Merge pull request 'OZG-3184-new-dev-cluster' (#135) from OZG-3184-new-dev-cluster into master

Reviewed-on: https://git.ozg-sh.de/mgm/goofy/pulls/135

Jenkinsfile

@@ -9,6 +9,9 @@ pipeline {
         BLUE_OCEAN_URL = "https://jenkins.ozg-sh.de/job/goofy/job/${env.BRANCH_NAME}/${env.BUILD_NUMBER}/"
         RELEASE_REGEX = /\d+.\d+.\d+/
         SNAPSHOT_REGEX = /\d+.\d+.\d+-SNAPSHOT/
+        BUNDESLAND = "by"
+        SSO_URL = "sso.dev.by.kop-cloud.de"
+        CLUSTER_BASE_URL = "apps01.dev.by.kop-cloud.de"
         FAILED_STAGE = ""
         IMAGE_TAG = ""
         VERSION = ""
@@ -128,7 +131,7 @@ pipeline {
                     FAILED_STAGE = env.STAGE_NAME
                     E2E_FAILED = ""
                 
-                    configFileProvider([configFile(fileId: 'kubeconfig-old-dev-cluster', variable: 'KUBE_CONFIG')]) {
+                    configFileProvider([configFile(fileId: 'kubeconfig-dev-cluster', variable: 'KUBE_CONFIG')]) {
                         sh 'mkdir ~/.kube'
                         sh 'cp ${KUBE_CONFIG} ~/.kube/config'
                     }
@@ -242,9 +245,9 @@ pipeline {
                                     def bezeichner = generateBezeichner(stageName)
                                     def dbPort = 27018
 
-                                    startEnvironment(bezeichner, stageName, IMAGE_TAG, true, HELM_CHART_VERSION, 'sh', dbPort)
+                                    startEnvironment(bezeichner, stageName, IMAGE_TAG, true, HELM_CHART_VERSION, dbPort)
 
-                                    def testResult = runTests(stageName, bezeichner, 'einheitlicher-ansprechpartner', 'sh', dbPort)
+                                    def testResult = runTests(stageName, bezeichner, 'einheitlicher-ansprechpartner', dbPort)
 
         							if (env.BRANCH_NAME != 'master') {
                                     	deleteKopStack(bezeichner, stageName)
@@ -271,9 +274,9 @@ pipeline {
                                     def bezeichner = generateBezeichner(stageName)
                                     def dbPort = 27019
 
-                                    startEnvironment(bezeichner, stageName, IMAGE_TAG, false, HELM_CHART_VERSION, 'sh', dbPort)
+                                    startEnvironment(bezeichner, stageName, IMAGE_TAG, false, HELM_CHART_VERSION, dbPort)
 
-                                    def testResult = runTests(stageName, bezeichner, 'main-tests', 'sh', dbPort)
+                                    def testResult = runTests(stageName, bezeichner, 'main-tests', dbPort)
 
                                     if (env.BRANCH_NAME != 'master') {
                                     	deleteKopStack(bezeichner, stageName)
@@ -384,7 +387,7 @@ String generateImageTag() {
     return imageTag
 }
 
-Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean isEa, String chartVersion, String bundesland, dbPort) {
+Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean isEa, String chartVersion, Integer dbPort) {
     setupAnsible(imageTag, stage, isEa, chartVersion)
 
     try {
@@ -394,9 +397,9 @@ Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean
     }
 
     rolloutKopStack(bezeichner, stage)
-    addKeycloakGroups(bezeichner, stage, bundesland)
-    addKeycloakUser(bezeichner, stage, bundesland)
-    exposeDatenbank("${bundesland}-${bezeichner}-dev", dbPort)
+    addKeycloakGroups(bezeichner, stage)
+    addKeycloakUser(bezeichner, stage)
+    exposeDatenbank("${env.BUNDESLAND}-${bezeichner}-dev", dbPort)
     exposeElasticSearch()
 }
 
@@ -407,6 +410,7 @@ Void setupAnsible(String imageTag, String stage, Boolean isEa, String chartVersi
         copyTestEnvironmentToDev(stage)
     }
 
+    editProvisioningBundesland(stage)
     editEnvironemntVersion(stage, imageTag, isEa, chartVersion)
 
     if (isEa) {
@@ -417,7 +421,7 @@ Void setupAnsible(String imageTag, String stage, Boolean isEa, String chartVersi
 }
 
 Void setAnsibleKubeConfig() {
-    configFileProvider([configFile(fileId: 'kubeconfig-old-dev-cluster', variable: 'KUBE_CONFIG')]) {
+    configFileProvider([configFile(fileId: 'kubeconfig-dev-cluster', variable: 'KUBE_CONFIG')]) {
         sh 'mkdir ~/.kube'
         sh 'cp ${KUBE_CONFIG} ~/.kube/config'
     }
@@ -462,14 +466,26 @@ Void editEnvironemntVersion(String stage, String imageTag, Boolean isEa, String
 
         devVersions.values.goofy.put('env', ['overrideSpringProfiles': overrideSpringProfiles])
         devVersions.values.pluto.put('env', ['overrideSpringProfiles': overrideSpringProfiles])
+        devVersions.values.goofy.put('ingress', ['use_staging_cert': true])
 
         devVersions.versions.goofy.image.tag = imageTag
-        // devVersions.charts.goofy.version = chartVersion
+        devVersions.charts.goofy.version = chartVersion
 
         writeYaml file: editFile, data: devVersions, overwrite: true
     }
 }
 
+Void editProvisioningBundesland(String stage) {
+    dir("${stage}/provisioning") {
+        def editEnvFile = "inventories/group_vars/all/env"
+        def envVersions = readYaml file: editEnvFile
+
+        envVersions.kop_bundesland = env.BUNDESLAND
+
+        writeYaml file: editEnvFile, data: envVersions, overwrite: true
+    }
+}
+
 String getSpringProfile(Boolean isEa) {
     if (isEa) {
         return "oc,ea,e2e,dev"
@@ -523,7 +539,7 @@ Void rolloutKopStack(String bezeichner, String stage) {
     }
 }
 
-Void addKeycloakGroups(String bezeichner, String stage, String bundesland) {
+Void addKeycloakGroups(String bezeichner, String stage) {
     def groupFiles = sh (script: 'ls goofy-client/apps/goofy-e2e/src/fixtures/group', returnStdout: true)
 
     groupFiles.split("\\n").each { group ->
@@ -531,7 +547,7 @@ Void addKeycloakGroups(String bezeichner, String stage, String bundesland) {
 
         def ansibleVars = """{"k8s_context":"ozg-dev", \
             "kop_env":"dev", \
-            "keycloak_realm":"${bundesland}-${bezeichner}-dev", \
+            "keycloak_realm":"${env.BUNDESLAND}-${bezeichner}-dev", \
             "group":${groupJson}
             }"""
 
@@ -546,7 +562,7 @@ Void addKeycloakGroups(String bezeichner, String stage, String bundesland) {
 	}
 }
 
-Void addKeycloakUser(String bezeichner, String stage, String bundesland) {
+Void addKeycloakUser(String bezeichner, String stage) {
     def userFiles = sh (script: 'ls goofy-client/apps/goofy-e2e/src/fixtures/user', returnStdout: true)
 
     userFiles.split("\\n").each { user ->
@@ -554,7 +570,7 @@ Void addKeycloakUser(String bezeichner, String stage, String bundesland) {
 
         def ansibleVars = """{"k8s_context":"ozg-dev", \
             "kop_env":"dev", \
-            "keycloak_realm":"${bundesland}-${bezeichner}-dev", \
+            "keycloak_realm":"${env.BUNDESLAND}-${bezeichner}-dev", \
             "user":${userJson}
         }"""
 
@@ -597,8 +613,8 @@ Void publishE2ETestResult(String reportFolder, String reportName) {
     )
 }
 
-String runTests(String stageName, String bezeichner, String reportFolder, String bundesland, dbPort) {
-    def configFile = generateCypressConfig(stageName, bezeichner, reportFolder, bundesland, dbPort)
+String runTests(String stageName, String bezeichner, String reportFolder, Integer dbPort) {
+    def configFile = generateCypressConfig(stageName, bezeichner, reportFolder, dbPort)
 
     try {
         dir("goofy-client") {
@@ -637,18 +653,17 @@ String cutBranchNameForKeycloakRealm(String branchName, String stageName) {
     return branchName
 }
 
-String generateCypressConfig(String stage, String bezeichner, String testFolder, String bundesland, dbPort) {
-    def namespace = "${bundesland}-${bezeichner}-dev"
+String generateCypressConfig(String stage, String bezeichner, String testFolder, Integer dbPort) {
+    def namespace = "${env.BUNDESLAND}-${bezeichner}-dev"
     def configName = "cypress-ci-"+testFolder+".json"
 
-    def url = "dev.ozg-sh.de"
-
     dir('goofy-client/apps/goofy-e2e/'){
         def config = readJSON file: 'cypress-ci.json'
         def elasticsearchEnv = getElasticsearchEnv(namespace)
 
-        config.baseUrl = "https://${bezeichner}.${url}" as String
+        config.baseUrl = "https://${bezeichner}.${env.CLUSTER_BASE_URL}" as String
         config.env.dbUrl = "mongodb://pluto-database-user:XnHhfznNWg65NNd@localhost:${dbPort}/admin?ssl=false&directConnection=true" as String
+        config.env.keycloakUrl = "https://${env.SSO_URL}/" as String
         config.env.keycloakRealm = namespace as String
         config.env.keycloakClient = namespace + "-goofy" as String
 		config.env.sabineUuid = getKeycloakUuid(namespace, "sabine") as String
@@ -688,7 +703,7 @@ def getSecrect(namespace, secretName){
 String getKeycloakUuid(realm, userName) {
     def shScript = """curl -H 'Content-Type: application/json' \
                         -H 'Authorization: bearer ${getKeycloakAccessToken()}' \
-                        'https://sso.dev.ozg-sh.de/admin/realms/${realm}/users'
+                        'https://${env.SSO_URL}/admin/realms/${realm}/users'
                     """
 
 	def users = readJSON text: sh(script: shScript, returnStdout: true)
@@ -701,8 +716,8 @@ String getKeycloakUuid(realm, userName) {
 }
 
 String getKeycloakAccessToken() {
-	withCredentials([usernamePassword(credentialsId: 'keycloak-old-dev-cluster', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
-		def token = readJSON text: sh (script: 'curl -d "client_id=admin-cli" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=password" "https://sso.dev.ozg-sh.de/realms/master/protocol/openid-connect/token"', returnStdout: true)
+	withCredentials([usernamePassword(credentialsId: 'keycloak-dev-cluster', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
+		def token = readJSON text: sh (script: 'curl -d "client_id=admin-cli" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=password" https://$SSO_URL/realms/master/protocol/openid-connect/token', returnStdout: true)
 
 		return token.access_token
 	}
@@ -769,7 +784,7 @@ Void setNewGoofyProvisioningVersion(String environment) {
         def envVersions = readYaml file: envFile
 
         envVersions.versions.goofy.image.tag = IMAGE_TAG
-        // envVersions.charts.goofy.version = HELM_CHART_VERSION
+        envVersions.charts.goofy.version = HELM_CHART_VERSION
 
         writeYaml file: envFile, data: envVersions, overwrite: true
     }

src/main/helm/README.md

@@ -4,7 +4,7 @@
 ## Unit-Tests
 Für Unit-Tests wird das helm [helm-unittest](https://github.com/quintush/helm-unittest) plugin benötigt. Die Unit-Tests liegen im Verzeichnis src/test/helm
 
-`helm unittest -f '../../test/helm/*.yaml' .`
+`helm unittest -f '../../test/helm/*.yaml' -v '../../test/unit-values.yaml' .`
 ## SyntaxCheck
 `helm template --debug -f test-values.yaml .`
 

src/main/helm/templates/ingress.yaml

@@ -26,7 +26,11 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
+    {{- if (.Values.ingress).use_staging_cert }}
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    {{- else }}
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{- end }}
   name: {{ include "app.name" . }}
   namespace: {{ include "app.namespace" . }}
 spec:

src/test/helm/ingress-nginx-tests.yaml

@@ -46,3 +46,25 @@ tests:
           path: spec.ingressClassName
       - isNull:
           path: spec.tls[0].secretName
+  
+  - it: should use default letsencrypt-prod cluster-issuer
+    asserts:
+      - equal:
+          path: metadata.annotations.[cert-manager.io/cluster-issuer]
+          value: letsencrypt-prod
+
+  - it: should use letsencrypt-staging cluster-issuer
+    set:
+      ingress.use_staging_cert: true
+    asserts:
+      - equal:
+          path: metadata.annotations.[cert-manager.io/cluster-issuer]
+          value: letsencrypt-staging
+
+  - it: should use letsencrypt-prod cluster-issuer
+    set:
+      ingress.use_staging_cert: false
+    asserts:
+      - equal:
+          path: metadata.annotations.[cert-manager.io/cluster-issuer]
+          value: letsencrypt-prod