Support N MongoDB shards

.github/scripts/end2end/common.sh

@@ -4,7 +4,7 @@ get_token() {
         -d "username=${OIDC_USERNAME}" \
         -d "password=${OIDC_PASSWORD}" \
         -d "grant_type=password" \
-        -d 'scope=openid' \
+        -d "scope=openid" \
         https://localhost/auth/realms/${OIDC_REALM}/protocol/openid-connect/token | \
         jq -cr '.id_token'
 }

.github/scripts/end2end/configs/zenko.yaml

@@ -5,7 +5,7 @@ metadata:
   name: ${ZENKO_NAME}
   ${ZENKO_ANNOTATIONS}
     zenko.io/x-backbeat-oneshard-replicaset: data-db-mongodb-sharded-shard-0
-    zenko.io/x-backbeat-oneshard-replicaset-hosts: data-db-mongodb-sharded-shard0-data-0.data-db-mongodb-sharded-headless.default.svc.cluster.local:27017
+    zenko.io/x-backbeat-oneshard-replicaset-hosts: ${ZENKO_BACKBEAT_SHARD_HOSTS}
 spec:
   version: ${ZENKO_VERSION_NAME}
   replicas: 1

.github/scripts/end2end/deploy-zenko.sh

@@ -18,6 +18,7 @@ export ZENKO_MANAGEMENT_INGRESS=${ZENKO_MANAGEMENT_INGRESS:-'management.zenko.lo
 export ZENKO_S3_INGRESS=${ZENKO_S3_INGRESS:-'s3.zenko.local'}
 export ZENKO_UI_INGRESS=${ZENKO_UI_INGRESS:-'ui.zenko.local'}
 export ZENKO_SUR_INGRESS=${ZENKO_SUR_INGRESS:-'utilization.zenko.local'}
+export MONGODB_SHARD_COUNT=${MONGODB_SHARD_COUNT:-1}
 
 export BACKBEAT_LCC_CRON_RULE=${BACKBEAT_LCC_CRON_RULE:-'*/5 * * * * *'}
 
@@ -130,7 +131,17 @@ create_encryption_secret()
     export AZURE_SECRET_KEY_ENCRYPTED
 }
 
+generate_shard_hosts() {
+    local hosts=""
+    for ((i=0; i<MONGODB_SHARD_COUNT; i++)); do
+        if [ $i -gt 0 ]; then hosts+=","; fi
+        hosts+="data-db-mongodb-sharded-shard${i}-data-0.data-db-mongodb-sharded-headless.default.svc.cluster.local:27017"
+    done
+    export ZENKO_BACKBEAT_SHARD_HOSTS="$hosts"
+}
+
 create_encryption_secret
+generate_shard_hosts
 
 env $(dependencies_env) envsubst < ${ZENKOVERSION_PATH} | kubectl -n ${NAMESPACE} apply -f -
 env $(dependencies_env) envsubst < ${ZENKO_CR_PATH} | kubectl -n ${NAMESPACE} apply -f -

.github/scripts/end2end/enable-https.sh

@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -exu
+
+# This script enables HTTPS for an existing HTTP deployment of Zenko
+DIR=$(dirname "$0")
+KEYCLOAK_VERSION=${KEYCLOAK_VERSION:-'18.4.4'}
+
+# Create a self-signed certificate for Zenko ingresses
+kubectl apply -f - << EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: zenko-tls
+  namespace: default
+spec:
+  secretName: zenko-tls
+  issuerRef:
+    name: artesca-root-ca-issuer
+    kind: ClusterIssuer
+  dnsNames:
+  - ui.zenko.local
+  - management.zenko.local
+  - s3.zenko.local
+  - iam.zenko.local
+  - sts.zenko.local
+  - keycloak.zenko.local
+  - shell-ui.zenko.local
+EOF
+
+# Wait for certificate to be ready
+kubectl wait --for=condition=Ready --timeout=2m certificate/zenko-tls
+
+# Update Shell-UI ingress to use HTTPS
+kubectl patch ingress shell-ui --type=json -p '[
+  {
+    "op": "replace", 
+    "path": "/spec/tls", 
+    "value": [{"hosts": ["shell-ui.zenko.local"], "secretName": "zenko-tls"}]
+  }
+]'
+
+# Get current Zenko instance name
+ZENKO_NAME=$(kubectl get zenko -o jsonpath='{.items[0].metadata.name}')
+NAMESPACE="default"
+
+# Update Zenko CR to include TLS certificates
+kubectl patch zenko/${ZENKO_NAME} --type=merge -p '{
+  "spec": {
+    "ingress": {
+      "certificates": [
+        {
+          "hosts": [
+            "ui.zenko.local",
+            "management.zenko.local",
+            "iam.zenko.local",
+            "sts.zenko.local",
+            "s3.zenko.local"
+          ],
+          "secretName": "zenko-tls"
+        }
+      ],
+      "annotations": {
+        "nginx.ingress.kubernetes.io/proxy-body-size": "0m",
+        "nginx.ingress.kubernetes.io/ssl-redirect": "false"
+      }
+    }
+  }
+}'
+
+# Wait for Zenko to be updated
+kubectl wait --for condition=Available --timeout 5m zenko/${ZENKO_NAME}
+
+# Update environment variables to use HTTPS URLs
+echo "UI_ENDPOINT=https://ui.zenko.local" >> $GITHUB_ENV
+echo "OIDC_ENDPOINT=https://keycloak.zenko.local" >> $GITHUB_ENV
+echo "NAVBAR_ENDPOINT=https://shell-ui.zenko.local" >> $GITHUB_ENV
+echo "OIDC_HOST=keycloak.zenko.local" >> $GITHUB_ENV
+echo "ENABLE_KEYCLOAK_HTTPS=true" >> $GITHUB_ENV
+
+# Set the HTTPS ingress options for Keycloak
+KEYCLOAK_INGRESS_OPTIONS="$DIR/configs/keycloak_ingress_https.yaml"
+KEYCLOAK_OPTIONS="$DIR/configs/keycloak_options.yaml"
+helm upgrade --install keycloak codecentric/keycloak -f "${KEYCLOAK_OPTIONS}" -f "${KEYCLOAK_INGRESS_OPTIONS}" --version ${KEYCLOAK_VERSION}
+kubectl rollout status sts/keycloak --timeout=5m
+
+echo "HTTPS successfully enabled for Zenko deployment"

.github/scripts/end2end/generate-kustomization.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Constants for valid topologies for CI tests
+# We support multiple shards per host, or one shard per host, up to 9 nodes
+readonly VALID_TOPOLOGIES=(
+    "1:1" "1:2" "3:1" "3:3" "6:1" "6:3" "6:2" "6:6" "9:1" "9:3" "9:6" "9:9"
+)
+
+generate_kustomization() {
+    local node_count=$1
+    local shard_count=$2
+    local kustomization_file="${DIR}/kustomization.yaml"
+    local base_yaml="mongodb-sharded-${node_count}-node"
+
+    touch "$kustomization_file"
+
+    # Adjust file name if there are multiple shards
+    [[ "$shard_count" -gt 1 ]] && base_yaml="${base_yaml}-${shard_count}-shards"
+    base_yaml="${base_yaml}.yaml"
+
+    # Validate topology
+    local topology_key="${node_count}:${shard_count}"
+    [[ ! " ${VALID_TOPOLOGIES[*]} " =~ ${topology_key} ]] && {
+        echo "Error: Invalid topology - ${node_count} nodes, ${shard_count} shards"
+        exit 1
+    }
+
+    # Generate base kustomization file with the right base resource
+    cat > "$kustomization_file" << EOF
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ${DIR}/_build/root/deploy/${base_yaml}
+patchesStrategicMerge:
+EOF
+
+    # Add configsvr patch with correct path to add volumeClaimTemplates
+    cat >> "$kustomization_file" << EOF
+- |-
+  apiVersion: apps/v1
+  kind: StatefulSet
+  metadata:
+    name: data-db-mongodb-sharded-configsvr
+  spec:
+    volumeClaimTemplates:
+     - metadata:
+         name: datadir
+       spec:
+         accessModes:
+         - "ReadWriteOnce"
+         resources:
+           requests:
+             storage: "8Gi"
+         storageClassName: standard
+EOF
+
+    # Add shard patches for N shards with correct path to add volumeClaimTemplates
+    for ((i=0; i<shard_count; i++)); do
+        cat >> "$kustomization_file" << EOF
+- |-
+  apiVersion: apps/v1
+  kind: StatefulSet
+  metadata:
+    name: data-db-mongodb-sharded-shard${i}-data
+  spec:
+    volumeClaimTemplates:
+     - metadata:
+         name: datadir
+       spec:
+         accessModes:
+         - "ReadWriteOnce"
+         resources:
+           requests:
+             storage: "8Gi"
+         storageClassName: standard
+EOF
+    done
+}

.github/scripts/end2end/install-kind-dependencies.sh

@@ -15,7 +15,7 @@ CERT_MANAGER_VERSION=v1.13.3
 KAFKA_OPERATOR_VERSION=0.25.1
 INGRESS_NGINX_VERSION=controller-v1.10.3
 PROMETHEUS_VERSION=v0.52.1
-KEYCLOAK_VERSION=18.4.4
+KEYCLOAK_VERSION=${KEYCLOAK_VERSION:-'18.4.4'}
 
 MONGODB_ROOT_USERNAME=root
 MONGODB_ROOT_PASSWORD=rootpass
@@ -24,6 +24,10 @@ MONGODB_APP_PASSWORD=datapass
 MONGODB_APP_DATABASE=${ZENKO_MONGODB_DATABASE:-datadb}
 MONGODB_RS_KEY=0123456789abcdef
 
+MONGODB_SHARD_COUNT=${MONGODB_SHARD_COUNT:-1}
+
+source "${DIR}/generate-kustomization.sh" && generate_kustomization "${NODE_COUNT:-1}" "${MONGODB_SHARD_COUNT}"
+
 ENABLE_KEYCLOAK_HTTPS=${ENABLE_KEYCLOAK_HTTPS:-'false'}
 
 KAFKA_CHART=banzaicloud-stable/kafka-operator
@@ -186,7 +190,7 @@ mongodb_wait_for_shards() {
             --eval "db.runCommand({ listshards: 1 }).shards.length"
     )
 
-    [ $count == "1" ]
+    [ $count == "$MONGODB_SHARD_COUNT" ]
 }
 
 mongodb_sharded() {
@@ -197,11 +201,14 @@ mongodb_sharded() {
         $SOLUTION_REGISTRY/os-shell=$(get_image_from_deps mongodb-shell) \
         $SOLUTION_REGISTRY/mongodb-exporter=$(get_image_from_deps mongodb-sharded-exporter)
 
-    kubectl apply -k .
+    kubectl apply -k "${DIR}"
 
-    kubectl rollout status statefulset data-db-mongodb-sharded-mongos
-    kubectl rollout status statefulset data-db-mongodb-sharded-configsvr
-    kubectl rollout status statefulset data-db-mongodb-sharded-shard0-data
+    kubectl rollout status statefulset data-db-mongodb-sharded-mongos --timeout=5m
+    kubectl rollout status statefulset data-db-mongodb-sharded-configsvr --timeout=5m
+
+    for ((i=0; i<MONGODB_SHARD_COUNT; i++)); do
+        kubectl rollout status statefulset "data-db-mongodb-sharded-shard${i}-data" --timeout=5m
+    done
 
     retry mongodb_wait_for_shards "no shards found"