOORhtd4XtbVjjFFTvW0ziTyjw//D +9H/ucDKP2r3fr6IlsfChAYWwJR8yYFSUtUJzN5wfggojaPwTX6sTNh2AM8keStbz +cHSQAWwJ5TPEh84JM3Ik9aqpUQKBgQDKF10omXNV8C8KIYn29KBWYSMqfgzW27+z +4UUeHXlrgBRnUq4q7RIgx88jVjH2kL6plYP1Rzf5AzfNR3dBqBbGGFDQ4GYp7MIL +njsfbdZszpvf4cAzeWGdegsNxJdp1k4Ga/jikJl58800RQGw5Wfu7oA9UcoJlXDG +Qy0fn8c7QQKBgQDNBH/aTjs3Fxq0KZ1010llKG8iinnvxuQaF+cbgBxq4MbVYJ1y +KuByWq1thGp2SsShsUQig0T5g0vRmsxMcHSsSEVnebaUv2cowZauyjOtVpg9KunF +UmZCdzi8hbiCBTIg8aJWma3ffS6pARIK5JpkkCMS7iXaRodWBYd+6FrN4QKBgCJu +hKLMMkhsGbeiKz12RHMzLaipvUpGOo1NTldpMizMr61C+wW5SqNnJ7Wfk/esha+j +F86Mic7Va4aALKN1Hhw2PF66PO3bttv/45bhQe1b7lbgwbyDa8xG5Oc9nYacysJx +VwBTHrMWhNno//bBv0mIPTU1YDTtzz8YZvHCaVGBAoGAOpeiiuu0mqEpPGWWgFyE +eoakCQ9kmL/37i9Ahhxur7CZoKMdSPvHrvKT5QPxwU/CV0yJA6ZS9k3W3ymBepsQ +9d2Xuk5CbZtqPHX7hblpPLb+PsNX4/bQxBKu0QGq32BlAOr2yE4piXQ7c6Q0t62q +8YYwVZXmhmgCI811ydXoh3Y= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml b/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml deleted file mode 100644 index bcb802a2..00000000 --- a/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -volumePermissions: - enabled: false - -podSecurityContext: - enabled: false - -containerSecurityContext: - enabled: false - -mode: standalone - -disableWebUI: true - -persistence: - enabled: false - -resources: - requests: - memory: 1Gi - -auth: - existingSecret: history-credentials diff --git a/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml.j2 b/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml.j2 new file mode 100644 index 00000000..b3978d1c --- /dev/null +++ b/tests/templates/kuttl/spark-history-server/helm-bitnami-eventlog-minio-values.yaml.j2 @@ -0,0 +1,55 @@ +--- +mode: standalone +disableWebUI: false +extraEnvVars: + - name: BITNAMI_DEBUG + value: "true" + - name: MINIO_LOG_LEVEL + value: DEBUG + +provisioning: + enabled: true + buckets: + - name: spark-logs/eventlogs + usersExistingSecrets: + - centralized-minio-users + resources: + requests: + memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false + +volumePermissions: + enabled: false + +podSecurityContext: + enabled: false + +containerSecurityContext: + enabled: false + +persistence: + enabled: false + +resources: + requests: + memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" + +service: + type: NodePort + +{% if test_scenario['values']['s3-use-tls'] == 'true' %} +tls: + enabled: true + existingSecret: minio-tls-eventlog +{% endif %} diff --git a/tests/templates/kuttl/spark-history-server/helm-bitnami-minio-values.yaml b/tests/templates/kuttl/spark-history-server/helm-bitnami-minio-values.yaml index c8891024..fcc3b193 100644 --- a/tests/templates/kuttl/spark-history-server/helm-bitnami-minio-values.yaml +++ b/tests/templates/kuttl/spark-history-server/helm-bitnami-minio-values.yaml @@ -1,4 +1,30 @@ --- +mode: standalone +disableWebUI: false +extraEnvVars: + - name: BITNAMI_DEBUG + value: "true" + - name: MINIO_LOG_LEVEL + value: DEBUG + +provisioning: + enabled: true + buckets: + - name: my-bucket + usersExistingSecrets: + - centralized-minio-users + resources: + requests: + memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false + volumePermissions: enabled: false @@ -8,16 +34,16 @@ podSecurityContext: containerSecurityContext: enabled: false -mode: standalone - -disableWebUI: true - persistence: enabled: false resources: requests: memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" -auth: - existingSecret: minio-credentials +service: + type: NodePort diff --git a/tests/templates/kuttl/spark-ny-public-s3/00-secrets.yaml.j2 b/tests/templates/kuttl/spark-ny-public-s3/00-secrets.yaml.j2 new file mode 100644 index 00000000..98531d0e --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/00-secrets.yaml.j2 @@ -0,0 +1,59 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: s3-credentials +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: s3-credentials + labels: + secrets.stackable.tech/class: s3-credentials +stringData: + accessKey: spark + secretKey: sparkspark +--- +apiVersion: v1 +kind: Secret +metadata: + name: centralized-minio-users +type: Opaque +stringData: + username1: | + username=spark + password=sparkspark + disabled=false + policies=readwrite,consoleAdmin,diagnostics + setPolicies=false + +{% if test_scenario['values']['s3-use-tls'] == 'true' %} +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: minio-tls-certificates +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio-tls-certificates + labels: + secrets.stackable.tech/class: minio-tls-certificates +# Have a look at the folder certs on how to create this +data: +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lVZlROVzNhQnQ2b2VKYzlBZFQ0S2Z6QlplKzFNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVGt4TkRVek1qUmEKR0E4eU1USXpNRFV5TmpFME5UTXlORm93ZXpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4S0RBbUJnTlZCQW9NSDFOMFlXTnJZV0pzClpTQlRhV2R1YVc1bklFRjFkR2h2Y21sMGVTQkpibU14RlRBVEJnTlZCQU1NREhOMFlXTnJZV0pzWlM1a1pUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNZDFuTVc1eEVMSkpGOHZFd0cyd2J3OQpsL3RiZ0hteUZIZ2NJTjdLTGhJTjhlSkcvWDltTEdKZDRnTUQvRGtZKzBhUjFnLzFqcW50SXZZUlI0YUZ3ZGtDCkxWdjJhNktSaG5VVHVjTGNZc2FmdW1yS28ySGFRM3pnUWlhT2xqN292YWNrQk1lV2pyUkdGSmpaL20zM1JJMGQKNVNueUVvbUkvR3RiQk9oa0dsL1I1OTd6MFgyVk5jNS9lNW15N1V0WFU5ZlJpclA3QVgzMGpBQ1M1bjhTODczRQpXYXJoR1JrZXdycXdJMlI1NGxCVGdxWXJ0RW1UNVlhS2Q2SG1uYzA1TGU4S3RuZ2dMMElXY3dNaEJWNjBXam5LCldwUm9iRnEwNkk4WnQ1Lzc1eFBjRFhkeHJoTUVMME1tMCtBZnNPSVdwbmhsVmJNaWNrQWJKaEE1NmFNVWZDVUMKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRk9ubk8vTEZnVHZyMVdzcEtHQytDb2MvSEJpMU1COEdBMVVkSXdRWQpNQmFBRk9ubk8vTEZnVHZyMVdzcEtHQytDb2MvSEJpMU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBRUx5bVhKQ0wvSm1SaGVxaW9mVkg4elJYcC9PQUlBZmp4anVZVlM3QnMwSW5Dd1UKZU5uUTNCRHMrbVRYSVUzUG5wTEJVODVuOVF3eVpqeTByL3VOVE13U1RTYU9DZkZaY3hsLzhxV2ZJcmoxVGozNwpLMEw0REZSVlQzSnBXa056OU1zSXpHMXpqVTdGR2wzeENaZ2VSNmFuWllKS2ZmaHduNEo4Tnp2bDZZblV3aEoyCk1Xb3FnMzJQcDRDUk9TaFJPME1adVpic3BTUTFtSGJUSU9Henk5bTVYS1puRTBGSHJ5UWt0M1l6bWZJNW1NejcKRkRQcHlBTzI2VVRkdDUydFZoMm9ETzVKQnJMYUMxaXViTGl5cWszRWYzR3NVc2lWbFVHT1VoaDhSVHErYjNBSwpsS0RUbHY5cGVJa1RDTm1heUlUNHJaTnJlTkRlc2psY29QZmRNa0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR5RENDQXJDZ0F3SUJBZ0lVU05qSXRhUVVkVVJ6TjVraUZZbG03LzkxTFZjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNSRVV4R3pBWkJnTlZCQWdNRWxOamFHeGxjM2RwWnkxSWIyeHpkR1ZwYmpFTwpNQXdHQTFVRUJ3d0ZWMlZrWld3eEtEQW1CZ05WQkFvTUgxTjBZV05yWVdKc1pTQlRhV2R1YVc1bklFRjFkR2h2CmNtbDBlU0JKYm1NeEZUQVRCZ05WQkFNTURITjBZV05yWVdKc1pTNWtaVEFnRncweU16QTJNVGt4TkRVek1qVmEKR0E4eU1USXpNRFV5TmpFME5UTXlOVm93WGpFTE1Ba0dBMVVFQmhNQ1JFVXhHekFaQmdOVkJBZ01FbE5qYUd4bApjM2RwWnkxSWIyeHpkR1ZwYmpFT01Bd0dBMVVFQnd3RlYyVmtaV3d4RWpBUUJnTlZCQW9NQ1ZOMFlXTnJZV0pzClpURU9NQXdHQTFVRUF3d0ZiV2x1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFDcmhGb1R5d2llL3BtdU9jc2RDNGlhcVRiV1crQ0todFVLbmUyNjQrYTF5WTQ2cG9KYXo0MjJiZmFaTk5kMQpQMjdPSHZHRkpUVTBOdzdIamgwS1poamp6bkk2TjRySWVDUWNiZFhBSG1pUkFtT3h2NG1IdlRJM29MeXF2T29BClJ0bkRhc1pyVXZnTHMwL01GMHFZclRQWUVkcFN6czdnclBzVGZVOG1aZVNBSE5pbkYvdGpWRG1HcUJiemxYeFgKOGYyY0ljUWlaSGMzZ3dMbDNaTzg4TnBoRDdycGM4ZTd5bmRrcVZxZUNoempHajhTc1RJdklDMkxXMDFQYkhUcAo0NnZ1Z2ZETk94a1pYSnJpa2hnSWh6TWh5WS81VSs3NVdXcXl3VzNrSkRlL3poaWRnUlBxOHJvT0tQWlpmT2k1ClJJYjdLN2ZYNnZvbHJTaTFsMTZmVmg0aEFnTUJBQUdqWHpCZE1Cc0dBMVVkRVFRVU1CS0NCVzFwYm1sdmdnbHMKYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRktmZmZ4K1RwU0UyWVhKa2pNdkdHTHVrclZVb01COEdBMVVkSXdRWQpNQmFBRk9ubk8vTEZnVHZyMVdzcEtHQytDb2MvSEJpMU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQlRhSk1OCkdwS0M1TlUrUFhDd3dtTFkyT0tEZENFOXlNOEFkbVVOdnFlZkl0M1BwcmprUUUyc05PVEpZSEZaQTl1NWoxNHYKamFsaDBCeFhXL00ybGxNNHlhRDZJczJDVDBnWWc0dlFkbTlhWmNINkNnK0RPakVPRmxXWEFiQUZvbm01QTBZSApBUVpweXVac1NSZnYvS2lhMHAyUjFSaUg4NDQ2UCtYdDRxN2xlM2dNN0ltN3NJVTNZNitpSGRXaUtKdzVyckUyClBzV0ZDMEpOaVh3Y0d2dHhrTXNMSXY5T0JNazk1RU9jTytPT1N6STY1L2NvMXhZU215S2tjcXd6SkVSUXE1TWsKSE54aW9GZkpkYnVjZHpWNldzM2NXYk9EdlRzei8wMm5EV00xRmErRzYwZitoRVhWUkszODhDcTdpK0o4VHpIUApNR1l5L2pnRjJhbU1CY2haCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3JoRm9UeXdpZS9wbXUKT2NzZEM0aWFxVGJXVytDS2h0VUtuZTI2NCthMXlZNDZwb0phejQyMmJmYVpOTmQxUDI3T0h2R0ZKVFUwTnc3SApqaDBLWmhqanpuSTZONHJJZUNRY2JkWEFIbWlSQW1PeHY0bUh2VEkzb0x5cXZPb0FSdG5EYXNaclV2Z0xzMC9NCkYwcVlyVFBZRWRwU3pzN2dyUHNUZlU4bVplU0FITmluRi90alZEbUdxQmJ6bFh4WDhmMmNJY1FpWkhjM2d3TGwKM1pPODhOcGhEN3JwYzhlN3luZGtxVnFlQ2h6akdqOFNzVEl2SUMyTFcwMVBiSFRwNDZ2dWdmRE5PeGtaWEpyaQpraGdJaHpNaHlZLzVVKzc1V1dxeXdXM2tKRGUvemhpZGdSUHE4cm9PS1BaWmZPaTVSSWI3SzdmWDZ2b2xyU2kxCmwxNmZWaDRoQWdNQkFBRUNnZ0VBSHovZmU1QzM4dVAzVXhlRGlyaXh2R0FOTmpRS0xxTVBTTDVxZEcwV2VWT08KUHVCY2lyZ2JIVHhldkI0MURVOHYzSTBsdXZrQy93N3krZWZLSWIxbFZvZ2tKcmc4NkhaL09kREhLNWcrdkFEZgo4aUF3S2hPT0JUV2JlazR1SWp2R2JFVFZmdk5nYngxTjhpVGlPZndBb0tMc0VMOU9VUUFqUkxORml2endpMmlwCkp6czFlT2FieDRLemR6TWFHNWdDMFh6ZUhOZXRZMUlZYnRERFdhVEc4Z3BUeUVOaDljVWFzZlkrTmRtK2VMZEEKQTM0bnErNXA1SmkvMGtoakRCYnlTQWwrc1FlYWs0Mng0eWpRVU51TmdtaFVGMDdjL2lsN1RWSXl3VFlBSSt1SQpXdFdONUZ1VWlWOGtmUG1tYXh1ZEZzaEV1K29zMEZIdHgyc09kdE9ER3dLQmdRRHNMUDNzR2pZdEc5OTZQZTlOCjJwUHVOZHFDQUc1Wk9aWlJ1cXQxbmtyZ3h2UUlTb3Z0cHdvQkp3NWhQZUJLVG9mNjd6ZXlOdGpzQ0QySW11QUsKbFFzTmE4K3lSWngzR0Y0YSttZ3dRMVRKTUdJNzR2Qmg2ZnFpVi9ndFN4UDFwL0xIRU9EQkNuMTVkQzN3ZHpVNQpnaEx2dHpqUlVUMkwyTlRJMXdzOUhLVXIwd0tCZ1FDNTZmU1JjWHlLTTNBSTZDWVZlZWNCK25SVlFKZW83bmVLCldxdHVKK2hVS3J2dy8xWnV5SHFhQUNPbDYzcW5ZVjVtRlVHcTQrQnZaMHVZN01JK1EwUUxsY1dJOTdpZ1NRd0UKd3I5SlhCL0RvdldmbFk4ZTRaWWhQS1JhWkVqTU5ZUEdUVDN1c1BXSEtRM2NWNUxFc1Uxdnp0azhwU3FrNkRQTgpQSGVkbmNxWnV3S0JnRnhZUnp5L0R2bmFVU3BCOTBUUXQxREgrOVVqQ0FLWk1yNW9KOHlJaFN5WWZpaVR4Vnk2CkdINVU0Qm1Ea1NSY3lteUNocHVIT0pBcHRLMnFLUG5hUndVTFo1MkQvR2JRdjFMN0lDdm0xOHNHd1JJN2JOUk0KSVhUQ3dzWXErZlh1b2szVnVwdWdWMmxhMU8rV0hOaU1sSXpvYmkzaC94ZWtRNmIzOW13QnZFK0RBb0dBR3hKRgpLWlNUNU8vZWhYMkFaaW90Q0MyM0dON2g5cGhhMGN1b0lNOHcxbWl1bTBZakNOaXFlWmhCbUp4MGJNRVI1TjE5CmhXdlBONG1jQ1hXWVIwYTJOdFdsUU8rSmM5V1BLWFpPTWxsMnlwOEZFeXJNLzFzcjZFVVRUWkpDdzNHYmNabTMKeGZVQW02RFB3dUVCbnlDT1BSU3FyMWtCbjZlc08xdHRzNGJSaEpjQ2dZRUFsOXdPMUFvYmtET0ErS053MlBnWgpIVENrM2ZtQWU5OVNIeGp3K3JiclpYcHI0eEEvSmMrcERpeFcyYjFUU1BWd0hrWVhHMFZ0ZTNuL2NIU3B6aUVvCmZOUGlETlNUUjBjdkg3bHQyR3l0ZjNheUpENUFpSWFBcGhsTXQwdDd6L0RXS21yQVgwdG9QNHdkNWE4NmV6RnIKVStieFA0TEZGNjROYjZxVk1QWk5GczA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +{% endif %} diff --git a/tests/templates/kuttl/spark-ny-public-s3/02-assert.yaml b/tests/templates/kuttl/spark-ny-public-s3/02-assert.yaml index fbbea3bd..84690c36 100644 --- a/tests/templates/kuttl/spark-ny-public-s3/02-assert.yaml +++ b/tests/templates/kuttl/spark-ny-public-s3/02-assert.yaml @@ -6,7 +6,7 @@ timeout: 900 apiVersion: apps/v1 kind: Deployment metadata: - name: test-minio + name: minio status: readyReplicas: 1 --- diff --git a/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml b/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml deleted file mode 100644 index 2ba4dcac..00000000 --- a/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: >- - helm install test-minio - --namespace $NAMESPACE - --version 11.9.2 - -f helm-bitnami-minio-values.yaml - --repo https://charts.bitnami.com/bitnami minio - timeout: 240 ---- -apiVersion: v1 -kind: Pod -metadata: - name: minio-client - labels: - app: minio-client -spec: - selector: - matchLabels: - app: minio-client - restartPolicy: Never - containers: - - name: minio-client - image: docker.io/bitnami/minio-client:2022.8.11-debian-11-r3 - command: ["bash", "-c", "sleep infinity"] - stdin: true - tty: true - env: - - name: MINIO_SERVER_ACCESS_KEY - valueFrom: - secretKeyRef: - name: test-minio - key: root-user - optional: false - - name: MINIO_SERVER_SECRET_KEY - valueFrom: - secretKeyRef: - name: test-minio - key: root-password - optional: false - - name: MINIO_SERVER_HOST - value: test-minio - - name: MINIO_SERVER_PORT_NUMBER - value: "9000" - - name: MINIO_SERVER_SCHEME - value: http diff --git a/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml.j2 b/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml.j2 new file mode 100644 index 00000000..5a4c97b0 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/02-setup-minio.yaml.j2 @@ -0,0 +1,45 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: >- + helm install minio + --namespace $NAMESPACE + --version 12.6.4 + -f helm-bitnami-minio-values.yaml + --repo https://charts.bitnami.com/bitnami minio + timeout: 240 +--- +apiVersion: v1 +kind: Pod +metadata: + name: minio-client + labels: + app: minio-client +spec: + selector: + matchLabels: + app: minio-client + restartPolicy: Never + containers: + - name: minio-client + image: docker.io/bitnami/minio-client:2023.5.18-debian-11-r2 + command: ["bash", "-c", "sleep infinity"] +--- +apiVersion: s3.stackable.tech/v1alpha1 +kind: S3Connection +metadata: + name: minio +spec: + host: minio + port: 9000 + accessStyle: Path + credentials: + secretClass: s3-credentials +{% if test_scenario['values']['s3-use-tls'] == 'true' %} + tls: + verification: + server: + caCert: + secretClass: minio-tls-certificates +{% endif %} diff --git a/tests/templates/kuttl/spark-ny-public-s3/03-prepare-bucket.yaml.j2 b/tests/templates/kuttl/spark-ny-public-s3/03-prepare-bucket.yaml.j2 index b3b042e1..3fd04942 100644 --- a/tests/templates/kuttl/spark-ny-public-s3/03-prepare-bucket.yaml.j2 +++ b/tests/templates/kuttl/spark-ny-public-s3/03-prepare-bucket.yaml.j2 @@ -4,10 +4,12 @@ kind: TestStep commands: # give minio enough time to start - command: sleep 10 + - command: kubectl cp -n $NAMESPACE yellow_tripdata_2021-07.csv minio-client:/tmp - command: kubectl cp -n $NAMESPACE ny-tlc-report-1.1.0-{{ test_scenario['values']['spark'].split('-stackable')[0] }}.jar minio-client:/tmp/ny-tlc-report.jar - - command: kubectl cp -n $NAMESPACE yellow_tripdata_2021-07.csv minio-client:/tmp - - command: kubectl exec -n $NAMESPACE minio-client -- sh -c 'mc alias set test-minio http://test-minio:9000 $$MINIO_SERVER_ACCESS_KEY $$MINIO_SERVER_SECRET_KEY' - - command: kubectl exec -n $NAMESPACE minio-client -- mc mb test-minio/my-bucket - - command: kubectl exec -n $NAMESPACE minio-client -- mc policy set public test-minio/my-bucket - - command: kubectl exec -n $NAMESPACE minio-client -- mc cp /tmp/ny-tlc-report.jar test-minio/my-bucket - - command: kubectl exec -n $NAMESPACE minio-client -- mc cp /tmp/yellow_tripdata_2021-07.csv test-minio/my-bucket +{% if test_scenario['values']['s3-use-tls'] == 'true' %} + - command: kubectl exec -n $NAMESPACE minio-client -- mc --insecure alias set minio https://minio:9000 spark sparkspark +{% else %} + - command: kubectl exec -n $NAMESPACE minio-client -- mc --insecure alias set minio http://minio:9000 spark sparkspark +{% endif %} + - command: kubectl exec -n $NAMESPACE minio-client -- mc --insecure cp /tmp/yellow_tripdata_2021-07.csv minio/my-bucket + - command: kubectl exec -n $NAMESPACE minio-client -- mc --insecure cp /tmp/ny-tlc-report.jar minio/my-bucket diff --git a/tests/templates/kuttl/spark-ny-public-s3/10-assert.yaml b/tests/templates/kuttl/spark-ny-public-s3/10-assert.yaml index 6e532520..6148e6a0 100644 --- a/tests/templates/kuttl/spark-ny-public-s3/10-assert.yaml +++ b/tests/templates/kuttl/spark-ny-public-s3/10-assert.yaml @@ -1,7 +1,7 @@ --- apiVersion: kuttl.dev/v1beta1 kind: TestAssert -timeout: 900 +timeout: 300 --- # The Job starting the whole process apiVersion: spark.stackable.tech/v1alpha1 diff --git a/tests/templates/kuttl/spark-ny-public-s3/10-deploy-spark-app.yaml.j2 b/tests/templates/kuttl/spark-ny-public-s3/10-deploy-spark-app.yaml.j2 index cfc7535f..ec9bcba4 100644 --- a/tests/templates/kuttl/spark-ny-public-s3/10-deploy-spark-app.yaml.j2 +++ b/tests/templates/kuttl/spark-ny-public-s3/10-deploy-spark-app.yaml.j2 @@ -28,10 +28,7 @@ spec: args: - "--input /arguments/job-args.txt" s3connection: - inline: - host: test-minio - port: 9000 - accessStyle: Path + reference: minio job: logging: enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/ca.crt b/tests/templates/kuttl/spark-ny-public-s3/certs/ca.crt new file mode 100644 index 00000000..02f19558 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/ca.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUfTNW3aBt6oeJc9AdT4KfzBZe+1MwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNDUzMjRa +GA8yMTIzMDUyNjE0NTMyNFowezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd1nMW5xELJJF8vEwG2wbw9 +l/tbgHmyFHgcIN7KLhIN8eJG/X9mLGJd4gMD/DkY+0aR1g/1jqntIvYRR4aFwdkC +LVv2a6KRhnUTucLcYsafumrKo2HaQ3zgQiaOlj7ovackBMeWjrRGFJjZ/m33RI0d +5SnyEomI/GtbBOhkGl/R597z0X2VNc5/e5my7UtXU9fRirP7AX30jACS5n8S873E +WarhGRkewrqwI2R54lBTgqYrtEmT5YaKd6Hmnc05Le8KtnggL0IWcwMhBV60WjnK +WpRobFq06I8Zt5/75xPcDXdxrhMEL0Mm0+AfsOIWpnhlVbMickAbJhA56aMUfCUC +AwEAAaNTMFEwHQYDVR0OBBYEFOnnO/LFgTvr1WspKGC+Coc/HBi1MB8GA1UdIwQY +MBaAFOnnO/LFgTvr1WspKGC+Coc/HBi1MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAELymXJCL/JmRheqiofVH8zRXp/OAIAfjxjuYVS7Bs0InCwU +eNnQ3BDs+mTXIU3PnpLBU85n9QwyZjy0r/uNTMwSTSaOCfFZcxl/8qWfIrj1Tj37 +K0L4DFRVT3JpWkNz9MsIzG1zjU7FGl3xCZgeR6anZYJKffhwn4J8Nzvl6YnUwhJ2 +MWoqg32Pp4CROShRO0MZuZbspSQ1mHbTIOGzy9m5XKZnE0FHryQkt3YzmfI5mMz7 +FDPpyAO26UTdt52tVh2oDO5JBrLaC1iubLiyqk3Ef3GsUsiVlUGOUhh8RTq+b3AK +lKDTlv9peIkTCNmayIT4rZNreNDesjlcoPfdMkE= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/client.crt.pem b/tests/templates/kuttl/spark-ny-public-s3/certs/client.crt.pem new file mode 100644 index 00000000..ee346bf2 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/client.crt.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDyDCCArCgAwIBAgIUSNjItaQUdURzN5kiFYlm7/91LVcwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNDUzMjVa +GA8yMTIzMDUyNjE0NTMyNVowXjELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJs +ZTEOMAwGA1UEAwwFbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCrhFoTywie/pmuOcsdC4iaqTbWW+CKhtUKne264+a1yY46poJaz422bfaZNNd1 +P27OHvGFJTU0Nw7Hjh0KZhjjznI6N4rIeCQcbdXAHmiRAmOxv4mHvTI3oLyqvOoA +RtnDasZrUvgLs0/MF0qYrTPYEdpSzs7grPsTfU8mZeSAHNinF/tjVDmGqBbzlXxX +8f2cIcQiZHc3gwLl3ZO88NphD7rpc8e7yndkqVqeChzjGj8SsTIvIC2LW01PbHTp +46vugfDNOxkZXJrikhgIhzMhyY/5U+75WWqywW3kJDe/zhidgRPq8roOKPZZfOi5 +RIb7K7fX6volrSi1l16fVh4hAgMBAAGjXzBdMBsGA1UdEQQUMBKCBW1pbmlvggls +b2NhbGhvc3QwHQYDVR0OBBYEFKfffx+TpSE2YXJkjMvGGLukrVUoMB8GA1UdIwQY +MBaAFOnnO/LFgTvr1WspKGC+Coc/HBi1MA0GCSqGSIb3DQEBCwUAA4IBAQBTaJMN +GpKC5NU+PXCwwmLY2OKDdCE9yM8AdmUNvqefIt3PprjkQE2sNOTJYHFZA9u5j14v +jalh0BxXW/M2llM4yaD6Is2CT0gYg4vQdm9aZcH6Cg+DOjEOFlWXAbAFonm5A0YH +AQZpyuZsSRfv/Kia0p2R1RiH8446P+Xt4q7le3gM7Im7sIU3Y6+iHdWiKJw5rrE2 +PsWFC0JNiXwcGvtxkMsLIv9OBMk95EOcO+OOSzI65/co1xYSmyKkcqwzJERQq5Mk +HNxioFfJdbucdzV6Ws3cWbODvTsz/02nDWM1Fa+G60f+hEXVRK388Cq7i+J8TzHP +MGYy/jgF2amMBchZ +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/client.csr.pem b/tests/templates/kuttl/spark-ny-public-s3/certs/client.csr.pem new file mode 100644 index 00000000..77890733 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/client.csr.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC0TCCAbkCAQAwXjELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1I +b2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJsZTEOMAwG +A1UEAwwFbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrhFoT +ywie/pmuOcsdC4iaqTbWW+CKhtUKne264+a1yY46poJaz422bfaZNNd1P27OHvGF +JTU0Nw7Hjh0KZhjjznI6N4rIeCQcbdXAHmiRAmOxv4mHvTI3oLyqvOoARtnDasZr +UvgLs0/MF0qYrTPYEdpSzs7grPsTfU8mZeSAHNinF/tjVDmGqBbzlXxX8f2cIcQi +ZHc3gwLl3ZO88NphD7rpc8e7yndkqVqeChzjGj8SsTIvIC2LW01PbHTp46vugfDN +OxkZXJrikhgIhzMhyY/5U+75WWqywW3kJDe/zhidgRPq8roOKPZZfOi5RIb7K7fX +6volrSi1l16fVh4hAgMBAAGgLjAsBgkqhkiG9w0BCQ4xHzAdMBsGA1UdEQQUMBKC +BW1pbmlvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAKFKdk8WI1fVJ+Jt +aA2lwsyf2rw2I1Bak3dkXtlWxrvc0NKqdQk9thrmYi3R0ZAzLmeM7rPopgwq8cjG +qESTkIaUVoprcRtPVKzG7mqU9Vnn3mfXk2hWhDdW2/CF0zD8fc9b27+s6q240EVp +CnEUmeIfMsFXotPZLThwRZbLmqjgTKeSD35O+go6tZHHZGnD5gg0O65wOUyayZ9Y +78CYlDmwvaRB2gRWR0CXraY7QxA3QNnNorBvdU19UwrTVfypI8OTd6boNYQMzmYq +NVnYc5IYE9Sf17G7fOfo7MBstYHvf9TOIgJMhaOAqFCe/iNSOgZUlUkDZDcDCrrn +7uxcNIU= +-----END CERTIFICATE REQUEST----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/client.key.pem b/tests/templates/kuttl/spark-ny-public-s3/certs/client.key.pem new file mode 100644 index 00000000..4c545b67 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/client.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrhFoTywie/pmu +OcsdC4iaqTbWW+CKhtUKne264+a1yY46poJaz422bfaZNNd1P27OHvGFJTU0Nw7H +jh0KZhjjznI6N4rIeCQcbdXAHmiRAmOxv4mHvTI3oLyqvOoARtnDasZrUvgLs0/M +F0qYrTPYEdpSzs7grPsTfU8mZeSAHNinF/tjVDmGqBbzlXxX8f2cIcQiZHc3gwLl +3ZO88NphD7rpc8e7yndkqVqeChzjGj8SsTIvIC2LW01PbHTp46vugfDNOxkZXJri +khgIhzMhyY/5U+75WWqywW3kJDe/zhidgRPq8roOKPZZfOi5RIb7K7fX6volrSi1 +l16fVh4hAgMBAAECggEAHz/fe5C38uP3UxeDirixvGANNjQKLqMPSL5qdG0WeVOO +PuBcirgbHTxevB41DU8v3I0luvkC/w7y+efKIb1lVogkJrg86HZ/OdDHK5g+vADf +8iAwKhOOBTWbek4uIjvGbETVfvNgbx1N8iTiOfwAoKLsEL9OUQAjRLNFivzwi2ip +Jzs1eOabx4KzdzMaG5gC0XzeHNetY1IYbtDDWaTG8gpTyENh9cUasfY+Ndm+eLdA +A34nq+5p5Ji/0khjDBbySAl+sQeak42x4yjQUNuNgmhUF07c/il7TVIywTYAI+uI +WtWN5FuUiV8kfPmmaxudFshEu+os0FHtx2sOdtODGwKBgQDsLP3sGjYtG996Pe9N +2pPuNdqCAG5ZOZZRuqt1nkrgxvQISovtpwoBJw5hPeBKTof67zeyNtjsCD2ImuAK +lQsNa8+yRZx3GF4a+mgwQ1TJMGI74vBh6fqiV/gtSxP1p/LHEODBCn15dC3wdzU5 +ghLvtzjRUT2L2NTI1ws9HKUr0wKBgQC56fSRcXyKM3AI6CYVeecB+nRVQJeo7neK +WqtuJ+hUKrvw/1ZuyHqaACOl63qnYV5mFUGq4+BvZ0uY7MI+Q0QLlcWI97igSQwE +wr9JXB/DovWflY8e4ZYhPKRaZEjMNYPGTT3usPWHKQ3cV5LEsU1vztk8pSqk6DPN +PHedncqZuwKBgFxYRzy/DvnaUSpB90TQt1DH+9UjCAKZMr5oJ8yIhSyYfiiTxVy6 +GH5U4BmDkSRcymyChpuHOJAptK2qKPnaRwULZ52D/GbQv1L7ICvm18sGwRI7bNRM +IXTCwsYq+fXuok3VupugV2la1O+WHNiMlIzobi3h/xekQ6b39mwBvE+DAoGAGxJF +KZST5O/ehX2AZiotCC23GN7h9pha0cuoIM8w1mium0YjCNiqeZhBmJx0bMER5N19 +hWvPN4mcCXWYR0a2NtWlQO+Jc9WPKXZOMll2yp8FEyrM/1sr6EUTTZJCw3GbcZm3 +xfUAm6DPwuEBnyCOPRSqr1kBn6esO1tts4bRhJcCgYEAl9wO1AobkDOA+KNw2PgZ +HTCk3fmAe99SHxjw+rbrZXpr4xA/Jc+pDixW2b1TSPVwHkYXG0Vte3n/cHSpziEo +fNPiDNSTR0cvH7lt2Gytf3ayJD5AiIaAphlMt0t7z/DWKmrAX0toP4wd5a86ezFr +U+bxP4LFF64Nb6qVMPZNFs0= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/generate.sh b/tests/templates/kuttl/spark-ny-public-s3/certs/generate.sh new file mode 100755 index 00000000..bbf0cd22 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/generate.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +echo "Creating client cert" +FQDN="minio" + +echo "Creating Root Certificate Authority" +openssl genrsa \ + -out root-ca.key.pem \ + 2048 + +echo "Self-signing the Root Certificate Authority" +openssl req \ + -x509 \ + -new \ + -nodes \ + -key root-ca.key.pem \ + -days 36500 \ + -out root-ca.crt.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable Signing Authority Inc/CN=stackable.de" + +openssl genrsa \ + -out client.key.pem \ + 2048 + +echo "Creating the CSR" +openssl req -new \ + -key client.key.pem \ + -out client.csr.pem \ + -subj "/C=DE/ST=Schleswig-Holstein/L=Wedel/O=Stackable/CN=${FQDN}" \ + -addext "subjectAltName = DNS:${FQDN}, DNS:localhost" + +echo "Signing the client cert with the root ca" +openssl x509 \ + -req -in client.csr.pem \ + -CA root-ca.crt.pem \ + -CAkey root-ca.key.pem \ + -CAcreateserial \ + -out client.crt.pem \ + -days 36500 \ + -copy_extensions copy + +echo "Copying the files to match the api of the secret-operator" +cp root-ca.crt.pem ca.crt +cp client.key.pem tls.key +cp client.crt.pem tls.crt + +echo "To create a k8s secret run" +echo "kubectl create secret generic foo --from-file=ca.crt --from-file=tls.crt --from-file=tls.key" diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.pem b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.pem new file mode 100644 index 00000000..02f19558 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2TCCAsGgAwIBAgIUfTNW3aBt6oeJc9AdT4KfzBZe+1MwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNDUzMjRa +GA8yMTIzMDUyNjE0NTMyNFowezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJs +ZSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd1nMW5xELJJF8vEwG2wbw9 +l/tbgHmyFHgcIN7KLhIN8eJG/X9mLGJd4gMD/DkY+0aR1g/1jqntIvYRR4aFwdkC +LVv2a6KRhnUTucLcYsafumrKo2HaQ3zgQiaOlj7ovackBMeWjrRGFJjZ/m33RI0d +5SnyEomI/GtbBOhkGl/R597z0X2VNc5/e5my7UtXU9fRirP7AX30jACS5n8S873E +WarhGRkewrqwI2R54lBTgqYrtEmT5YaKd6Hmnc05Le8KtnggL0IWcwMhBV60WjnK +WpRobFq06I8Zt5/75xPcDXdxrhMEL0Mm0+AfsOIWpnhlVbMickAbJhA56aMUfCUC +AwEAAaNTMFEwHQYDVR0OBBYEFOnnO/LFgTvr1WspKGC+Coc/HBi1MB8GA1UdIwQY +MBaAFOnnO/LFgTvr1WspKGC+Coc/HBi1MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAELymXJCL/JmRheqiofVH8zRXp/OAIAfjxjuYVS7Bs0InCwU +eNnQ3BDs+mTXIU3PnpLBU85n9QwyZjy0r/uNTMwSTSaOCfFZcxl/8qWfIrj1Tj37 +K0L4DFRVT3JpWkNz9MsIzG1zjU7FGl3xCZgeR6anZYJKffhwn4J8Nzvl6YnUwhJ2 +MWoqg32Pp4CROShRO0MZuZbspSQ1mHbTIOGzy9m5XKZnE0FHryQkt3YzmfI5mMz7 +FDPpyAO26UTdt52tVh2oDO5JBrLaC1iubLiyqk3Ef3GsUsiVlUGOUhh8RTq+b3AK +lKDTlv9peIkTCNmayIT4rZNreNDesjlcoPfdMkE= +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.srl b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.srl new file mode 100644 index 00000000..51627b64 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.crt.srl @@ -0,0 +1 @@ +285B6B1D64775BCA631FB87647F40A1C2C3384F3 diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.key.pem b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.key.pem new file mode 100644 index 00000000..f3ba795a --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/root-ca.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHdZzFucRCySRf +LxMBtsG8PZf7W4B5shR4HCDeyi4SDfHiRv1/ZixiXeIDA/w5GPtGkdYP9Y6p7SL2 +EUeGhcHZAi1b9muikYZ1E7nC3GLGn7pqyqNh2kN84EImjpY+6L2nJATHlo60RhSY +2f5t90SNHeUp8hKJiPxrWwToZBpf0efe89F9lTXOf3uZsu1LV1PX0Yqz+wF99IwA +kuZ/EvO9xFmq4RkZHsK6sCNkeeJQU4KmK7RJk+WGineh5p3NOS3vCrZ4IC9CFnMD +IQVetFo5ylqUaGxatOiPGbef++cT3A13ca4TBC9DJtPgH7DiFqZ4ZVWzInJAGyYQ +OemjFHwlAgMBAAECggEAUrcZfn3dP/z+EmMJNMq/aPr6DgkSLGWHS5AOqZWaqW4T +A02BTtXmThy0359Fd8A+ZDOSXCfvM9TdjMH5sXXCv+XBPcPhOxeydNbrUD3o0Ino +2uSSAMBtAFpX1HmJISmPjMLJIKP1Jhlx7Tlp49yJFyRwpoZ23YZrd3HVhTIOJfHA ++2Nh7i3OUsOp09aKAtyd/IlxTjZ150h/OAlw7eV9GWMuX13CKgYDUFy56soaxmIS +drRMpRxY6j0LK3PtnRPqOR3CGfuj5e/VL81OVoRGQOycuEseGtzyf2wsYchFNKnW +CeMUP0Y5bwjwJIU4ndwGM5Qy2XofgwwCN1eiyrtwuQKBgQDpgPwhOL+m2yjc2DDF +5A5PoTXiPLVRuX39T7efQ2dY/bczAwB3lSyEjGV8WEEkUmbKMNg/1DNQnLeQKh0b +RWixz/0jzVS/RQd3WkaXssirVkiOvYxY2I4iRJATy0DD9MqX9jJSOzceHoo062HN +DucYhw3X0Rjso3qpsETFmuhhVwKBgQDarPlQqpDnu3Zzu5vB2WxjPngcXYDDjPEG +ArRsciXqTE2oPhPlR8+uFF58s+fCJpId73gosc19BTJsG2Q4/ku8EbchEmQ4kZ+i +plykARW+LKsrZlsopUtw2pdk5B264K7oJDE6eed45SP3Y+pR48IBp3igBZh64azt +JlmbS/O04wKBgQCNlIjLt/X0vOPM7ES+aGYJAE2ErJygPeFXi1Nh/OOYANZo1sQc +vdVtVRdfyr9Mv63VoMIuCYNHuI5QmkhltbMiRWNOpvxgsQEy7AjriBrGUJ3T9rg3 +Uq7ztjDJ366YYj/I3h1q4L6tw4S3S5VUWVnj9Fd/aSg8q27/noJEcoW+JwKBgEqk +NE2miuOuh1YluZrHfkm57wGvoN4e475ree5yYCLDfNZqqhvfETKYXVAvkHIi/Ekf +jmJFnqCH/5gLGYCivHMrkNjHEFKG0niQVJrei+9oC906iO8szL1uv7J+cu9w9gLj +J7KQHcSUYlx1TGw7U+OAqJnmjw+SrJYeOwPZPwyFAoGADDm/QBFPswCU9Qgn1H79 +vIJon/2/1yhsgpHlaGQ03wtyU4o4r+0QP3bakNlq/BpFaTMQOrOoL4NowyF7JsBG +yhVCgGSna2KoFz+9GqMR9/ZdTn+AdPuDpNXHln54nwQlK5Uv6jvJKjl74N29FKpa +MlhEff9+07GVzRbnRAwRcPQ= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/tls.crt b/tests/templates/kuttl/spark-ny-public-s3/certs/tls.crt new file mode 100644 index 00000000..ee346bf2 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/tls.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDyDCCArCgAwIBAgIUSNjItaQUdURzN5kiFYlm7/91LVcwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxlc3dpZy1Ib2xzdGVpbjEO +MAwGA1UEBwwFV2VkZWwxKDAmBgNVBAoMH1N0YWNrYWJsZSBTaWduaW5nIEF1dGhv +cml0eSBJbmMxFTATBgNVBAMMDHN0YWNrYWJsZS5kZTAgFw0yMzA2MTkxNDUzMjVa +GA8yMTIzMDUyNjE0NTMyNVowXjELMAkGA1UEBhMCREUxGzAZBgNVBAgMElNjaGxl +c3dpZy1Ib2xzdGVpbjEOMAwGA1UEBwwFV2VkZWwxEjAQBgNVBAoMCVN0YWNrYWJs +ZTEOMAwGA1UEAwwFbWluaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCrhFoTywie/pmuOcsdC4iaqTbWW+CKhtUKne264+a1yY46poJaz422bfaZNNd1 +P27OHvGFJTU0Nw7Hjh0KZhjjznI6N4rIeCQcbdXAHmiRAmOxv4mHvTI3oLyqvOoA +RtnDasZrUvgLs0/MF0qYrTPYEdpSzs7grPsTfU8mZeSAHNinF/tjVDmGqBbzlXxX +8f2cIcQiZHc3gwLl3ZO88NphD7rpc8e7yndkqVqeChzjGj8SsTIvIC2LW01PbHTp +46vugfDNOxkZXJrikhgIhzMhyY/5U+75WWqywW3kJDe/zhidgRPq8roOKPZZfOi5 +RIb7K7fX6volrSi1l16fVh4hAgMBAAGjXzBdMBsGA1UdEQQUMBKCBW1pbmlvggls +b2NhbGhvc3QwHQYDVR0OBBYEFKfffx+TpSE2YXJkjMvGGLukrVUoMB8GA1UdIwQY +MBaAFOnnO/LFgTvr1WspKGC+Coc/HBi1MA0GCSqGSIb3DQEBCwUAA4IBAQBTaJMN +GpKC5NU+PXCwwmLY2OKDdCE9yM8AdmUNvqefIt3PprjkQE2sNOTJYHFZA9u5j14v +jalh0BxXW/M2llM4yaD6Is2CT0gYg4vQdm9aZcH6Cg+DOjEOFlWXAbAFonm5A0YH +AQZpyuZsSRfv/Kia0p2R1RiH8446P+Xt4q7le3gM7Im7sIU3Y6+iHdWiKJw5rrE2 +PsWFC0JNiXwcGvtxkMsLIv9OBMk95EOcO+OOSzI65/co1xYSmyKkcqwzJERQq5Mk +HNxioFfJdbucdzV6Ws3cWbODvTsz/02nDWM1Fa+G60f+hEXVRK388Cq7i+J8TzHP +MGYy/jgF2amMBchZ +-----END CERTIFICATE----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/certs/tls.key b/tests/templates/kuttl/spark-ny-public-s3/certs/tls.key new file mode 100644 index 00000000..4c545b67 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/certs/tls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrhFoTywie/pmu +OcsdC4iaqTbWW+CKhtUKne264+a1yY46poJaz422bfaZNNd1P27OHvGFJTU0Nw7H +jh0KZhjjznI6N4rIeCQcbdXAHmiRAmOxv4mHvTI3oLyqvOoARtnDasZrUvgLs0/M +F0qYrTPYEdpSzs7grPsTfU8mZeSAHNinF/tjVDmGqBbzlXxX8f2cIcQiZHc3gwLl +3ZO88NphD7rpc8e7yndkqVqeChzjGj8SsTIvIC2LW01PbHTp46vugfDNOxkZXJri +khgIhzMhyY/5U+75WWqywW3kJDe/zhidgRPq8roOKPZZfOi5RIb7K7fX6volrSi1 +l16fVh4hAgMBAAECggEAHz/fe5C38uP3UxeDirixvGANNjQKLqMPSL5qdG0WeVOO +PuBcirgbHTxevB41DU8v3I0luvkC/w7y+efKIb1lVogkJrg86HZ/OdDHK5g+vADf +8iAwKhOOBTWbek4uIjvGbETVfvNgbx1N8iTiOfwAoKLsEL9OUQAjRLNFivzwi2ip +Jzs1eOabx4KzdzMaG5gC0XzeHNetY1IYbtDDWaTG8gpTyENh9cUasfY+Ndm+eLdA +A34nq+5p5Ji/0khjDBbySAl+sQeak42x4yjQUNuNgmhUF07c/il7TVIywTYAI+uI +WtWN5FuUiV8kfPmmaxudFshEu+os0FHtx2sOdtODGwKBgQDsLP3sGjYtG996Pe9N +2pPuNdqCAG5ZOZZRuqt1nkrgxvQISovtpwoBJw5hPeBKTof67zeyNtjsCD2ImuAK +lQsNa8+yRZx3GF4a+mgwQ1TJMGI74vBh6fqiV/gtSxP1p/LHEODBCn15dC3wdzU5 +ghLvtzjRUT2L2NTI1ws9HKUr0wKBgQC56fSRcXyKM3AI6CYVeecB+nRVQJeo7neK +WqtuJ+hUKrvw/1ZuyHqaACOl63qnYV5mFUGq4+BvZ0uY7MI+Q0QLlcWI97igSQwE +wr9JXB/DovWflY8e4ZYhPKRaZEjMNYPGTT3usPWHKQ3cV5LEsU1vztk8pSqk6DPN +PHedncqZuwKBgFxYRzy/DvnaUSpB90TQt1DH+9UjCAKZMr5oJ8yIhSyYfiiTxVy6 +GH5U4BmDkSRcymyChpuHOJAptK2qKPnaRwULZ52D/GbQv1L7ICvm18sGwRI7bNRM +IXTCwsYq+fXuok3VupugV2la1O+WHNiMlIzobi3h/xekQ6b39mwBvE+DAoGAGxJF +KZST5O/ehX2AZiotCC23GN7h9pha0cuoIM8w1mium0YjCNiqeZhBmJx0bMER5N19 +hWvPN4mcCXWYR0a2NtWlQO+Jc9WPKXZOMll2yp8FEyrM/1sr6EUTTZJCw3GbcZm3 +xfUAm6DPwuEBnyCOPRSqr1kBn6esO1tts4bRhJcCgYEAl9wO1AobkDOA+KNw2PgZ +HTCk3fmAe99SHxjw+rbrZXpr4xA/Jc+pDixW2b1TSPVwHkYXG0Vte3n/cHSpziEo +fNPiDNSTR0cvH7lt2Gytf3ayJD5AiIaAphlMt0t7z/DWKmrAX0toP4wd5a86ezFr +U+bxP4LFF64Nb6qVMPZNFs0= +-----END PRIVATE KEY----- diff --git a/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml b/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml deleted file mode 100644 index 27705b9b..00000000 --- a/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -volumePermissions: - enabled: false - -podSecurityContext: - enabled: false - -containerSecurityContext: - enabled: false - -mode: standalone - -disableWebUI: true - -persistence: - enabled: false - -resources: - requests: - memory: 1Gi diff --git a/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml.j2 b/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml.j2 new file mode 100644 index 00000000..cbb46c84 --- /dev/null +++ b/tests/templates/kuttl/spark-ny-public-s3/helm-bitnami-minio-values.yaml.j2 @@ -0,0 +1,55 @@ +--- +mode: standalone +disableWebUI: false +extraEnvVars: + - name: BITNAMI_DEBUG + value: "true" + - name: MINIO_LOG_LEVEL + value: DEBUG + +provisioning: + enabled: true + buckets: + - name: my-bucket + usersExistingSecrets: + - centralized-minio-users + resources: + requests: + memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false + +volumePermissions: + enabled: false + +podSecurityContext: + enabled: false + +containerSecurityContext: + enabled: false + +persistence: + enabled: false + +resources: + requests: + memory: 1Gi + cpu: "512m" + limits: + memory: "1Gi" + cpu: "1" + +service: + type: NodePort + +{% if test_scenario['values']['s3-use-tls'] == 'true' %} +tls: + enabled: true + existingSecret: minio-tls-certificates +{% endif %} diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index d48703e8..91170951 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -1,7 +1,13 @@ +# These tests can run against an OpenShift cluster, provided you note the following: # -# To run these tests on OpenShift you have to ensure that: -# 1. The "openshift" dimension below is set to "true" +# 1. Set the "openshift" dimension below to "true" (with quotes) +# 2. Comment out the "true" option in the "s3-use-tls" dimension # +# Regarding point 2.: the bitnami chart is used for S3 on OpenShift as it correctly installs +# a minio instance (the chart from minio does not correctly apply the service account to +# the job that creates the bucket, and so the permissions are not sufficient). However, it +# cannot correctly use self-signed TLS certificates due to a bug in libminioclient.sh: for +# non-OpenShift clusters the minio chart is thus used instead. --- dimensions: - name: openshift @@ -14,10 +20,15 @@ dimensions: - name: ny-tlc-report values: - 0.1.0 + - name: s3-use-tls + values: + - "false" + - "true" tests: - name: spark-history-server dimensions: - spark + - s3-use-tls - openshift - name: spark-pi-private-s3 dimensions: @@ -30,6 +41,7 @@ tests: - name: spark-ny-public-s3 dimensions: - spark + - s3-use-tls - openshift - name: spark-examples dimensions: