Skip to content

Commit

Permalink
add in cluster tests
Browse files Browse the repository at this point in the history 
update ci to include cmctl

Signed-off-by: Achref ben saad <[email protected]>
  • Loading branch information
@achrefbensaad
achrefbensaad committed Jul 11, 2022
1 parent b7a0176 commit a43dfe2
Show file tree
Hide file tree
Showing 4 changed files with 113 additions and 0 deletions.
88 changes: 88 additions & 0 deletions .github/workflows/ci-test-incluster.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: run-in-cluster-test

on:
push:
branches:
- "**"
paths:
- "deployments/annotations/**"
- "deployments/generic/**"
- "tests/test-scenarios-github.sh"
- ".github/workflows/ci-test-incluster.yml"
pull_request:
branches: ["*"]
paths:
- "deployments/annotations/**"
- "deployments/generic/**"
- "tests/test-scenarios-github.sh"
- ".github/workflows/ci-test-incluster.yml"

jobs:
manifest-test:
name: Run basic manifest tests / ${{ matrix.os }} / ${{ matrix.runtime }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-18.04]
runtime: ["docker", "containerd", "crio"]
steps:
- name: Kernel version
run: uname -r

- uses: actions/checkout@v2

- name: Setup Enviroment
run: |
echo "RUNTIME="$RUNTIME
if [ "$RUNTIME" == "docker" ]; then
./contribution/self-managed-k8s/docker/install_docker.sh
docker --version
elif [ "$RUNTIME" == "crio" ]; then
./contribution/self-managed-k8s/crio/install_crio.sh
crio --version
fi
./contribution/k3s/install_k3s.sh
- name: Install cmctl
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cmctl-$OS-$ARCH.tar.gz
tar xzf cmctl.tar.gz
sudo mv cmctl /usr/local/bin
- name: Install annotation controller
run: |
kubectl apply -f deployments/annotations/cert-manager.yaml
kubectl wait pods --for=condition=ready -n cert-manager -l app.kubernetes.io/instance=cert-manager
cmctl check api --wait 300s
kubectl apply -f deployments/annotations/kubearmor-annotation-manager.yaml
kubectl wait pods --for=condition=ready -n kube-system -l kubearmor-app=kubearmor-annotation-manager
- name: Apply KubeArmor manifest
run: |
kubectl apply -f deployments/generic/kubearmor.yaml
- name: Test manifests
run: |
./tests/test-scenarios-github.sh
- name: Get pod informations
if: ${{ failure() }}
run: |
kubectl get po -n kube-system
kubectl describe po -n kube-system
- name: Archive log artifacts
if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: kubearmor.logs
path: |
/tmp/kubearmor.test
/tmp/kubearmor.log
/tmp/kubearmor.msg
- name: Check Results
if: ${{ always() }}
run: cat /tmp/kubearmor.test
7 changes: 7 additions & 0 deletions .github/workflows/ci-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,17 @@ jobs:
fi
./contribution/k3s/install_k3s.sh
- name: Install cmctl
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cmctl-$OS-$ARCH.tar.gz
tar xzf cmctl.tar.gz
sudo mv cmctl /usr/local/bin
- name: Install annotation controller
run: |
kubectl apply -f deployments/annotations/cert-manager.yaml
kubectl wait pods --for=condition=ready -n cert-manager -l app.kubernetes.io/instance=cert-manager
cmctl check api --wait 300s
kubectl apply -f deployments/annotations/kubearmor-annotation-manager.yaml
kubectl wait pods --for=condition=ready -n kube-system -l kubearmor-app=kubearmor-annotation-manager
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/latest-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,18 @@ jobs:
echo ::set-output name=tag::${GITHUB_REF#refs/*/}
fi
./contribution/k3s/install_k3s.sh
- name: Install cmctl
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cmctl-$OS-$ARCH.tar.gz
tar xzf cmctl.tar.gz
sudo mv cmctl /usr/local/bin
- name: Install annotation controller
run: |
kubectl apply -f deployments/annotations/cert-manager.yaml
kubectl wait pods --for=condition=ready -n cert-manager -l app.kubernetes.io/instance=cert-manager
cmctl check api --wait 300s
kubectl apply -f deployments/annotations/kubearmor-annotation-manager.yaml
kubectl wait pods --for=condition=ready -n kube-system -l kubearmor-app=kubearmor-annotation-manager
Expand Down
11 changes: 11 additions & 0 deletions deployments/generic/kubearmor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
containers:
- image: kubearmor/kubearmor-relay-server:latest
name: kubearmor-relay-server
securityContext:
readOnlyRootFilesystem: true
ports:
- containerPort: 32767
nodeSelector:
Expand Down Expand Up @@ -103,6 +105,7 @@ spec:
- containerPort: 32767
securityContext:
privileged: true
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -132,6 +135,8 @@ spec:
- mountPath: /var/lib/docker
name: docker-storage-path
readOnly: true
- mountPath: /tmp
name: tmp-path
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
Expand Down Expand Up @@ -183,6 +188,8 @@ spec:
path: /var/lib/docker
type: DirectoryOrCreate
name: docker-storage-path
- emptyDir: {}
name: tmp-path
---
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -226,6 +233,8 @@ spec:
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
name: kube-rbac-proxy
securityContext:
readOnlyRootFilesystem: true
ports:
- containerPort: 8443
name: https
Expand Down Expand Up @@ -295,6 +304,8 @@ spec:
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
name: kube-rbac-proxy
securityContext:
readOnlyRootFilesystem: true
ports:
- containerPort: 8443
name: https
Expand Down

0 comments on commit a43dfe2

Please sign in to comment.