Local testing environment (#108)

* Add some Kubernetes manifests to setup a minimal rollout-operator instance.

* Ensure apply script works regardless of current directory.

* Add Jaeger setup to local development environment.

* Rename Kubernetes manifest files

* Add webhook configuration to test environment

* Add test app to test environment

development/README.md

@@ -0,0 +1,13 @@
+This directory contains Kubernetes manifests to start an instance of the rollout-operator locally.
+
+To use it:
+
+* Build the rollout-operator image: `make build-image`
+* Make the image available to your Kubernetes cluster (not required for use with Docker Desktop)
+* Apply the Kubernetes manifests: `./apply.sh`
+* Port forward to the operator service: `kubectl --namespace=rollout-operator-development port-forward svc/rollout-operator 8080:80`
+* Port forward to the Jaeger UI: `kubectl --namespace=rollout-operator-development port-forward svc/jaeger 16686:16686`
+
+You'll then be able to access the rollout operator at `http://localhost:8080`, and the Jaeger tracing UI at `http://localhost:16686`.
+
+You can use the `test-app` StatefulSet to exercise the operator.

development/apply.sh

@@ -0,0 +1,22 @@
+#! /usr/bin/env bash
+
+set -euo pipefail
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+current_context=$(kubectl config current-context)
+echo "Applying changes to '$current_context' kubectl context. Is this OK?"
+
+select yn in "Yes" "No"; do
+    case $yn in
+        Yes )
+          break
+          ;;
+        No )
+          exit
+          ;;
+    esac
+done
+
+kubectl apply --wait -f "$SCRIPT_DIR/namespace.yaml"
+find "$SCRIPT_DIR" -type f -name '*.yaml' -not -name 'namespace.yaml' -exec kubectl apply --namespace=rollout-operator-development --wait -f {} \;

development/jaeger-deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger
+  namespace: rollout-operator-development
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: jaeger
+  template:
+    metadata:
+      name: jaeger
+      labels:
+        name: jaeger
+    spec:
+      containers:
+        - name: jaeger
+          image: jaegertracing/all-in-one:1.52
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always

development/jaeger-service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jaeger
+  namespace: rollout-operator-development
+spec:
+  selector:
+    name: jaeger
+  ports:
+    - protocol: TCP
+      port: 16686
+      targetPort: 16686
+      name: http
+    - protocol: UDP
+      port: 6831
+      targetPort: 6831
+      name: thrift-compact-udp
+  type: ClusterIP

development/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rollout-operator-development

development/no-downscale-webhook.yaml

@@ -0,0 +1,37 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: no-downscale-rollout-operator-development
+  labels:
+    grafana.com/inject-rollout-operator-ca: "true"
+    grafana.com/namespace: rollout-operator-development
+webhooks:
+  - name: no-downscale-rollout-operator-development.grafana.com
+    clientConfig:
+      service:
+        namespace: rollout-operator-development
+        name: rollout-operator
+        path: /admission/no-downscale
+        port: 443
+    rules:
+      - operations:
+          - UPDATE
+        apiGroups:
+          - apps
+        apiVersions:
+          - v1
+        resources:
+          - statefulsets
+          - deployments
+          - replicasets
+          - statefulsets/scale
+          - deployments/scale
+          - replicasets/scale
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: rollout-operator-development
+    failurePolicy: Fail
+    sideEffects: None

development/prepare-downscale-webhook.yaml

@@ -0,0 +1,35 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: prepare-downscale-rollout-operator-development
+  labels:
+    grafana.com/inject-rollout-operator-ca: "true"
+    grafana.com/namespace: rollout-operator-development
+webhooks:
+  - name: prepare-downscale-rollout-operator-development.grafana.com
+    clientConfig:
+      service:
+        namespace: rollout-operator-development
+        name: rollout-operator
+        path: /admission/prepare-downscale
+        port: 443
+    rules:
+      - operations:
+          - UPDATE
+        apiGroups:
+          - apps
+        apiVersions:
+          - v1
+        resources:
+          - statefulsets
+          - statefulsets/scale
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: rollout-operator-development
+    failurePolicy: Fail
+    sideEffects: NoneOnDryRun
+    matchPolicy: Equivalent
+    timeoutSeconds: 10

development/rollout-operator-deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rollout-operator
+  namespace: rollout-operator-development
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: rollout-operator
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 0
+  minReadySeconds: 10
+  template:
+    metadata:
+      name: rollout-operator
+      labels:
+        name: rollout-operator
+    spec:
+      serviceAccountName: rollout-operator
+      containers:
+        - name: rollout-operator
+          image: rollout-operator:latest
+          imagePullPolicy: IfNotPresent
+          args:
+            - -kubernetes.namespace=rollout-operator-development
+            - -reconcile.interval=1s
+            - -log.level=debug
+            - -server-tls.enabled=true
+            - -server-tls.self-signed-cert.secret-name=certificate
+          ports:
+            - containerPort: 8001
+              name: http-metrics
+          readinessProbe:
+            initialDelaySeconds: 1
+            timeoutSeconds: 1
+            httpGet:
+              port: 8001
+              path: /ready
+          env:
+            - name: JAEGER_AGENT_HOST
+              value: jaeger.rollout-operator-development.svc.cluster.local
+            - name: JAEGER_AGENT_PORT
+              value: "6831"
+            - name: JAEGER_SAMPLER_TYPE
+              value: const
+            - name: JAEGER_SAMPLER_PARAM
+              value: "1"
+            - name: JAEGER_TAGS
+              value: app=rollout-operator
+            - name: JAEGER_REPORTER_MAX_QUEUE_SIZE
+              value: "1000"
+      restartPolicy: Always

development/rollout-operator-role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rollout-operator-rolebinding
+  namespace: rollout-operator-development
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rollout-operator-role
+subjects:
+  - kind: ServiceAccount
+    name: rollout-operator
+    namespace: rollout-operator-development

development/rollout-operator-role.yaml

@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rollout-operator-role
+  namespace: rollout-operator-development
+rules:
+  - apiGroups:
+      -
+    resources:
+      - pods
+    verbs:
+      - list
+      - get
+      - watch
+      - delete
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets/status
+    verbs:
+      - update

development/rollout-operator-service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rollout-operator
+  namespace: rollout-operator-development

development/rollout-operator-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rollout-operator
+  namespace: rollout-operator-development
+spec:
+  selector:
+    name: rollout-operator
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8001
+      name: http
+    - protocol: TCP
+      port: 443
+      targetPort: 8443
+      name: https
+  publishNotReadyAddresses: true
+  type: ClusterIP

development/rollout-operator-webhook-clusterrole-binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rollout-operator-webhook-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rollout-operator-webhook-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: rollout-operator
+    namespace: rollout-operator-development

development/rollout-operator-webhook-clusterrole.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rollout-operator-webhook-clusterrole
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+      - mutatingwebhookconfigurations
+    verbs:
+      - list
+      - patch

development/rollout-operator-webhook-role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rollout-operator-webhook-rolebinding
+  namespace: rollout-operator-development
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rollout-operator-webhook-role
+subjects:
+  - kind: ServiceAccount
+    name: rollout-operator
+    namespace: rollout-operator-development

development/rollout-operator-webhook-role.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rollout-operator-webhook-role
+  namespace: rollout-operator-development
+rules:
+  - apiGroups:
+      -
+    resources:
+      - secrets
+    verbs:
+      - update
+      - get
+    resourceNames:
+      - certificate
+  - apiGroups:
+      -
+    resources:
+      - secrets
+    verbs:
+      - create

development/test-app.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-app
+spec:
+  selector:
+    name: test-app
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+  type: ClusterIP
+
+---
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: test-app
+  labels:
+    grafana.com/prepare-downscale: "true"
+  annotations:
+    grafana.com/prepare-downscale-http-path: "/"
+    grafana.com/prepare-downscale-http-port: "80"
+spec:
+  replicas: 3
+  serviceName: test-app
+  selector:
+    matchLabels:
+      name: test-app
+  template:
+    metadata:
+      labels:
+        name: test-app
+    spec:
+      containers:
+        - name: app
+          image: nginx:latest