Merge pull request #163 from jp-gouin/fix-ci

Update ci/bump container version/fix issues
jp-gouin · May 22, 2024 · f6ed450 · f6ed450
2 parents ff5348b + 9087934
commit f6ed450
Show file tree

Hide file tree

Showing 10 changed files with 211 additions and 134 deletions.
diff --git a/.bin/disableLdapPort.yaml b/.bin/disableLdapPort.yaml
@@ -16,10 +16,4 @@ service:
   sslLdapPortNodePort: 30636
   type: NodePort
 initTLSSecret:
-  tls_enabled: true
-  image:
-    registry: docker.io
-    repository: alpine/openssl
-    tag: latest
-    pullPolicy: IfNotPresent
-  secret: "custom-cert"
+  tls_enabled: false
diff --git a/.bin/singleNode.yaml b/.bin/singleNode.yaml
@@ -1,6 +1,7 @@
 logLevel: debug
 global:
   ldapDomain: "singlenode.org"
+  existingSecret: "my-super-secret"
 resources: 
   limits:
     cpu: "128m"

diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -0,0 +1,35 @@
+name: 'Setup env'
+description: 'Greet someone'
+inputs:
+  install-chaos: 
+    description: 'Setup ChaosMesh'
+    required: true
+    default: false
+runs:
+  using: "composite"
+  steps:
+    - name: Lint
+      shell: bash
+      run: |
+        curl -fsSL -o /tmp/get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        chmod 700 /tmp/get_helm.sh
+        /tmp/get_helm.sh
+        helm lint .
+    - name: setup cluster
+      shell: bash
+      run: |
+        curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64
+        chmod +x /tmp/kind
+        curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+        rm -f kubectl
+        sudo apt update
+        sudo apt-get install -y ldap-utils
+        /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8
+        kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
+        kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}'
+    - name: setup chaos mesh
+      if: ${{ inputs.install-chaos == 'true' }}
+      shell: bash
+      run: |
+        curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh  | bash -s -- --local kind
diff --git a/.github/workflows/ci-ha.yml b/.github/workflows/ci-ha.yml
@@ -0,0 +1,74 @@
+name: Test-HA
+on:
+  workflow_call:
+jobs:
+  qualif:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v1
+    - name: Run custom action
+      # Use the location in the repository (without action.yml)
+      uses: ./.github/actions/setup
+      with:
+        install-chaos: true
+    - name: setup certs
+      shell: bash
+      run: |
+        openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout tls.key -out tls.crt -days 365
+        cp tls.crt ca.crt
+        kubectl create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
+    - name: deploy openldap-stack-ha
+      shell: bash
+      run: |
+        cd "$GITHUB_WORKSPACE"
+        helm install openldap-stack-ha -f .bin/myval.yaml .
+        kubectl rollout status sts openldap-stack-ha 
+    - name: verify deployment
+      shell: bash
+      run: |
+          echo "test access to openldap database"
+          sleep 10
+          LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org'
+    - name: test phpldapadmin access
+      shell: bash
+      run: |
+          echo "test access to phpldapadmin"
+          echo "127.0.0.1 phpldapadmin.example ssl-ldap2.example" | sudo tee -a /etc/hosts
+          curl phpldapadmin.example:8080
+    - name: test self service pwd access
+      shell: bash
+      run: |
+          echo "test access to ssp"
+          curl ssl-ldap2.example:8080
+    - name: verify certs
+      shell: bash
+      run: |
+          echo "verify certificate"
+          echo | openssl s_client -showcerts -servername example.com -connect localhost:30636 2>/dev/null | openssl x509 -inform pem -noout -text > /tmp/test-cert.txt
+          if ! grep -q "CN = example.com" /tmp/test-cert.txt; then  echo exit 1; fi
+    - name: apply chaos tests
+      shell: bash
+      run: |
+          echo "test access to openldap database"
+          kubectl apply -f .bin/chaos.yaml
+    - name: test write
+      shell: bash
+      run: |
+          echo "Write test to openldap database"
+          LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f  .bin/user.ldif
+          LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
+          if ! grep  "Einstein" /tmp/test-write.txt; then echo 'no Einstein entry found' ; fi
+          if ! grep  "objectClass: ownCloud" /tmp/test-write.txt; then  echo 'no ownCloud entry found'; fi
+    - name: test memberOf
+      shell: bash
+      run: |
+          echo "MemberOf test to openldap database"
+          LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)" > /tmp/test-write.txt
+          if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 2 ]; then exit 1 ; fi
+          if ! grep -q "uid=test1,ou=People,dc=example,dc=org" /tmp/test-write.txt; then  echo exit 1; fi
+    - name: chaos tests
+      shell: bash
+      run: |
+          echo "test access to openldap database"
+          for i in {1..20}; do  LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done
diff --git a/.github/workflows/ci-other.yml b/.github/workflows/ci-other.yml
@@ -0,0 +1,33 @@
+name: Test-Other
+on:
+  workflow_call:
+jobs:
+  qualif:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v1
+    - name: Run custom action
+      # Use the location in the repository (without action.yml)
+      uses: ./.github/actions/setup
+      with:
+        install-chaos: false
+    - name: deploy openldap-stack-ha-disable-ldap-port
+      shell: bash
+      run: |
+        cd "$GITHUB_WORKSPACE"
+        helm install openldap-stack-ha -n no-ldap-port --create-namespace -f .bin/disableLdapPort.yaml .
+        kubectl -n no-ldap-port rollout status sts openldap-stack-ha -n no-ldap-port
+    - name: verify no ldap port deployment
+      shell: bash
+      run: |
+          echo "test access to openldap database"
+          echo "Write test to openldap database"
+          LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/simpleUser.ldif
+          sleep 10
+          LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
+          cat /tmp/test-write.txt
+          if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 3 ]; then exit 1 ; fi
+
+
+      
diff --git a/.github/workflows/ci-singlenode.yml b/.github/workflows/ci-singlenode.yml
@@ -0,0 +1,31 @@
+name: Test-SingleNode
+on:
+  workflow_call:
+jobs:
+  qualif:
+      runs-on: ubuntu-latest
+      steps:
+      - name: Check out code
+        uses: actions/checkout@v1
+      - name: Run custom action
+        # Use the location in the repository (without action.yml)
+        uses: ./.github/actions/setup
+        with:
+          install-chaos: false
+      - name: deploy openldap-stack-ha-single-node
+        shell: bash
+        run: |
+          cd "$GITHUB_WORKSPACE"
+          kubectl create ns single
+          kubectl create secret generic my-super-secret -n single --from-literal=LDAP_ADMIN_PASSWORD=Not@SecurePassw0rd --from-literal=LDAP_CONFIG_ADMIN_PASSWORD=Not@SecurePassw0rd
+          helm install openldap-stack-ha -n single -f .bin/singleNode.yaml .
+          kubectl rollout status sts openldap-stack-ha -n single
+          kubectl logs -n single openldap-stack-ha-0  
+      - name: verify single node deployment
+        shell: bash
+        run: |
+           sleep 10
+           echo "test access to openldap database"
+           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=singlenode,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=singlenode,dc=org' > /tmp/test-single-node.txt
+           cat /tmp/test-single-node.txt
+           if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,4 +1,4 @@
-name: Qualif
+name: Setup
 on:
   push:
     branches:
@@ -8,121 +8,9 @@ on:
       - "master"
       - "bitnami"
 jobs:
-  qualif:
-      runs-on: ubuntu-latest
-      steps:
-      - name: Check out code
-        uses: actions/checkout@v1
-      - name: Lint
-        shell: bash
-        run: |
-          helm lint .
-      - name: setup cluster
-        shell: bash
-        run: |
-          curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
-          chmod +x /tmp/kind
-          /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c
-          kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
-          kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}'
-      - name: setup chaos mesh
-        shell: bash
-        run: |
-          curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh  | bash -s -- --local kind
-      - name: setup certs
-        shell: bash
-        run: |
-          openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout tls.key -out tls.crt -days 365
-          cp tls.crt ca.crt
-          kubectl create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
-      - name: deploy openldap-stack-ha
-        shell: bash
-        run: |
-          cd "$GITHUB_WORKSPACE"
-          helm install openldap-stack-ha -f .bin/myval.yaml .
-          kubectl rollout status sts openldap-stack-ha 
-      - name: verify deployment
-        shell: bash
-        run: |
-           echo "test access to openldap database"
-           sudo apt-get install -y ldap-utils
-           sleep 10
-           LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org'
-      - name: test phpldapadmin access
-        shell: bash
-        run: |
-           echo "test access to phpldapadmin"
-           echo "127.0.0.1 phpldapadmin.example ssl-ldap2.example" | sudo tee -a /etc/hosts
-           curl phpldapadmin.example:8080
-      - name: test self service pwd access
-        shell: bash
-        run: |
-           echo "test access to ssp"
-           curl ssl-ldap2.example:8080
-      - name: verify certs
-        shell: bash
-        run: |
-           echo "verify certificate"
-           echo | openssl s_client -showcerts -servername example.com -connect localhost:30636 2>/dev/null | openssl x509 -inform pem -noout -text > /tmp/test-cert.txt
-           if ! grep -q "CN = example.com" /tmp/test-cert.txt; then  echo exit 1; fi
-      - name: apply chaos tests
-        shell: bash
-        run: |
-           echo "test access to openldap database"
-           kubectl apply -f .bin/chaos.yaml
-      - name: test write
-        shell: bash
-        run: |
-           echo "Write test to openldap database"
-           LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f  .bin/user.ldif
-           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
-           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 9 ]; then exit 1 ; fi
-           if ! grep -q "objectClass: ownCloud" /tmp/test-write.txt; then  echo exit 1; fi
-      - name: test memberOf
-        shell: bash
-        run: |
-           echo "MemberOf test to openldap database"
-           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)" > /tmp/test-write.txt
-           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 2 ]; then exit 1 ; fi
-           if ! grep -q "uid=test1,ou=People,dc=example,dc=org" /tmp/test-write.txt; then  echo exit 1; fi
-      - name: chaos tests
-        shell: bash
-        run: |
-           echo "test access to openldap database"
-           for i in {1..20}; do  LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done
-      - name: deploy openldap-stack-ha-single-node
-        shell: bash
-        run: |
-          helm delete openldap-stack-ha
-          cd "$GITHUB_WORKSPACE"
-          helm install openldap-stack-ha -n single --create-namespace -f .bin/singleNode.yaml .
-          kubectl rollout status sts openldap-stack-ha -n single
-      - name: verify single node deployment
-        shell: bash
-        run: |
-           echo "test access to openldap database"
-           sudo apt-get install -y ldap-utils
-           LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=singlenode,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=singlenode,dc=org' > /tmp/test-single-node.txt
-           cat /tmp/test-single-node.txt
-           if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi
-      - name: deploy openldap-stack-ha-disable-ldap-port
-        shell: bash
-        run: |
-          helm delete -n single openldap-stack-ha
-          cd "$GITHUB_WORKSPACE"
-          helm install openldap-stack-ha -n no-ldap-port --create-namespace -f .bin/disableLdapPort.yaml .
-          kubectl -n no-ldap-port create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
-          kubectl -n no-ldap-port rollout status sts openldap-stack-ha -n no-ldap-port
-      - name: verify no ldap port deployment
-        shell: bash
-        run: |
-           echo "test access to openldap database"
-           sudo apt-get install -y ldap-utils
-           echo "Write test to openldap database"
-           LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/simpleUser.ldif
-           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
-           cat /tmp/test-write.txt
-           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 3 ]; then exit 1 ; fi
-
-
-      
+  call-ci-singlenode:
+    uses: ./.github/workflows/ci-singlenode.yml
+  call-ci-other:
+    uses: ./.github/workflows/ci-other.yml
+  call-ci-ha:
+    uses: ./.github/workflows/ci-ha.yml
diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "openldap.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end -}}
diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml
@@ -142,9 +142,8 @@ spec:
             - mountPath: /bitnami
               name: data
       {{- end }}
-      {{- /*
- serviceAccountName: {{ template "openldap.serviceAccountName" . }}
-*/ -}}
+
+      serviceAccountName: {{ template "openldap.serviceAccountName" . }}
       {{- include "openldap.imagePullSecrets" . | nindent 6 }}
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
@@ -363,4 +362,4 @@ spec:
 {{- else if (not .Values.persistence.enabled) }}
         - name: data
           emptyDir: {}
-{{- end }}
+{{- end }}