Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deploy): deploy cryostat 3.0 #727

Merged
merged 35 commits into from
Apr 23, 2024
Merged

feat(deploy): deploy cryostat 3.0 #727

merged 35 commits into from
Apr 23, 2024

Conversation

Josh-Matsuoka
Copy link
Contributor

Welcome to Cryostat! 👋

Before contributing, make sure you have:

  • Read the contributing guidelines
  • Linked a relevant issue which this PR resolves
  • Linked any other relevant issues, PR's, or documentation, if any
  • Resolved all conflicts, if any
  • Rebased your branch PR on top of the latest upstream main branch
  • Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
  • Signed all commits: git commit -S -m "YOUR_COMMIT_MESSAGE"

Fixes: Part 1 of #710

Description of the change:

This change deploys cryostat 3.0 bits (3.0 base image, storage, database) without auth, addressing the first part of #710

@tthvo tthvo mentioned this pull request Feb 14, 2024
Merged
7 tasks
@andrewazores andrewazores changed the base branch from main to cryostat3 February 22, 2024 15:49
@andrewazores andrewazores changed the title feat(deploy cryostat 3.0) feat(deploy): deploy cryostat 3.0 Feb 22, 2024
mergify bot and others added 5 commits February 22, 2024 11:03
@mergify @tthvo @andrewazores
feat(discovery): options to configure discovery port names and number…
71a8999 
…s (backport cryostatio#715) (cryostatio#725)

* feat(discovery): options to configure discovery port names and numbers (cryostatio#715)

Signed-off-by: Thuan Vo <[email protected]>
(cherry picked from commit a552021)

* resolve conflict

---------

Co-authored-by: Thuan Vo <[email protected]>
Co-authored-by: Andrew Azores <[email protected]>
@Josh-Matsuoka @andrewazores
Deploy cryostat 3.0
ff950e8
@Josh-Matsuoka @andrewazores
Remove extraneous file
7a518cc
@Josh-Matsuoka @andrewazores
test adjustments
3dfd0bd
@tthvo @andrewazores
feat(discovery): options to configure discovery port names and numbers (
60de1b6 
cryostatio#715)

Signed-off-by: Thuan Vo <[email protected]>
@andrewazores andrewazores added feat New feature or request breaking change This change (potentially) breaks API compatibility and requires corresponding changes elsewhere safe-to-test labels Feb 22, 2024
@Josh-Matsuoka Josh-Matsuoka marked this pull request as ready for review February 22, 2024 19:48
@andrewazores
Copy link
Member

Doesn't seem to compile, just me?

$ make manager
mkdir -p /home/work/workspace/cryostat-operator/bin
test -s /home/work/workspace/cryostat-operator/bin/controller-gen && /home/work/workspace/cryostat-operator/bin/controller-gen --version | grep -q 0.11.1 || \
GOBIN=/home/work/workspace/cryostat-operator/bin go install sigs.k8s.io/controller-tools/cmd/[email protected]
/home/work/workspace/cryostat-operator/bin/controller-gen rbac:roleName=role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
envsubst < hack/image_tag_patch.yaml.in > config/default/image_tag_patch.yaml
envsubst < hack/image_pull_patch.yaml.in > config/default/image_pull_patch.yaml
go generate ./...
/home/work/workspace/cryostat-operator/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."
test -s /home/work/workspace/cryostat-operator/bin/go-license || GOBIN=/home/work/workspace/cryostat-operator/bin go install github.com/palantir/[email protected]
Adding license...
/home/work/workspace/cryostat-operator/bin/go-license --config=go-license.yml api/v1beta1/groupversion_info.go api/v1beta1/cryostat_conversion.go api/v1beta1/cryostat_conversion_test.go api/v1beta1/cryostat_suite_test.go api/v1beta1/cryostat_types.go api/v1beta1/zz_generated.deepcopy.go api/v1beta2/cryostat_conversion.go api/v1beta2/cryostat_types.go api/v1beta2/groupversion_info.go api/v1beta2/zz_generated.deepcopy.go internal/controllers/common/resource_definitions/certificates.go internal/controllers/common/resource_definitions/resource_definitions.go internal/controllers/common/tls.go internal/controllers/common/finalizer_utils.go internal/controllers/common/common_utils.go internal/controllers/constants/constants.go internal/controllers/model/instance.go internal/controllers/configmaps.go internal/controllers/secrets.go internal/controllers/suite_test.go internal/controllers/insights/apicast.go internal/controllers/insights/insights.go internal/controllers/insights/insights_controller.go internal/controllers/insights/insights_controller_test.go internal/controllers/insights/insights_controller_unit_test.go internal/controllers/insights/insights_suite_test.go internal/controllers/insights/setup.go internal/controllers/insights/setup_test.go internal/controllers/insights/test/manager.go internal/controllers/insights/test/utils.go internal/controllers/insights/test/resources.go internal/controllers/openshift.go internal/controllers/certmanager.go internal/controllers/const_generated.go internal/controllers/cryostat_controller.go internal/controllers/cryostat_controller_test.go internal/controllers/ingresses.go internal/controllers/pvc.go internal/controllers/rbac.go internal/controllers/reconciler.go internal/controllers/reconciler_test.go internal/controllers/routes.go internal/controllers/services.go internal/images/custom-scorecard-tests/main.go internal/test/scorecard/clients.go internal/test/scorecard/openshift.go internal/test/scorecard/tests.go internal/test/expect.go internal/test/clients.go internal/test/conversion.go internal/test/reconciler.go internal/test/resources.go internal/tools/const_generator.go internal/main.go internal/webhooks/cryostat_webhook.go internal/webhooks/defaulter.go internal/webhooks/test/resources.go internal/webhooks/validator.go internal/webhooks/validator_test.go internal/webhooks/webhook_suite_test.go
go fmt ./...
go vet ./...
# github.com/cryostatio/cryostat-operator/internal/controllers/common/resource_definitions
internal/controllers/common/resource_definitions/resource_definitions.go:1126:63: cr.Spec.SecurityOptions.StorageSecurityContext undefined (type *"github.com/cryostatio/cryostat-operator/api/v1beta2".SecurityOptions has no field or method StorageSecurityContext)
internal/controllers/common/resource_definitions/resource_definitions.go:1127:41: cr.Spec.SecurityOptions.StorageSecurityContext undefined (type *"github.com/cryostatio/cryostat-operator/api/v1beta2".SecurityOptions has no field or method StorageSecurityContext)
internal/controllers/common/resource_definitions/resource_definitions.go:1148:63: cr.Spec.SecurityOptions.DatabaseSecurityContext undefined (type *"github.com/cryostatio/cryostat-operator/api/v1beta2".SecurityOptions has no field or method DatabaseSecurityContext)
internal/controllers/common/resource_definitions/resource_definitions.go:1149:41: cr.Spec.SecurityOptions.DatabaseSecurityContext undefined (type *"github.com/cryostatio/cryostat-operator/api/v1beta2".SecurityOptions has no field or method DatabaseSecurityContext)

@Josh-Matsuoka
Copy link
Contributor Author

It looks like there's a missing commit or two from what I have, hang on while I resolve some merge conflicts

@andrewazores
Copy link
Member 

$ make bundle
mkdir -p /home/work/workspace/cryostat-operator/bin
test -s /home/work/workspace/cryostat-operator/bin/controller-gen && /home/work/workspace/cryostat-operator/bin/controller-gen --version | grep -q 0.11.1 || \
GOBIN=/home/work/workspace/cryostat-operator/bin go install sigs.k8s.io/controller-tools/cmd/[email protected]
/home/work/workspace/cryostat-operator/bin/controller-gen rbac:roleName=role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
envsubst < hack/image_tag_patch.yaml.in > config/default/image_tag_patch.yaml
envsubst < hack/image_pull_patch.yaml.in > config/default/image_pull_patch.yaml
test -s /home/work/workspace/cryostat-operator/bin/kustomize || { curl -Ss "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s -- 3.8.7 /home/work/workspace/cryostat-operator/bin; }
/home/work/bin/operator-sdk generate kustomize manifests -q
cd config/manager && /home/work/workspace/cryostat-operator/bin/kustomize edit set image controller=quay.io/cryostat/cryostat-operator:3.0.0-dev
/home/work/workspace/cryostat-operator/bin/kustomize build config/manifests | /home/work/bin/operator-sdk generate bundle -q --overwrite --version 3.0.0-dev  
INFO[0004] Creating bundle.Dockerfile                   
INFO[0004] Creating bundle/metadata/annotations.yaml    
INFO[0004] Bundle metadata generated successfully       
/home/work/bin/operator-sdk bundle validate ./bundle
ERRO[0000] Error: Value operator.cryostat.io/v1beta1, Kind=ClusterCryostat: CRD "operator.cryostat.io/v1beta1, Kind=ClusterCryostat" is present in bundle "cryostat-operator.v3.0.0-dev" but not defined in CSV 
make: *** [Makefile:287: bundle] Error 1

andrewazores
andrewazores reviewed Feb 27, 2024
View reviewed changes
internal/controllers/common/resource_definitions/resource_definitions.go
Name: cr.Name + "-storage",
Image: imageTag,
ImagePullPolicy: getPullPolicy(imageTag),
SecurityContext: containerSc,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the StorageConfig also be included here?

andrewazores
andrewazores reviewed Feb 27, 2024
View reviewed changes
Copy link
Member

@andrewazores andrewazores left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think some changes need to be made in ex. NewCoreContainer as well. The 3.0 image needs fairly different configuration compared to 2.4.0 - a lot of the old environment variables have been renamed or removed, and the 3.0 container will also need to be configured to tell it the URLs of its storage and database containers.

@mwangggg mwangggg mentioned this pull request Feb 28, 2024
Merged
7 tasks
mwangggg and others added 3 commits February 28, 2024 10:39
@mwangggg
ci(gh): add comment when /build_test is finished (cryostatio#745)
6b2e997
@mwangggg
add scorecard test/suite selection (cryostatio#746)
2af4362
@tthvo @mwangggg
test(scorecard): scorecard tests for recording management (cryostatio…
cfcbfc7 
…#698)

* test(scorecard): scorecard tests for recording management

Signed-off-by: Thuan Vo <[email protected]>

* fixup(scorecard): fix cr cleanup func

* test(scorecard): registry recording test to suite

* chore(scorecard): reorganize client def

* chore(scorecard): clean up common setup func

* chore(bundle): regenerate bundle with scorecard tag

* chore(bundle): correct image tag in bundle

* fix(bundle): add missing scorecard test config patch

* feat(scorecard): scaffold cryostat API client

* chore(scorecard): clean up API client

* test(scorecard): implement recording scorecard test

* fixup(scorecard): correctly add scorecard test via hack templates

* fix(client): ignore unverified tls certs and base64 oauth token

* chore(bundle): split cryostat tests to separate stage

* fix(scorecard): extend default transport instead of overwriting

* chore(scorecard): refactor client to support multi-part

* fixup(client): fix request verb

* fix(client): fix recording create form format

* fix(scorecard): create stored credentials for target JVM

* fix(scorecard): fix 502 status error

* chore(scorecard): simplify client def

* chore(scorecard): fetch recordings to ensure action is correctly performed

* test(scorecard): test generating report for a recording

* chore(scorecard): clean up

* test(scorecard): list archives in tests

* ci(scorecard): reconfigure ingress for kind

* ci(k8s): correct cluster name

* test(scorecard): use role instead of clusterrole for oauth rules

* test(scorecard): parse health response for additional checks

* chore(scorecard): add missing newline in logs

* chore(scorecard): check status code before parsing body in health check

* test(scorecard): add custom target discovery to recording scorecard test

* add EOF wait and resp headers

* add resp headers

* chore(client): configure all clients to send safe requests

* fix(clients): add missing content-type header

* fix(scorecard): add missing test name in help message

* chore(client): create new http requests when retrying

* chore(bundle): update scorecard image tags

---------

Signed-off-by: Thuan Vo <[email protected]>
Co-authored-by: Ming Yu Wang <[email protected]>
Co-authored-by: Ming Wang <[email protected]>
@tthvo tthvo mentioned this pull request Mar 6, 2024
Merged
7 tasks
@mwangggg
test(scorecard): scorecard test for Cryostat CR configuration changes (
bf8df15 
…cryostatio#739)

* CR config scorecard

* reformat

* reviews

* add kubectl license
@andrewazores
Copy link
Member

Still hitting "Application is not available" unfortunately, but I think I can make some more progress here with just service/route configuration stuff and mostly ignoring TLS.

@andrewazores
Copy link
Member

Ah, DISABLE_SERVICE_TLS was only half the picture. I have been using make create_cryostat_cr so I also needed to edit the CR with enableCertManager: false. After that:

Screenshot_2024-04-11_15-09-45

Some more progress. At least I can get into the web UI now, or make HTTP requests to the Route in general.

@andrewazores
Copy link
Member

It looks like the request was blocked by my browser because the original request went through the Route, which has TLS edge termination enabled, but Cryostat responded with a HTTP 308 redirection response where the Location header used http://. I think it's doing that because Quarkus doesn't know that it is behind such a TLS terminating proxy (the Route).

Screenshot_2024-04-11_15-13-16

If I use HTTPie instead of a web browser, since this is more lenient about these issues, it follows the redirect response with no problem:

$ https -v --follow https://cryostat-sample-cryostat3.apps-crc.testing/api/v1/targets
GET /api/v1/targets HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2



HTTP/1.1 308 Permanent Redirect
cache-control: no-cache
content-length: 0
location: http://cryostat-sample-cryostat3.apps-crc.testing/api/v3/targets
set-cookie: fce4e72d4c886214e0add5b2a1b0822e=957f357f1c504be2ada71f6882e15474; path=/; HttpOnly; Secure; SameSite=None



GET /api/v3/targets HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2



HTTP/1.1 302 Found
cache-control: no-cache
content-length: 0
location: https://cryostat-sample-cryostat3.apps-crc.testing/api/v3/targets



GET /api/v3/targets HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: fce4e72d4c886214e0add5b2a1b0822e=957f357f1c504be2ada71f6882e15474
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2



HTTP/1.1 200 OK
cache-control: no-cache
content-encoding: gzip
content-length: 28
content-type: application/json;charset=UTF-8

[]

$ https -v --follow --form https://cryostat-sample-cryostat3.apps-crc.testing/api/v2/targets connectUrl='localhost:0' alias=self
POST /api/v2/targets HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 35
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2

connectUrl=localhost%3A0&alias=self

HTTP/1.1 201 Created
content-length: 310
content-type: application/json;charset=UTF-8
location: http://cryostat-sample-cryostat3.apps-crc.testing/api/v3/targets/1
set-cookie: fce4e72d4c886214e0add5b2a1b0822e=957f357f1c504be2ada71f6882e15474; path=/; HttpOnly; Secure; SameSite=None

{
    "data": {
        "result": {
            "agent": false,
            "alias": "self",
            "annotations": {
                "cryostat": {
                    "REALM": "Custom Targets"
                },
                "platform": {}
            },
            "connectUrl": "service:jmx:rmi:///jndi/rmi://localhost:0/jmxrmi",
            "id": 1,
            "jvmId": "-mCG7v2KUyH6CQH8cBcSOj810BjJU-PMKbHpFmGIobU=",
            "labels": {}
        }
    },
    "meta": {
        "status": "Created",
        "type": "application/json"
    }
}

$ https -v --follow https://cryostat-sample-cryostat3.apps-crc.testing/api/v3/targets
GET /api/v3/targets HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2



HTTP/1.1 200 OK
cache-control: no-cache
content-encoding: gzip
content-length: 221
content-type: application/json;charset=UTF-8
set-cookie: fce4e72d4c886214e0add5b2a1b0822e=957f357f1c504be2ada71f6882e15474; path=/; HttpOnly; Secure; SameSite=None

[
    {
        "agent": false,
        "alias": "self",
        "annotations": {
            "cryostat": {
                "REALM": "Custom Targets"
            },
            "platform": {}
        },
        "connectUrl": "service:jmx:rmi:///jndi/rmi://localhost:0/jmxrmi",
        "id": 1,
        "jvmId": "-mCG7v2KUyH6CQH8cBcSOj810BjJU-PMKbHpFmGIobU=",
        "labels": {}
    }
]

$ https -v --follow --form https://cryostat-sample-cryostat3.apps-crc.testing/api/v3/targets/1/recordings recordingName=test events=template=ALL
POST /api/v3/targets/1/recordings HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 40
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: cryostat-sample-cryostat3.apps-crc.testing
User-Agent: HTTPie/3.2.2

recordingName=test&events=template%3DALL

HTTP/1.1 201 Created
content-length: 315
content-type: application/json;charset=UTF-8
set-cookie: fce4e72d4c886214e0add5b2a1b0822e=957f357f1c504be2ada71f6882e15474; path=/; HttpOnly; Secure; SameSite=None

{
    "continuous": true,
    "downloadUrl": "/api/v3/activedownload/1",
    "duration": 0,
    "id": 1,
    "maxAge": 0,
    "maxSize": 0,
    "metadata": {
        "expiry": null,
        "labels": {
            "template.name": "ALL",
            "template.type": "TARGET"
        }
    },
    "name": "test",
    "remoteId": 1,
    "reportUrl": "/api/v3/targets/1/reports/1",
    "startTime": 1712863244670,
    "state": "RUNNING",
    "toDisk": true
}

@andrewazores
Copy link
Member

andrewazores commented Apr 11, 2024
edited
Loading

Got it.

image

This was still done with enableCertManager: false in the CR. I'm not sure if leaving it enabled will break things, but it certainly won't do what it is intended to do. But maybe that does make sense to address later when the authproxy is introduced, since then cert-manager can inject certs to that container to handle TLS for everything.

Update: just checked and enableCertManager: true in the CR still ends up with "Application is not available", presumably because it's trying to do Route re-encryption rather than edge termination. But there is no TLS to re-encrypt on the inside.

@andrewazores andrewazores mentioned this pull request Apr 12, 2024
Closed
7 tasks
@andrewazores
Copy link
Member

#795 linked above is a new PR I have based on top of this one wherein I'm working on cleaning things up some more - removing no longer used certificate volume mounts and TLS handling, fixing some environment variable names, things like that. It's pretty noisy since a lot of things are touched so I figured it was better to keep it as a separate changeset for ease of review.

@Josh-Matsuoka
Copy link
Contributor Author

Is there anything else that needs to be fixed here? Otherwise I'll get the merge conflicts cleaned up.

@andrewazores
Copy link
Member

I think the Makefile adjustment(s) above need to be included so that this PR is at least buildable on its own. After that it can be used to deploy a non-TLS deployment, so I think it would be fine to merge into the upstream branch and continue building from there. @ebaron wdyt?

@andrewazores
Copy link
Member

Lots of test failures during build now after syncing the latest upstream changes.

@ebaron
Copy link
Member

ebaron commented Apr 16, 2024

I think the Makefile adjustment(s) above need to be included so that this PR is at least buildable on its own. After that it can be used to deploy a non-TLS deployment, so I think it would be fine to merge into the upstream branch and continue building from there. @ebaron wdyt?

Sounds good to me. I'm fine with restoring the missing functionality over other PRs.

@andrewazores andrewazores mentioned this pull request Apr 16, 2024
Merged
7 tasks
@andrewazores
Copy link
Member

andrewazores commented Apr 18, 2024
edited
Loading

Lots of test failures during build now after syncing the latest upstream changes.

internal/test/resources.go looks like some of my adjustments got wiped out after the sync to main. Trying to restore it now.

@andrewazores
Copy link
Member

make generate manifests manager test-envtest oci-build bundle bundle-build all works now.

make scorecard seems to silently hang? It's stuck at:

mkdir -p /home/work/workspace/cryostat-operator/bin
test -s /home/work/workspace/cryostat-operator/bin/kustomize || { curl -Ss "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s -- 3.8.7 /home/work/workspace/cryostat-operator/bin; }
oc create namespace cryostat-operator-scorecard && oc label --overwrite namespace cryostat-operator-scorecard pod-security.kubernetes.io/warn=restricted pod-security.kubernetes.io/audit=restricted
namespace/cryostat-operator-scorecard created
namespace/cryostat-operator-scorecard labeled
cd internal/images/custom-scorecard-tests/rbac/ && /home/work/workspace/cryostat-operator/bin/kustomize edit set namespace cryostat-operator-scorecard
/home/work/workspace/cryostat-operator/bin/kustomize build internal/images/custom-scorecard-tests/rbac/ | oc apply -f -
serviceaccount/cryostat-scorecard created
role.rbac.authorization.k8s.io/cryostat-scorecard created
clusterrole.rbac.authorization.k8s.io/cryostat-scorecard created
rolebinding.rbac.authorization.k8s.io/cryostat-scorecard created
clusterrolebinding.rbac.authorization.k8s.io/cryostat-scorecard created
/home/work/bin/operator-sdk run bundle -n cryostat-operator-scorecard --timeout 20m quay.io/cryostat/cryostat-operator-bundle:3.0.0-dev --security-context-config=restricted 
INFO[0007] Creating a File-Based Catalog of the bundle "quay.io/cryostat/cryostat-operator-bundle:3.0.0-dev" 
INFO[0007] Generated a valid File-Based Catalog         
INFO[0015] Created registry pod: quay-io-cryostat-cryostat-operator-bundle-3-0-0-dev 
INFO[0015] Created CatalogSource: cryostat-operator-catalog 
INFO[0015] OperatorGroup "operator-sdk-og" created      
INFO[0015] Created Subscription: cryostat-operator-v3-0-0-dev-sub

It doesn't look like it is making any progress to actually installing anything in the cryostat-operator-scorecard namespace however.

$ oc get all
Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
NAME                                                      READY   STATUS    RESTARTS   AGE
pod/quay-io-cryostat-cryostat-operator-bundle-3-0-0-dev   1/1     Running   0          4m21s

$ oc logs -f pod/quay-io-cryostat-cryostat-operator-bundle-3-0-0-dev
Defaulted container "registry-grpc" out of: registry-grpc, registry-grpc-init (init)
time="2024-04-18T14:40:46Z" level=info msg="starting pprof endpoint" address="localhost:6060"
time="2024-04-18T14:40:46Z" level=info msg="serving registry" configs=/cryostat-operator-catalog-configs port=50051
time="2024-04-18T14:40:46Z" level=info msg="stopped caching cpu profile data" address="localhost:6060"
^C

@andrewazores
Copy link
Member

I see what seems to be the same scorecard behaviour on main, so now I'm not sure if the problem is with my crc cluster or my approach to running scorecard tests...

@andrewazores
Copy link
Member

Okay, running with a different cluster has the scorecards running and passing as expected on main. With this PR they do run, but judging by the logs it's still deploying 2.5.0-snapshot:

...
		LOG:
			Importing certificate /truststore/operator/..2024_04_23_13_47_13.1523729528/cryostat-report-ca.crt ...
		Certificate was added to keystore
		[Storing /opt/cryostat.d/truststore.p12]
		+ exec java -XX:+CrashOnOutOfMemoryError -Dcom.sun.management.jmxremote.port=9091 -Dcom.sun.management.jmxremote.rmi.port=9091 -Djavax.net.ssl.trustStore=/opt/cryostat.d/truststore.p12 -Djavax.net.ssl.trustStorePassword=HDPxbU3-To9M_F3nNglHGz7mXzgXHLI1 -Dcom.sun.management.jmxremote.autodiscovery=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/tmp/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/tmp/jmxremote.access -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.keyStore=/var/run/secrets/operator.cryostat.io/cryostat-report-tls/keystore.p12 -Djavax.net.ssl.keyStorePassword=fwNAkcNNGIi9ZB7FJY81 -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -cp '/app/resources:/app/classes:/app/libs/cryostat-core-2.30.1.jar:/app/libs/common-8.2.0.jar:/app/libs/encoder-1.2.3.jar:/app/libs/lz4-java-1.8.0.jar:/app/libs/flightrecorder-8.2.0.jar:/app/libs/flightrecorder.rules-8.2.0.jar:/app/libs/flightrecorder.rules.jdk-8.2.0.jar:/app/libs/jdp-8.2.0.jar:/app/libs/nashorn-core-15.4.jar:/app/libs/asm-7.3.1.jar:/app/libs/asm-commons-7.3.1.jar:/app/libs/asm-analysis-7.3.1.jar:/app/libs/asm-tree-7.3.1.jar:/app/libs/asm-util-7.3.1.jar:/app/libs/openshift-client-6.7.2.jar:/app/libs/openshift-client-api-6.7.2.jar:/app/libs/openshift-model-6.7.2.jar:/app/libs/kubernetes-model-common-6.7.2.jar:/app/libs/jackson-annotations-2.15.0.jar:/app/libs/openshift-model-clusterautoscaling-6.7.2.jar:/app/libs/openshift-model-operator-6.7.2.jar:/app/libs/openshift-model-operatorhub-6.7.2.jar:/app/libs/openshift-model-machine-6.7.2.jar:/app/libs/openshift-model-whereabouts-6.7.2.jar:/app/libs/openshift-model-monitoring-6.7.2.jar:/app/libs/openshift-model-storageversionmigrator-6.7.2.jar:/app/libs/openshift-model-tuned-6.7.2.jar:/app/libs/openshift-model-console-6.7.2.jar:/app/libs/openshift-model-config-6.7.2.jar:/app/libs/openshift-model-machineconfig-6.7.2.jar:/app/libs/openshift-model-miscellaneous-6.7.2.jar:/app/libs/openshift-model-hive-6.7.2.jar:/app/libs/openshift-model-installer-6.7.2.jar:/app/libs/generex-1.0.2.jar:/app/libs/automaton-1.11-8.jar:/app/libs/kubernetes-client-6.7.2.jar:/app/libs/kubernetes-client-api-6.7.2.jar:/app/libs/kubernetes-model-core-6.7.2.jar:/app/libs/kubernetes-model-gatewayapi-6.7.2.jar:/app/libs/kubernetes-model-resource-6.7.2.jar:/app/libs/kubernetes-model-rbac-6.7.2.jar:/app/libs/kubernetes-model-admissionregistration-6.7.2.jar:/app/libs/kubernetes-model-apps-6.7.2.jar:/app/libs/kubernetes-model-autoscaling-6.7.2.jar:/app/libs/kubernetes-model-apiextensions-6.7.2.jar:/app/libs/kubernetes-model-batch-6.7.2.jar:/app/libs/kubernetes-model-certificates-6.7.2.jar:/app/libs/kubernetes-model-coordination-6.7.2.jar:/app/libs/kubernetes-model-discovery-6.7.2.jar:/app/libs/kubernetes-model-events-6.7.2.jar:/app/libs/kubernetes-model-extensions-6.7.2.jar:/app/libs/kubernetes-model-flowcontrol-6.7.2.jar:/app/libs/kubernetes-model-networking-6.7.2.jar:/app/libs/kubernetes-model-metrics-6.7.2.jar:/app/libs/kubernetes-model-policy-6.7.2.jar:/app/libs/kubernetes-model-scheduling-6.7.2.jar:/app/libs/kubernetes-model-storageclass-6.7.2.jar:/app/libs/kubernetes-model-node-6.7.2.jar:/app/libs/snakeyaml-engine-2.6.jar:/app/libs/jackson-dataformat-yaml-2.15.0.jar:/app/libs/snakeyaml-2.0.jar:/app/libs/jackson-datatype-jsr310-2.15.0.jar:/app/libs/jackson-databind-2.15.0.jar:/app/libs/jackson-core-2.15.0.jar:/app/libs/kubernetes-httpclient-okhttp-6.7.2.jar:/app/libs/okhttp-3.12.12.jar:/app/libs/okio-1.15.0.jar:/app/libs/logging-interceptor-3.12.12.jar:/app/libs/zjsonpatch-0.3.0.jar:/app/libs/dagger-2.47.jar:/app/libs/javax.inject-1.jar:/app/libs/commons-lang3-3.13.0.jar:/app/libs/commons-codec-1.16.0.jar:/app/libs/commons-io-2.13.0.jar:/app/libs/commons-validator-1.7.jar:/app/libs/commons-beanutils-1.9.4.jar:/app/libs/commons-digester-2.1.jar:/app/libs/commons-logging-1.2.jar:/app/libs/commons-collections-3.2.2.jar:/app/libs/httpclient-4.5.14.jar:/app/libs/httpcore-4.4.16.jar:/app/libs/vertx-web-4.4.9.jar:/app/libs/vertx-web-common-4.4.9.jar:/app/libs/vertx-auth-common-4.4.9.jar:/app/libs/vertx-bridge-common-4.4.9.jar:/app/libs/vertx-core-4.4.9.jar:/app/libs/netty-handler-4.1.108.Final.jar:/app/libs/netty-codec-4.1.108.Final.jar:/app/libs/netty-handler-proxy-4.1.108.Final.jar:/app/libs/netty-codec-socks-4.1.108.Final.jar:/app/libs/netty-codec-http-4.1.108.Final.jar:/app/libs/netty-codec-http2-4.1.108.Final.jar:/app/libs/netty-resolver-4.1.108.Final.jar:/app/libs/netty-resolver-dns-4.1.108.Final.jar:/app/libs/netty-codec-dns-4.1.108.Final.jar:/app/libs/vertx-web-client-4.4.9.jar:/app/libs/vertx-uri-template-4.4.9.jar:/app/libs/vertx-web-graphql-4.4.9.jar:/app/libs/graphql-java-20.4.jar:/app/libs/java-dataloader-3.2.0.jar:/app/libs/reactive-streams-1.0.3.jar:/app/libs/graphql-java-extended-scalars-20.2.jar:/app/libs/nimbus-jose-jwt-9.31.jar:/app/libs/jcip-annotations-1.0-1.jar:/app/libs/bcprov-jdk18on-1.76.jar:/app/libs/jasypt-1.9.3.jar:/app/libs/jasypt-hibernate5-1.9.3.jar:/app/libs/slf4j-api-1.7.36.jar:/app/libs/slf4j-jdk14-1.7.36.jar:/app/libs/gson-2.10.1.jar:/app/libs/caffeine-3.1.6.jar:/app/libs/jsoup-1.16.1.jar:/app/libs/hibernate-core-5.6.14.Final.jar:/app/libs/jboss-logging-3.4.3.Final.jar:/app/libs/javax.persistence-api-2.2.jar:/app/libs/byte-buddy-1.12.18.jar:/app/libs/antlr-2.7.7.jar:/app/libs/jboss-transaction-api_1.2_spec-1.1.1.Final.jar:/app/libs/jandex-2.4.2.Final.jar:/app/libs/classmate-1.5.1.jar:/app/libs/javax.activation-api-1.2.0.jar:/app/libs/hibernate-commons-annotations-5.1.2.Final.jar:/app/libs/jaxb-api-2.3.1.jar:/app/libs/jaxb-runtime-2.3.1.jar:/app/libs/txw2-2.3.1.jar:/app/libs/istack-commons-runtime-3.0.7.jar:/app/libs/stax-ex-1.8.jar:/app/libs/FastInfoset-1.2.15.jar:/app/libs/hibernate-types-55-2.21.1.jar:/app/libs/h2-2.1.214.jar:/app/libs/postgresql-42.7.2.jar:/app/libs/netty-transport-native-epoll-4.1.108.Final-linux-x86_64.jar:/app/libs/netty-common-4.1.108.Final.jar:/app/libs/netty-buffer-4.1.108.Final.jar:/app/libs/netty-transport-4.1.108.Final.jar:/app/libs/netty-transport-native-unix-common-4.1.108.Final.jar:/app/libs/netty-transport-classes-epoll-4.1.108.Final.jar:/opt/cryostat.d/clientlib.d/*' @/app/jib-main-class-file
		Apr 23, 2024 1:47:19 PM io.cryostat.configuration.ConfigurationModule provideConfigurationPath
		INFO: Local config path set as /opt/cryostat.d/conf.d
		Apr 23, 2024 1:47:19 PM org.hibernate.jpa.internal.util.LogHelper logPersistenceUnitInformation
		INFO: HHH000204: Processing PersistenceUnitInfo [name: io.cryostat]
		Apr 23, 2024 1:47:19 PM org.hibernate.Version logVersion
		INFO: HHH000412: Hibernate ORM core version 5.6.14.Final
		Apr 23, 2024 1:47:20 PM org.hibernate.annotations.common.reflection.java.JavaReflectionManager <clinit>
		INFO: HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
		Apr 23, 2024 1:47:20 PM org.hibernate.engine.jdbc.connections.internal.DriverManagerConnectionProviderImpl configure
		WARN: HHH10001002: Using Hibernate built-in connection pool (not for production use!)
		Apr 23, 2024 1:47:20 PM org.hibernate.engine.jdbc.connections.internal.DriverManagerConnectionProviderImpl buildCreator
		INFO: HHH10001005: using driver [org.h2.Driver] at URL [jdbc:h2:file:/opt/cryostat.d/conf.d/h2;INIT=create domain if not exists jsonb as varchar]
		Apr 23, 2024 1:47:20 PM org.hibernate.engine.jdbc.connections.internal.DriverManagerConnectionProviderImpl buildCreator
		INFO: HHH10001001: Connection properties: {password=****, user=cryostat-report}
		Apr 23, 2024 1:47:20 PM org.hibernate.engine.jdbc.connections.internal.DriverManagerConnectionProviderImpl buildCreator
		INFO: HHH10001003: Autocommit mode: false
		Apr 23, 2024 1:47:20 PM org.hibernate.engine.jdbc.connections.internal.DriverManagerConnectionProviderImpl$PooledConnections <init>
		INFO: HHH000115: Hibernate connection pool size: 20 (min=1)
		Apr 23, 2024 1:47:20 PM org.hibernate.dialect.Dialect <init>
		INFO: HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
		Apr 23, 2024 1:47:21 PM org.hibernate.resource.transaction.backend.jdbc.internal.DdlTransactionIsolatorNonJtaImpl getIsolatedConnection
		INFO: HHH10001501: Connection obtained from JdbcConnectionAccess [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator$ConnectionProviderJdbcConnectionAccess@6213df5] for (non-JTA) DDL execution was not in auto-commit mode; the Connection 'local transaction' will be committed and the Connection will be set into auto-commit mode.
		Apr 23, 2024 1:47:21 PM org.hibernate.engine.transaction.jta.platform.internal.JtaPlatformInitiator initiateService
		INFO: HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
		Apr 23, 2024 1:47:21 PM io.cryostat.Cryostat start
		INFO: cryostat started, version: v2.5.0-dev-123-gb2e0c30b.
		Apr 23, 2024 1:47:21 PM io.cryostat.net.SslConfiguration <init>
		INFO: Selected SSL KeyStore strategy with keystore /var/run/secrets/operator.cryostat.io/cryostat-report-tls/keystore.p12
		Apr 23, 2024 1:47:21 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.net.HttpServer Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : false,
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:21 PM io.cryostat.net.HttpServer lambda$start$0
		INFO: HTTPS service running on https://cryostat-report-cryostat-operator-scorecard.apps.rosa.qmrcn-oimow-95u.ok1t.p3.openshiftapps.com:443
		Apr 23, 2024 1:47:21 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.net.HttpServer Verticle [09c96827-869d-49ec-a00b-f41dfd0b21e2]
		Apr 23, 2024 1:47:21 PM io.cryostat.platform.PlatformModule provideAuthManager
		INFO: Selecting configured AuthManager "io.cryostat.net.openshift.OpenShiftAuthManager"
		Apr 23, 2024 1:47:21 PM io.cryostat.MainModule provideSavedRecordingsPath
		INFO: Local save path for flight recordings set as /opt/cryostat.d/recordings.d
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.net.web.WebServer Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : false,
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.net.web.WebServer Verticle [32afb6db-1614-4d61-b029-6593c5e2a1f5]
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.messaging.MessagingServer Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : false,
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.messaging.MessagingServer start
		INFO: Max concurrent WebSocket connections: 2147483647
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.messaging.MessagingServer Verticle [3310a9d7-8a5f-4a44-abc0-1195992a8f12]
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.rules.RuleProcessor Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : true,
		  "workerPoolName" : "io.cryostat.rules.RuleProcessor-worker",
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.rules.RuleProcessor Verticle [bcf9c803-3dfa-464c-b72f-277d41df6567]
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.recordings.RecordingMetadataManager Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : true,
		  "workerPoolName" : "io.cryostat.recordings.RecordingMetadataManager-worker",
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.recordings.RecordingMetadataManager Verticle [f9eaab4b-bb91-4dba-aa79-edd654d81628]
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.discovery.DiscoveryStorage Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : true,
		  "workerPoolName" : "io.cryostat.discovery.DiscoveryStorage-worker",
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.VerticleDeployer deploy
		INFO: Deploying io.cryostat.discovery.BuiltInDiscovery Verticle with options: {
		  "ha" : false,
		  "instances" : 1,
		  "maxWorkerExecuteTime" : 60000000000,
		  "maxWorkerExecuteTimeUnit" : "NANOSECONDS",
		  "worker" : true,
		  "workerPoolName" : "io.cryostat.discovery.BuiltInDiscovery-worker",
		  "workerPoolSize" : 20
		}
		Apr 23, 2024 1:47:22 PM io.cryostat.platform.internal.PodmanPlatformStrategy getPlatformClient
		INFO: Selected PodmanPlatformStrategy Strategy
		Apr 23, 2024 1:47:22 PM io.cryostat.platform.internal.DockerPlatformStrategy getPlatformClient
		INFO: Selected DockerPlatformStrategy Strategy
		Apr 23, 2024 1:47:22 PM io.cryostat.platform.internal.DefaultPlatformStrategy getPlatformClient
		INFO: Selected Default Platform Strategy
		Apr 23, 2024 1:47:22 PM io.cryostat.platform.internal.KubeApiPlatformStrategy getPlatformClient
		INFO: Selected KubeApiPlatformStrategy Strategy
		Apr 23, 2024 1:47:23 PM io.cryostat.platform.internal.KubeApiPlatformClient$1 lambda$initialize$0
		INFO: Started Endpoints SharedInformer for namespace "cryostat-operator-scorecard"
		Apr 23, 2024 1:47:23 PM io.cryostat.platform.internal.CustomTargetPlatformStrategy getPlatformClient
		INFO: Selected Default Platform Strategy
		Apr 23, 2024 1:47:23 PM io.cryostat.discovery.BuiltInDiscovery lambda$start$5
		INFO: Starting built-in discovery with CustomTargetPlatformClient
		Apr 23, 2024 1:47:23 PM io.cryostat.platform.internal.KubeApiPlatformStrategy getPlatformClient
		INFO: Selected OpenShiftPlatformStrategy Strategy
		Apr 23, 2024 1:47:23 PM io.cryostat.discovery.BuiltInDiscovery lambda$start$5
		INFO: Starting built-in discovery with KubeApiPlatformClient
		Apr 23, 2024 1:47:23 PM io.cryostat.platform.internal.KubeApiPlatformClient$1 lambda$initialize$0
		INFO: Started Endpoints SharedInformer for namespace "cryostat-operator-scorecard"
		Apr 23, 2024 1:47:23 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.discovery.BuiltInDiscovery Verticle [312fc126-00c5-44c6-be47-6d2a1c4082b8]
		Apr 23, 2024 1:47:23 PM io.cryostat.VerticleDeployer lambda$deploy$0
		INFO: Deployed io.cryostat.discovery.DiscoveryStorage Verticle [31576b66-f318-4ac2-bf6d-ffdb7bf7ce90]
		Apr 23, 2024 1:47:23 PM io.cryostat.recordings.RecordingMetadataManager lambda$start$7
		INFO: Starting archive migration
		Apr 23, 2024 1:47:23 PM io.cryostat.recordings.RecordingArchiveHelper lambda$migrate$0
		INFO: Skipping archive migration: appears to be a special location: file-uploads
		Apr 23, 2024 1:47:23 PM io.cryostat.recordings.RecordingMetadataManager lambda$start$7
		INFO: Successfully migrated archives
		Apr 23, 2024 1:47:23 PM io.cryostat.recordings.RecordingMetadataManager pruneStaleMetadata
		INFO: Beginning to prune potentially stale metadata...
		Apr 23, 2024 1:47:23 PM io.cryostat.recordings.RecordingMetadataManager lambda$start$7
		INFO: Successfully pruned all stale metadata
		Apr 23, 2024 1:47:26 PM org.slf4j.impl.JDK14LoggerAdapter fillCallerData
		INFO: 10.129.0.2 - - [Tue, 23 Apr 2024 13:47:26 GMT] 6ms "GET /health/liveness HTTP/1.1" 204 0 bytes "-" "kube-probe/1.27"
		Apr 23, 2024 1:47:27 PM io.cryostat.recordings.JvmIdHelper resolveId
		INFO: Observing new target: io.cryostat.platform.ServiceRef@12cad5c3[alias=cryostat-report-7dfb8bbfd6-xks7x,annotations=io.cryostat.platform.ServiceRef$Annotations@6f797b79[cryostat={HOST=10.129.0.59, PORT=9091, NAMESPACE=cryostat-operator-scorecard, POD_NAME=cryostat-report-7dfb8bbfd6-xks7x, REALM=KubernetesApi},platform={openshift.io/scc=restricted-v2, seccomp.security.alpha.kubernetes.io/pod=runtime/default, k8s.ovn.org/pod-networks={"default":{"ip_addresses":["10.129.0.59/23"],"mac_address":"0a:58:0a:81:00:3b","gateway_ips":["10.129.0.1"],"routes":[{"dest":"10.128.0.0/14","nextHop":"10.129.0.1"},{"dest":"172.30.0.0/16","nextHop":"10.129.0.1"},{"dest":"100.64.0.0/16","nextHop":"10.129.0.1"}],"ip_address":"10.129.0.59/23","gateway_ip":"10.129.0.1"}}, k8s.v1.cni.cncf.io/network-status=[{
		    "name": "ovn-kubernetes",
		    "interface": "eth0",
		    "ips": [
		        "10.129.0.59"
		    ],
		    "mac": "0a:58:0a:81:00:3b",
		    "default": true,
		    "dns": {}
		}]}],jvmId=<null>,labels={app=cryostat-report, pod-template-hash=7dfb8bbfd6, component=cryostat, kind=cryostat},serviceUri=service:jmx:rmi:///jndi/rmi://10-129-0-59.cryostat-operator-scorecard.pod:9091/jmxrmi]
...

@andrewazores
Copy link
Member

Trying this now:

$ make test-scorecard BUNDLE_IMG=quay.io/andrewazores/cryostat-operator-bundle:3.0.0-dev

@andrewazores
Copy link
Member 

  Normal   Pulling         32s (x3 over 72s)  kubelet            Pulling image "quay.io/cryostat/cryostat-operator-scorecard:3.0.0-20240404171904"
  Warning  Failed          31s (x3 over 72s)  kubelet            Failed to pull image "quay.io/cryostat/cryostat-operator-scorecard:3.0.0-20240404171904": rpc error: code = Unknown desc = reading manifest 3.0.0-20240404171904 in quay.io/cryostat/cryostat-operator-scorecard: manifest unknown
  Warning  Failed          31s (x3 over 72s)  kubelet            Error: ErrImagePull
  Normal   BackOff         5s (x4 over 71s)   kubelet            Back-off pulling image "quay.io/cryostat/cryostat-operator-scorecard:3.0.0-20240404171904"
  Warning  Failed          5s (x4 over 71s)   kubelet            Error: ImagePullBackOff

@ebaron @mwangggg how do I get this to run with my custom scorecard image? I tried building with OPERATOR_IMG, CUSTOM_SCORECARD_IMG, and BUNDLE_IMG set and pushed all the resulting images to my quay.io/andrewazores, but when I run the tests with the same variables set it still wants to run the wrong scorecard.

@andrewazores
Copy link
Member

Got help instructions from Ming, looks like I have the scorecard running for this PR now.

@andrewazores
Copy link
Member 

...

14:42:50 +0000] "GET /health/liveness HTTP/1.1" 204 -
		failed to store logs for container cryostat-recording in pod cryostat-recording-5c5bd696f5-x2sww: context deadline exceeded
		
		
		CRYOSTAT-RECORDING-JFR-DATASOURCE CONTAINER LOG:
		
			INFO exec -a "java" java -XX:MaxRAMPercentage=80.0 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -XX:-ExitOnOutOfMemoryError -Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -cp "." -jar /deployments/quarkus-run.jar 
		INFO running in /deployments
		__  ____  __  _____   ___  __ ____  ______ 
		 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 
		 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   
		--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   
		2024-04-23 14:32:23,613 INFO  [io.quarkus] (main) jfr-datasource 2.5.0-SNAPSHOT on JVM (powered by Quarkus 3.2.9.Final) started in 0.774s. Listening on: http://0.0.0.0:8989
		2024-04-23 14:32:23,669 INFO  [io.quarkus] (main) Profile prod activated. 
		2024-04-23 14:32:23,669 INFO  [io.quarkus] (main) Installed features: [cdi, reactive-routes, smallrye-context-propagation, vertx]
		failed to store logs for container cryostat-recording-jfr-datasource in pod cryostat-recording-5c5bd696f5-x2sww: context deadline exceeded
		


--------------------------------------------------------------------------------
Image:      quay.io/andrewazores/cryostat-operator-scorecard:3.0.0-20240423142402
Entrypoint: [cryostat-scorecard-tests cryostat-config-change]
Labels:
	"test":"cryostat-config-change"
	"suite":"cryostat"
Results:
	State: fail

	Errors:
		timed out waiting for the condition


--------------------------------------------------------------------------------
Image:      quay.io/andrewazores/cryostat-operator-scorecard:3.0.0-20240423142402
Entrypoint: [cryostat-scorecard-tests cryostat-report]
Labels:
	"suite":"cryostat"
	"test":"cryostat-report"
Results:
	State: fail

	Errors:
		client rate limiter Wait returned an error: context deadline exceeded


Error: error running tests context deadline exceeded
Usage:
  operator-sdk scorecard [flags]

Flags:
  -c, --config string            path to scorecard config file
  -h, --help                     help for scorecard
      --kubeconfig string        kubeconfig path
  -L, --list                     Option to enable listing which tests are run
  -n, --namespace string         namespace to run the test images in
  -o, --output string            Output format for results. Valid values: text, json, xunit (default "text")
      --pod-security string      option to run scorecard with legacy pod security context (default "legacy")
  -l, --selector string          label selector to determine which tests are run
  -s, --service-account string   Service account to use for tests (default "default")
  -x, --skip-cleanup             Disable resource cleanup after tests are run
  -b, --storage-image string     Storage image to be used by the Scorecard pod (default "quay.io/operator-framework/scorecard-storage@sha256:a3bfda71281393c7794cabdd39c563fb050d3020fd0b642ea164646bdd39a0e2")
  -t, --test-output string       Test output directory. (default "test-output")
  -u, --untar-image string       Untar image to be used by the Scorecard pod (default "quay.io/operator-framework/scorecard-untar@sha256:2e728c5e67a7f4dec0df157a322dd5671212e8ae60f69137463bd4fdfbff8747")
  -w, --wait-time duration       seconds to wait for tests to complete. Example: 35s (default 30s)

Global Flags:
      --plugins strings   plugin keys to be used for this subcommand execution
      --verbose           Enable verbose logging

FATA[1200] error running tests context deadline exceeded 
INFO[0000] subscription "cryostat-operator-v3-0-0-dev-sub" deleted 
INFO[0000] customresourcedefinition "cryostats.operator.cryostat.io" deleted 
INFO[0001] clusterserviceversion "cryostat-operator.v3.0.0-dev" deleted 
INFO[0001] catalogsource "cryostat-operator-catalog" deleted 
INFO[0001] operatorgroup "operator-sdk-og" deleted      
INFO[0001] Operator "cryostat-operator" uninstalled     
serviceaccount "cryostat-scorecard" deleted
role.rbac.authorization.k8s.io "cryostat-scorecard" deleted
clusterrole.rbac.authorization.k8s.io "cryostat-scorecard" deleted
rolebinding.rbac.authorization.k8s.io "cryostat-scorecard" deleted
clusterrolebinding.rbac.authorization.k8s.io "cryostat-scorecard" deleted
Error from server (NotFound): secrets "registry-key" not found
namespace "cryostat-operator-scorecard" deleted
make: *** [Makefile:177: test-scorecard] Error 1

@andrewazores
Copy link
Member

Elliott suggests the failure could be because the scorecard tests assume cert-manager is available and enabled, but the state this PR is in right now it only results in a functioning deployment when cert-manager/TLS are disabled. So we can try changing the tests to instead turn off the cert-manager integration via the CR, or else maybe we leave the tests failing for now. There should be a follow-up PR to add oauth2_proxy/openshift-oauth-proxy to the deployment, which will also be where the cert-manager integration should happen for 3.0, so maybe it makes sense to address the scorecard tests at that point.

@ebaron
Copy link
Member

ebaron commented Apr 23, 2024

Elliott suggests the failure could be because the scorecard tests assume cert-manager is available and enabled, but the state this PR is in right now it only results in a functioning deployment when cert-manager/TLS are disabled. So we can try changing the tests to instead turn off the cert-manager integration via the CR, or else maybe we leave the tests failing for now. There should be a follow-up PR to add oauth2_proxy/openshift-oauth-proxy to the deployment, which will also be where the cert-manager integration should happen for 3.0, so maybe it makes sense to address the scorecard tests at that point.

I'm fine with leaving the tests failing for now. It also serves as a reminder to fix them before release, so we don't forget to re-enable cert-manager there.

@andrewazores
Copy link
Member

Okay, just re-verified that DISABLE_SERVICE_TLS=true DEPLOY_NAMESPACE=$(oc project -q) make install deploy is at least still working, and it is. Let's merge this into the upstream feature branch, I'll rebase #795 and get it reviewed and merged, and then we can tackle getting the authproxies deployed and integrated with cert-manager, and then finally fix up the scorecard tests. Sound ok @ebaron ?

@ebaron
Copy link
Member

ebaron commented Apr 23, 2024

Okay, just re-verified that DISABLE_SERVICE_TLS=true DEPLOY_NAMESPACE=$(oc project -q) make install deploy is at least still working, and it is. Let's merge this into the upstream feature branch, I'll rebase #795 and get it reviewed and merged, and then we can tackle getting the authproxies deployed and integrated with cert-manager, and then finally fix up the scorecard tests. Sound ok @ebaron ?

Sounds good

@andrewazores andrewazores merged commit 53d2b73 into cryostatio:cryostat3 Apr 23, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebaron ebaron ebaron left review comments

@andrewazores andrewazores andrewazores left review comments

Assignees
No one assigned
Labels
breaking change This change (potentially) breaks API compatibility and requires corresponding changes elsewhere feat New feature or request safe-to-test
Projects
No open projects
3.0.0 release
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Josh-Matsuoka @andrewazores @ebaron @tthvo @mwangggg