Skip to content

Update deps and kubeseal binary #131

Update deps and kubeseal binary

Update deps and kubeseal binary #131

Workflow file for this run

name: End to end test
on:
pull_request:
types:
- opened
- reopened
- synchronize
push:
branches:
- main
- master
jobs:
create-cluster:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: Create k8s kind cluster
uses: helm/kind-action@v1.3.0
with:
config: ./kind-config.yaml
wait: 3m
- name: Setup ingress controller
run: |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
- name: Setup kubeseal controller
run: |
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm install sealed-secrets -n kube-system \
--set-string fullnameOverride=sealed-secrets-controller \
sealed-secrets/sealed-secrets
- name: Build and upload images
run: |
docker build -t kubesealwebgui/api:snapshot -f Dockerfile.api .
docker build -t kubesealwebgui/ui:snapshot -f Dockerfile.ui .
kind load docker-image --name chart-testing kubesealwebgui/api:snapshot
kind load docker-image --name chart-testing kubesealwebgui/ui:snapshot
- name: Deploy stuff
run: |
kubectl create namespace kubeseal-webgui
helm template \
--release-name e2e-test \
--namespace kubeseal-webgui \
--set api.image.tag=snapshot \
--set api.url=http://$(hostname -f):80 \
--set autoFetchCertResources=null \
--set image.pullPolicy=Never \
--set ingress.enabled=true \
--set ingress.hostname=$(hostname -f) \
--set resources=null \
--set sealedSecrets.autoFetchCert=true \
--set ui.image.tag=snapshot \
--set securityContext.runAsUser=1042 \
chart/kubeseal-webgui \
| kubectl apply \
-f - \
--namespace kubeseal-webgui
- name: Wait until ready
run: |
while ! curl -f http://$(hostname -f):80/namespaces
do
sleep 5
echo "wait 5s"
done
timeout-minutes: 1
- name: Call URL
run: |
curl -f http://$(hostname -f):80/namespaces
curl -f http://$(hostname -f):80/config
echo '{"secret": "a","namespace": "kube-system","scope": "strict","secrets": [{"key": "a","value": "YQ=="},{"key": "b","value": "Yw=="}]}' \
| curl -f -H 'content-type: application/json' -X POST --data @- http://$(hostname -f):80/secrets
- name: Test Secrets
run: |
API_URL="https://$(hostname -f):443"
kubectl create namespace e2e
strict_secret=$(
echo '{"secret": "strict-secret", "namespace": "e2e", "scope": "strict", "secrets": [{"key": "a-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value')
namespace_secret=$(
echo '{"namespace": "e2e", "scope": "namespace-wide", "secrets": [{"key": "a-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value')
cluster_secret=$(
echo '{"scope": "cluster-wide", "secrets": [{"key": "different-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="different-secret") | "a-secret: " + .value')
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: strict-secret
namespace: e2e
annotations: { }
spec:
encryptedData:
${strict_secret}
EOF
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: namespace-secret
namespace: e2e
annotations: { sealedsecrets.bitnami.com/namespace-wide: "true" }
spec:
encryptedData:
${namespace_secret}
EOF
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cluster-secret
namespace: e2e
annotations: { sealedsecrets.bitnami.com/cluster-wide: "true" }
spec:
encryptedData:
${cluster_secret}
EOF
sleep 5
for secret_name in strict-secret namespace-secret cluster-secret; do
echo -n "Testing ${secret_name} "
test "$(kubectl get secret "${secret_name}" -n e2e \
-o go-template --template '{{ index .data "a-secret" }}')" = "YQ==" ||
{ echo ERR; exit 1; } &&
echo OK
done