From 9564a3753c348214c5f636b436fe64a927ffb569 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 18 Jul 2025 16:01:15 +0200 Subject: [PATCH 1/5] fix(test): Iceberg/Minio on openshift --- tests/templates/kuttl/iceberg/20-assert.yaml | 7 - .../kuttl/iceberg/20-install-minio.yaml | 2 +- tests/templates/kuttl/iceberg/20_minio.yaml | 588 ++++++++++++++++++ tests/templates/kuttl/iceberg/21-assert.yaml | 9 +- .../kuttl/iceberg/21-install-minio-jobs.yaml | 5 + .../kuttl/iceberg/21_minio_jobs.yaml | 116 ++++ tests/templates/kuttl/iceberg/25-assert.yaml | 12 + ...res.yaml => 25-install-hive-postgres.yaml} | 2 +- ...25_helm-bitnami-postgresql-values.yaml.j2} | 0 9 files changed, 727 insertions(+), 14 deletions(-) create mode 100644 tests/templates/kuttl/iceberg/20_minio.yaml create mode 100644 tests/templates/kuttl/iceberg/21-install-minio-jobs.yaml create mode 100644 tests/templates/kuttl/iceberg/21_minio_jobs.yaml create mode 100644 tests/templates/kuttl/iceberg/25-assert.yaml rename tests/templates/kuttl/iceberg/{21-install-hive-postgres.yaml => 25-install-hive-postgres.yaml} (83%) rename tests/templates/kuttl/iceberg/{21_helm-bitnami-postgresql-values.yaml.j2 => 25_helm-bitnami-postgresql-values.yaml.j2} (100%) diff --git a/tests/templates/kuttl/iceberg/20-assert.yaml b/tests/templates/kuttl/iceberg/20-assert.yaml index e1829b77..477bdd02 100644 --- a/tests/templates/kuttl/iceberg/20-assert.yaml +++ b/tests/templates/kuttl/iceberg/20-assert.yaml @@ -10,10 +10,3 @@ metadata: status: readyReplicas: 1 replicas: 1 ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: minio-post-job -status: - succeeded: 1 diff --git a/tests/templates/kuttl/iceberg/20-install-minio.yaml b/tests/templates/kuttl/iceberg/20-install-minio.yaml index bbef7238..985b51e8 100644 --- a/tests/templates/kuttl/iceberg/20-install-minio.yaml +++ b/tests/templates/kuttl/iceberg/20-install-minio.yaml @@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - - script: kubectl -n $NAMESPACE apply -f https://raw.githubusercontent.com/stackabletech/demos/refs/heads/release-25.3/stacks/_templates/minio-tls/rendered-chart.yaml + - script: kubectl -n $NAMESPACE apply -f 20_minio.yaml diff --git a/tests/templates/kuttl/iceberg/20_minio.yaml b/tests/templates/kuttl/iceberg/20_minio.yaml new file mode 100644 index 00000000..46d91930 --- /dev/null +++ b/tests/templates/kuttl/iceberg/20_minio.yaml @@ -0,0 +1,588 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "minio-sa" +--- +apiVersion: v1 +kind: Secret +metadata: + name: minio + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm +type: Opaque +data: + rootUser: "YWRtaW4=" + rootPassword: "YWRtaW5hZG1pbg==" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: minio + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm +data: + initialize: |- + #!/bin/sh + set -e # Have script exit in the event of a failed command. + MC_CONFIG_DIR="/etc/minio/mc/" + MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" + + # connectToMinio + # Use a check-sleep-check loop to wait for MinIO service to be available + connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 + LIMIT=29 # Allow 30 attempts + set -e # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) + SECRET=$(cat /config/rootPassword) + set +e # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" + $MC_COMMAND + STATUS=$? + until [ $STATUS = 0 ]; do + ATTEMPTS=$(expr $ATTEMPTS + 1) + echo \"Failed attempts: $ATTEMPTS\" + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 + fi + sleep 2 # 1 second intervals between attempts + $MC_COMMAND + STATUS=$? + done + set -e # reset `e` as active + return 0 + } + + # checkBucketExists ($bucket) + # Check if the bucket exists, by using the exit code of `mc ls` + checkBucketExists() { + BUCKET=$1 + CMD=$(${MC} stat myminio/$BUCKET >/dev/null 2>&1) + return $? + } + + # createBucket ($bucket, $policy, $purge) + # Ensure bucket exists, purging if asked to + createBucket() { + BUCKET=$1 + POLICY=$2 + PURGE=$3 + VERSIONING=$4 + OBJECTLOCKING=$5 + + # Purge the bucket, if set & exists + # Since PURGE is user input, check explicitly for `true` + if [ $PURGE = true ]; then + if checkBucketExists $BUCKET; then + echo "Purging bucket '$BUCKET'." + set +e # don't exit if this fails + ${MC} rm -r --force myminio/$BUCKET + set -e # reset `e` as active + else + echo "Bucket '$BUCKET' does not exist, skipping purge." + fi + fi + + # Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) + if ! checkBucketExists $BUCKET; then + if [ ! -z $OBJECTLOCKING ]; then + if [ $OBJECTLOCKING = true ]; then + echo "Creating bucket with OBJECTLOCKING '$BUCKET'" + ${MC} mb --with-lock myminio/$BUCKET + elif [ $OBJECTLOCKING = false ]; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + fi + elif [ -z $OBJECTLOCKING ]; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + else + echo "Bucket '$BUCKET' already exists." + fi + fi + + # set versioning for bucket if objectlocking is disabled or not set + if [ $OBJECTLOCKING = false ]; then + if [ ! -z $VERSIONING ]; then + if [ $VERSIONING = true ]; then + echo "Enabling versioning for '$BUCKET'" + ${MC} version enable myminio/$BUCKET + elif [ $VERSIONING = false ]; then + echo "Suspending versioning for '$BUCKET'" + ${MC} version suspend myminio/$BUCKET + fi + fi + else + echo "Bucket '$BUCKET' versioning unchanged." + fi + + # At this point, the bucket should exist, skip checking for existence + # Set policy on the bucket + echo "Setting policy of bucket '$BUCKET' to '$POLICY'." + ${MC} anonymous set $POLICY myminio/$BUCKET + } + + # Try connecting to MinIO instance + scheme=https + connectToMinio $scheme + + + + # Create the buckets + createBucket demo "public" false false false + + add-user: |- + #!/bin/sh + set -e ; # Have script exit in the event of a failed command. + MC_CONFIG_DIR="/etc/minio/mc/" + MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" + + # AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. + # Special characters for example : ',",<,>,{,} + MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" + + # connectToMinio + # Use a check-sleep-check loop to wait for MinIO service to be available + connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 + } + + # checkUserExists () + # Check if the user exists, by using the exit code of `mc admin user info` + checkUserExists() { + CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) + return $? + } + + # createUser ($policy) + createUser() { + POLICY=$1 + #check accessKey_and_secretKey_tmp file + if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then + echo "credentials file does not exist" + return 1 + fi + if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then + echo "credentials file is invalid" + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + return 1 + fi + USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) + # Create the user if it does not exist + if ! checkUserExists ; then + echo "Creating user '$USER'" + cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio + else + echo "User '$USER' already exists." + fi + #clean up credentials files. + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + + # set policy for user + if [ ! -z $POLICY -a $POLICY != " " ] ; then + echo "Adding policy '$POLICY' for '$USER'" + set +e ; # policy already attach errors out, allow it. + ${MC} admin policy attach myminio $POLICY --user=$USER + set -e + else + echo "User '$USER' has no policy attached." + fi + } + + # Try connecting to MinIO instance + scheme=https + connectToMinio $scheme + + + + # Create the users + echo console > $MINIO_ACCESSKEY_SECRETKEY_TMP + echo console123 >> $MINIO_ACCESSKEY_SECRETKEY_TMP + createUser consoleAdmin + + add-policy: |- + #!/bin/sh + set -e ; # Have script exit in the event of a failed command. + MC_CONFIG_DIR="/etc/minio/mc/" + MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" + + # connectToMinio + # Use a check-sleep-check loop to wait for MinIO service to be available + connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 + } + + # checkPolicyExists ($policy) + # Check if the policy exists, by using the exit code of `mc admin policy info` + checkPolicyExists() { + POLICY=$1 + CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) + return $? + } + + # createPolicy($name, $filename) + createPolicy () { + NAME=$1 + FILENAME=$2 + + # Create the name if it does not exist + echo "Checking policy: $NAME (in /config/$FILENAME.json)" + if ! checkPolicyExists $NAME ; then + echo "Creating policy '$NAME'" + else + echo "Policy '$NAME' already exists." + fi + ${MC} admin policy create myminio $NAME /config/$FILENAME.json + + } + + # Try connecting to MinIO instance + scheme=https + connectToMinio $scheme + + + + add-svcacct: |- + #!/bin/sh + set -e ; # Have script exit in the event of a failed command. + MC_CONFIG_DIR="/etc/minio/mc/" + MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" + + # AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. + # Special characters for example : ',",<,>,{,} + MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp" + + # connectToMinio + # Use a check-sleep-check loop to wait for MinIO service to be available + connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 2 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 + } + + # checkSvcacctExists () + # Check if the svcacct exists, by using the exit code of `mc admin user svcacct info` + checkSvcacctExists() { + CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) + return $? + } + + # createSvcacct ($user) + createSvcacct () { + USER=$1 + FILENAME=$2 + #check accessKey_and_secretKey_tmp file + if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then + echo "credentials file does not exist" + return 1 + fi + if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then + echo "credentials file is invalid" + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + return 1 + fi + SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) + # Create the svcacct if it does not exist + if ! checkSvcacctExists ; then + echo "Creating svcacct '$SVCACCT'" + # Check if policy file is define + if [ -z $FILENAME ]; then + ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER + else + ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER + fi + else + echo "Svcacct '$SVCACCT' already exists." + fi + #clean up credentials files. + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + } + + # Try connecting to MinIO instance + scheme=https + connectToMinio $scheme + + + + custom-command: |- + #!/bin/sh + set -e ; # Have script exit in the event of a failed command. + MC_CONFIG_DIR="/etc/minio/mc/" + MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" + + # connectToMinio + # Use a check-sleep-check loop to wait for MinIO service to be available + connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 + } + + # runCommand ($@) + # Run custom mc command + runCommand() { + ${MC} "$@" + return $? + } + + # Try connecting to MinIO instance + scheme=https + connectToMinio $scheme +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-console + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm +spec: + type: NodePort + externalTrafficPolicy: "Cluster" + ports: + - name: https + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app: minio + release: minio +--- +apiVersion: v1 +kind: Service +metadata: + name: minio + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm + monitoring: "true" +spec: + type: NodePort + externalTrafficPolicy: "Cluster" + ports: + - name: https + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + release: minio +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio + chart: minio-5.4.0 + release: minio + heritage: Helm + stackable.tech/vendor: Stackable +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 100% + maxUnavailable: 0 + replicas: 1 + selector: + matchLabels: + app: minio + release: minio + template: + metadata: + name: minio + labels: + app: minio + release: minio + stackable.tech/vendor: Stackable + annotations: + checksum/secrets: fa63e34a92c817c84057e2d452fa683e66462a57b0529388fb96a57e05f38e57 + checksum/config: ebea49cc4c1bfbd1b156a58bf770a776ff87fe199f642d31c2816b5515112e72 + spec: + securityContext: + fsGroupChangePolicy: OnRootMismatch + serviceAccountName: minio-sa + containers: + - name: minio + image: "quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-ce" + - | + # minio requires the TLS key pair to be specially named + # mkdir -p /etc/minio/certs + cp -v /etc/minio/original_certs/tls.crt /etc/minio/certs/public.crt + cp -v /etc/minio/original_certs/tls.key /etc/minio/certs/private.key + + /usr/bin/docker-entrypoint.sh minio server /export -S /etc/minio/certs/ --address :9000 --console-address :9001 + volumeMounts: + - name: minio-user + mountPath: "/tmp/credentials" + readOnly: true + - name: export + mountPath: /export + - mountPath: /etc/minio/original_certs + name: tls + - mountPath: /etc/minio/certs + name: certs + ports: + - name: https + containerPort: 9000 + - name: https-console + containerPort: 9001 + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: minio + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: minio + key: rootPassword + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + resources: + requests: + cpu: 1 + memory: 2Gi + securityContext: + readOnlyRootFilesystem: false + volumes: + - name: export + persistentVolumeClaim: + claimName: minio + - name: minio-user + secret: + secretName: minio + + - ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/class: tls + secrets.stackable.tech/scope: service=minio + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1 + storageClassName: secrets.stackable.tech + name: tls + - emptyDir: + medium: Memory + sizeLimit: 5Mi + name: certs diff --git a/tests/templates/kuttl/iceberg/21-assert.yaml b/tests/templates/kuttl/iceberg/21-assert.yaml index 1ac12423..3895aff4 100644 --- a/tests/templates/kuttl/iceberg/21-assert.yaml +++ b/tests/templates/kuttl/iceberg/21-assert.yaml @@ -3,10 +3,9 @@ apiVersion: kuttl.dev/v1beta1 kind: TestAssert timeout: 600 --- -apiVersion: apps/v1 -kind: StatefulSet +apiVersion: batch/v1 +kind: Job metadata: - name: postgresql + name: minio-post-job status: - readyReplicas: 1 - replicas: 1 + succeeded: 1 diff --git a/tests/templates/kuttl/iceberg/21-install-minio-jobs.yaml b/tests/templates/kuttl/iceberg/21-install-minio-jobs.yaml new file mode 100644 index 00000000..d51dae4b --- /dev/null +++ b/tests/templates/kuttl/iceberg/21-install-minio-jobs.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl -n $NAMESPACE apply -f 21_minio_jobs.yaml diff --git a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml new file mode 100644 index 00000000..23fdb1f3 --- /dev/null +++ b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: minio-post-job + labels: + app: minio-post-job + chart: minio-5.4.0 + release: minio + heritage: Helm + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + template: + metadata: + labels: + app: minio-job + release: minio + stackable.tech/vendor: Stackable + spec: + restartPolicy: OnFailure + volumes: + - name: etc-path + emptyDir: {} + - name: tmp + emptyDir: {} + - name: minio-configuration + projected: + sources: + - configMap: + name: minio + - secret: + name: minio + - ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/class: tls + secrets.stackable.tech/scope: service=minio + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1 + storageClassName: secrets.stackable.tech + name: tls + - emptyDir: + medium: Memory + sizeLimit: 5Mi + name: certs + serviceAccountName: minio-sa + containers: + - name: minio-make-bucket + image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-ce" + - | + # Copy the CA cert from the "tls" SecretClass + # mkdir -p /etc/minio/mc/certs/CAs + cp -v /etc/minio/mc/original_certs/ca.crt /etc/minio/mc/certs/CAs/public.crt + + . /config/initialize + env: + - name: MINIO_ENDPOINT + value: minio + - name: MINIO_PORT + value: "9000" + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + - name: tls + mountPath: /etc/minio/mc/original_certs + - name: certs + mountPath: /etc/minio/mc/certs/CAs + resources: + requests: + memory: 128Mi + - name: minio-make-user + image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z" + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-ce" + - | + # Copy the CA cert from the "tls" SecretClass + # mkdir -p /etc/minio/mc/certs/CAs + cp -v /etc/minio/mc/original_certs/ca.crt /etc/minio/mc/certs/CAs/public.crt + + . /config/add-user + env: + - name: MINIO_ENDPOINT + value: minio + - name: MINIO_PORT + value: "9000" + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + - name: tls + mountPath: /etc/minio/mc/original_certs + - name: certs + mountPath: /etc/minio/mc/certs/CAs + resources: + requests: + memory: 128Mi \ No newline at end of file diff --git a/tests/templates/kuttl/iceberg/25-assert.yaml b/tests/templates/kuttl/iceberg/25-assert.yaml new file mode 100644 index 00000000..1ac12423 --- /dev/null +++ b/tests/templates/kuttl/iceberg/25-assert.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 600 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgresql +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/iceberg/21-install-hive-postgres.yaml b/tests/templates/kuttl/iceberg/25-install-hive-postgres.yaml similarity index 83% rename from tests/templates/kuttl/iceberg/21-install-hive-postgres.yaml rename to tests/templates/kuttl/iceberg/25-install-hive-postgres.yaml index fa5698e0..69649d8a 100644 --- a/tests/templates/kuttl/iceberg/21-install-hive-postgres.yaml +++ b/tests/templates/kuttl/iceberg/25-install-hive-postgres.yaml @@ -8,5 +8,5 @@ commands: --install --version=12.5.6 --namespace $NAMESPACE - -f 21_helm-bitnami-postgresql-values.yaml + -f 25_helm-bitnami-postgresql-values.yaml --repo https://charts.bitnami.com/bitnami postgresql diff --git a/tests/templates/kuttl/iceberg/21_helm-bitnami-postgresql-values.yaml.j2 b/tests/templates/kuttl/iceberg/25_helm-bitnami-postgresql-values.yaml.j2 similarity index 100% rename from tests/templates/kuttl/iceberg/21_helm-bitnami-postgresql-values.yaml.j2 rename to tests/templates/kuttl/iceberg/25_helm-bitnami-postgresql-values.yaml.j2 From 25ae3d5a556f2b87782cd3e6563e568f218068d6 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 25 Jul 2025 09:40:05 +0200 Subject: [PATCH 2/5] linting --- tests/templates/kuttl/iceberg/20_minio.yaml | 9 +-------- tests/templates/kuttl/iceberg/21_minio_jobs.yaml | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/tests/templates/kuttl/iceberg/20_minio.yaml b/tests/templates/kuttl/iceberg/20_minio.yaml index 46d91930..85ac7c4c 100644 --- a/tests/templates/kuttl/iceberg/20_minio.yaml +++ b/tests/templates/kuttl/iceberg/20_minio.yaml @@ -135,8 +135,6 @@ data: scheme=https connectToMinio $scheme - - # Create the buckets createBucket demo "public" false false false @@ -291,8 +289,6 @@ data: scheme=https connectToMinio $scheme - - add-svcacct: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. @@ -372,8 +368,6 @@ data: scheme=https connectToMinio $scheme - - custom-command: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. @@ -567,7 +561,6 @@ spec: - name: minio-user secret: secretName: minio - - ephemeral: volumeClaimTemplate: metadata: @@ -576,7 +569,7 @@ spec: secrets.stackable.tech/scope: service=minio spec: accessModes: - - ReadWriteOnce + - ReadWriteOnce resources: requests: storage: 1 diff --git a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml index 23fdb1f3..4c848d62 100644 --- a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml +++ b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml @@ -40,7 +40,7 @@ spec: secrets.stackable.tech/scope: service=minio spec: accessModes: - - ReadWriteOnce + - ReadWriteOnce resources: requests: storage: 1 From 70c446d3afd55dc07bcfbc20eed6d20e9047ad58 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 25 Jul 2025 09:44:42 +0200 Subject: [PATCH 3/5] more linting --- tests/templates/kuttl/iceberg/20_minio.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/templates/kuttl/iceberg/20_minio.yaml b/tests/templates/kuttl/iceberg/20_minio.yaml index 85ac7c4c..2414a539 100644 --- a/tests/templates/kuttl/iceberg/20_minio.yaml +++ b/tests/templates/kuttl/iceberg/20_minio.yaml @@ -221,8 +221,6 @@ data: scheme=https connectToMinio $scheme - - # Create the users echo console > $MINIO_ACCESSKEY_SECRETKEY_TMP echo console123 >> $MINIO_ACCESSKEY_SECRETKEY_TMP From 9feee4d741e802a7d77b321b6fd907e380ae49c7 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 25 Jul 2025 09:52:19 +0200 Subject: [PATCH 4/5] more linting --- tests/templates/kuttl/iceberg/21_minio_jobs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml index 4c848d62..9411d758 100644 --- a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml +++ b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml @@ -113,4 +113,4 @@ spec: mountPath: /etc/minio/mc/certs/CAs resources: requests: - memory: 128Mi \ No newline at end of file + memory: 128Mi From 58bb6bc87ab9052dd9abee1882e7c02bf80bb256 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 25 Jul 2025 10:00:50 +0200 Subject: [PATCH 5/5] linting, finally turned on pre-commit locally --- tests/templates/kuttl/iceberg/20_minio.yaml | 76 +++++++++---------- .../kuttl/iceberg/21_minio_jobs.yaml | 2 +- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/tests/templates/kuttl/iceberg/20_minio.yaml b/tests/templates/kuttl/iceberg/20_minio.yaml index 2414a539..3b9ffcbe 100644 --- a/tests/templates/kuttl/iceberg/20_minio.yaml +++ b/tests/templates/kuttl/iceberg/20_minio.yaml @@ -33,7 +33,7 @@ data: set -e # Have script exit in the event of a failed command. MC_CONFIG_DIR="/etc/minio/mc/" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - + # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { @@ -61,7 +61,7 @@ data: set -e # reset `e` as active return 0 } - + # checkBucketExists ($bucket) # Check if the bucket exists, by using the exit code of `mc ls` checkBucketExists() { @@ -69,7 +69,7 @@ data: CMD=$(${MC} stat myminio/$BUCKET >/dev/null 2>&1) return $? } - + # createBucket ($bucket, $policy, $purge) # Ensure bucket exists, purging if asked to createBucket() { @@ -78,7 +78,7 @@ data: PURGE=$3 VERSIONING=$4 OBJECTLOCKING=$5 - + # Purge the bucket, if set & exists # Since PURGE is user input, check explicitly for `true` if [ $PURGE = true ]; then @@ -91,7 +91,7 @@ data: echo "Bucket '$BUCKET' does not exist, skipping purge." fi fi - + # Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) if ! checkBucketExists $BUCKET; then if [ ! -z $OBJECTLOCKING ]; then @@ -109,7 +109,7 @@ data: echo "Bucket '$BUCKET' already exists." fi fi - + # set versioning for bucket if objectlocking is disabled or not set if [ $OBJECTLOCKING = false ]; then if [ ! -z $VERSIONING ]; then @@ -124,30 +124,30 @@ data: else echo "Bucket '$BUCKET' versioning unchanged." fi - + # At this point, the bucket should exist, skip checking for existence # Set policy on the bucket echo "Setting policy of bucket '$BUCKET' to '$POLICY'." ${MC} anonymous set $POLICY myminio/$BUCKET } - + # Try connecting to MinIO instance scheme=https connectToMinio $scheme - + # Create the buckets createBucket demo "public" false false false - + add-user: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. MC_CONFIG_DIR="/etc/minio/mc/" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - + # AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. # Special characters for example : ',",<,>,{,} MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" - + # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { @@ -174,14 +174,14 @@ data: set -e ; # reset `e` as active return 0 } - + # checkUserExists () # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) return $? } - + # createUser ($policy) createUser() { POLICY=$1 @@ -205,7 +205,7 @@ data: fi #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - + # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" @@ -216,22 +216,22 @@ data: echo "User '$USER' has no policy attached." fi } - + # Try connecting to MinIO instance scheme=https connectToMinio $scheme - + # Create the users echo console > $MINIO_ACCESSKEY_SECRETKEY_TMP echo console123 >> $MINIO_ACCESSKEY_SECRETKEY_TMP createUser consoleAdmin - + add-policy: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. MC_CONFIG_DIR="/etc/minio/mc/" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - + # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { @@ -258,7 +258,7 @@ data: set -e ; # reset `e` as active return 0 } - + # checkPolicyExists ($policy) # Check if the policy exists, by using the exit code of `mc admin policy info` checkPolicyExists() { @@ -266,12 +266,12 @@ data: CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) return $? } - + # createPolicy($name, $filename) createPolicy () { NAME=$1 FILENAME=$2 - + # Create the name if it does not exist echo "Checking policy: $NAME (in /config/$FILENAME.json)" if ! checkPolicyExists $NAME ; then @@ -280,23 +280,23 @@ data: echo "Policy '$NAME' already exists." fi ${MC} admin policy create myminio $NAME /config/$FILENAME.json - + } - + # Try connecting to MinIO instance scheme=https connectToMinio $scheme - + add-svcacct: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. MC_CONFIG_DIR="/etc/minio/mc/" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - + # AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. # Special characters for example : ',",<,>,{,} MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp" - + # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { @@ -323,14 +323,14 @@ data: set -e ; # reset `e` as active return 0 } - + # checkSvcacctExists () # Check if the svcacct exists, by using the exit code of `mc admin user svcacct info` checkSvcacctExists() { CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) return $? } - + # createSvcacct ($user) createSvcacct () { USER=$1 @@ -361,17 +361,17 @@ data: #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP } - + # Try connecting to MinIO instance scheme=https connectToMinio $scheme - + custom-command: |- #!/bin/sh set -e ; # Have script exit in the event of a failed command. MC_CONFIG_DIR="/etc/minio/mc/" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - + # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { @@ -398,14 +398,14 @@ data: set -e ; # reset `e` as active return 0 } - + # runCommand ($@) # Run custom mc command runCommand() { ${MC} "$@" return $? } - + # Try connecting to MinIO instance scheme=https connectToMinio $scheme @@ -523,7 +523,7 @@ spec: mountPath: "/tmp/credentials" readOnly: true - name: export - mountPath: /export + mountPath: /export - mountPath: /etc/minio/original_certs name: tls - mountPath: /etc/minio/certs @@ -550,15 +550,15 @@ spec: requests: cpu: 1 memory: 2Gi - securityContext: - readOnlyRootFilesystem: false + securityContext: + readOnlyRootFilesystem: false volumes: - name: export persistentVolumeClaim: claimName: minio - name: minio-user secret: - secretName: minio + secretName: minio - ephemeral: volumeClaimTemplate: metadata: diff --git a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml index 9411d758..bd8f3ac4 100644 --- a/tests/templates/kuttl/iceberg/21_minio_jobs.yaml +++ b/tests/templates/kuttl/iceberg/21_minio_jobs.yaml @@ -19,7 +19,7 @@ spec: release: minio stackable.tech/vendor: Stackable spec: - restartPolicy: OnFailure + restartPolicy: OnFailure volumes: - name: etc-path emptyDir: {}