-
Notifications
You must be signed in to change notification settings - Fork 12
108 lines (91 loc) · 3.78 KB
/
e2e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: e2e
on:
pull_request:
branches: [ 'main', 'release-*' ]
defaults:
run:
shell: bash
jobs:
kind:
runs-on: ubuntu-latest
strategy:
fail-fast: false # Keep running if one leg fails.
matrix:
k8s-version:
- v1.30.x
- v1.31.x
env:
KO_DOCKER_REPO: registry.local:5000/knative # registry setup by setup-kind
# Use a semi-random cluster suffix, but somewhat predictable
# so reruns don't just give us a completely new value.
CLUSTER_DOMAIN: c${{ github.run_id }}.local
steps:
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Set up Go 1.21.x
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Setup ko
uses: imjasonh/[email protected]
- name: Install kn
run: brew install knative/client/kn
- name: Check out current repository code onto GOPATH
uses: actions/checkout@v4
- name: Setup KinD
uses: chainguard-dev/actions/setup-kind@main
with:
k8s-version: ${{ matrix.k8s-version }}
kind-worker-count: 3
cluster-suffix: ${{ env.CLUSTER_DOMAIN }}
- name: Install Knative Serving and net-kourier
run: |
set -o pipefail
kubectl apply -f https://storage.googleapis.com/knative-nightly/serving/latest/serving-crds.yaml
kubectl apply -f https://storage.googleapis.com/knative-nightly/serving/latest/serving-core.yaml
kubectl apply -f https://storage.googleapis.com/knative-nightly/net-kourier/latest/kourier.yaml
kubectl patch configmap/config-network \
--namespace knative-serving \
--type merge \
--patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
kubectl patch configmap/config-logging \
--namespace knative-serving \
--type merge \
--patch '{"data":{"loglevel.queueproxy":"debug"}}'
- name: Install security-guard
run: ko apply -Rf ./config
- name: Wait for Ready
run: |
echo Waiting for Secrets to be created.
kubectl get pods -n knative-serving
kubectl wait job/create-knative-secrets -n knative-serving --for=condition=complete --timeout 300s
kubectl get secrets -n knative-serving
echo Waiting for Pods to become ready.
kubectl wait pod --timeout 300s --for=condition=Ready -n knative-serving -l "app.kubernetes.io/name=knative-serving"
kubectl wait pod --timeout 300s --for=condition=Ready -n knative-serving -l "app=guard-service"
# For debugging.
kubectl get pods --all-namespaces
- name: Set Cluster DNS
run: |
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.8.3/serving-default-domain.yaml
kubectl wait --timeout 300s --for=condition=complete job/default-domain -n knative-serving
- name: install test service1
run: |
kubectl apply -f ./test/e2e/deploy/httptest1Crd.yaml
kn service create httptest1 \
--image gcr.io/knative-samples/helloworld-go \
--env "TARGET=Secured World" \
--annotation features.knative.dev/queueproxy-podinfo=enabled \
--annotation qpoption.knative.dev/guard-activate=enable
URL=`kn service list|grep httptest1|awk '{print $2}'`
echo "PROTECTED_SERVICE=$URL" >> $GITHUB_ENV
- name: Run e2e Tests "httptest1"
run: |
./test/e2e/e2e-tests.sh $PROTECTED_SERVICE "httptest1"
- uses: chainguard-dev/actions/kind-diag@main
# Only upload logs on failure.
if: ${{ failure() }}
with:
cluster-resources: nodes,namespaces,crds
namespace-resources: pods,svc,services.serving.knative.dev,guardians.guard.security.knative.dev
artifact-name: logs-${{ matrix.k8s-version }}