dajudge
diff --git a/‎README.md‎
Lines changed: 26 additions & 2 deletions b/‎README.md‎
Lines changed: 26 additions & 2 deletions
diff --git a/‎src/main/java/com/dajudge/kindcontainer/ApiServerContainer.java‎
Lines changed: 127 additions & 0 deletions b/‎src/main/java/com/dajudge/kindcontainer/ApiServerContainer.java‎
Lines changed: 127 additions & 0 deletions
diff --git a/‎src/main/java/com/dajudge/kindcontainer/BusyBoxContainer.java‎
Lines changed: 52 additions & 0 deletions b/‎src/main/java/com/dajudge/kindcontainer/BusyBoxContainer.java‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎src/main/java/com/dajudge/kindcontainer/EtcdContainer.java‎
Lines changed: 84 additions & 0 deletions b/‎src/main/java/com/dajudge/kindcontainer/EtcdContainer.java‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎src/main/java/com/dajudge/kindcontainer/Utils.java‎
Lines changed: 7 additions & 1 deletion b/‎src/main/java/com/dajudge/kindcontainer/Utils.java‎
Lines changed: 7 additions & 1 deletion
@@ -44,9 +44,33 @@ public class SomeKubernetesTest {
     public static final KindContainer KUBE = new KindContainer();
 
     @Test
-    public void test_something() {
+    public void verify_node_is_present() {
         // Do something useful with the fabric8 client it returns!
-        System.out.println(KUBE.client());
+        try(final KuberntesClient client = KUBE.client()) {
+            assertEquals(1, client.nodes().list().getItems().size());
+        }
+    }
+}
+```
+
+### API-Server-only testing
+If you don't need a full-fledged Kubernetes distribution for your testing, using the `ApiServerContainer`
+might be an option for you that shaves off a lot of the startup overhead of the `KindContainer`. The
+`ApiServerContainer` only starts an etcd instance and a Kubernetes API-Server, can be more than enough
+e.g. if all you want to test is if your custom operator handles it's CRDs properly or creates the required
+objects in the control plane.
+
+```java
+public class SomeControlPlaneTest {
+    @ClassRule
+    public static final ApiServerContainer KUBE = new ApiServerContainer();
+
+    @Test
+    public void verify_no_node_is_present() {
+        // Do something useful with the fabric8 client it returns!
+        try(final KuberntesClient client = KUBE.client()) {
+            assertTrue(client.nodes().list().getItems().isEmpty());
+        }
     }
 }
 ```
@@ -0,0 +1,127 @@
+/*
+Copyright 2020-2021 Alex Stockinger
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package com.dajudge.kindcontainer;
+
+import com.dajudge.kindcontainer.pki.CertAuthority;
+import com.dajudge.kindcontainer.pki.KeyStoreWrapper;
+import com.github.dockerjava.api.command.InspectContainerResponse;
+import com.github.dockerjava.api.model.ContainerNetwork;
+import io.fabric8.kubernetes.client.Config;
+import io.fabric8.kubernetes.client.DefaultKubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import org.testcontainers.shaded.org.bouncycastle.asn1.x509.GeneralName;
+
+import java.util.Base64;
+import java.util.Map;
+
+import static com.dajudge.kindcontainer.Utils.writeAsciiFile;
+import static java.lang.String.format;
+import static java.nio.charset.StandardCharsets.US_ASCII;
+import static java.util.Arrays.asList;
+import static org.testcontainers.utility.MountableFile.forClasspathResource;
+
+public class ApiServerContainer extends BusyBoxContainer<ApiServerContainer> {
+    private static final String API_SERVER_IMAGE = "k8s.gcr.io/kube-apiserver:v1.21.1";
+    private static final String PKI_BASEDIR = "/etc/kubernetes/pki";
+    private static final String ETCD_PKI_BASEDIR = PKI_BASEDIR + "/etcd";
+    private static final String ETCD_CLIENT_KEY = ETCD_PKI_BASEDIR + "/etcd/apiserver-client.key";
+    private static final String ETCD_CLIENT_CERT = ETCD_PKI_BASEDIR + "/etcd/apiserver-client.crt";
+    private static final String ETCD_CLIENT_CA = ETCD_PKI_BASEDIR + "/etcd/ca.crt";
+    private static final String API_SERVER_CA = PKI_BASEDIR + "/ca.crt";
+    private static final String API_SERVER_CERT = PKI_BASEDIR + "/apiserver.crt";
+    private static final String API_SERVER_KEY = PKI_BASEDIR + "/apiserver.key";
+    private static final String API_SERVER_PUBKEY = PKI_BASEDIR + "/apiserver.pub";
+    private static final String DOCKER_BASE_PATH = "/docker";
+    private static final String RUN_SCRIPT_PATH = DOCKER_BASE_PATH + "/run-apiserver.sh";
+    private static final String ENTRYPOINT_PATH = DOCKER_BASE_PATH + "/entrypoint-etcd.sh";
+    private static final String IP_ADDRESS_PATH = DOCKER_BASE_PATH + "/ip.txt";
+    private static final String ETCD_HOSTNAME_PATH = DOCKER_BASE_PATH + "/etcd.txt";
+    private final CertAuthority apiServerCa = new CertAuthority(System::currentTimeMillis, "CN=API Server CA");
+    private final EtcdContainer etcd;
+    private final Config config = Config.empty();
+
+    public ApiServerContainer() {
+        super(API_SERVER_IMAGE);
+        etcd = new EtcdContainer();
+        this
+                .withCreateContainerCmdModifier(cmd -> {
+                    cmd.withEntrypoint(ENTRYPOINT_PATH);
+                    cmd.withCmd(RUN_SCRIPT_PATH);
+                })
+                .withEnv("ETCD_CLIENT_KEY", ETCD_CLIENT_KEY)
+                .withEnv("ETCD_CLIENT_CERT", ETCD_CLIENT_CERT)
+                .withEnv("ETCD_CLIENT_CA", ETCD_CLIENT_CA)
+                .withEnv("API_SERVER_CA", API_SERVER_CA)
+                .withEnv("API_SERVER_CERT", API_SERVER_CERT)
+                .withEnv("API_SERVER_KEY", API_SERVER_KEY)
+                .withEnv("API_SERVER_PUBKEY", API_SERVER_PUBKEY)
+                .withEnv("IP_ADDRESS_PATH", IP_ADDRESS_PATH)
+                .withEnv("ETCD_HOSTNAME_PATH", ETCD_HOSTNAME_PATH)
+                .withCopyFileToContainer(forClasspathResource("scripts/entrypoint-apiserver.sh", 755), ENTRYPOINT_PATH)
+                .withCopyFileToContainer(forClasspathResource("scripts/run-apiserver.sh", 755), RUN_SCRIPT_PATH)
+                .withExposedPorts(6443);
+    }
+
+    public KubernetesClient getClient() {
+        return new DefaultKubernetesClient(config);
+    }
+
+    @Override
+    protected void containerIsStarting(final InspectContainerResponse containerInfo) {
+        etcd.start();
+        try {
+            final String apiServerIpAddress = getApiServerIpAddress();
+            final KeyStoreWrapper apiServerKeyPair = apiServerCa.newKeyPair("O=system:masters,CN=kubernetes-admin", asList(
+                    new GeneralName(GeneralName.iPAddress, apiServerIpAddress),
+                    new GeneralName(GeneralName.dNSName, "localhost")
+            ));
+            final KeyStoreWrapper etcdClientKeyPair = etcd.newClientKeypair("CN=API Server");
+            writeAsciiFile(this, etcdClientKeyPair.getCertificatePem(), ETCD_CLIENT_CERT);
+            writeAsciiFile(this, etcdClientKeyPair.getPrivateKeyPem(), ETCD_CLIENT_KEY);
+            writeAsciiFile(this, etcd.getCaCertificatePem(), ETCD_CLIENT_CA);
+            writeAsciiFile(this, apiServerKeyPair.getCertificatePem(), API_SERVER_CERT);
+            writeAsciiFile(this, apiServerKeyPair.getPrivateKeyPem(), API_SERVER_KEY);
+            writeAsciiFile(this, apiServerKeyPair.getPublicKeyPem(), API_SERVER_PUBKEY);
+            writeAsciiFile(this, apiServerCa.getCaKeyStore().getCertificatePem(), API_SERVER_CA);
+            writeAsciiFile(this, apiServerIpAddress, IP_ADDRESS_PATH);
+            writeAsciiFile(this, etcd.getEtcdIpAddress(), ETCD_HOSTNAME_PATH);
+            config.setCaCertData(base64(apiServerCa.getCaKeyStore().getCertificatePem()));
+            config.setClientCertData(base64(apiServerKeyPair.getCertificatePem()));
+            config.setClientKeyData(base64(apiServerKeyPair.getPrivateKeyPem()));
+            config.setMasterUrl(format("https://%s:%d", getContainerIpAddress(), getMappedPort(6443)));
+            config.setConnectionTimeout(10000);
+            config.setRequestTimeout(60000);
+        } catch (final RuntimeException e) {
+            etcd.close();
+            throw e;
+        }
+    }
+
+    private String base64(final String str) {
+        return Base64.getEncoder().encodeToString(str.getBytes(US_ASCII));
+    }
+
+    public String getApiServerIpAddress() {
+        final Map<String, ContainerNetwork> networks = getContainerInfo().getNetworkSettings().getNetworks();
+        return networks.values().iterator().next().getIpAddress();
+    }
+
+    @Override
+    public void stop() {
+        super.stop();
+        etcd.stop();
+    }
+}
@@ -0,0 +1,52 @@
+/*
+Copyright 2020-2021 Alex Stockinger
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package com.dajudge.kindcontainer;
+
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.images.builder.ImageFromDockerfile;
+import org.testcontainers.images.builder.dockerfile.statement.SingleArgumentStatement;
+
+import java.util.List;
+
+import static java.lang.String.format;
+import static java.util.Arrays.asList;
+import static java.util.stream.Collectors.joining;
+
+abstract class BusyBoxContainer<T extends GenericContainer<T>> extends GenericContainer<T> {
+
+    protected static final String[] COMMANDS = {"sleep", "ls", "cat", "grep", "awk", "nc", "bash", "sh"};
+
+    protected BusyBoxContainer(final String image) {
+        super(buildImageWithBusybox(image, COMMANDS));
+    }
+
+    private static String linkBusyBox(final List<String> sources) {
+        return sources.stream()
+                .map(s -> format("/bin/ln -s /bin/busybox /tmp/busybox/%s", s))
+                .collect(joining(" && "));
+    }
+
+    private static ImageFromDockerfile buildImageWithBusybox(final String image, final String[] commands) {
+        return new ImageFromDockerfile().withDockerfileFromBuilder(builder -> builder
+                .withStatement(new SingleArgumentStatement("FROM", "busybox as builder"))
+                .run("mkdir -p /tmp/busybox")
+                .run(linkBusyBox(asList(commands)))
+                .withStatement(new SingleArgumentStatement("FROM", image))
+                .withStatement(new SingleArgumentStatement("COPY", "--from=builder /bin/busybox /bin/busybox"))
+                .withStatement(new SingleArgumentStatement("COPY", "--from=builder /tmp/busybox/* /bin/"))
+        );
+    }
+}
@@ -0,0 +1,84 @@
+/*
+Copyright 2020-2021 Alex Stockinger
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package com.dajudge.kindcontainer;
+
+import com.dajudge.kindcontainer.pki.CertAuthority;
+import com.dajudge.kindcontainer.pki.KeyStoreWrapper;
+import com.github.dockerjava.api.command.InspectContainerResponse;
+import com.github.dockerjava.api.model.ContainerNetwork;
+import org.testcontainers.shaded.org.bouncycastle.asn1.x509.GeneralName;
+
+import java.util.Map;
+
+import static com.dajudge.kindcontainer.Utils.writeAsciiFile;
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static org.testcontainers.utility.MountableFile.forClasspathResource;
+
+class EtcdContainer extends BusyBoxContainer<EtcdContainer> {
+    private static final String DOCKER_BASE_PATH = "/docker";
+    private static final String RUN_SCRIPT_PATH = DOCKER_BASE_PATH + "/run-etcd.sh";
+    private static final String ENTRYPOINT_PATH = DOCKER_BASE_PATH + "/entrypoint-etcd.sh";
+    private static final String SERVER_CERT_PATH = DOCKER_BASE_PATH + "/server.crt";
+    private static final String SERVER_KEY_PATH = DOCKER_BASE_PATH + "/server.key";
+    private static final String SERVER_CACERTS_PATH = DOCKER_BASE_PATH + "/ca.crt";
+    private static final String IP_ADDRESS_PATH = DOCKER_BASE_PATH + "/ip.txt";
+    private static final int ETCD_PORT = 2379;
+    private static final String ETCD_IMAGE = "k8s.gcr.io/etcd:3.4.13-0";
+    private final CertAuthority etcdCa = new CertAuthority(System::currentTimeMillis, "CN=etcd CA");
+
+    EtcdContainer() {
+        super(ETCD_IMAGE);
+        this
+                .withCreateContainerCmdModifier(cmd -> {
+                    cmd.withEntrypoint(ENTRYPOINT_PATH);
+                    cmd.withCmd(RUN_SCRIPT_PATH);
+                })
+                .withEnv("SERVER_CERT_PATH", SERVER_CERT_PATH)
+                .withEnv("SERVER_KEY_PATH", SERVER_KEY_PATH)
+                .withEnv("SERVER_CACERTS_PATH", SERVER_CACERTS_PATH)
+                .withEnv("IP_ADDRESS_PATH", IP_ADDRESS_PATH)
+                .withCopyFileToContainer(forClasspathResource("scripts/entrypoint-etcd.sh", 755), ENTRYPOINT_PATH)
+                .withCopyFileToContainer(forClasspathResource("scripts/run-etcd.sh", 755), RUN_SCRIPT_PATH)
+                .withExposedPorts(ETCD_PORT);
+    }
+
+    @Override
+    protected void containerIsStarting(final InspectContainerResponse containerInfo) {
+        final String etcdIpAddress = getEtcdIpAddress();
+        final KeyStoreWrapper etcdKeypair = etcdCa.newKeyPair(
+                "CN=etcd",
+                singletonList(new GeneralName(GeneralName.iPAddress, etcdIpAddress))
+        );
+        writeAsciiFile(this, etcdKeypair.getCertificatePem(), SERVER_CERT_PATH);
+        writeAsciiFile(this, etcdKeypair.getPrivateKeyPem(), SERVER_KEY_PATH);
+        writeAsciiFile(this, etcdCa.getCaKeyStore().getCertificatePem(), SERVER_CACERTS_PATH);
+        writeAsciiFile(this, etcdIpAddress, IP_ADDRESS_PATH);
+    }
+
+    public String getEtcdIpAddress() {
+        final Map<String, ContainerNetwork> networks = getContainerInfo().getNetworkSettings().getNetworks();
+        return networks.values().iterator().next().getIpAddress();
+    }
+
+    public KeyStoreWrapper newClientKeypair(final String dn) {
+        return etcdCa.newKeyPair(dn, emptyList());
+    }
+
+    protected String getCaCertificatePem() {
+        return etcdCa.getCaKeyStore().getCertificatePem();
+    }
+}
@@ -18,15 +18,17 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.images.builder.Transferable;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.function.Function;
 import java.util.function.Supplier;
 
 import static java.lang.System.currentTimeMillis;
 import static java.lang.Thread.sleep;
+import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 final class Utils {
@@ -86,4 +88,8 @@ static <T, E extends Exception> T waitUntilNotNull(
     public static String indent(final String prefix, final String string) {
         return string.replaceAll("(?m)^", prefix);
     }
+
+    static void writeAsciiFile(final GenericContainer<?> container, final String text, final String path) {
+        container.copyFileToContainer(Transferable.of(text.getBytes(US_ASCII)), path);
+    }
 }