Update deps and kubeseal binary #131
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: End to end test | |
on: | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
push: | |
branches: | |
- main | |
- master | |
jobs: | |
create-cluster: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v1 | |
- name: Create k8s kind cluster | |
uses: helm/kind-action@v1.3.0 | |
with: | |
config: ./kind-config.yaml | |
wait: 3m | |
- name: Setup ingress controller | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml | |
kubectl wait --namespace ingress-nginx \ | |
--for=condition=ready pod \ | |
--selector=app.kubernetes.io/component=controller \ | |
--timeout=90s | |
- name: Setup kubeseal controller | |
run: | | |
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets | |
helm install sealed-secrets -n kube-system \ | |
--set-string fullnameOverride=sealed-secrets-controller \ | |
sealed-secrets/sealed-secrets | |
- name: Build and upload images | |
run: | | |
docker build -t kubesealwebgui/api:snapshot -f Dockerfile.api . | |
docker build -t kubesealwebgui/ui:snapshot -f Dockerfile.ui . | |
kind load docker-image --name chart-testing kubesealwebgui/api:snapshot | |
kind load docker-image --name chart-testing kubesealwebgui/ui:snapshot | |
- name: Deploy stuff | |
run: | | |
kubectl create namespace kubeseal-webgui | |
helm template \ | |
--release-name e2e-test \ | |
--namespace kubeseal-webgui \ | |
--set api.image.tag=snapshot \ | |
--set api.url=http://$(hostname -f):80 \ | |
--set autoFetchCertResources=null \ | |
--set image.pullPolicy=Never \ | |
--set ingress.enabled=true \ | |
--set ingress.hostname=$(hostname -f) \ | |
--set resources=null \ | |
--set sealedSecrets.autoFetchCert=true \ | |
--set ui.image.tag=snapshot \ | |
--set securityContext.runAsUser=1042 \ | |
chart/kubeseal-webgui \ | |
| kubectl apply \ | |
-f - \ | |
--namespace kubeseal-webgui | |
- name: Wait until ready | |
run: | | |
while ! curl -f http://$(hostname -f):80/namespaces | |
do | |
sleep 5 | |
echo "wait 5s" | |
done | |
timeout-minutes: 1 | |
- name: Call URL | |
run: | | |
curl -f http://$(hostname -f):80/namespaces | |
curl -f http://$(hostname -f):80/config | |
echo '{"secret": "a","namespace": "kube-system","scope": "strict","secrets": [{"key": "a","value": "YQ=="},{"key": "b","value": "Yw=="}]}' \ | |
| curl -f -H 'content-type: application/json' -X POST --data @- http://$(hostname -f):80/secrets | |
- name: Test Secrets | |
run: | | |
API_URL="https://$(hostname -f):443" | |
kubectl create namespace e2e | |
strict_secret=$( | |
echo '{"secret": "strict-secret", "namespace": "e2e", "scope": "strict", "secrets": [{"key": "a-secret","value": "YQ=="}]}' | | |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" | | |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value') | |
namespace_secret=$( | |
echo '{"namespace": "e2e", "scope": "namespace-wide", "secrets": [{"key": "a-secret","value": "YQ=="}]}' | | |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" | | |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value') | |
cluster_secret=$( | |
echo '{"scope": "cluster-wide", "secrets": [{"key": "different-secret","value": "YQ=="}]}' | | |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" | | |
jq -r -s '.[0][] | select(.key=="different-secret") | "a-secret: " + .value') | |
cat <<EOF | kubectl apply -n e2e -f - | |
apiVersion: bitnami.com/v1alpha1 | |
kind: SealedSecret | |
metadata: | |
name: strict-secret | |
namespace: e2e | |
annotations: { } | |
spec: | |
encryptedData: | |
${strict_secret} | |
EOF | |
cat <<EOF | kubectl apply -n e2e -f - | |
apiVersion: bitnami.com/v1alpha1 | |
kind: SealedSecret | |
metadata: | |
name: namespace-secret | |
namespace: e2e | |
annotations: { sealedsecrets.bitnami.com/namespace-wide: "true" } | |
spec: | |
encryptedData: | |
${namespace_secret} | |
EOF | |
cat <<EOF | kubectl apply -n e2e -f - | |
apiVersion: bitnami.com/v1alpha1 | |
kind: SealedSecret | |
metadata: | |
name: cluster-secret | |
namespace: e2e | |
annotations: { sealedsecrets.bitnami.com/cluster-wide: "true" } | |
spec: | |
encryptedData: | |
${cluster_secret} | |
EOF | |
sleep 5 | |
for secret_name in strict-secret namespace-secret cluster-secret; do | |
echo -n "Testing ${secret_name} " | |
test "$(kubectl get secret "${secret_name}" -n e2e \ | |
-o go-template --template '{{ index .data "a-secret" }}')" = "YQ==" || | |
{ echo ERR; exit 1; } && | |
echo OK | |
done |