Skip to content

Commit ee031a5

Browse files
mkottakota1mkottakota1
authored
Brought up Vertica in K8s
1 parent 959c0d7 commit ee031a5

File tree

1 file changed

+264
-63
lines changed

1 file changed

+264
-63
lines changed

.github/workflows/ci.yaml

Lines changed: 264 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ on: [push, pull_request]
44

55
jobs:
66
build:
7-
87
runs-on: ubuntu-latest
8+
99
strategy:
1010
matrix:
1111
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13', 'pypy3.10']
@@ -18,83 +18,284 @@ jobs:
1818
CLIENT_SECRET: P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs
1919

2020
steps:
21-
- name: Check out repository
21+
- name: Checkout repository
2222
uses: actions/checkout@v4
23+
2324
- name: Set up Python ${{ matrix.python-version }}
2425
uses: actions/setup-python@v5
2526
with:
2627
python-version: ${{ matrix.python-version }}
27-
- name: Set up a Keycloak docker container
28-
timeout-minutes: 5
28+
29+
- name: Set up Kubernetes (KinD)
30+
uses: helm/[email protected]
31+
with:
32+
cluster_name: vertica-ci
33+
node_image: kindest/node:v1.29.0
34+
35+
- name: Set up Helm
36+
uses: azure/setup-helm@v3
37+
with:
38+
version: "3.11.3"
39+
40+
- name: Add Helm repos
41+
run: |
42+
helm repo add vertica-charts https://vertica.github.io/charts || true
43+
helm repo add bitnami https://charts.bitnami.com/bitnami || true
44+
helm repo update
45+
46+
# Step 4: Install MinIO for communal storage
47+
- name: Install MinIO (namespace minio)
2948
run: |
30-
docker network create -d bridge my-network
31-
docker run -d -p 8080:8080 \
32-
--name keycloak --network my-network \
33-
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
34-
quay.io/keycloak/keycloak:23.0.4 start-dev
35-
docker container ls
36-
37-
- name: Set up a Vertica server docker container
38-
timeout-minutes: 15
49+
kubectl create ns minio || true
50+
cat <<'EOF' > minio.yaml
51+
apiVersion: apps/v1
52+
kind: Deployment
53+
metadata:
54+
name: minio
55+
namespace: minio
56+
spec:
57+
replicas: 1
58+
selector:
59+
matchLabels:
60+
app: minio
61+
template:
62+
metadata:
63+
labels:
64+
app: minio
65+
spec:
66+
containers:
67+
- name: minio
68+
image: minio/minio:RELEASE.2025-09-07T16-13-09Z-cpuv1
69+
args: ["server", "/data"]
70+
env:
71+
- name: MINIO_ROOT_USER
72+
value: "minioadmin"
73+
- name: MINIO_ROOT_PASSWORD
74+
value: "minioadmin"
75+
ports:
76+
- containerPort: 9000
77+
volumeMounts:
78+
- name: data
79+
mountPath: /data
80+
volumes:
81+
- name: data
82+
emptyDir: {}
83+
---
84+
apiVersion: v1
85+
kind: Service
86+
metadata:
87+
name: minio
88+
namespace: minio
89+
spec:
90+
selector:
91+
app: minio
92+
ports:
93+
- port: 9000
94+
targetPort: 9000
95+
EOF
96+
kubectl apply -f minio.yaml
97+
kubectl -n minio rollout status deployment/minio --timeout=2m || true
98+
kubectl get pods -n minio -o wide || true
99+
kubectl get svc -n minio || true
100+
101+
- name: Ensure MinIO bucket exists
39102
run: |
40-
docker run -d -p 5433:5433 -p 5444:5444 \
41-
--name vertica_docker --network my-network \
42-
opentext/vertica-ce:24.4.0-0
43-
echo "Vertica startup ..."
44-
until docker exec vertica_docker test -f /data/vertica/VMart/agent_start.out; do \
45-
echo "..."; \
46-
sleep 3; \
47-
done;
48-
echo "Vertica is up"
49-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "\l"
50-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "select version()"
51-
52-
- name: Configure Keycloak
103+
kubectl run mc-client --rm -i --restart=Never \
104+
--image=minio/mc:latest \
105+
-n minio \
106+
--command -- bash -c "
107+
mc alias set localminio http://minio.minio.svc.cluster.local:9000 minioadmin minioadmin && \
108+
mc mb --ignore-existing localminio/vertica-fleeting && \
109+
mc ls localminio
110+
"
111+
112+
# Create MinIO credentials secret
113+
- name: Create MinIO Secret
53114
run: |
54-
echo "Wait for keycloak ready ..."
55-
bash -c 'while true; do curl -s localhost:8080 &>/dev/null; ret=$?; [[ $ret -eq 0 ]] && break; echo "..."; sleep 3; done'
56-
57-
docker exec -i keycloak /bin/bash <<EOF
58-
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
59-
/opt/keycloak/bin/kcadm.sh create realms -s realm=${REALM} -s enabled=true
60-
/opt/keycloak/bin/kcadm.sh update realms/${REALM} -s accessTokenLifespan=3600
61-
/opt/keycloak/bin/kcadm.sh get realms/${REALM}
62-
/opt/keycloak/bin/kcadm.sh create users -r ${REALM} -s username=${USER} -s enabled=true
63-
/opt/keycloak/bin/kcadm.sh set-password -r ${REALM} --username ${USER} --new-password ${PASSWORD}
64-
/opt/keycloak/bin/kcadm.sh get users -r ${REALM}
65-
/opt/keycloak/bin/kcadm.sh create clients -r ${REALM} -s clientId=${CLIENT_ID} -s enabled=true \
66-
-s 'redirectUris=["/*"]' -s 'webOrigins=["/*"]' -s secret=${CLIENT_SECRET} -s directAccessGrantsEnabled=true -o
115+
kubectl delete secret communal-creds -n my-verticadb-operator --ignore-not-found
116+
kubectl create ns my-verticadb-operator || true
117+
kubectl create secret generic communal-creds \
118+
-n my-verticadb-operator \
119+
--from-literal=accesskey="minioadmin" \
120+
--from-literal=secretkey="minioadmin"
121+
kubectl get secret communal-creds -n my-verticadb-operator -o yaml || true
122+
123+
# Install Vertica Operator
124+
- name: Install Vertica Operator
125+
run: |
126+
cat <<'EOF' > operator-values.yaml
127+
installCRDs: true
128+
controller:
129+
extraEnv:
130+
- name: AWS_REGION
131+
value: "us-east-1"
132+
- name: AWS_DEFAULT_REGION
133+
value: "us-east-1"
67134
EOF
135+
helm upgrade --install vdb-op vertica-charts/verticadb-operator \
136+
-n my-verticadb-operator -f operator-values.yaml --wait --timeout 10m
137+
kubectl -n my-verticadb-operator get pods -o wide || true
68138
69-
# Retrieving an Access Token
70-
curl --location --request POST http://`hostname`:8080/realms/${REALM}/protocol/openid-connect/token \
71-
--header 'Content-Type: application/x-www-form-urlencoded' \
72-
--data-urlencode "username=${USER}" \
73-
--data-urlencode "password=${PASSWORD}" \
74-
--data-urlencode "client_id=${CLIENT_ID}" \
75-
--data-urlencode "client_secret=${CLIENT_SECRET}" \
76-
--data-urlencode 'grant_type=password' -o oauth.json
77-
cat oauth.json | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["access_token"])' > access_token.txt
78-
79-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "CREATE AUTHENTICATION v_oauth METHOD 'oauth' HOST '0.0.0.0/0';"
80-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET client_id = '${CLIENT_ID}';"
81-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET client_secret = '${CLIENT_SECRET}';"
82-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET discovery_url = 'http://`hostname`:8080/realms/${REALM}/.well-known/openid-configuration';"
83-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_oauth SET introspect_url = 'http://`hostname`:8080/realms/${REALM}/protocol/openid-connect/token/introspect';"
84-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "SELECT * FROM client_auth WHERE auth_name='v_oauth';"
85-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "CREATE USER ${USER};"
86-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "GRANT AUTHENTICATION v_oauth TO ${USER};"
87-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "GRANT ALL ON SCHEMA PUBLIC TO ${USER};"
88-
# A dbadmin-specific authentication record (connect remotely) is needed after setting up an OAuth user
89-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "CREATE AUTHENTICATION v_dbadmin_hash METHOD 'hash' HOST '0.0.0.0/0';"
90-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "ALTER AUTHENTICATION v_dbadmin_hash PRIORITY 10000;"
91-
docker exec -u dbadmin vertica_docker /opt/vertica/bin/vsql -c "GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;"
139+
# Deploy VerticaDB with MinIO
140+
- name: Deploy VerticaDB
141+
run: |
142+
cat <<'EOF' | kubectl apply -f -
143+
apiVersion: vertica.com/v1
144+
kind: VerticaDB
145+
metadata:
146+
name: verticadb-sample
147+
namespace: my-verticadb-operator
148+
spec:
149+
image: opentext/vertica-k8s:latest
150+
dbName: vdb
151+
initPolicy: Create
152+
communal:
153+
path: s3://vertica-fleeting/mkottakota/
154+
credentialSecret: communal-creds
155+
endpoint: http://minio.minio.svc.cluster.local:9000
156+
region: us-east-1
157+
local:
158+
dataPath: /data
159+
depotPath: /depot
160+
subclusters:
161+
- name: defaultsubcluster
162+
size: 3
163+
EOF
164+
kubectl annotate verticadb verticadb-sample -n my-verticadb-operator \
165+
vertica.com/ci-reconcile="$(date -u +%s)" --overwrite || true
166+
167+
# Wait for Vertica readiness
168+
- name: Wait for Vertica readiness
169+
run: |
170+
NS=my-verticadb-operator
171+
SS=verticadb-sample-defaultsubcluster
172+
POD=${SS}-0
173+
for i in {1..30}; do
174+
kubectl get pod ${POD} -n ${NS} && break || sleep 10
175+
done
176+
kubectl wait --for=condition=Ready pod/${POD} -n ${NS} --timeout=5m || true
177+
178+
# Deploy Keycloak in K8s
179+
- name: Deploy Keycloak
180+
run: |
181+
kubectl create ns keycloak || true
182+
cat <<'EOF' | kubectl apply -f -
183+
apiVersion: apps/v1
184+
kind: Deployment
185+
metadata:
186+
name: keycloak
187+
namespace: keycloak
188+
spec:
189+
replicas: 1
190+
selector:
191+
matchLabels:
192+
app: keycloak
193+
template:
194+
metadata:
195+
labels:
196+
app: keycloak
197+
spec:
198+
containers:
199+
- name: keycloak
200+
image: quay.io/keycloak/keycloak:23.0.4
201+
args: ["start-dev"]
202+
env:
203+
- name: KEYCLOAK_ADMIN
204+
value: admin
205+
- name: KEYCLOAK_ADMIN_PASSWORD
206+
value: admin
207+
ports:
208+
- containerPort: 8080
209+
readinessProbe:
210+
httpGet:
211+
path: /
212+
port: 8080
213+
initialDelaySeconds: 20
214+
periodSeconds: 5
215+
failureThreshold: 6
216+
---
217+
apiVersion: v1
218+
kind: Service
219+
metadata:
220+
name: keycloak
221+
namespace: keycloak
222+
spec:
223+
selector:
224+
app: keycloak
225+
ports:
226+
- port: 8080
227+
targetPort: 8080
228+
EOF
229+
230+
# Wait for Keycloak readiness
231+
- name: Wait for Keycloak readiness
232+
run: |
233+
kubectl -n keycloak rollout status deploy/keycloak --timeout=2m
234+
kubectl -n keycloak get pods -o wide
235+
236+
# Configure Keycloak realm, client, and user
237+
- name: Configure Keycloak realm, client, and user
238+
run: |
239+
kubectl -n keycloak exec deploy/keycloak -- \
240+
/opt/keycloak/bin/kcadm.sh config credentials \
241+
--server http://localhost:8080 --realm master \
242+
--user admin --password admin
243+
244+
kubectl -n keycloak exec deploy/keycloak -- \
245+
/opt/keycloak/bin/kcadm.sh create realms -s realm=test -s enabled=true
246+
247+
kubectl -n keycloak exec deploy/keycloak -- \
248+
/opt/keycloak/bin/kcadm.sh create clients -r test \
249+
-s clientId=vertica -s enabled=true \
250+
-s secret=P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs \
251+
-s 'redirectUris=["*"]' \
252+
-s directAccessGrantsEnabled=true
253+
254+
kubectl -n keycloak exec deploy/keycloak -- \
255+
/opt/keycloak/bin/kcadm.sh create users -r test \
256+
-s username=oauth_user -s enabled=true
257+
258+
kubectl -n keycloak exec deploy/keycloak -- \
259+
/opt/keycloak/bin/kcadm.sh set-password -r test \
260+
--username oauth_user --new-password password
261+
262+
# Configure Vertica Authentication
263+
- name: Configure Vertica Authentication
264+
run: |
265+
NS=my-verticadb-operator
266+
POD=verticadb-sample-defaultsubcluster-0
267+
kubectl -n ${NS} exec ${POD} -c server -- bash -c "
268+
/opt/vertica/bin/vsql -U dbadmin -c \"
269+
CREATE AUTHENTICATION v_oauth METHOD 'oauth' HOST '0.0.0.0/0';
270+
ALTER AUTHENTICATION v_oauth SET client_id = 'vertica';
271+
ALTER AUTHENTICATION v_oauth SET client_secret = 'P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs';
272+
ALTER AUTHENTICATION v_oauth SET discovery_url = 'http://keycloak.keycloak.svc.cluster.local:8080/realms/test/.well-known/openid-configuration';
273+
ALTER AUTHENTICATION v_oauth SET introspect_url = 'http://keycloak.keycloak.svc.cluster.local:8080/realms/test/protocol/openid-connect/token/introspect';
274+
CREATE USER oauth_user;
275+
GRANT AUTHENTICATION v_oauth TO oauth_user;
276+
GRANT ALL ON SCHEMA PUBLIC TO oauth_user;
277+
CREATE AUTHENTICATION v_dbadmin_hash METHOD 'hash' HOST '0.0.0.0/0';
278+
ALTER AUTHENTICATION v_dbadmin_hash PRIORITY 10000;
279+
GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;
280+
\"
281+
"
92282
93283
- name: Install dependencies
94284
run: pip install tox
285+
95286
- name: Run tests
96287
run: |
97288
export VP_TEST_USER=dbadmin
98-
export VP_TEST_OAUTH_ACCESS_TOKEN=`cat access_token.txt`
289+
export VP_TEST_OAUTH_ACCESS_TOKEN=$(cat access_token.txt)
99290
export VP_TEST_OAUTH_USER=${USER}
100291
tox -e py
292+
kubectl -n ${NS} delete pod go-test-runner --ignore-not-found=true
293+
294+
# Cleanup MinIO
295+
- name: Uninstall MinIO
296+
if: always()
297+
run: |
298+
kubectl delete pod minio -n minio --ignore-not-found || true
299+
kubectl delete svc minio -n minio --ignore-not-found || true
300+
kubectl delete ns minio || true
301+
echo "MinIO cleanup complete"

0 commit comments

Comments
 (0)