...
Starting the API server
- eval $(docker run --rm -t ndslabs/system-shell usage docker)
- git clone https://github.com/craig-willis/ndslabs-startup
- cd ndslabs-startup
- ./kube-up.sh
- ./ndslabs-up.sh
...
- If needed, download the latest
...
- copy of
...
- ndslabsctl
- wget
...
...
If the API server is running under docker or Kubernetes, you will need to specify the server address. This can be done on the commandline using the --server flag or by creating a .ndslabsctl.yaml file in your home directory. For example:
APISERVER=`kubectl describe svc ndslabs-apiserver | grep ^IP | awk '{print $2}'`
echo "server: http://$APISERVER:8083" > ~/.ndslabsctl.yaml
Global preconditions
- Kubernetes is running
- API Server is running either as a Kubernetes service or as a standalone Docker container
- ndslabsctl has been installed and is in your path
Help
- Preconditions: none
- Test steps:
ndslabsctl
ndslabsctl -h
ndslabsctl --help
- Expected results
- Any of these commands should display the help/usage information
Authentication/authorization
Login
Preconditions:
Project has been created or admin user
- Test steps:
- ndslabsctl login admin
- ndslabsctl login <user>
- Prompted for password
- Expected results:
- Login succeeded
- Alternative flows
- Invalid username or password results in login error
- Notes:
- Login information is stored in ~/.apictl/.passwd. This files contains the currently logged in user and an authentication token. Removing this file is the equivalent of logging out
Logout
- Preconditions
- User is logged in
- Test steps
- ndslabsctl logout
- ndslabsctl list services
- Expected results:
- List command results in "unauthorized"
Change password
- Preconditions:
- User is logged in
- Test steps
- ndslabsctl login <user>
- ndslabsctl passwd
- Enter current password
- Enter new password
- Confirm new password
- Expected results
- Password is changed
Project administration
Add project (admin only)
- Preconditions:
- Admin is logged in
- Test steps
- ndslabsctl add project <name> <password>
- ndslabsctl add project -f <project.json>
- ndslabsctl add project --file <project.json>
- Expected results
- Project is added. User can login with specified name and password
- Alternate flows
- Project exists with same name (409 conflict)
- Logged in user is not admin (401 unauthorized)
Sample project file:
{
"name": "test",
"description": "testacct",
"namespace": "test",
"password": "123456"
}
Delete project (admin only)
- Preconditions
- Admin is logged in
- Test steps
- ndslabsctl delete project <project>
- Expected results
- Project is deleted
- Alternate flows:
- Project does not exist (404 not found)
- Problem: currently results in 500
- User is not admin (401 unauthorized)
- Project does not exist (404 not found)
Get project details (admin or current project only)
- Preconditions
- Admin is logged in or current project user is logged in
- Test steps
- ndslabsctl get project <project>
- Expected results
- Displays project details (as json)
- Password is redacted
- Alternate flows:
- Project does not exist (404)
- User is not admin and project is not current project (401 unauthorized)
List projects
- Preconditions
- Admin is logged in
- Test steps
- ndslabsctl list projects
- Expected results
- Projects are listed
- Problem: ID is displayed
- Problem: ID is displayed
- Projects are listed
Service administration
Add service (admin only)
- Preconditions:
- Admin is logged in
- Test steps
- ndslabsctl add service -f <service.json>
- ndslabsctl add service --file <service.json>
- Expected results
- Service is added. User can add service/stack.
- Alternate flows
- Service exists with same key (409 conflict)
- Logged in user is not admin (401 unauthorized)
- Notes:
- See ndslabs-specs repos for sample services
Delete service (admin only)
...
- Admin is logged in
...
- ndslabsctl delete service <key>
...
- Service is deleted
...
- Project does not exist (404 not found)
- User is not admin (401 unauthorized)
- Not logged in (401)
- Not admin user (401)
- Service is in use by projects (409)
- Service required by other services (409)
- No such service (404)
- /ndslabsctl-linux-amd64 -O /usr/local/bin/ndslabsctl
- chmod +x ndslabsctl
- If testing a new version of API server
- vi /usr/local/lib/ndslabs/apiserver
- Change latest -> test
- docker rmi ndslabs/apiserver:test
- ndslabs-up.sh
- "ndslabsctl list projects" to confirm things are working
Global preconditions
- Kubernetes is running
- API Server is running either as a Kubernetes service or as a standalone Docker container
- ndslabsctl has been installed and is in your path
Help
- Preconditions: none
- Test steps:
ndslabsctl
ndslabsctl -h
ndslabsctl --help
- Expected results
- Any of these commands should display the help/usage information
Account administration
Add account (admin only)
- Test steps
- ndslabsctl add account <name> <password>
- ndslabsctl add account -f <account.json>
- ndslabsctl add account --file <account.json>
- Expected results
- Prompted for admin password
- Account is added. User can login with specified name and password
- Alternate flows
- Account exists with same name (409 conflict)
- Incorrect admin password (401 unauthorized)
- Sample Data:
Code Block language js { "id": "demo", "name": "demo account", "description": "demo account description", "namespace": "demo", "password": "12345", "storageQuota": "10", "resourceLimits": { "cpuMax": "2", "cpuDefault": "1", "memMax": "8Gi", "memDefault": "100Mi", "storageQuota": "10" } }
- Test steps
Delete account (admin only)
- Test steps
- ndslabsctl account project <account>
- Expected results
- Prompted for admin password
- Account is deleted
- Alternate flows:
- Account does not exist (404 not found)
Incorrect admin password (401 unauthorized)
- Test steps
Get account details (admin or current project only)
- Preconditions
- Admin is logged in or current account user is logged in
- Test steps
- ndslabsctl get account <account>
- Expected results
- Displays account details (as json)
- Password is redacted
- Alternate flows:
- Account does not exist (404)
- Account is not current project (401 unauthorized)
- Preconditions
List accounts
- Test steps
- ndslabsctl list accounts
- Expected results
- Prompted for admin password
- Accounts are listed
- Alternate flows:
- Incorrect admin password (401 unauthorized)
Authentication/authorization
Login
Preconditions:
Account has been created
- Test steps:
- ndslabsctl login <user>
- Prompted for password
- Expected results:
- Login succeeded
- Alternative flows
- Invalid username / password (401 unauthorized)
- Notes:
- Login information is stored in ~/.apictl/.passwd. This files contains the currently logged in user and an authentication token. Removing this file is the equivalent of logging out
- Possible Issues:
- It is possible to execute login while already logged in.
- This may be intentional to allow you to easily switch namespaces.
- Won't fix, for now
- It is possible to execute login while already logged in.
Logout
- Preconditions
- User is logged in
- Test steps
- ndslabsctl logout
- ndslabsctl list services
- Expected results:
- List command results in "unauthorized"
Change password
- Preconditions:
- User is logged in
- Test steps
- ndslabsctl login <user>
- ndslabsctl passwd
- Enter current password
- Enter new password
- Confirm new password
- Alternate flows:
- User not logged in (401 unauthorized)
- Invalid password
- Password mismatch yield error message: "Passwords do not match"
- Expected results
- Password is changed
Service administration
...
Get service details
- Preconditions
- User is logged in
- Test steps
- ndslabsctl get service <key>
- Expected results
- Displays service spec (as json). Defaults to user catalog
- Alternate flows:
- Service does not exist (404)
- Service does not exist (404)
- Preconditions
List
...
services
- Preconditions
- User is logged in
- Test steps
- ndslabsctl list services
- ndslabsctl list services -c system
- ndslabsctl list services -c user
- ndslabsctl list services -c all
- Expected results
- Services are listed
...
List services does not seem to show custom services:
Code Block language bash $ etcdctl ls /ndslabs/services /ndslabs/services/rabbitmq /ndslabs/services/dataverse /ndslabs/services/dvicat /ndslabs/services/logspout /ndslabs/services/logstash /ndslabs/services/mongo /ndslabs/services/rserve /ndslabs/services/icat /ndslabs/services/thisisnewservice <<<<< Custom Service added /ndslabs/services/plantcv /ndslabs/services/videopreview /ndslabs/services/solr /ndslabs/services/kibana /ndslabs/services/cloudbrowser /ndslabs/services/cloudbrowserui /ndslabs/services/clowder /ndslabs/services/elasticsearch /ndslabs/services/imagepreview /ndslabs/services/postgres /ndslabs/services/tworavens /ndslabs/services/elasticsearch2 $ ndslabsctl list services SERVICE DEPENDENCY REQUIRED icat cloudbrowserui (optional) kibana elasticsearch2 (required) logstash (required) logspout (required) clowder mongo (required) imagepreview (optional) videopreview (optional) elasticsearch (optional) plantcv (optional) dataverse postgres (required) solr (required) rserve (required) tworavens (optional) dvicat (optional)
- for the specified catalog (Default: user)
- Alternate flows:
- User not logged in (401 unauthorized)
Add service
- Test steps
- ndslabsctl add service -f <service.json> -c <catalog>
- Expected results
- Prompted for admin password
- Service is added to the specified catalog (default: user). Only admin user can add to system catalog
- "ndslabsctl list services" now shows added service
- Alternate flows
- Service exists with same key (409 conflict)
- Problem: value is replaced in etcd instead of error thrown - this may be intentional
- Should not replace service if being used in a stack
- Prompt for confirmation on replace?
- Problem: value is replaced in etcd instead of error thrown - this may be intentional
- Incorrect admin password (401 unauthorized)
- Service exists with same key (409 conflict)
- Sample Data:
Code Block language js { "key": "whalesay", "label": "Docker Whalesay Example", "image": "ndslabs/cowsay-php", "description": "An example of a custom spec loaded into NDSLabs", "isStack": true, "isService": true, "isPublic": true, "isStandalone": true, "ports": [ { "port": 80, "protocol": "http" } ] }
- Test steps
Delete service
- Test steps
- ndslabsctl delete service <key> -c <catalog>
- Expected results
- Prompted for admin password
- Service is deleted from the specified catalog
- Default catalog is user
- Admin user required to delete from system catalog
- "ndslabsctl list services" no longer shows deleted service
- Alternate flows:
- Incorrect admin password (401 unauthorized)
- Service is in use by projects (409)
- Service required by other services (409)
- No such service (404)
- Test steps
Volume administration
Create volume
- Preconditions
- Logged in
- Sufficient quota remaining (not implemented)
- Service exists with no existing attachments
- Service not running
- Test steps
- ndslabsctl add volume <vol name> <vol size GB>
- Creates a detached volume
- ndslabsctl add volume <vol name> <vol size GB> <sid>
- Creates and attaches volume
- ndslabsctl add volume <vol name> <vol size GB>
- Expected results
- Volume is created
- Volume is created and attached
- Alternate flows
- Not logged in (401)
- Insufficient quota (409) (not implemented)
Duplicate name (409)- NDS-181 now allows duplicate volume names
- Stack service already has a volume attached (409)
- Stack service doesn't exist (404)
- Preconditions
Attach volume
- Preconditions:
- Logged in
- Volume exists
- Service exists with no existing attachments
- Service not running
- Test steps
- ndslabsctl attach <vol name> <sid>
- Expected results
- Volume is attached to specified service
- Alternate flows
- Not logged in (401)
- Volume doesn't exist (404)
- Service doesn't exist (404)
- Service is running (409)
- Volume is attached (409)
- Problem: Reattaches volume to new service without throwing error
- Issues:
- It is possible to attach a single volume to any kind of service. This may be intentional.
- Preconditions:
Volume administration
- Create / delete volume feel a bit inconsistent
Create volume
- Preconditions
- Logged in
- Sufficient quota remaining (not implemented)
- Test steps
- ndslabsctl create <vol name> <vol size GB>
- Creates a detached volume
- ndslabsctl create <vol name> <vol size GB> <sid>
- Creates and attaches volume
- ndslabsctl create <vol name> <vol size GB>
- Expected results
- Volume is created
- Volume is created and attached
- Alternate flow
- Not logged in (401)
- Insufficient quota (409) (not implemented)
- Duplicate name (409)
- Stack doesn't exist (404)
Attach volume
- Preconditions:
- Logged in
- Volume exits
- Service exists with no existing attachments
- Service not running
- Test steps
- ndslabsctl attach <vol name> <sid>
- Expected results
- Volume is attached to specified service
- Alternate flow
- Not logged in (401)
- Volume doesn't exist (404)
- Service doesn't exist (404)
- Service is running (409)
- Volume is attached (409)
List volumes
- Preconditions
- Logged in
- Volumes exist
- Test steps
- ndslabsctl list volumes
- Expected results
- Volume details are displayed
Alterate flow- Preconditions
- Alternate flows
- Not logged in (401)
- No volumes exist (200)
- Alternate flows
Detach volume
- Preconditions
- Logged in
- Volume exists and is attached
- Stack not running
- Test steps
- ndslabsctl detach <vol name>
- Expected results
- Volume is detached
- Alternative
flow- Preconditions
- flows
- Not logged in (401)
- Volume doesn't exist (404)
- Stack is running (409)
Volume isn- flows
- Problem: Was able to detach from running stack without error
- Resolved
- Volume isn't attached (409)
- Problem: Was able to detach multiple times without error
- Resolved
Delete volume
- Preconditions
- Logged in
- Volume exists
- Stack not running
- Test case:
- ndslabsctl delete <vol name>
- Expected results:
- Volume is deleted
- Alternative
flow- Preconditions
- flows
- Not logged in (401)
- Volume doesn't exist (404)
- Stack is running (409)
- flows
Stack administration
- Admin user can create / start / stop stacks. We will need to revisit the workflow for admin.
Add stack
...
- Preconditions
- Logged in
- Service exists
- Test steps
- ndslabsctl add stack <key> <name>
- ndslabsctl add stack <key> <name> --opt=<comma-separated list of optional services>
- Expected results
- Stack is added
- Alternate
flow- Preconditions
- flows
- Not logged in (401)
- Service doesn't exist (404)
Duplicate stack name (409)- NDS-181 now allows duplicate stack names
- flows
List stacks
List stacks
- Preconditions:
- Logged in
- Stack has been added
- Test steps
- ndslabsctl list stacks
- Expected results
- Summary of stacks is displayed (name, services, status, SIDs)
- Alternate flow:
- Not logged in (401)
- No stacks (empty list)
- Preconditions:
Delete stack
- Preconditions:
- Logged in
- Stack exists
- Stack not running
- Test steps
- ndslabsctl delete stack <sid>
- Stack is deleted (201)
- Alternate
flow- Preconditions:
- flows
- Not logged in (401)
- Stack doesn't exist (404)
- Stack is running (409)
- Attached volumes are orphaned
- flows
Get stack details
- Preconditions:
- Logged in
- Stack exists
- Test steps
- ndslabsctl get stack <sid>
- Expected results
- Stack details, including endpoints and config, are displayed
- Alternate
flow- Preconditions:
- flows
- Not logged in (401)
- Stack doesn't exist (404)
- flows
Start stack
- Preconditions
- Logged in
- Stack exists and started
- Test steps
- ndslabsctl start <sid>
- Expected results
- All stack services (service, replication controller, pods) are started and ready
- Alternate
flow- Preconditions
- flows
- Not logged in (401)
- Stack doesn't exist (404)
- Stack not started or stopping (409)
- flows
- Issues:
Throws a 500 error, but still seems to send stack to "starting" state
Code Block language bash $ ndslabsctl start sc6c63 Error starting sc6c63: 500 Internal Server Error core@lambert-test ~/ndslabs-startup $ ndslabsctl list stacks STACK SERVICE STATUS SID ELK stopped sb8rvt kibana sb8rvt-kibana elasticsearch2 sb8rvt-elasticsearch2 logstash sb8rvt-logstash logspout sb8rvt-logspout TERRA starting sc6c63 clowder sc6c63-clowder mongo sc6c63-mongo
Stop stack
- Preconditions
- Stack started
- Test steps
- ndslabsctl stop <sid>
- Expected results
- Stack service, replication controller, pods are stopped (200)
- Alternative flow
- Not logged in (401)
- Stack does not exist (404)
- Stack not started (200)
Configuration
Get stack service configuration
- Preconditions
- Logged in
- Stack exists
- Test case:
- ndslabsctl get configs <sid>
- Expected results:
- Current service configuration options and settings are displayed
- Problem: resulting in 500 now
- Alternative flow
- Not logged in (401)
- Stack doesn't exist (404)
- Issues:
Only prints usage:
Code Block language bash $ ndslabsctl get configs sc6c63 Get service or resource details Usage: apictl get [command] Available Commands: service Get service details stack Get stack details project Get project details Global Flags: --config string config file (default is $HOME/.ndslabsctl.yaml) -s, --server string API server host address (default "http://localhost:8083") -v, --verbose Verbose output Use "apictl get [command] --help" for more information about a command.
Set stack service configuration option
- Preconditions
- Logged in
- Stack exists
- Config exists
- Test case:
- ndslabsctl set <sid> <name> <value>
- Expected results:
- Specified configuration setting os overriden for the service
- Alternative flow
- Not logged in (401)
- Stack doesn't exist (404)
- Config doesn't exist or is not overridable (409)
- Issues:
Throws a stack trace when trying to set config on clowder:
Code Block language bash $ ndslabsctl set sc6c63 TOOLMANAGER_URI "123.456.789.0:8082" panic: runtime error: slice bounds out of range goroutine 1 [running]: panic(0x8ed380, 0xc820012060) /usr/local/go/src/runtime/panic.go:464 +0x3e6 github.com/ndslabs/apictl/cmd.glob.func23(0xc198a0, 0xc82000fa40, 0x3, 0x3) /go/src/github.com/ndslabs/apictl/cmd/set.go:26 +0x1052 github.com/spf13/cobra.(*Command).execute(0xc198a0, 0xc82000f920, 0x3, 0x3, 0x0, 0x0) /go/src/github.com/spf13/cobra/command.go:569 +0x85a github.com/spf13/cobra.(*Command).ExecuteC(0xc196a0, 0xc198a0, 0x0, 0x0) /go/src/github.com/spf13/cobra/command.go:656 +0x55c github.com/spf13/cobra.(*Command).Execute(0xc196a0, 0x0, 0x0) /go/src/github.com/spf13/cobra/command.go:615 +0x2d github.com/ndslabs/apictl/cmd.Execute() /go/src/github.com/ndslabs/apictl/cmd/root.go:73 +0x27 main.main() /go/src/github.com/ndslabs/apictl/main.go:12 +0x25
Other
View stack service logs
...
- Logged in
- Stack exists
- Stack started
- Config exists
...
- ndslabsctl logs <sid>
- ndslabsctl logs <sid> --lines=<lines>
...
- Logs are displayed
- Last n log lines are displayed
Stop stack
- Preconditions
- Stack started
- Test steps
- ndslabsctl stop <sid>
- Expected results
- Stack service, replication controller, pods are stopped (200)
- Alternative flow
- Not logged in (401)
- Stack does not exist (404)
- Stack not started (200)
- Preconditions
Configuration
List configuration options for spec
- Preconditions
- Logged in
- Service exists
- Test case:
- ndslabsctl list configs <service key(s)>
- Expected results:
- Possible service configuration options are displayed
- Alternative flow
- Not logged in (401)
- Service does not exist (404)
- Problem: currently throws 500 error
- Resolved – if one fails, all fail
- Issues:
- Help text references "service ids", should be "service keys" for consistency
- Resolved
- Preconditions
Get stack service configuration
- Preconditions
- Logged in
- Stack exists
- Test case:
- ndslabsctl get stack <stack id>
- Expected results:
- Current service configuration options and settings are displayed
- Alternative flow
- Not logged in (401)
- Stack does not exist (404)
- Problem: currently throws 500 error
- Works for me
- Preconditions
Set stack service configuration option
- Preconditions
- Logged in
- Stack exists
- Config exists
- Test case:
- ndslabsctl set <stack service id> <name> <value>
- Expected results:
- Specified configuration setting os overriden for the service
- Alternative flow
- Not logged in (401)
- Stack doesn't exist (404)
- Problem: currently throws 500 error
- Resolved
Config doesn't exist or is not overridable (409)
- Problem: No output given, appears to be no-op?
- Resolved
- Preconditions
Other
View stack service logs
- Preconditions
- Logged in
- Stack exists
- Stack started
- Config exists
- Test case:
- ndslabsctl logs <sid>
- ndslabsctl logs <sid> --lines=<lines>
- Expected results:
- Logs are displayed
- Last n log lines are displayed
- Alternative flow
- Not logged in (401)
- Stack doesn't exist (404)
- Problem: currently throws 500 error
- Stack is not running (404)
- Problem: No output given, appears to be no-op?
- Preconditions
Console access
- Preconditions
- Logged in
- Stack exists
- Stack started
- Test case
- ndslabsctl console <ssid>
- Alternative flow
- Not logged in (401)
- Stack service doesn't exist (404)
- Stack not running (404)
- Preconditions
API Server Startup
Kubernetes token authentication
- Preconditions
- Kubernetes started with token authentication enabled for kube-apiserver
- Tokens are
- Test case
- Configure apiserver.conf Kubernetes section
- TokenPath=/run/secrets/kubernetes.io/serviceaccount/token
- Start NDS Labs (e.g., ndslabs-up)
- Tail the apiserver log and look for successful startup
- Configure apiserver.conf Kubernetes section
- Expected results
- Successful server startup (i.e., you do not see the error "Kubernertes API not availble"
- Alternative flow
- Invalid token path
- Token authentication not supported by kube-apiserver
- Preconditions
Resource management
Add account with resource limits
- Test steps
- ndslabsctl add account -f <account.json>
- Expected results
- Prompted for admin password
- Account is added
- kubectl describe quota --namespace=demo returns specified quotas
- kubectl describe limitranges --namespace=demo returns specified limit ranges
- Sample Data:
Code Block { "id": "demo", "name": "demo project", "description": "demo project description", "namespace": "demo", "password": "12345", "storageQuota": 10, "resourceLimits": { "cpuMax": "2", "cpuDefault": "1", "memMax": "8Gi", "memDefault": "100Mi" } }
- 5/19: OK (NDS-205)
- Test steps
Start stack with resource limits
- Prerequisites:
- Test services have been added
- User is logged in
- Test steps
- Add "Dataverse" service
- Expected results
- Services start as expected
For each pod, "kubectl get pod <pod> --namespace=<ns> -o wide" shows a "resources" section, such as:
Code Block "resources": { "limits": { "cpu": "100m", "memory": "500Mi" }, "requests": { "cpu": "100m", "memory": "500Mi" } }
- Resources and limits match those specified on the service spec
- 5/19: OK (NDS-205)
- Prerequisites:
Start stack: Too big
- Prerequisites:
- Test services have been added
- User is logged in
- Test steps
- Add "Test - Too Big" service
- Expected results
- Stack service is in error state
- 5/19: OK (NDS-205)
- Prerequisites:
Start stack: Memory Hog
- Prerequisites:
- Test services have been added
- User is logged in
- Test steps
- Add "Test - Memory Hog" service
- Expected results
- Stack service starts, but quickly enters error state
- Log shows
- Reason="OOMKilled"
- 5/19: OK (NDS-205)
- Prerequisites:
Start stack: No such image
- Prerequisites:
- Test services have been added
- User is logged in
- Test steps
- Add "Test - No Image" service
- Expected results
- Stack service starts, but quickly enters error state
- Log shows
Reason=Failed, Message=Failed to pull image "xyzzy": Error: image library/xyzzy not found
- 5/19: OK (NDS-205)
- Prerequisites:
Start stack: Bad dependency
- Prerequisites:
- Test services have been added
- User is logged in
- Test steps
- Add "Test - Bad dependency" service
- Expected results
- "No image" service is in error state, "Bad dependency" service is in "stopped" state
- Log shows
Reason=Failed, Message=Failed to pull image "xyzzy": Error: image library/xyzzy not found
- 5/19: OK (NDS-205)
- Prerequisites:
Ingress/LoadBalancer support
Single-node, NodePort, no TLS
This first test case demonstrates how to configure a single-node instance using NodePort without TLS;
- Prerequisites
- Kubernetes is running
- Assumes single-node installation
- Test steps
- Modify apiserver.yaml
- CORS_ORIGIN_ADDR = http://<public ip>:30000
- INGRESS = NodePort
- PREFX=/api
- Modify gui.yaml
- APISERVER_HOST = <public ip>
- APISERVER_PORT = 30001
- UI_BASE_PATH = /ui
- kubectl create -f gui.yaml
- kubectl create -f apiserver.yaml
- kubectl label nodes 127.0.0.1 ndslabs-role=compute
- Open browser to: http://<public ip>:30000/ui/
- Configure basic Clowder, launch stack
- Confirm Clowder endpoint link points to NodePort (http://publicip:NodePort)
- Modify apiserver.yaml
- Prerequisites
Single-node, LoadBalancer + TLS
- Prerequisites
- Kubernetes is running
- Assumes single-node installation
- Wildcard CNAME entry for *.test.ndslabs.org pointing to single node IP
- Test steps
- Generate wildcard TLS certificate and key
- Prerequisites
Code Block |
---|
openssl genrsa 2048 > certs/ndslabs.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key certs/ndslabs.key > certs/ndslabs.cert
#[enter *.test.ndslabs.org for the Common Name]
cat certs/ndslabs.cert certs/ndslabs.key > certs/ndslabs.pem
chmod 400 certs/ndslabs.key certs/ndslabs.pem |
- git clone https://github.com/craig-willis/ndslabs-startup
- cd ndslabs-startup
- ./ndslabs-up.sh
- Domain name: test.ndslabs.org
- Internal IP: accept default
- Open browser to:
- https://www.test.ndslabs.org/ui/ (Accept certificate)
- Configure basic Clowder, launch stack
- Confirm endpoint URI link points to ingress host (https://stackservice.test.ndslabs.org)
- A few kubectl checks
- kubectl get secrets --namespace=default
- ndslabs-tls-secret
- kubectl get ingress --namespace=default
- ndslabs-ingress with rules for /api and /ui
- kubectl get secret --namespace=demo
- demo-tls-secret
- kubectl get ingress --namespace=demo
- stack-clowder-ingress with rule for clowder "/"
- kubectl get secrets --namespace=default
- Stop the stack
- Confirm ingress deleted
- kubectl get ingress --namespace=demo
- Confirm ingress deleted
- Delete project
- ndslabsctl delete project demo
- Confirm secret deleted
- kubectl get secret --namespace=demo
Multi-node, LoadBalancer + TLS
- Prerequisites
- Kubernetes is running
- Assumes multi-node installation
- Wildcard CNAME entry for *.test.ndslabs.org pointing to load balancer node
- Assumes loadbalancer and default-backend services already deployed
- Test steps
- Generate wildcard TLS certificate and key
- Prerequisites
Code Block |
---|
openssl genrsa 2048 > certs/ndslabs.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key certs/ndslabs.key > certs/ndslabs.cert
#[enter *.test.ndslabs.org for the Common Name]
cat certs/ndslabs.cert certs/ndslabs.key > certs/ndslabs.pem
chmod 400 certs/ndslabs.key certs/ndslabs.pem |
- git clone https://github.com/craig-willis/ndslabs-startup
- cd ndslabs-startup
- ./ndslabs-up-multinode.sh
- Domain name: test.ndslabs.org
- Internal IP: accept default
- Open browser to:
- https://www.test.ndslabs.org/ui/ (Accept certificate)
- Configure basic Clowder, launch stack
- Confirm endpoint URI link points to ingress host (https://stackservice.test.ndslabs.org)
- A few kubectl checks
- kubectl get secrets --namespace=default
- ndslabs-tls-secret
- kubectl get ingress --namespace=default
- ndslabs-ingress with rules for /api and /ui
- kubectl get secret --namespace=demo
- demo-tls-secret
- kubectl get ingress --namespace=demo
- stack-clowder-ingress with rule for clowder "/"
- kubectl get secrets --namespace=default
- Stop the stack
- Confirm ingress deleted
- kubectl get ingress --namespace=demo
- Confirm ingress deleted
- Delete project
- ndslabsctl delete project demo
- Confirm secret deleted
- kubectl get secret --namespace=demo
...
...