Finish ingress and related scripts, update README and tests

README.md

@@ -6,12 +6,24 @@ Deploy review apps for pull request
 
 * Install [Virtualbox](https://www.virtualbox.org/wiki/Downloads) to power Minikube
 * Install [asdf](https://www.virtualbox.org/wiki/Downloads) to install dev tools and languages
-* run `bin/setup`
-
-To start the app, run `bin/console`.
-
-Use `kubectl` to create, modify, and destroy `ReviewApp` resources in your minikube cluster to observe the operator's behavior.
-
+* Run `bin/setup`
+
+### TLS Setup
+The setup script will create a one-off root CA whose cert can be found at `dev-resources/tls/ca.crt`. If you want to make sure that portion of the ingress is working properly or just want to view the test review app over TLS, you can add that CA to your trust store. Firefox is a good browser for this because it manages its own trusted CAs rather than making you add them to the operating system.
+
+### Manual Local Testing
+1. Start minikube with `minikube start`
+1. Start the operator with `bin/console`. (It will run with iex attached.)
+1. In another terminal, create a review app with `./bin/dev/create-review-app.sh`
+1. This will create a build job as well as the other review app resources, though the deployment will be scaled to 0 until the build finishes.
+1. 90s later, the build will finish and the deployment should be scaled up to 1 replica.
+1. You should now be able to access your review app at https://test-review-app-678.review.local if you set up the CA certificate in your trust store
+1. The test review app shows its environment and tests its DB connection by reading out the "migrations" table in its database. There should be a new migration for every deployment update, with the commit hash as the id.
+1. To simulate pushing a new commit to PR number 678, you can run `./bin/dev/patch-review-app.sh`. This will kick off another build.
+1. 90s later the second build will finish and the deployment will update. You should be able to see the updated version and new migration in the browser.
+1. To kill the review app, run `./bin/dev/delete-review-app.sh`, and all related resources should be cleaned up by the operator.
+
+---
 
 ## Requirements / expectations from the Probot side
 1. Upload the tarball to S3 (so the operator doesn't need GitHub access)

bin/dev/create-tls-secret.sh

@@ -4,10 +4,10 @@
 # in the minikube cluster. Also emit a ca.crt file that can be
 # added to your browser's trust store to view review apps over TLS
 
-# The cert will be created for the *.local domain, so your
+# The cert will be created for the *.review.local domain, so your
 # app_domain setting should use that value
 
-SECRET_NAME=star-dot-local-tls
+SECRET_NAME=star-review-local-tls
 NAMESPACE=default
 
 # PWD should be the tls folder

bin/dev/enable-ingress.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Turn on the nginx ingress controller in the local minikube cluster
+# This will automatically connect Ingress resources in the cluster to
+# Minikube's IP on the host, accessible via $(minikube ip)
+
+echo "Enabling the NGINX ingress controller in the minikube cluster"
+minikube addons enable ingress

bin/dev/install-kubedb.sh

@@ -2,7 +2,5 @@
 
 echo "Installing KubeDB operator and CRDs in minikube cluster"
 
-minikube start --kubernetes-version v1.17.0
-
 kubectl config use-context minikube
 curl -fsSL https://raw.githubusercontent.com/kubedb/installer/89fab34cf2f5d9e0bcc3c2d5b0f0599f94ff0dca/deploy/kubedb.sh | bash

bin/dev/install-resources.sh

@@ -8,9 +8,6 @@ echo "Installing local dev dependencies in minikube cluster"
 # regenerate the manifest for the CRD and operator permissions
 mix bonny.gen.manifest
 
-# start minikube
-minikube start --kubernetes-version v1.17.0
-
 # install things in the minikube cluster
 kubectl config use-context minikube
 kubectl apply -f dev-resources/build-secrets.yaml

bin/dev/update-minikube-hosts-entry.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# create a hosts entry to allow accessing a hostname via the minikube IP address
+
+HOSTNAME=$1
+ETC_HOSTS=/etc/hosts
+
+if [ -z "$HOSTNAME" ]
+then
+  echo "ERROR: Please provide a hostname as the first argument"
+  echo "e.g. update-minikube-hosts-entry.sh test-review-app-678.review.local"
+  exit 1
+fi
+
+IP=$(minikube ip)
+if [ -z "$IP" ]
+then
+  echo "Minikube IP could not be found. Aborting"
+  exit 1
+else
+  echo "Minikube IP is $IP"
+fi
+
+EXISTING=$(grep $HOSTNAME $ETC_HOSTS)
+HOSTS_LINE="$IP  $HOSTNAME"
+if [ "$EXISTING" == "$HOSTS_LINE" ]
+then
+  echo "Hosts file already configured. Nothing to do."
+  exit 0
+fi
+
+echo "Editing file $ETC_HOSTS. You may be asked for your 'sudo' password."
+
+if [ -n "$EXISTING" ]
+then
+    echo "Entry '$EXISTING' will be replaced";
+    echo "A backup will be created at $ETC_HOSTS.bak";
+    sudo sed -i".bak" "/$HOSTNAME/d" $ETC_HOSTS
+fi
+
+sudo -- sh -c -e "echo '$HOSTS_LINE' >> $ETC_HOSTS";

bin/setup

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 
 echo "Running brew bundle"
 brew bundle
@@ -30,5 +30,10 @@ mix local.hex --force
 mix local.rebar --force
 mix deps.get
 
+echo "Starting minikube"
+minikube start --kubernetes-version v1.17.0
+bin/dev/enable-ingress.sh
 bin/dev/install-kubedb.sh
 bin/dev/install-resources.sh
+bin/dev/update-minikube-hosts-entry.sh test-review-app-678.review.local
+bin/dev/create-tls-secret.sh

config/dev.exs

@@ -16,6 +16,6 @@ config :review_app_operator,
   build_unpack_image: "grossvogel/sleep45:latest",
   build_pull_secrets: [],
   tarball_bucket: "tarball_bucket",
-  app_domain: "local",
-  tls_secret_name: "star-dot-local-tls",
+  app_domain: "review.local",
+  tls_secret_name: "star-review-local-tls",
   tls_secret_namespace: "default"

config/test.exs

@@ -4,3 +4,7 @@ config :logger,
   level: :warn
 
 config :review_app_operator, :k8s_client, ReviewAppOperator.MockKubeClient
+
+config :review_app_operator,
+  tls_secret_name: "star-review-local-tls",
+  tls_secret_namespace: "default"

dev-resources/tls/openssl.cnf

@@ -9,7 +9,7 @@ req_extensions = v3_req
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1 = *.local
+DNS.1 = *.review.local
 
 [dn]
 C=US
@@ -18,4 +18,4 @@ L=New Orleans
 O=Revelry Labs
 OU=Development
 emailAddress[email protected]
-CN=*.local
+CN=*.review.local

dev-resources/tls/v3.ext

@@ -4,4 +4,4 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1 = *.local
+DNS.1 = *.review.local

lib/review_app_operator/resources/ingress_tls_secret.ex

@@ -20,8 +20,7 @@ defmodule ReviewAppOperator.Resource.IngressTlsSecret do
   defp manifest(%{name: name, ns: ns, original: original}) do
     %{
       original
-      | "metadata" => %{"name" => name, "namespace" => ns},
-        "status" => %{}
+      | "metadata" => %{"name" => name, "namespace" => ns}
     }
   end
 

test/review_app_operator/controllers/v1/review_app_test.exs

@@ -7,7 +7,7 @@ defmodule ReviewAppOperator.Controller.V1.ReviewAppTest do
   describe "add/1" do
     test "returns :ok" do
       MockKubeClient
-      |> expect_get_secret()
+      |> expect_get_secret(3)
       |> expect_k8s(:create, 7)
       |> expect_k8s(:patch)
 
@@ -23,12 +23,26 @@ defmodule ReviewAppOperator.Controller.V1.ReviewAppTest do
       result = ReviewApp.modify(event)
       assert result == :ok
     end
+
+    test "kicks off new build" do
+      MockKubeClient
+      |> expect_k8s(:create, 1)
+      |> expect_k8s(:patch, 2)
+
+      event =
+        TestReviewApp.manifest()
+        |> put_in(["spec", "commitHash"], "5ce6e4a15e2a09fe113aba79263104835bd676c2")
+        |> put_in(["status", "buildCommit"], "c8c9aa334a76677aa0be4ec0ebb08484367f952d")
+
+      result = ReviewApp.modify(event)
+      assert result == :ok
+    end
   end
 
   describe "delete/1" do
     test "returns :ok" do
       MockKubeClient
-      |> expect_get_secret(2)
+      |> expect_get_secret(4)
       |> expect_k8s(:delete, 7)
 
       event =