From 9eba3afb7e288c13f75f93d5712d50a3b9e7b92d Mon Sep 17 00:00:00 2001 From: Chance <139784371+UnicornChance@users.noreply.github.com> Date: Mon, 4 Mar 2024 14:35:16 -0700 Subject: [PATCH] fix: basic validations for packages (#208) ## Description Improve / Add validations for package deployments and testing. Keycloak validations are captured on this [branch](https://github.com/defenseunicorns/uds-core/tree/authservice-pepr) / this [PR](https://github.com/defenseunicorns/uds-core/pull/201). ## Related Issue Fixes # [109](https://github.com/defenseunicorns/uds-core/issues/109) ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --- src/authservice/common/zarf.yaml | 11 ++++++++ src/authservice/tasks.yaml | 7 ----- src/grafana/common/zarf.yaml | 5 ++-- src/grafana/tasks.yaml | 7 +++++ src/loki/common/zarf.yaml | 11 ++++++++ src/metrics-server/common/zarf.yaml | 11 ++++++++ src/neuvector/common/zarf.yaml | 11 ++++++++ src/neuvector/tasks.yaml | 39 ++++++++++++++++++++++++--- src/prometheus-stack/common/zarf.yaml | 11 ++++++++ src/prometheus-stack/tasks.yaml | 7 +++++ src/promtail/common/zarf.yaml | 11 ++++++++ 11 files changed, 118 insertions(+), 13 deletions(-) diff --git a/src/authservice/common/zarf.yaml b/src/authservice/common/zarf.yaml index 18ad2d6ae..6e728fe16 100644 --- a/src/authservice/common/zarf.yaml +++ b/src/authservice/common/zarf.yaml @@ -12,3 +12,14 @@ components: localPath: ../chart version: 0.5.3 namespace: authservice + actions: + onDeploy: + after: + - description: Validate Authservice Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: authservice + namespace: authservice + condition: "'{.status.phase}'=Ready" diff --git a/src/authservice/tasks.yaml b/src/authservice/tasks.yaml index 7fa53d5d2..479bc906f 100644 --- a/src/authservice/tasks.yaml +++ b/src/authservice/tasks.yaml @@ -1,13 +1,6 @@ tasks: - name: validate actions: - - description: Validate UDS Package Authservice is reconciled - wait: - cluster: - kind: Package - name: authservice - namespace: authservice - condition: "'{.status.phase}'=Ready" - description: Validate authservice is up wait: cluster: diff --git a/src/grafana/common/zarf.yaml b/src/grafana/common/zarf.yaml index 52615edbb..21c302cf4 100644 --- a/src/grafana/common/zarf.yaml +++ b/src/grafana/common/zarf.yaml @@ -21,10 +21,11 @@ components: actions: onDeploy: after: - - description: "Wait for UDS Operator sync" + - description: Validate Grafana Package + maxTotalSeconds: 300 wait: cluster: - kind: Package + kind: Packages name: grafana namespace: grafana condition: "'{.status.phase}'=Ready" diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index a305b7457..c657198f0 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -8,3 +8,10 @@ tasks: name: "app.kubernetes.io/instance=grafana" namespace: grafana condition: Ready + # todo: Fix single package validation checks in CI where Istio isn't installed + # - description: Validate grafana interface + # wait: + # network: + # protocol: https + # address: grafana.admin.uds.dev + # code: 200 diff --git a/src/loki/common/zarf.yaml b/src/loki/common/zarf.yaml index 3250bd504..ce66ed973 100644 --- a/src/loki/common/zarf.yaml +++ b/src/loki/common/zarf.yaml @@ -17,3 +17,14 @@ components: namespace: loki valuesFiles: - ../values/values.yaml + actions: + onDeploy: + after: + - description: Validate Loki Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: loki + namespace: loki + condition: "'{.status.phase}'=Ready" diff --git a/src/metrics-server/common/zarf.yaml b/src/metrics-server/common/zarf.yaml index 4beb05069..281ffa91c 100644 --- a/src/metrics-server/common/zarf.yaml +++ b/src/metrics-server/common/zarf.yaml @@ -18,3 +18,14 @@ components: version: 3.12.0 valuesFiles: - "../values/values.yaml" + actions: + onDeploy: + after: + - description: Validate Metrics-Server Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: metrics-server + namespace: metrics-server + condition: "'{.status.phase}'=Ready" diff --git a/src/neuvector/common/zarf.yaml b/src/neuvector/common/zarf.yaml index f7a7fb76f..72306112e 100644 --- a/src/neuvector/common/zarf.yaml +++ b/src/neuvector/common/zarf.yaml @@ -32,3 +32,14 @@ components: gitPath: charts/monitor valuesFiles: - ../values/monitor-values.yaml + actions: + onDeploy: + after: + - description: Validate Neuvector Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: neuvector + namespace: neuvector + condition: "'{.status.phase}'=Ready" diff --git a/src/neuvector/tasks.yaml b/src/neuvector/tasks.yaml index e3b314c9b..910a1b5e7 100644 --- a/src/neuvector/tasks.yaml +++ b/src/neuvector/tasks.yaml @@ -1,7 +1,38 @@ tasks: - name: validate actions: - - description: Validate... - cmd: "echo Replace Me" - # wait: - # cluster: + - description: Validate Neuvector Controller + wait: + cluster: + kind: Pod + name: app=neuvector-controller-pod + condition: Ready + namespace: neuvector + - description: Validate Neuvector Enforcer + wait: + cluster: + kind: Pod + name: app=neuvector-enforcer-pod + condition: Ready + namespace: neuvector + - description: Validate Neuvector Manager + wait: + cluster: + kind: Pod + name: app=neuvector-manager-pod + condition: Ready + namespace: neuvector + - description: Validate Neuvector Scanner + wait: + cluster: + kind: Pod + name: app=neuvector-scanner-pod + condition: Ready + namespace: neuvector + # todo: Fix single package validation checks in CI where Istio isn't installed + # - description: Validate Neuvector Interface + # wait: + # network: + # protocol: https + # address: neuvector.admin.uds.dev + # code: 200 diff --git a/src/prometheus-stack/common/zarf.yaml b/src/prometheus-stack/common/zarf.yaml index f21691582..950ae4c96 100644 --- a/src/prometheus-stack/common/zarf.yaml +++ b/src/prometheus-stack/common/zarf.yaml @@ -18,3 +18,14 @@ components: version: 56.6.2 valuesFiles: - "../values/values.yaml" + actions: + onDeploy: + after: + - description: Validate Prometheus-Stack Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: prometheus-stack + namespace: monitoring + condition: "'{.status.phase}'=Ready" diff --git a/src/prometheus-stack/tasks.yaml b/src/prometheus-stack/tasks.yaml index f5bff3447..d9b8cfab5 100644 --- a/src/prometheus-stack/tasks.yaml +++ b/src/prometheus-stack/tasks.yaml @@ -22,3 +22,10 @@ tasks: name: app.kubernetes.io/name=kube-state-metrics namespace: monitoring condition: Ready + - description: Validate prometheus node exporter + wait: + cluster: + kind: Pod + name: app.kubernetes.io/name=prometheus-node-exporter + namespace: monitoring + condition: Ready diff --git a/src/promtail/common/zarf.yaml b/src/promtail/common/zarf.yaml index 1bb4458c8..f615f3675 100644 --- a/src/promtail/common/zarf.yaml +++ b/src/promtail/common/zarf.yaml @@ -19,3 +19,14 @@ components: gitPath: charts/promtail valuesFiles: - ../values/values.yaml + actions: + onDeploy: + after: + - description: Validate Promtail Package + maxTotalSeconds: 300 + wait: + cluster: + kind: Packages + name: promtail + namespace: promtail + condition: "'{.status.phase}'=Ready"