search

xtf-cz / xtf

MIT License
12 stars 55 forks source link

Add support for initContainers for PodBuilder #412

Open spriadka opened 3 years ago

spriadka commented 3 years ago

Init containers are executed before Pod's container. We can use them to manage utilities or setup scripts not present in an app image. Resulting YAML can look like following:

initContainers:
        - resources: {}
          terminationMessagePath: /dev/termination-log
          name: pem-to-truststore
          command:
            - /bin/bash
          env:
            - name: ca_bundle
              value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
            - name: truststore_jks
              value: /var/run/secrets/java.io/keystores/truststore.jks
            - name: password
              value: changeit
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: keystore-volume
              mountPath: /var/run/secrets/java.io/keystores
          terminationMessagePolicy: File
          image: 'registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1-16'
          args:
            - '-c'
            - >-
              csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}'
              && for file in crt-*; do keytool -import -noprompt -keystore
              $truststore_jks -file $file -storepass secret -alias
              service-$file; done

(reference of applying one such in https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/)

mchoma commented 3 years ago

From discussion what I had with Simon. This is not to support product configuration. Rather attempt to simplify test configuration in some cases. Alternative is to use S2I custom scripts.

OndrejKotek commented 3 years ago

How does the product configuration for the Java keystores look like then?

mchoma commented 3 years ago

How does the product configuration for the Java keystores look like then?

I meant it like it is not requirement of product, e.g. EAP on OpenShift does not require initContainers to run. But to answer your question, I would say java keystores are used to passed to pods as OpenShift Secret objects.

mnovak1 commented 3 years ago

I have no problem of adding this feature into XTF (if anyone does it :-) ). However whether to use it in product test suite might not be best idea as it adds addional complexity and breaks 1 pod = 1 container concept so it might be harder to debug.