Merge pull request #115 from prajwal-gawande492/srv-con-fun1

Automation to validate service controller function on IPI cluster

Author: ppc64le-cloud-bot

examples/all.yaml

@@ -556,3 +556,6 @@ update_channel: ""
 odf_catalogsource_image: "" #Example - quay.io/rhceph-dev/ocs-registry:4.16.3
 test_pod_image: "quay.io/powercloud/nginx-unprivileged:latest"
 
+## ocp-service-controller-function vars
+ocp-service: false
+

examples/ocp-service-controller-function.yaml

@@ -0,0 +1,4 @@
+## ocp-service-controller-function vars
+ocp-service: true
+
+

group_vars/all.yml

@@ -41,6 +41,9 @@ global_secret_update: false
 ## ocp-etcd-encryption-decryption vars
 ocp_etcd: false
 
+## ocp-service-controller-function required vars
+ocp_service: false
+
 ## ocp-cluster-log-forwarding required vars
 ocp_cluster_logging: false
 cluster_log_forwarder: false
@@ -155,6 +158,7 @@ initiator_name: # eg. iqn.2021-04.com.redhat:initiator2
 iqn: # eg. iqn.2021-04.redhat.com:iscsitarget2
 target_IP: ""
 
+
 # hypershift required vars for installation/destroy
 mgmt_cluster_kubeconfig: "{{ ansible_env.HOME }}/.kube/config"
 hosted_cluster_name: "rdr-hypershift-cluster"

playbooks/main.yml

@@ -1,4 +1,8 @@
 ---
+
+- import_playbook: ocp-service-controller-function.yml
+  when: ocp-service is defined and ocp-service
+
 - import_playbook: ocp-scale.yml
   when: scale_test_enabled
 

playbooks/ocp-service-controller-function.yml

@@ -0,0 +1,6 @@
+- name: Run the Service Controller function
+  hosts: localhost
+  roles:
+  - ocp-service-controller-function
+
+

playbooks/roles/ocp-service-controller-function/README.md

@@ -0,0 +1,46 @@
+OCP Service Controller Function on IPI (Installer Provision Infrastructure) cluster
+=========
+This ansible playbook can be used for validating the Service controller functions (services of type loadbalancer) on IPI cluster.
+
+It deploys the sample-app and service loadbalancer to check the functionality on IPI cluster.
+
+
+Requirements
+------------
+
+- OCP IPI 4.x healthy cluster
+- The cluster is in a known good state, without any errors.
+
+
+
+Role Variables
+--------------
+
+| Variable                    | Required | Default                                    | Comments                                            |
+|-----------------------------|----------|--------------------------------------------|-----------------------------------------------------|
+| ocp_service| no | false  | Flag to be set to true to run this playbook  |
+
+Dependencies
+------------
+
+ - None
+
+Example Playbook
+----------------
+```
+- name: Run the Service Controller function
+  hosts: localhost
+  roles:
+  - ocp-service-controller-function
+```
+
+License
+-------
+
+See LICENCE.txt
+
+Author Information
+------------------
+
+[email protected]
+

playbooks/roles/ocp-service-controller-function/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+test_namespace: "test-privileged"

playbooks/roles/ocp-service-controller-function/files/sample-web-app.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: go-web-app
+  namespace: test-privileged
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      name: go-web-app
+  template:
+    metadata:
+      labels:
+        name: go-web-app
+    spec:
+      containers:
+        - name: application
+          image: karthikkn27/go-web-app-on-scratch
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 7777
+

playbooks/roles/ocp-service-controller-function/files/test-svc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-svc
+  namespace: test-privileged
+spec:
+  type: LoadBalancer
+  ports:
+    - name: http
+      port: 80
+      targetPort: 7777
+  selector:
+    name: go-web-app
+  externalTrafficPolicy: Cluster
+

playbooks/roles/ocp-service-controller-function/tasks/main.yml

@@ -0,0 +1,167 @@
+---
+
+- name: Check if cluster operators and nodes are healthy
+  include_role:
+    name: check-cluster-health
+
+- name: Delete the service if already exist
+  kubernetes.core.k8s:
+    state: absent
+    api_version: v1
+    kind: Service
+    namespace: test-privileged
+    name: test-svc
+  ignore_errors: true
+
+- name: Delete the sample-app if already exist
+  kubernetes.core.k8s:
+    state: absent
+    api_version: apps/v1
+    kind: Deployment
+    namespace: test-privileged
+    name: go-web-app
+  ignore_errors: true
+
+- name: Create namespace and labels to deploy sample-web-app
+  kubernetes.core.k8s:
+    name: "{{ test_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Add label to the "{{ test_namespace }}" namespace
+  kubernetes.core.k8s:
+    state: patched
+    kind: Namespace
+    name: "{{ test_namespace }}"
+    definition:
+      metadata:
+        labels:
+          security.openshift.io/scc.podSecurityLabelSync: "false"
+          pod-security.kubernetes.io/enforce: privileged
+          pod-security.kubernetes.io/audit: privileged
+          pod-security.kubernetes.io/warn: privileged
+
+- name: Run sample-web-app file
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/files/sample-web-app.yaml"
+
+- name: Wait for sample-app to come up
+  wait_for:
+    timeout: 120
+    delay: 2
+
+- name: Check for the pods
+  shell: oc get pods -n "{{ test_namespace }}"
+  register: check_pod
+
+- name: Check if the pods are in Running state
+  shell: oc get pods -n "{{ test_namespace }}" -o jsonpath='{.items[0].status.phase}'
+  register: pods_status
+  until: pods_status.stdout == "Running"
+  retries: 15
+  delay: 60
+
+- debug:
+    msg: "{{ check_pod.stdout_lines }}"
+
+- name: Run the service file
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ role_path }}/files/test-svc.yaml"
+  register: create_service
+  when: pods_status.stdout == "Running"
+
+- name: Wait for service to come up
+  wait_for:
+    timeout: 120
+    delay: 2
+
+- name: Check the service
+  shell: oc get service -A | grep test-svc
+  register: check_service
+
+- debug:
+    msg: "{{ check_service.stdout_lines }}"
+
+- name: Get the pod
+  shell: oc get pods -n "{{ test_namespace }}" -o=jsonpath='{.items[0].metadata.name}'
+  register: first_pod
+
+- name: Check the logs of the service
+  shell: oc logs "{{ first_pod.stdout }}" -n "{{ test_namespace }}"
+  register: service_logs
+
+- debug:
+    msg: "{{ service_logs.stdout_lines }}"
+
+- name: Get the externalIP of the service
+  shell: oc get service -n "{{ test_namespace }}" -o=jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}'
+  register: lb_externalip
+
+- name: Wait for loadbalancer to comes up
+  wait_for:
+    delay: 5
+
+- name: Check the application is accessible through an external IP
+  shell: curl http://{{ lb_externalip.stdout }}
+  register: curl_ip
+  when: lb_externalip.stdout != ''
+
+- debug:
+    msg: "{{ curl_ip.stdout_lines }}"
+
+- name: Verify the logs from the external ip
+  shell: echo "Successfully validate the service controller function"
+  when: curl_ip.stdout == "My Go App"
+  register: success_msg
+
+- debug:
+    msg: "{{ success_msg.stdout_lines }}"
+
+- name: Clean up the service
+  kubernetes.core.k8s:
+    state: absent
+    api_version: v1
+    kind: Service
+    namespace: "{{ test_namespace }}"
+    name: test-svc
+  ignore_errors: true
+
+- name: Check if  the service has been deleted
+  shell: oc get service -A --no-headers | grep test-svc | wc -l
+  register: func_srv
+  until: func_srv.stdout|int == 0
+  retries: 15
+  delay: 60
+
+- name: Clean up the sample-app resources
+  kubernetes.core.k8s:
+    api_version: apps/v1
+    namespace: "{{ test_namespace }}"
+    kind: Deployment
+    state: absent
+    name: go-web-app
+  ignore_errors: true
+
+- name: Check if all the pods has been deleted
+  shell: oc get pods -n "{{ test_namespace }}" --no-headers | wc -l
+  register: del_pod
+  until: del_pod.stdout|int == 0
+  retries: 15
+  delay: 60
+
+- name: Delete namespace created for sample-web-app
+  kubernetes.core.k8s:
+    name: "{{ test_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: absent
+
+- name: Check if the namespace gets deleted
+  shell: oc get namespace --no-headers | grep "{{ test_namespace }}" | wc -l
+  register: srv_namespace
+  until: srv_namespace.stdout|int == 0
+  retries: 15
+  delay: 30