-
Notifications
You must be signed in to change notification settings - Fork 19
104 lines (90 loc) · 3.93 KB
/
e2e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: E2E Tests
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
jobs:
e2e:
name: e2e
runs-on: ubuntu-latest
env:
IMG: skyscanner/kms-issuer:dev
CERT_MANAGER_VERSION: v1.13.2
steps:
- uses: actions/checkout@v3.1.0
# Build testing docker image
- name: Build the testing kms-issuer docker image
run: docker build -t ${IMG} .
# Setup kind cluster
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.4.0
with:
cluster_name: kind
- name: Load test docker image into the kind cluster
run: kind load docker-image ${IMG}
# Install local-kms to the cluster
- name: Create local-kms namespace
run: kubectl create namespace local-kms
- name: Create local-kms deployment
run: kubectl create deployment local-kms -n local-kms --port 8080 --image nsmithuk/local-kms:3.11.2
- name: Create local-kms service
run: kubectl expose deployment local-kms -n local-kms --port 8080
- name: Wait for local-kms pod to be ready
run: kubectl wait --for=condition=Ready -l app=local-kms -n local-kms pod
- name: Install cert-manager
run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
- name: Install kms-issuer CRDs
run: make install
- name: Set docker image to use in Kustomization
run: make kustomize && cd config/manager && kustomize edit set image controller=${IMG}
- name: Deploy kms-issuer
run: kustomize build config/testing | kubectl apply -f -
- name: Apply KMSKey from samples
run: kubectl apply -f ./config/samples/cert-manager_v1alpha1_kmskey.yaml
- name: Wait for key to be ready
run: kubectl wait --for=condition=Ready kmskey/kmskey-sample
- name: port-forward to local-kms
run: kubectl port-forward -n local-kms svc/local-kms 8080 &
# See https://florian.ec/blog/github-actions-awscli-errors/
- name: Test a KMSKey is created
id: get-key
run: |
result=$(aws --endpoint http://localhost:8080 kms list-keys --region eu-west-1 --no-sign-request | jq -er '.Keys[0].KeyId')
if [[ "${result}" == "null" ]]; then
echo "Key not found"
exit 1
else
echo "Key created"
fi
echo "::set-output name=key_id::$result"
- name: Apply KMSIssuer from sample
run: kubectl apply -f ./config/samples/cert-manager_v1alpha1_kmsissuer.yaml
- name: Wait for KMSIssuer to be ready
run: kubectl wait --for=condition=Ready kmsissuer/kms-issuer-sample
- name: Apply Certificate from sample
run: kubectl apply -f ./config/samples/certificate.yaml
- name: Wait for Certificate to be ready
run: kubectl wait --for=condition=Ready certificate.cert-manager.io/example-com
- name: Delete certificate
run: kubectl delete -f ./config/samples/certificate.yaml
- name: Delete KMSIssuer
run: kubectl delete -f ./config/samples/cert-manager_v1alpha1_kmsissuer.yaml
- name: Delete KMSKey
run: kubectl delete -f ./config/samples/cert-manager_v1alpha1_kmskey.yaml && sleep 2
- name: Check if key is schedule for deletion
run: |
result=$(aws --endpoint http://localhost:8080 kms describe-key --key-id ${{ steps.get-key.outputs.key_id }} --region eu-west-1 --no-sign-request | jq -er '.KeyMetadata.KeyState')
if [[ "${result}" != "PendingDeletion" ]]; then
echo "Key is not in state PendingDeletion"
exit 1
else
echo "Key scheduled for deletion"
fi
- name: Logs of controller
if: always()
run: |
echo "::group::Controller logs"
kubectl logs deployment/kms-issuer-controller-manager -n kms-issuer-system --all-containers
echo "::endgroup::"