Merge pull request #7272 from gchq/7239-check-k8s-pods-deleted

Issue 7239 - Check Kubernetes pods/jobs are deleted after a bulk import

Author: patchwork01

NOTICES

@@ -315,6 +315,10 @@ ASM (org.ow2.asm:asm:9.*)
 
 - The 3-Clause BSD License
 
+Fabric8 (io.fabric8:kubernetes-*:6.*)
+
+- Apache License, Version 2.0
+
 Docker Java (com.github.docker-java:docker-java-*:3.*)
 
 - Apache License, Version 2.0

docs/usage/properties/instance/cdk/bulk_import.md

@@ -23,5 +23,7 @@ The following instance properties relate to bulk import, i.e. ingesting data usi
 | sleeper.bulk.import.eks.job.queue.url             | The URL of the queue for bulk import jobs using EKS.                                   |
 | sleeper.bulk.import.eks.job.queue.arn             | The ARN of the queue for bulk import jobs using EKS.                                   |
 | sleeper.bulk.import.eks.statemachine.arn          | The ARN of the state machine for bulk import jobs using EKS.                           |
-| sleeper.bulk.import.eks.k8s.namespace             | The namespace ID of the bulk import cluster using EKS.                                 |
-| sleeper.bulk.import.eks.k8s.endpoint              | The endpoint of the bulk import cluster using EKS.                                     |
+| sleeper.bulk.import.eks.k8s.namespace             | The ID of the Kubernetes namespace where Spark jobs will run for bulk import.          |
+| sleeper.bulk.import.eks.k8s.cluster.name          | The name of the EKS cluster for bulk import.                                           |
+| sleeper.bulk.import.eks.k8s.endpoint              | The endpoint of the EKS cluster for bulk import.                                       |
+| sleeper.bulk.import.eks.k8s.ca.data               | The certificate authority data of the EKS cluster for bulk import.                     |

java/core/src/main/java/sleeper/core/properties/instance/CdkDefinedInstanceProperty.java

@@ -787,12 +787,22 @@ static List<CdkDefinedInstanceProperty> getAllInGroup(PropertyGroup group) {
             .build();
     CdkDefinedInstanceProperty BULK_IMPORT_EKS_NAMESPACE = Index
             .propertyBuilder("sleeper.bulk.import.eks.k8s.namespace")
-            .description("The namespace ID of the bulk import cluster using EKS.")
+            .description("The ID of the Kubernetes namespace where Spark jobs will run for bulk import.")
+            .propertyGroup(InstancePropertyGroup.BULK_IMPORT)
+            .build();
+    CdkDefinedInstanceProperty BULK_IMPORT_EKS_CLUSTER_NAME = Index
+            .propertyBuilder("sleeper.bulk.import.eks.k8s.cluster.name")
+            .description("The name of the EKS cluster for bulk import.")
             .propertyGroup(InstancePropertyGroup.BULK_IMPORT)
             .build();
     CdkDefinedInstanceProperty BULK_IMPORT_EKS_CLUSTER_ENDPOINT = Index
             .propertyBuilder("sleeper.bulk.import.eks.k8s.endpoint")
-            .description("The endpoint of the bulk import cluster using EKS.")
+            .description("The endpoint of the EKS cluster for bulk import.")
+            .propertyGroup(InstancePropertyGroup.BULK_IMPORT)
+            .build();
+    CdkDefinedInstanceProperty BULK_IMPORT_EKS_CLUSTER_CA_DATA = Index
+            .propertyBuilder("sleeper.bulk.import.eks.k8s.ca.data")
+            .description("The certificate authority data of the EKS cluster for bulk import.")
             .propertyGroup(InstancePropertyGroup.BULK_IMPORT)
             .build();
 

java/deployment/cdk/src/main/java/sleeper/cdk/stack/bulkimport/EksBulkImportStack.java

@@ -56,6 +56,7 @@
 import sleeper.cdk.lambda.SleeperLambdaCode;
 import sleeper.cdk.stack.SleeperCoreStacks;
 import sleeper.cdk.stack.core.LoggingStack.LogGroupRef;
+import sleeper.cdk.stack.core.ManagedPoliciesStack;
 import sleeper.cdk.util.Utils;
 import sleeper.core.deploy.DockerDeployment;
 import sleeper.core.deploy.LambdaHandler;
@@ -146,6 +147,8 @@ public EksBulkImportStack(
                 .build();
 
         instanceProperties.set(CdkDefinedInstanceProperty.BULK_IMPORT_EKS_CLUSTER_ENDPOINT, bulkImportCluster.getClusterEndpoint());
+        instanceProperties.set(CdkDefinedInstanceProperty.BULK_IMPORT_EKS_CLUSTER_CA_DATA, bulkImportCluster.getClusterCertificateAuthorityData());
+        instanceProperties.set(CdkDefinedInstanceProperty.BULK_IMPORT_EKS_CLUSTER_NAME, bulkImportCluster.getClusterName());
 
         KubernetesManifest namespace = createNamespace(bulkImportCluster, uniqueBulkImportId);
         instanceProperties.set(CdkDefinedInstanceProperty.BULK_IMPORT_EKS_NAMESPACE, uniqueBulkImportId);
@@ -289,6 +292,9 @@ private KubernetesManifest createNamespace(Cluster cluster, String namespaceName
     }
 
     private void addClusterAdminRoles(Cluster cluster, InstanceProperties properties) {
+
+        cluster.getAwsAuth().addMastersRole(Role.fromRoleName(this, "ClusterAccessForInstanceAdmin", ManagedPoliciesStack.getAdminRoleName(properties)));
+
         List<String> roles = properties.getList(EKS_CLUSTER_ADMIN_ROLES);
         if (roles == null) {
             return;

java/deployment/cdk/src/main/java/sleeper/cdk/stack/core/ManagedPoliciesStack.java

@@ -155,7 +155,7 @@ private static List<IBucket> addIngestSourceBucketReferences(Construct scope, In
     private Role createAdminRole() {
         Role role = Role.Builder.create(this, "AdminRole")
                 .assumedBy(new AccountRootPrincipal())
-                .roleName("sleeper-admin-" + instanceProperties.cleanInstanceId())
+                .roleName(getAdminRoleName(instanceProperties))
                 .build();
 
         instanceAdminPolicies().forEach(policy -> policy.attachToRole(role));
@@ -165,6 +165,10 @@ private Role createAdminRole() {
         return role;
     }
 
+    public static String getAdminRoleName(InstanceProperties instanceProperties) {
+        return "sleeper-admin-" + instanceProperties.cleanInstanceId();
+    }
+
     private Stream<ManagedPolicy> instanceAdminPolicies() {
         return Stream.of(
                 directIngestPolicy, ingestByQueuePolicy, queryPolicy,

java/pom.xml

@@ -227,6 +227,8 @@
         <docker-java.version>3.7.1</docker-java.version>
         <jib.version>0.28.1</jib.version>
         <asm.version>9.10.1</asm.version>
+        <!-- We match the version of Fabric8 used by Spark -->
+        <fabric8.version>6.7.2</fabric8.version>
         <!-- Testing -->
         <junit.version>5.14.4</junit.version>
         <junit.platform.version>1.14.4</junit.platform.version>
@@ -1069,6 +1071,11 @@
                 <artifactId>logging-interceptor</artifactId>
                 <version>${okhttp3.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.squareup.okhttp3</groupId>
+                <artifactId>mockwebserver</artifactId>
+                <version>${okhttp3.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.jetbrains.kotlin</groupId>
                 <artifactId>kotlin-stdlib-jdk8</artifactId>
@@ -1214,6 +1221,21 @@
                 <artifactId>jib-core</artifactId>
                 <version>${jib.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.fabric8</groupId>
+                <artifactId>kubernetes-client</artifactId>
+                <version>${fabric8.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.fabric8</groupId>
+                <artifactId>kubernetes-client-api</artifactId>
+                <version>${fabric8.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.fabric8</groupId>
+                <artifactId>kubernetes-server-mock</artifactId>
+                <version>${fabric8.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.ow2.asm</groupId>
                 <artifactId>asm</artifactId>

java/system-test/system-test-drivers/pom.xml

@@ -38,6 +38,15 @@
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>apache-client</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.fabric8</groupId>
+            <artifactId>kubernetes-client-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.fabric8</groupId>
+            <artifactId>kubernetes-client</artifactId>
+            <scope>runtime</scope>
+        </dependency>
         <!-- Sleeper dependencies -->
         <dependency>
             <groupId>sleeper</groupId>
@@ -95,6 +104,11 @@
             <artifactId>json-unit-assertj</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.fabric8</groupId>
+            <artifactId>kubernetes-server-mock</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>sleeper</groupId>
             <artifactId>localstack-test</artifactId>
@@ -115,6 +129,41 @@
             <scope>test</scope>
             <type>test-jar</type>
         </dependency>
+        <dependency>
+            <groupId>sleeper</groupId>
+            <artifactId>sketches</artifactId>
+            <version>${project.parent.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>sleeper</groupId>
+            <artifactId>ingest-core</artifactId>
+            <version>${project.parent.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>sleeper</groupId>
+            <artifactId>ingest-runner</artifactId>
+            <version>${project.parent.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>sleeper</groupId>
+            <artifactId>ingest-batcher-core</artifactId>
+            <version>${project.parent.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>sleeper</groupId>
+            <artifactId>query-core</artifactId>
+            <version>${project.parent.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
@@ -139,6 +188,25 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>analyze</id>
+                        <configuration>
+                            <!-- Maven doesn't seem to have a good way to get transitive dependencies of test jars. -->
+                            <ignoredUnusedDeclaredDependencies combine.children="append">
+                                <ignoredUnusedDeclaredDependency>sleeper:sketches:test-jar:</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>sleeper:ingest-core:test-jar:</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>sleeper:ingest-runner:test-jar:</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>sleeper:ingest-batcher-core:test-jar:</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>sleeper:query-core:test-jar:</ignoredUnusedDeclaredDependency>
+                            </ignoredUnusedDeclaredDependencies>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>

…statemachine/AwsEksBulkImportDriver.java …ivers/ingest/AwsEksBulkImportDriver.javajava/system-test/system-test-drivers/src/main/java/sleeper/systemtest/drivers/statemachine/AwsEksBulkImportDriver.java renamed to java/system-test/system-test-drivers/src/main/java/sleeper/systemtest/drivers/ingest/AwsEksBulkImportDriver.java java/system-test/system-test-drivers/src/main/java/sleeper/systemtest/drivers/statemachine/AwsEksBulkImportDriver.java renamed to java/system-test/system-test-drivers/src/main/java/sleeper/systemtest/drivers/ingest/AwsEksBulkImportDriver.java

@@ -14,19 +14,28 @@
  * limitations under the License.
  */
 
-package sleeper.systemtest.drivers.statemachine;
+package sleeper.systemtest.drivers.ingest;
 
+import io.fabric8.kubernetes.api.model.Pod;
+import io.fabric8.kubernetes.api.model.PodList;
+import io.fabric8.kubernetes.api.model.batch.v1.Job;
+import io.fabric8.kubernetes.api.model.batch.v1.JobList;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.sfn.SfnClient;
 import software.amazon.awssdk.services.sfn.model.DescribeExecutionResponse;
 
 import sleeper.bulkimport.core.statemachine.DeriveJobExecutionName;
+import sleeper.core.properties.instance.InstanceProperties;
 import sleeper.systemtest.drivers.util.SystemTestClients;
 import sleeper.systemtest.dsl.ingest.EksBulkImportDriver;
 import sleeper.systemtest.dsl.ingest.SentIngestJobsContext;
 import sleeper.systemtest.dsl.instance.SystemTestInstanceContext;
 
 import java.util.List;
 
+import static sleeper.core.properties.instance.CdkDefinedInstanceProperty.BULK_IMPORT_EKS_NAMESPACE;
 import static sleeper.core.properties.instance.CdkDefinedInstanceProperty.BULK_IMPORT_EKS_STATE_MACHINE_ARN;
 import static sleeper.core.properties.table.TableProperty.TABLE_ID;
 
@@ -35,14 +44,22 @@
  * table IDs using DeriveJobExecutionName, then calls the Step Functions API to retrieve each execution's status.
  */
 public class AwsEksBulkImportDriver implements EksBulkImportDriver {
+    private static final Logger LOGGER = LoggerFactory.getLogger(AwsEksBulkImportDriver.class);
+
     private final SystemTestInstanceContext instance;
     private final SentIngestJobsContext sentJobs;
     private final SfnClient sfnClient;
+    private final KubernetesClientProvider k8sProvider;
 
     public AwsEksBulkImportDriver(SystemTestInstanceContext instance, SentIngestJobsContext sentJobs, SystemTestClients clients) {
+        this(instance, sentJobs, clients.getSfn(), clients::createKubernetesClient);
+    }
+
+    public AwsEksBulkImportDriver(SystemTestInstanceContext instance, SentIngestJobsContext sentJobs, SfnClient sfnClient, KubernetesClientProvider k8sProvider) {
         this.instance = instance;
         this.sentJobs = sentJobs;
-        this.sfnClient = clients.getSfn();
+        this.sfnClient = sfnClient;
+        this.k8sProvider = k8sProvider;
     }
 
     @Override
@@ -54,7 +71,36 @@ public List<String> getExecutionStatuses() {
                     String executionName = DeriveJobExecutionName.jobExecutionName(tableId, jobId);
                     String executionArn = stateMachineArn.replace(":stateMachine:", ":execution:") + ":" + executionName;
                     DescribeExecutionResponse response = sfnClient.describeExecution(req -> req.executionArn(executionArn));
+                    LOGGER.info("Found execution for job {}: {}", jobId, response);
+                    if (response.error() != null) {
+                        LOGGER.info("Error: {}", response.error());
+                        LOGGER.info("Cause: {}", response.cause());
+                    }
                     return response.statusAsString();
                 }).toList();
     }
+
+    @Override
+    public List<String> getPods() {
+        InstanceProperties properties = instance.getInstanceProperties();
+        PodList list = k8sProvider.getClient(properties).pods()
+                .inNamespace(properties.get(BULK_IMPORT_EKS_NAMESPACE))
+                .list();
+        LOGGER.info("Found pods in Spark namespace: {}", list);
+        return list.getItems().stream().map(Pod::toString).toList();
+    }
+
+    @Override
+    public List<String> getJobs() {
+        InstanceProperties properties = instance.getInstanceProperties();
+        JobList list = k8sProvider.getClient(properties).batch().v1().jobs()
+                .inNamespace(properties.get(BULK_IMPORT_EKS_NAMESPACE))
+                .list();
+        LOGGER.info("Found jobs in Spark namespace: {}", list);
+        return list.getItems().stream().map(Job::toString).toList();
+    }
+
+    public interface KubernetesClientProvider {
+        KubernetesClient getClient(InstanceProperties instanceProperties);
+    }
 }

java/system-test/system-test-drivers/src/main/java/sleeper/systemtest/drivers/util/AwsSystemTestDrivers.java

@@ -23,6 +23,7 @@
 import sleeper.systemtest.drivers.gc.AwsGarbageCollectionDriver;
 import sleeper.systemtest.drivers.ingest.AwsDataGenerationTasksDriver;
 import sleeper.systemtest.drivers.ingest.AwsDirectIngestDriver;
+import sleeper.systemtest.drivers.ingest.AwsEksBulkImportDriver;
 import sleeper.systemtest.drivers.ingest.AwsIngestBatcherDriver;
 import sleeper.systemtest.drivers.ingest.AwsIngestByQueueDriver;
 import sleeper.systemtest.drivers.ingest.AwsIngestReportsDriver;
@@ -48,7 +49,6 @@
 import sleeper.systemtest.drivers.query.WebSocketQueryDriver;
 import sleeper.systemtest.drivers.sourcedata.AwsGeneratedIngestSourceFilesDriver;
 import sleeper.systemtest.drivers.sourcedata.AwsIngestSourceFilesDriver;
-import sleeper.systemtest.drivers.statemachine.AwsEksBulkImportDriver;
 import sleeper.systemtest.drivers.statestore.AwsSnapshotsDriver;
 import sleeper.systemtest.drivers.statestore.AwsStateStoreCommitterDriver;
 import sleeper.systemtest.drivers.statestore.AwsStateStoreCommitterLogsDriver;