From f47b5da279715f15af474e698356e240adf2783e Mon Sep 17 00:00:00 2001 From: Matteo Mortari Date: Tue, 30 Jul 2024 15:45:26 +0200 Subject: [PATCH] core: add E2E for Zot registry (#2) Signed-off-by: tarilabs --- .github/workflows/e2e.yaml | 25 +++++ e2e/deploy_zot.sh | 24 +++++ e2e/zot/custom-values.yaml | 183 +++++++++++++++++++++++++++++++++++++ 3 files changed, 232 insertions(+) create mode 100755 e2e/deploy_zot.sh create mode 100644 e2e/zot/custom-values.yaml diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 16c88ef..55e795f 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -32,3 +32,28 @@ jobs: - name: Run tests run: | poetry run pytest --e2e -s -x + e2e-zot: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + - name: Install Poetry + run: | + pipx install poetry + - name: Install dependencies + run: | + poetry install + - name: Start Kind Cluster + uses: helm/kind-action@v1 + with: + cluster_name: kind + - name: Start Zot + run: | + ./e2e/deploy_zot.sh + - name: Run tests + run: | + poetry run pytest --e2e -s -x diff --git a/e2e/deploy_zot.sh b/e2e/deploy_zot.sh new file mode 100755 index 0000000..ad465d6 --- /dev/null +++ b/e2e/deploy_zot.sh @@ -0,0 +1,24 @@ +#! /bin/bash + +SCRIPT_DIR="$(dirname "$(realpath "$BASH_SOURCE")")" + +helm repo add zot https://zotregistry.dev/helm-charts/ + +# Notes: +# - if used manually in local testing, might want to change to `upgrade` or `helm uninstall my-zot` first, +# - the custom values contains tag image which is Arch-specific, might want to replace amd64 -> arm64 if needed for local testing +helm install my-zot zot/zot --version 0.1.58 -f "${SCRIPT_DIR}/zot/custom-values.yaml" + +sleep 1 +kubectl get deployments + +echo "Waiting for Deployment..." +kubectl wait --for=condition=available deployment/my-zot --timeout=5m +kubectl logs deployment/my-zot +echo "Deployment looks ready." + +echo "Starting port-forward..." +kubectl port-forward service/my-zot 5001:5001 & +PID=$! +sleep 2 +echo "I have launched port-forward in background with: $PID." diff --git a/e2e/zot/custom-values.yaml b/e2e/zot/custom-values.yaml new file mode 100644 index 0000000..51b8ac8 --- /dev/null +++ b/e2e/zot/custom-values.yaml @@ -0,0 +1,183 @@ +# Default values for zot. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +replicaCount: 1 +image: + ## NOTE: for local testing, might want to use `ghcr.io/project-zot/zot-linux-arm64` instead... + repository: ghcr.io/project-zot/zot-linux-amd64 + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.1.0" +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +service: + type: NodePort + ## NOTE: changed for testing + port: 5001 + nodePort: null # Set to a specific port if type is NodePort + # Annotations to add to the service + annotations: {} + # Set to a static IP if a static IP is desired, only works when + # type: ClusterIP + clusterIP: null +# Enabling this will publicly expose your zot server +# Only enable this if you have security enabled on your cluster +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # If using nginx, disable body limits and increase read and write timeouts + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + # nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + # nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + className: "nginx" + pathtype: ImplementationSpecific + hosts: + - host: chart-example.local + paths: + - path: / + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local +# By default, Kubernetes HTTP probes use HTTP 'scheme'. So if TLS is enabled +# in configuration, to prevent failures, the scheme must be set to 'HTTPS'. +httpGet: + scheme: HTTP +# By default, Kubernetes considers a Pod healthy if the liveness probe returns +# successfully. However, sometimes applications need additional startup time on +# their first initialization. By defining a startupProbe, we can allow the +# application to take extra time for initialization without compromising fast +# response to deadlocks. +startupProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 3 +# If mountConfig is true the configMap named $CHART_RELEASE-config is mounted +# on the pod's '/etc/zot' directory +mountConfig: false +# If mountConfig is true the chart creates the '$CHART_RELEASE-config', if it +# does not exist the user is in charge of managing it (as this file includes a +# sample file you have to add it empty to handle it externally). +configFiles: + ## NOTE: changed for testing + config.json: |- + { + "storage": { "rootDirectory": "/var/lib/registry" }, + "http": { "address": "0.0.0.0", "port": "5001" }, + "log": { "level": "debug" } + } +# Alternatively, the configuration can include authentication and acessControl +# data and we can use mountSecret option for the passwords. +# +# config.json: |- +# { +# "storage": { "rootDirectory": "/var/lib/registry" }, +# "http": { +# "address": "0.0.0.0", +# "port": "5000", +# "auth": { "htpasswd": { "path": "/secret/htpasswd" } }, +# "accessControl": { +# "repositories": { +# "**": { +# "policies": [{ +# "users": ["user"], +# "actions": ["read"] +# }], +# "defaultPolicy": [] +# } +# }, +# "adminPolicy": { +# "users": ["admin"], +# "actions": ["read", "create", "update", "delete"] +# } +# } +# }, +# "log": { "level": "debug" } +# } + +# externalSecrets allows to mount external (meaning not managed by this chart) +# Kubernetes secrets within the Zot container. +# The secret is identified by its name (property "secretName") and should be +# present in the same namespace. The property "mountPath" specifies the path +# within the container filesystem where the secret is mounted. +# +# Below is an example: +# +# externalSecrets: +# - secretName: "secret1" +# mountPath: "/secrets/s1" +# - secretName: "secret2" +# mountPath: "/secrets/s2" +externalSecrets: [] +# If mountSecret is true, the Secret named $CHART_RELEASE-secret is mounted on +# the pod's '/secret' directory (it is used to keep files with passwords, like +# a `htpasswd` file) +mountSecret: false +# If secretFiles does not exist the user is in charge of managing it, again, if +# you want to manage it the value has to be added empty to avoid using this one +secretFiles: + # Example htpasswd with 'admin:admin' & 'user:user' user:pass pairs + htpasswd: |- + admin:$2y$05$vmiurPmJvHylk78HHFWuruFFVePlit9rZWGA/FbZfTEmNRneGJtha + user:$2y$05$L86zqQDfH5y445dcMlwu6uHv.oXFgT6AiJCwpv3ehr7idc0rI3S2G +# Authentication string for Kubernetes probes, which is needed when `htpasswd` +# authentication is enabled, but the anonymous access policy is not. +# It contains a `user:password` string encoded in base64. The example value is +# from running `echo -n "foo:var" | base64` +# authHeader: "Zm9vOmJhcg==" + +# If persistence is 'true' the service uses a persistentVolumeClaim to mount a +# volume for zot on '/var/lib/registry'; by default the pvc used is named +# '$CHART_RELEASE-pvc', but the name can be changed below +persistence: false +# PVC data, only used if persistence is 'true' +pvc: + # Make the chart create the PVC, this option is used with storageClasses that + # can create volumes dynamically, if that is not the case is better to do it + # manually and set create to false + create: false + # Name of the PVC to use or create if persistence is enabled, if not set the + # value '$CHART_RELEASE-pvc' is used + name: null + # Volume access mode, if using more than one replica we need + accessMode: "ReadWriteOnce" + # Size of the volume requested + ## NOTE: changed for testing + storage: 100Mi + # Name of the storage class to use if it is different than the default one + storageClassName: null +# List of environment variables to set on the container +env: +# - name: "TEST" +# value: "ME" +# - name: SECRET_NAME +# valueFrom: +# secretKeyRef: +# name: mysecret +# key: username + +# Extra Volume Mounts +extraVolumeMounts: [] +# - name: data +# mountPath: /var/lib/registry + +# Extra Volumes +extraVolumes: [] +# - name: data +# emptyDir: {} + +# Deployment strategy type +strategy: + type: RollingUpdate +# rollingUpdate: +# maxUnavailable: 25% + +podAnnotations: {}