Merge branch 'master' into issue-134-add-index-volume

* master: Run tests on GKE (#140) Document update: README.md (#133) Add service account role definitions [skip ci] (#136)
pravega · Mar 20, 2019 · 3a09e4d · 3a09e4d
2 parents 462bf16 + 9048fee
commit 3a09e4d
Show file tree

Hide file tree

Showing 3 changed files with 123 additions and 74 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,73 +1,92 @@
 sudo: required
-# We need the systemd for the kubeadm and it's default from 16.04+
-dist: xenial
 
 language: go
 go_import_path: github.com/pravega/pravega-operator
 go:
-- '1.11'
+  - '1.11'
 
 env:
   global:
-    - KUBERNETES_CONFIG_FILE=$HOME/.kube/config
-    - CHANGE_MINIKUBE_NONE_USER=true
-    - MINIKUBE_VERSION=v0.33.1
-    - OPERATOR_SDK_VERSION=v0.4.0
-    - HELM_VERSION=v2.12.0
-    - DEP_VERSION=v0.5.0
     - secure: "X4zdixrmuh/D4WwJ6btu0fJROq7fTPO5n4/jeyoxTQvrpwikycwf3ZpXS94u43rHx1ovc8vweVIc4Kur7MFAJDmFpPz5adjD7cCjqaRHo+Sw4a/gdNKizFEmZEBFlelynJ+cYekfF3rIFRws+u/8yWUQnSPl4495Qq1NKjrDTqoB6ZrQDxYdIPPpLAit+Aj9a2zQ4xPHyOv02SmfgL22wQhOx8SF78VNmqVah6klC8j3tAemHJQSBmUQ2fPVBpqAy3YsI7mpF9aSdBOzr7Dk1/cajOx4M5WrAxDPZ7+fSKD97SjICKqtM6MuX63O6Tg86zzdoEdvTWvwBwjWpbI3iCytJOCD8vT1QBPd9bLwZI7K5dElrW990HGrBBS4GmKTFykEE6PCNvxDHu1pG4N0vmLhZ3Hh4evZxA8xSnHRyYTLOaDkSe/vurlmsRJiW0GOEa6Fyz+xrD5y4l5MDkPVvaEPzWFZQf8v+l3OvvDvmHmqup4ADXE/XBYbVraTn8wPcQnvk5ueCvJWBOd/E4keGFsGbqDxQpvQRG/8aHWv32lj2HHK6/qbihXvTfJfRbrWli2BV0LMBL/OBIiuL1JeXycYZG3AtbnwgJVXPzs8kpwrmxkRYvbb3Kc9HXu9x+ajeWDYb978Rq6/0DfXhKFIiLrgUOxR2SK6eHDTcfUY+us="
-  matrix:
-    - KUBERNETES_VERSION=v1.12.0
 
-services:
-- docker
+stages:
+  - check
+  - unit
+  - e2e
+  - deploy
 
-install:
-- curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBERNETES_VERSION/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
-- curl -Lo minikube https://storage.googleapis.com/minikube/releases/$MINIKUBE_VERSION/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
-- curl -Lo dep https://github.com/golang/dep/releases/download/$DEP_VERSION/dep-linux-amd64 && chmod +x dep && sudo mv dep /usr/local/bin/
-- curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/$OPERATOR_SDK_VERSION/operator-sdk-$OPERATOR_SDK_VERSION-x86_64-linux-gnu && chmod +x operator-sdk && sudo mv operator-sdk /usr/local/bin/
-- curl -Lo helm.tar.gz https://storage.googleapis.com/kubernetes-helm/helm-$HELM_VERSION-linux-amd64.tar.gz && tar xfz helm.tar.gz && sudo mv linux-amd64/{helm,tiller} /usr/local/bin/
-# nfs-common is required to mount NFS-based Pravega Tier 2 storage
-# socat is required by Helm to do port-forwarding
-- sudo apt-get install -y nfs-common socat
+jobs:
+  include:
+    - stage: check
+      name: Gofmt and License checks
+      script:
+        - make check
 
-before_script:
-# Make root mounted as rshared to fix kube-dns issues
-- sudo mount --make-rshared /
-# Start MiniKube
-- sudo minikube start --vm-driver=none --bootstrapper=kubeadm --kubernetes-version=$KUBERNETES_VERSION
-# Fix the kubectl context, as it's often stale
-- minikube update-context
-# Wait for Kubernetes to be up and ready
-- JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
-# Show cluster information
-- kubectl cluster-info
-- kubectl -n kube-system get pod -o wide
-# Install Helm Tiller
-- kubectl create serviceaccount --namespace kube-system tiller
-- kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
-- helm init --service-account tiller --wait
-# Install NFS provisioner
-- helm install stable/nfs-server-provisioner
-- kubectl -n default create -f test/e2e/resources/tier2.yaml
-- JSONPATH='{.status.phase}'; until kubectl get pvc pravega-tier2 -o jsonpath="$JSONPATH" 2>&1 | grep -q "Bound"; do sleep 1; done
-# Install ZooKeeper
-- kubectl -n default create -f test/e2e/resources/zookeeper.yaml
-- JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get pods -l kind=ZookeeperMember -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
-# Show Pravega dependencies
-- kubectl -n default get pod,pvc,svc -o wide
+    - stage: unit
+      name: Unit tests
+      script:
+        - make test-unit
 
-script:
-- make dep
-- make check
-- make test
-- make build
-- make clean
+    - stage: e2e
+      name: End-to-end tests
+      if: type = pull_request OR branch = master
+      services:
+        - docker
+      env:
+        - KUBECTL_VERSION=v1.12.0
+        - OPERATOR_SDK_VERSION=v0.4.0
+        - HELM_VERSION=v2.12.0
+        - DEP_VERSION=v0.5.0
+        - CLOUDSDK_CORE_DISABLE_PROMPTS=1
+        - GOOGLE_APPLICATION_CREDENTIALS="$HOME/gcloud-service-key.json"
+        - GOOGLE_SERVICE_ACCOUNT=pravega-travis-service-account@pravega-dev.iam.gserviceaccount.com
+        - PROJECT_NAME=pravega-dev
+        - CLUSTER_NAME="pravega-operator-travis-$(date +'%Y%m%d%H%M%S')"
+        - CLUSTER_ZONE=us-central1-c
+        - CLUSTER_SIZE=5
+        - CLUSTER_NODE_TYPE=n1-standard-2
+      install:
+        - if [ ! -d "$HOME/google-cloud-sdk/bin" ]; then rm -rf $HOME/google-cloud-sdk; curl https://sdk.cloud.google.com | bash; fi
+        - source $HOME/google-cloud-sdk/path.bash.inc
+        - gcloud --quiet version
+        - gcloud --quiet components update
+        - curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
+        - curl -Lo dep https://github.com/golang/dep/releases/download/$DEP_VERSION/dep-linux-amd64 && chmod +x dep && sudo mv dep /usr/local/bin/
+        - curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/$OPERATOR_SDK_VERSION/operator-sdk-$OPERATOR_SDK_VERSION-x86_64-linux-gnu && chmod +x operator-sdk && sudo mv operator-sdk /usr/local/bin/
+        - curl -Lo helm.tar.gz https://storage.googleapis.com/kubernetes-helm/helm-$HELM_VERSION-linux-amd64.tar.gz && tar xfz helm.tar.gz && sudo mv linux-amd64/{helm,tiller} /usr/local/bin/
+      before_script:
+        - echo $GCLOUD_SERVICE_KEY | base64 --decode -i > $HOME/gcloud-service-key.json
+        - gcloud auth activate-service-account --key-file $HOME/gcloud-service-key.json
+        - gcloud --quiet config set project $PROJECT_NAME
+        - gcloud --quiet config set container/use_application_default_credentials True
+        - gcloud --quiet container clusters create $CLUSTER_NAME --num-nodes=$CLUSTER_SIZE --zone=$CLUSTER_ZONE --machine-type=$CLUSTER_NODE_TYPE
+        - gcloud --quiet container clusters get-credentials $CLUSTER_NAME --zone=$CLUSTER_ZONE
+        - kubectl config view
+        - kubectl config current-context
+        - kubectl get nodes -o wide
+        - kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$GOOGLE_SERVICE_ACCOUNT
+        # Install Helm Tiller
+        - kubectl create serviceaccount --namespace kube-system tiller
+        - kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
+        - helm init --service-account tiller --wait
+        # Install NFS provisioner
+        - helm install stable/nfs-server-provisioner
+        - kubectl -n default create -f test/e2e/resources/tier2.yaml
+        - JSONPATH='{.status.phase}'; until kubectl get pvc pravega-tier2 -o jsonpath="$JSONPATH" 2>&1 | grep -q "Bound"; do sleep 1; done
+        # Install ZooKeeper
+        - kubectl -n default create -f test/e2e/resources/zookeeper.yaml
+        - JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get pods -l kind=ZookeeperMember -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
+        # Show Pravega dependencies
+        - kubectl -n default get pod,pvc,svc -o wide
+      script:
+        - make test-e2e
+      after_script:
+        - gcloud --quiet container clusters delete $CLUSTER_NAME --zone $CLUSTER_ZONE
 
-deploy:
-  provider: script
-  script: make push
-  on:
-    branch: master
-    tags: true
+    - stage: deploy
+      name: Push Docker image
+      if: branch = master AND tag IS present
+      services:
+        - docker
+      script:
+        - make push
diff --git a/Makefile b/Makefile
@@ -52,7 +52,7 @@ test-e2e-local:
 login:
 	@docker login -u "$(DOCKER_USER)" -p "$(DOCKER_PASS)"
 
-push: build-image login
+push: build login
 	docker push $(REPO):$(VERSION)
 	docker push $(REPO):latest
 

diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # Pravega Operator
 
+ [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![GoDoc](https://godoc.org/github.com/pravega/pravega-operator?status.svg)](https://godoc.org/github.com/pravega/pravega-operator) [![Build Status](https://travis-ci.org/pravega/pravega-operator.svg?branch=master)](https://travis-ci.org/pravega/pravega-operator) [![Go Report](https://goreportcard.com/badge/github.com/pravega/pravega-operator)](https://goreportcard.com/report/github.com/pravega/pravega-operator)
+
 ### Project status: alpha
 
 The project is currently alpha. While no breaking API changes are currently planned, we reserve the right to address bugs and change the API before the project is declared stable.
@@ -31,7 +33,7 @@ The project is currently alpha. While no breaking API changes are currently plan
 
 [Pravega](http://pravega.io) is an open source distributed storage service implementing Streams. It offers Stream as the main primitive for the foundation of reliable storage systems: *a high-performance, durable, elastic, and unlimited append-only byte stream with strict ordering and consistency*.
 
-The Pravega operator manages Pravega clusters deployed to Kubernetes and automates tasks related to operating a Pravega cluster.
+The Pravega Operator manages Pravega clusters deployed to Kubernetes and automates tasks related to operating a Pravega cluster.
 
 - [x] Create and destroy a Pravega cluster
 - [x] Resize cluster
@@ -46,17 +48,17 @@ The Pravega operator manages Pravega clusters deployed to Kubernetes and automat
 
 ## Usage
 
-### Install the operator
+### Install the Operator
 
 > Note: If you are running on Google Kubernetes Engine (GKE), please [check this first](#installation-on-google-kubernetes-engine).
 
-Run the following command to install the `PravegaCluster` custom resource definition (CRD), create the `pravega-operator` service account, roles, bindings, and the deploy the operator.
+Run the following command to install the `PravegaCluster` custom resource definition (CRD), create the `pravega-operator` service account, roles, bindings, and the deploy the Operator.
 
 ```
 $ kubectl create -f deploy
 ```
 
-Verify that the Pravega operator is running.
+Verify that the Pravega Operator is running.
 
 ```
 $ kubectl get deploy
@@ -109,7 +111,7 @@ spec:
 ```
 $ kubectl create -f pvc.yaml
 ```
-Use the following YAML template to install a small development Pravega Cluster (3 bookies, 1 controller, 3 segment stores). Create a `pravega.yaml` file with the following content.
+Use the following YAML template to install a small development Pravega Cluster (3 Bookies, 1 Controller, 3 Segment Stores). Create a `pravega.yaml` file with the following content.
 
 ```yaml
 apiVersion: "pravega.pravega.io/v1alpha1"
@@ -122,7 +124,7 @@ spec:
   bookkeeper:
     image:
       repository: pravega/bookkeeper
-      tag: 0.3.2
+      tag: 0.4.0
       pullPolicy: IfNotPresent
 
     replicas: 3
@@ -157,7 +159,7 @@ spec:
 
     image:
       repository: pravega/pravega
-      tag: 0.3.2
+      tag: 0.4.0
       pullPolicy: IfNotPresent
 
     tier2:
@@ -238,7 +240,7 @@ $ kubectl delete -f pravega.yaml
 $ kubectl delete -f pvc.yaml
 ```
 
-### Uninstall the operator
+### Uninstall the Operator
 
 > Note that the Pravega clusters managed by the Pravega operator will NOT be deleted even if the operator is uninstalled.
 
@@ -275,6 +277,34 @@ spec:
 ...
 ```
 
+If external access is enabled in your Pravega cluster, Segment Store pods will require access to some Kubernetes API endpoints to obtain the external IP and port. Make sure that the service account you are using for the Segment Store has, at least, the following permissions.
+
+```
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: pravega-components
+  namespace: "pravega-namespace"
+rules:
+- apiGroups: ["pravega.pravega.io"]
+  resources: ["*"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods", "services"]
+  verbs: ["get"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: pravega-components
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+```
+
+Replace the `namespace` with your own namespace.
+
 ### Installing on a Custom Namespace with RBAC enabled
 
 Create the namespace.
@@ -382,7 +412,7 @@ Use the same `pravega.yaml` above to deploy the Pravega cluster.
 
 Pravega has many configuration options for setting up metrics, tuning, etc. The available options can be found
 [here](https://github.com/pravega/pravega/blob/master/config/config.properties) and are
-expressed through the pravega/options part of the resource specification. All values must be expressed as Strings.
+expressed through the `pravega/options` part of the resource specification. All values must be expressed as Strings.
 
 ```yaml
 ...
@@ -412,7 +442,7 @@ That will generate a Docker image with the format
 
 Example image after running `make build`.
 
-The Pravega operator image will be available in your Docker environment.
+The Pravega Operator image will be available in your Docker environment.
 
 ```
 $ docker images pravega/pravega-operator
@@ -449,7 +479,7 @@ According to Google Container Engine docs:
 >
 > This is a known issue in the Beta release of Role-Based Access Control in Kubernetes and Container Engine version 1.6.
 
-On GKE, the following command must be run before installing the operator, replacing the user with your own details.
+On GKE, the following command must be run before installing the Operator, replacing the user with your own details.
 
 ```
 $ kubectl create clusterrolebinding your-user-cluster-admin-binding --clusterrole=cluster-admin --user=your.google.cloud.email@example.org
@@ -462,11 +492,11 @@ For debugging and development you might want to access the Pravega cluster direc
 ```
 $ kubectl port-forward -n default pravega-pravega-controller-68657d67cd-w5x8b 9090:9090 10080:10080
 ```
-## Run the operator locally
+## Run the Operator locally
 
-You can run the operator locally to help with development, testing, and debugging tasks.
+You can run the Operator locally to help with development, testing, and debugging tasks.
 
-The following command will run the operator locally with the default Kubernetes config file present at `$HOME/.kube/config`. Use the `--kubeconfig` flag to provide a different path.
+The following command will run the Operator locally with the default Kubernetes config file present at `$HOME/.kube/config`. Use the `--kubeconfig` flag to provide a different path.
 
 ```
 $ operator-sdk up local