Changed test launch to be self-contained in our desired namespace +…

configuration/observatorium/tenants.libsonnet

@@ -6,7 +6,7 @@
       oidc: {
         clientID: 'test',
         clientSecret: 'ZXhhbXBsZS1hcHAtc2VjcmV0',
-        issuerURL: 'http://dex.dex.svc.cluster.local:5556/dex',
+        issuerURL: 'http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex',
         usernameClaim: 'email',
       },
     },
@@ -16,7 +16,7 @@
       oidc: {
         clientID: 'test',
         clientSecret: 'ZXhhbXBsZS1hcHAtc2VjcmV0',
-        issuerURL: 'http://dex.dex.svc.cluster.local:5556/dex',
+        issuerURL: 'http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex',
         usernameClaim: 'email',
       },
     },

resources/services/observatorium-template.yaml

@@ -284,22 +284,22 @@ objects:
   stringData:
     client-id: test
     client-secret: ZXhhbXBsZS1hcHAtc2VjcmV0
-    issuer-url: http://dex.dex.svc.cluster.local:5556/dex
+    issuer-url: http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex
     tenants.yaml: |-
       "tenants":
       - "id": "770c1124-6ae8-4324-a9d4-9ce08590094b"
         "name": "rhobs"
         "oidc":
           "clientID": "test"
           "clientSecret": "ZXhhbXBsZS1hcHAtc2VjcmV0"
-          "issuerURL": "http://dex.dex.svc.cluster.local:5556/dex"
+          "issuerURL": "http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex"
           "usernameClaim": "email"
       - "id": "FB870BF3-9F3A-44FF-9BF7-D7A047A52F43"
         "name": "telemeter"
         "oidc":
           "clientID": "test"
           "clientSecret": "ZXhhbXBsZS1hcHAtc2VjcmV0"
-          "issuerURL": "http://dex.dex.svc.cluster.local:5556/dex"
+          "issuerURL": "http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex"
           "usernameClaim": "email"
 - apiVersion: v1
   kind: Service
@@ -1040,3 +1040,5 @@ parameters:
   value: 1Gi
 - name: UP_MEMORY_LIMIT
   value: 2Gi
+- name: TEST_DEX_NAMESPACE
+  value: dex

services/dex-template.jsonnet

@@ -24,7 +24,7 @@ local dex = (import 'github.com/observatorium/observatorium/configuration/compon
         userID: '08a8684b-db88-4b73-90a9-3cd1661f5466',
       },
     ],
-    issuer: 'http://${NAMESPACE}.${NAMESPACE}.svc.cluster.local:5556/dex',
+    issuer: 'http://dex.${NAMESPACE}.svc.cluster.local:5556/dex',
     storage: {
       type: 'sqlite3',
       config: { file: '/storage/dex.db' },
@@ -81,7 +81,7 @@ local dex = (import 'github.com/observatorium/observatorium/configuration/compon
 };
 
 {
-  apiVersion: 'v1',
+  apiVersion: 'template.openshift.io/v1',
   kind: 'Template',
   metadata: {
     name: 'dex',

services/minio-template.jsonnet

@@ -1,6 +1,5 @@
 local minio = (import 'github.com/observatorium/observatorium/configuration/components/minio.libsonnet')({
   name:: 'minio',
-  namespace:: '${NAMESPACE}',
   image:: '${IMAGE}:${IMAGE_TAG}',
   version:: '${IMAGE_TAG}',
   accessKey:: '${MINIO_ACCESS_KEY}',
@@ -34,7 +33,7 @@ local minio = (import 'github.com/observatorium/observatorium/configuration/comp
 };
 
 {
-  apiVersion: 'v1',
+  apiVersion: 'template.openshift.io/v1',
   kind: 'Template',
   metadata: {
     name: 'minio',
@@ -48,7 +47,6 @@ local minio = (import 'github.com/observatorium/observatorium/configuration/comp
     for name in std.objectFields(minio)
   ],
   parameters: [
-    { name: 'NAMESPACE', value: 'minio' },
     { name: 'IMAGE', value: 'minio/minio' },
     { name: 'IMAGE_TAG', value: 'RELEASE.2021-09-09T21-37-07Z' },
     { name: 'REPLICAS', value: '1' },

services/observatorium-template.jsonnet

@@ -80,5 +80,6 @@ local obs = import 'observatorium.libsonnet';
     { name: 'UP_CPU_LIMIT', value: '500m' },
     { name: 'UP_MEMORY_REQUEST', value: '1Gi' },
     { name: 'UP_MEMORY_LIMIT', value: '2Gi' },
+    { name: 'TEST_DEX_NAMESPACE', value: 'dex' },
   ],
 }

services/observatorium.libsonnet

@@ -400,7 +400,7 @@ local rulesObjstore = (import 'github.com/observatorium/rules-objstore/jsonnet/l
       stringData+: {
         'client-id': 'test',
         'client-secret': 'ZXhhbXBsZS1hcHAtc2VjcmV0',
-        'issuer-url': 'http://dex.dex.svc.cluster.local:5556/dex',
+        'issuer-url': 'http://dex.${TEST_DEX_NAMESPACE}.svc.cluster.local:5556/dex',
       },
     },
   },

tests/.gitignore

@@ -0,0 +1 @@
+*.test.env

tests/README.md

@@ -5,29 +5,45 @@ This directory includes extra resources that make it possible to deploy RHOBS in
 - [Red Hat External SSO](https://sso.redhat.com/auth/realms/redhat-external), which serves as an OIDC provider, is replaced by a local installation of [dex](https://dexidp.io/)
 - The object storage, normally provided by S3, is replaced by a local installation of [minio](https://min.io/)
 
-In addition to replacing external dependencies, this directory also includes files to [override default OpenShift template parameters](https://docs.openshift.com/container-platform/4.9/openshift_images/using-templates.html#templates-cli-generating-list-of-objects_using-templates). These files have filename `<namespace>.test.env` and are namespace-specific. The purpose of this is to override parameters in order to make the deployments suitable for testing, in particular:
+The deployment is self-contained in single namespace provided as parameter to `launch.sh deploy` script.
+
+In addition to replacing external dependencies, the `launch.sh` script also includes parameters to [override default OpenShift template parameters](https://docs.openshift.com/container-platform/4.9/openshift_images/using-templates.html#templates-cli-generating-list-of-objects_using-templates). The purpose of this is to override parameters in order to make the deployments suitable for testing, in particular:
 - The CPU / memory limits / requests are decreased so that RHOBS can be deployed on smaller clusters as well
 - The number of replicas for components is decreased as well in order for the deployment to not be too resources heavy
 - Some further object names (e.g. service accounts and images) are replaced to work with local alternatives of the external dependencies
+- Namespace name changes so all can be deployed in one namespace.
+
+The parameter files can be edited accordingly to accommodate your specific testing scenario.
+
+### Requirements.
 
-The parameter files can be edited accordingly to accomodate your specific testing scenario.
+* OpenShift cluster available.
+* [oc](https://docs.openshift.com/container-platform/4.7/cli_reference/openshift_cli/getting-started-cli.html) CLI installed.
 
 ### How to
+
 To deploy the RHOBS stack on a cluster, use the `launch.sh` script from within this directory. Run:
 
 ```bash
-./launch.sh deploy
+./launch.sh deploy <your testing namespace>
 ```
 
 This will create all the necessary namespaces and other resources for you.
 
 To tear down the installation, run:
+
 ```bash
-./launch.sh teardown
+./launch.sh teardown <your testing namespace>
 ```
-This will delete all RHOBS namespaces for you.
 
-### Additional information
+This will delete all RHOBS resources for you.
+
+### NOTE: Minio, Dex Templates
+
+Some templates like `minio-template.yaml` and `dex-template.yaml` are generated in `make manifests` process. Any manual edition to this will be removed after that command.
+
+### Additional information.
+
 Currently, not every RHOBS OpenShift template is being processed and deployed - only the 'core' parts of RHOBS are included within the testing deployment at the moment. This includes `observatorium`, `observatorium-metrics` and `telemeter` namespaces (each based on its respective template).
 
 The test deployment also does not take care of exposing services. This is left up to the user, to expose the services in a fashion suitable for the given test scenario - whether this done by using the `oc expose` command or by port forwarding to a given service / pod via `oc port-forward`.

tests/alertmanager-config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: alertmanager-config
+data:
+  # "# Default"
+  alertmanager.yaml: IyBEZWZhdWx0Cg==
+type: Opaque

tests/cluster-roles-template.yaml

@@ -0,0 +1,45 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: roles
+objects:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRole
+  metadata:
+    name: ${NAME}
+  rules:
+  - apiGroups:
+    - authentication.k8s.io
+    resources:
+    - tokenreviews
+    verbs:
+    - create
+  - apiGroups:
+    - authorization.k8s.io
+    resources:
+    - subjectaccessreviews
+    verbs:
+    - create
+  - apiGroups:
+      - ""
+    resourceNames:
+    - ${{NAME}}
+    resources:
+    - namespaces
+    verbs:
+    - get
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRoleBinding
+  metadata:
+    name: ${NAME}
+  subjects:
+  - kind: ServiceAccount
+    name: rhobs
+    namespace: ${NAME}
+  roleRef:
+    kind: ClusterRole
+    name: ${NAME}
+    apiGroup: rbac.authorization.k8s.io
+parameters:
+- name: NAME
+  value: "<CHANGEME>"

tests/dex-template.yaml

@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   name: dex
@@ -88,7 +88,7 @@ objects:
   stringData:
     config.yaml: |-
       "enablePasswordDB": true
-      "issuer": "http://${NAMESPACE}.${NAMESPACE}.svc.cluster.local:5556/dex"
+      "issuer": "http://dex.${NAMESPACE}.svc.cluster.local:5556/dex"
       "logger":
         "level": "debug"
       "oauth2":