This document relates to investigative work being carried out on the Jira ticket POLICY-3809. This work specification is in response to requirements set out by IDUN for integrating the policy framework kubernetes pods / helm charts into their system. The general requirements of the investigation are below:
- How to create a Kubernetes environment that can be spun up and made available on demand on suitable K8S infrastructure
- How to write suitable test suites to verify the functional requirements below would be developed.
- How such test suites could be done using "Contract Testing".
Functional Requirements Detail
Note that in Postgres, many of the features below are available. In the verification environment, we want to verify that the Policy Framework continues to work in the following scenarios:
- Synchronization and Load Balancing
- Failover
- Backup and Restore
In addition the environment should:
- Support measurement of Performance Lag
- Use secure communication towards the Database
- Verify that auditing of database operations is working
Investigated Testing Approaches
This section will outline some of the approaches to tests that are commonly used but also some unique/less common approaches
Chart Tests
Chart tests are actually built into helm and detail on them can be found here: https://helm.sh/docs/topics/chart_tests/. The task of a chart test is to verify that a chart works as expected once it is installed. Each helm chart will have a templates directory under it. The test file contains the yaml definition of a Kubernetes Job. A Job in Kubernetes is basically a resource that creates a Pod that carries out a specific task. Once the task is executed, the Job deletes the pods and exits. In the test, the Job runs with a specified command and is considered a success if the container successfully exits with an (exit 0).
Examples:
- Validate that your configuration from the values.yaml file was properly injected.
- Make sure your username and password work correctly
- Make sure an incorrect username and password does not work
- Assert that your services are up and correctly load balancing
- Test successful connection to a database using a specified secret
The simplicity of specifying tests in this way is a major advantage. Tests can then simply be run with a "helm test" command.