Merge pull request #148 from franvila/fixCertManager

Fix cert manager

Author: franvila

.github/renovate.json

@@ -30,6 +30,17 @@
       "depNameTemplate": "hashicorp/vault",
       "datasourceTemplate": "docker"
     },
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "kroxylicious-systemtests/src/main/resources/helm_cert_manager_overrides.yaml"
+      ],
+      "matchStrings": [
+        "tag:.*(?<currentValue>\\d+\\.\\d+.\\d+)"
+      ],
+      "depNameTemplate": "jetstack/cert-manager",
+      "datasourceTemplate": "docker"
+    },
     {
       "customType": "regex",
       "fileMatch": [

kroxylicious-kubernetes-api/src/main/resources/META-INF/fabric8/kafkaproxyingresses.kroxylicious.io-v1.yml

@@ -68,7 +68,7 @@ spec:
                 clusterIP:
                   type: object
                   description: |-
-                    clusterIP specifies that this ingress is for access within the same Kubernetes cluster using 
+                    specifies that this ingress is for access within the same Kubernetes cluster using 
                     ClusterIP Kubernetes Services.
                   required: [ "protocol" ]
                   properties:
@@ -79,8 +79,8 @@ spec:
                 loadBalancer:
                   type: object
                   description: |-
-                    clusterIP specifies that this ingress is for access within the same Kubernetes cluster using 
-                    ClusterIP Kubernetes Services.
+                    specifies that this ingress is for access from outside the Kubernetes cluster
+                    via a LoadBalancer Kubernetes Services.
                   required: [ "bootstrapAddress", "advertisedBrokerAddressPattern"]
                   x-kubernetes-validations:
                     - rule: "self.advertisedBrokerAddressPattern.contains('$(nodeId)')"

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/Constants.java

@@ -29,7 +29,6 @@ private Constants() {
     public static final String KROXYLICIOUS_TLS_CA_NAME = "ca.pem";
     public static final String KROXYLICIOUS_OPERATOR_SUBSCRIPTION_NAME = Environment.KROXYLICIOUS_OLM_DEPLOYMENT_NAME + "-v" + Environment.KROXYLICIOUS_OPERATOR_VERSION
             + "-sub";
-    public static final String KROXYLICIOUS_OPERATOR_OLM_LABEL = Environment.KROXYLICIOUS_OLM_DEPLOYMENT_NAME + "-operator-v" + Environment.KROXYLICIOUS_OPERATOR_VERSION;
 
     /**
      * Strimzi cluster operator deployment name
@@ -120,10 +119,6 @@ private Constants() {
     public static final String KCAT_CLIENT_IMAGE = "quay.io/kroxylicious/kcat:1.7.1";
     public static final String KAF_CLIENT_IMAGE = "quay.io/kroxylicious/kaf:v0.2.7";
 
-    /**
-     * The cert manager url to install it on kubernetes
-     */
-    public static final String CERT_MANAGER_URL = "https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml";
     /**
      * the kubernetes labels used to identify the test kafka clients pods
      */

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/installation/kroxylicious/CertManager.java

@@ -7,21 +7,22 @@
 package io.kroxylicious.systemtests.installation.kroxylicious;
 
 import java.io.IOException;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import io.fabric8.certmanager.api.model.v1.CertificateBuilder;
 import io.fabric8.certmanager.api.model.v1.IssuerBuilder;
-import io.fabric8.kubernetes.api.model.HasMetadata;
-import io.fabric8.kubernetes.client.dsl.NamespaceListVisitFromServerGetDeleteRecreateWaitApplicable;
 
 import io.kroxylicious.systemtests.Constants;
 import io.kroxylicious.systemtests.resources.manager.ResourceManager;
-import io.kroxylicious.systemtests.utils.DeploymentUtils;
 import io.kroxylicious.systemtests.utils.NamespaceUtils;
+import io.kroxylicious.systemtests.utils.TestUtils;
 
 import static io.kroxylicious.systemtests.k8s.KubeClusterResource.kubeClient;
 
@@ -32,17 +33,21 @@ public class CertManager {
     private static final Logger LOGGER = LoggerFactory.getLogger(CertManager.class);
     public static final String SELF_SINGED_ISSUER_NAME = "self-signed-issuer";
 
-    private final NamespaceListVisitFromServerGetDeleteRecreateWaitApplicable<HasMetadata> deployment;
+    public static final String CERT_MANAGER_SERVICE_NAME = "cert-manager";
+    public static final String CERT_MANAGER_HELM_REPOSITORY_URL = "https://charts.jetstack.io";
+    public static final String CERT_MANAGER_HELM_REPOSITORY_NAME = "jetstack";
+    public static final String CERT_MANAGER_HELM_CHART_NAME = "jetstack/cert-manager";
+
     private boolean deleteCertManager = true;
+    private final String deploymentNamespace;
 
     /**
      * Instantiates a new Cert manager.
      *
      * @throws IOException the io exception
      */
     public CertManager() throws IOException {
-        deployment = kubeClient().getClient()
-                .load(DeploymentUtils.getDeploymentFileFromURL(Constants.CERT_MANAGER_URL));
+        deploymentNamespace = Constants.CERT_MANAGER_NAMESPACE;
     }
 
     public IssuerBuilder issuer(String namespace) {
@@ -103,10 +108,15 @@ public void deploy() {
             deleteCertManager = false;
             return;
         }
+
         LOGGER.info("Deploy cert manager in {} namespace", Constants.CERT_MANAGER_NAMESPACE);
-        deployment.create();
-        DeploymentUtils.waitForDeploymentReady(Constants.CERT_MANAGER_NAMESPACE, "cert-manager-webhook");
-        NamespaceUtils.addNamespaceToSet(Constants.CERT_MANAGER_NAMESPACE, ResourceManager.getTestContext().getRequiredTestClass().getName());
+        NamespaceUtils.createNamespaceAndPrepare(deploymentNamespace);
+        ResourceManager.helmClient().addRepository(CERT_MANAGER_HELM_REPOSITORY_NAME, CERT_MANAGER_HELM_REPOSITORY_URL);
+        ResourceManager.helmClient().namespace(deploymentNamespace).install(CERT_MANAGER_HELM_CHART_NAME, CERT_MANAGER_SERVICE_NAME,
+                Optional.empty(),
+                Optional.of(Path.of(TestUtils.getResourcesURI("helm_cert_manager_overrides.yaml"))),
+                Optional.of(Map.of("crds.enabled", "true",
+                                    "crds.keep", "false")));
     }
 
     /**
@@ -118,8 +128,7 @@ public void delete() {
             return;
         }
         LOGGER.info("Deleting Cert Manager in {} namespace", Constants.CERT_MANAGER_NAMESPACE);
-        deployment.withGracePeriod(0).delete();
-        DeploymentUtils.waitForDeploymentDeletion(Constants.CERT_MANAGER_NAMESPACE, "cert-manager-webhook");
+        ResourceManager.helmClient().delete(deploymentNamespace, CERT_MANAGER_SERVICE_NAME);
         NamespaceUtils.deleteNamespaceWithWaitAndRemoveFromSet(Constants.CERT_MANAGER_NAMESPACE, ResourceManager.getTestContext().getRequiredTestClass().getName());
     }
 }

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/resources/operator/KroxyliciousOperatorOlmBundleInstaller.java

@@ -36,6 +36,8 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
+import static io.kroxylicious.systemtests.k8s.KubeClusterResource.kubeClient;
+
 /**
  * KroxyliciousOperatorOlmBundleInstaller encapsulates the whole OLM installation process of Kroxylicious Operator. Based on the @code{Environment}
  * values, this class installs Kroxylicious Operator using bundle olm.
@@ -167,8 +169,10 @@ private CompletableFuture<Void> install(String operatorName, String operatorName
     @SuppressFBWarnings("REC_CATCH_EXCEPTION")
     private boolean isOperatorReady(String ns) {
         try {
+            String label = kubeClient().listPodsByPrefixInName(ns, Environment.KROXYLICIOUS_OLM_DEPLOYMENT_NAME).get(0).getMetadata()
+                    .getLabels().get("app.kubernetes.io/instance");
             PodUtils.waitForPodsReadyWithRestart(ns, new LabelSelectorBuilder()
-                    .withMatchLabels(Map.of("app.kubernetes.io/instance", Constants.KROXYLICIOUS_OPERATOR_OLM_LABEL)).build(),
+                    .withMatchLabels(Map.of("app.kubernetes.io/instance", label)).build(),
                     1, true);
             LOGGER.info("Kroxylicious operator in namespace {} is ready", ns);
             return true;

kroxylicious-systemtests/src/main/resources/helm_cert_manager_overrides.yaml

@@ -0,0 +1,9 @@
+#
+# Copyright Kroxylicious Authors.
+#
+# Licensed under the Apache Software License version 2.0, available at http://www.apache.org/licenses/LICENSE-2.0
+#
+
+# Helm Overrides File for cert manager used by the system tests.
+image:
+  tag: v1.18.0

kroxylicious-systemtests/src/test/java/io/kroxylicious/systemtests/OperatorChangeDetectionST.java

@@ -122,11 +122,8 @@ void shouldUpdateDeploymentWhenVirtualKafkaClusterChanges(String namespace) {
     }
 
     @Test
-    void shouldUpdateDeploymentWhenDownstreamTlsCertUpdated(String namespace) throws IOException {
+    void shouldUpdateDeploymentWhenDownstreamTlsCertUpdated(String namespace) {
         // Given
-        certManager = new CertManager();
-        certManager.deploy();
-
         var issuer = certManager.issuer(namespace);
         var cert = certManager.certFor(namespace, "my-cluster-cluster-ip." + namespace + ".svc.cluster.local");
 
@@ -151,11 +148,8 @@ void shouldUpdateDeploymentWhenDownstreamTlsCertUpdated(String namespace) throws
     }
 
     @Test
-    void shouldUpdateDeploymentWhenDownstreamTrustUpdated(String namespace) throws IOException {
+    void shouldUpdateDeploymentWhenDownstreamTrustUpdated(String namespace) {
         // Given
-        certManager = new CertManager();
-        certManager.deploy();
-
         var issuer = certManager.issuer(namespace);
         var cert = certManager.certFor(namespace, "my-cluster-cluster-ip." + namespace + ".svc.cluster.local");
 
@@ -285,8 +279,10 @@ private static void assertDeploymentUpdated(String namespace, String originalChe
     }
 
     @BeforeEach
-    void setUp(String namespace) {
+    void setUp(String namespace) throws IOException {
         kroxylicious = new Kroxylicious(namespace);
+        certManager = new CertManager();
+        certManager.deploy();
     }
 
     @AfterAll
@@ -309,7 +305,7 @@ private String getInitialChecksum(String namespace) {
         var kubeClient = kubeClient(namespace);
         AtomicReference<String> checksumFromAnnotation = new AtomicReference<>();
         await().atMost(Duration.ofSeconds(90))
-                .untilAsserted(() -> kubeClient.listPods(namespace, "app.kubernetes.io/name", "kroxylicious-proxy"),
+                .untilAsserted(() -> kubeClient.listPods(namespace, "app.kubernetes.io/name", "kroxylicious"),
                         proxyPods -> {
                             assertThat(proxyPods)
                                     .singleElement()