ODAA-26: Secrets-Management for Components

[ferenc-hechler]

This PR contributes the Secrets-Management for Components as described in Use-Case 14

Details about the content can be found in the JIRA issue: ODAA-26

The TEMP folder was not yet removed, it can be safely deleted, but might be helpful until the PR is reviewed. It contains setup and test instructions.

Manual tests and BDD tests were successfull in the cluster ihc-dt: https://reports.cucumber.io/reports/8b0ab969-17fd-4adf-9a52-100e421e9ec6

BDD tests for testing the Secrets-Management functionality are not yet finished. Progress can be checked in ODAA-77

[ferenc-hechler]

Now HashiCorp Vault is deployed and configured together with the canvas-oda chart (as charts/canvas-vault sub-chart).

Manually tested the deployment from the branch in ihc-dt cluster and it looks well. But the BDD tests report 4 Errors in "features/UC002-F001-Install-Component.feature": https://reports.cucumber.io/reports/77648af7-8968-4919-a4af-13114a2fbbd5

The errors are about missing ExposedAPI (3x) and DependentAPI (1x) custom resources.

[LesterThomas]

Now HashiCorp Vault is deployed and configured together with the canvas-oda chart (as charts/canvas-vault sub-chart).

Manually tested the deployment from the branch in ihc-dt cluster and it looks well. But the BDD tests report 4 Errors in "features/UC002-F001-Install-Component.feature": https://reports.cucumber.io/reports/77648af7-8968-4919-a4af-13114a2fbbd5

The errors are about missing ExposedAPI (3x) and DependentAPI (1x) custom resources.

These errors relate to tests that are not yet defined (to test the new Component Lifecycle management) - I've fixed in PR #247 so that it returns 'pending' for undefined tests.

[ferenc-hechler]

review will be continued today in the afternoon.

[ferenc-hechler]

Code-Review is finished, PR is ready to be merged.

When the PR is merged as it is, the GitHub actions for building the release versions will fail, because the build scripts need "secrets.DOCKERHUB_USERNAME" and "secrets.DOCKERHUB_TOKEN" for pushing the docker images.

To mitigate this, the release versions "0.1.0" were already prebuilt and it will work without building from the master branch.

In general, the image should be changed in "charts/oda-canvas/values.yaml" from "ocfork/..." to "tmforumodacanvas/..." and also the secrets for the tmforumodacanvas organization have to be configured in "tmforum-oda/oda-canvas" GitHub repository. Then the prerelease build scripts for feature branches and the release build scripts for the master branch will work in the oda-canvas repo. The process is described here: https://github.com/tmforum-oda/oda-canvas/issues/249#issuecomment-2159917438

I wanted to discuss the release strategy in the tech refinement, but this week, there was no time for this.

A fresh canvas deployment in ihc-dt cluster was tested with the BDD tests and except for the 4 known failing tests (see PR #247 ) and the unimplemented ones the tests are fine:

https://reports.cucumber.io/reports/4b970a63-f2dc-4643-9448-73e1edd1f253

BDD tests for Secrets-Management are not yet finished, progress can be checked in ODAA-77

[thomo]

Approved

[ferenc-hechler]

Synced the latest changes from upstream, now the tests look good.

https://reports.cucumber.io/reports/e6e53103-c4ec-4ea3-80c3-2f35b8bbc731

[ferenc-hechler]

After running the tests there are two component deployments left over: "pc" and "pi". And two of their deployments is constantly crashing:

$ kubectl get pods
NAME                                      READY   STATUS             RESTARTS      AGE
pc-metricsapi-5fdd679fc9-dpzdm            2/2     Running            0             3m2s
...                                       ...     ...                ...           ... 
pi-partyroleapi-74c8946848-4m8sf          2/2     Running            0             2m47s
pi-productinventoryapi-5f596b48cb-mmq8n   1/2     CrashLoopBackOff   4 (62s ago)   2m46s
pi-roleinitialization-pq66r               1/2     CrashLoopBackOff   4 (64s ago)   2m46s

[ferenc-hechler]

The PR is ready for merging. About details see above https://github.com/tmforum-oda/oda-canvas/pull/237#issuecomment-2163965526