Infrastructure Testing
This section describe how to test each individual service that compose the Keyless Stack
Testing the correct deployment of Keyless service can be done with the following methods.
Testing Service Manually
Circuit Storage
To test the correct configuration of Circuit Storage it is possible to use the following commands to upload a file from your local environment to the storage.
If Circuit Storage is exposed outside the cluster ( meaning it has been deployed with publicRoute: true
) you can issue the following command to test the service
If Circuit Storage is not exposed with an Ingress object or it is not possible to reach it directly from outside the cluster you can issue a port-forward command so that the Circuit Storage service is exposed on localhost:
Then it is possible to issue the following command from your local machine to upload a test file
Keyless Node
It is possible to test Keyless Node, running a dedicated docker testing container as shown below:
As the docker is hosted on our quay.io registry make sure to be authenticated to it before running the command.
Operations API
To test the correct configuration of Operations API it is possible to use the following commands to upload a file from your local environment to the storage.
If Operations API is exposed outside the cluster ( meaning it has been deployed with publicRoute: true
) you can issue the following command to test the service:
If Operations API is not exposed with an Ingress object or it is not possible to reach it directly from outside the cluster you can issue a port-forward command so that the Circuit Storage service is exposed on localhost:
Then it is possible to issue the following command to read an operation-id, given that it is available in the database:
Testing Services Automatically
Starting from release 0.1.3 it is possible to test Keyless deployment automatically, using helm testing feature as show below
After deploying the Keyless service stack successfully ( please refer to this page to know how to do so) it is sufficient to invoke the following command
The above command will trigger individual test pods, one per each service.
It is also possible to adjust test configurations to fit customer's needs, in the test
section of each service in values.yaml, as shown below:
Configuring Circuit Storage, Operations API and Node Persitence test
Circuit Storage, Operations API and Node Persistence services have a similar setup:
Tests for these services need a container with Postman so the default one from Docker Hub is set as default. It is still possible to change the image ( for example if you have an internal Postman image or if Docker Hub registy cannot be exposed internally )
In any case tests are executed from within the Kubernetes Cluster.
Configuring Keylessd Node test
Node tests are instead conducted from a proprietary container image. This test simulates a client connecting to the node from outside the cluster.
hostname: It is possible to specify the FQDN of the node ( i.e. the DNS record the node will be exposed outside the cluster, given that the endpoint is reachable)
cert: make sure the value is set to keylessCA.crt
as this certificate is generated and trusted by the internal CA of Keyless.
apiKey: this is the same API Key we release to customers.
port: if the service is exposed externally the traffic flows from the internet towards the Ingress Controller which usually exposes his services with an https endpoint, so in most cases this port is 443
.
Resources
For any service it is possible to limit the resources used by the test pod specifying them as shown below:
Last updated