Skip to content

Commit

Permalink
operators-installer - private registry support tests refactor
Browse files Browse the repository at this point in the history 
implement/refactor unit tests for the operators-installer operator approvaer job image pull from a private registry
  • Loading branch information
@gniltaws @itewk
gniltaws authored and itewk committed Jan 16, 2025
1 parent 46cdb3c commit 4d4d791
Show file tree
Hide file tree
Showing 18 changed files with 283 additions and 153 deletions.
168 changes: 168 additions & 0 deletions .github/actions/setup-kind-cluster-for-helm-chart-testing/action.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
name: 'Setup Kind Cluster for Helm Chart Testing'
description: 'Setup Kind cluster for testing Helm Charts that expect to run with OLM and ingress'
inputs:
# renovate: datasource=github-releases depName=helm/helm
helm-version:
description: helm version to install
required: true
default: 'v3.16.3'

# renovate: datasource=github-tags depName=python/cpython
python-version:
description: python version to install
required: true
default: 'v3.13.0'

# renovate: datasource=github-releases depName=kubernetes-sigs/kind
kind-version:
description: kind version to install
required: true
default: 'v0.25.0'

# renovate: datasource=github-releases depName=operator-framework/operator-lifecycle-manager
olm-version:
description: olm version to install
required: true
default: 'v0.30.0'

local-registry-enabled:
description: whether to enable local authenticated registry
required: true
type: boolean
default: false

local-registry-user:
description: local authenticated registry username
required: false
default: 'registryuser1'

local-registry-password:
description: local authenticated registry password
required: false
default: 'registrypassword1'

local-registry-uri:
description: local authenticated registry uri
required: false
default: 'registry.localhost'

local-registry-images:
description: space separated list of remote container images to seed into the local private registry
required: false
default: ''

runs:
using: "composite"
steps:
- name: Setup Helm 🧰
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: ${{ inputs.helm-version }}

- name: Setup Python 🐍
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ inputs.python-version }}

- name: Setup kind cluster 🧰
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: ${{ inputs.kind-version }}
config: _test/kind-config.yaml

# for helm charts we are testing that require installing operators
- name: Setup kind cluster - Install OLM 🧰
env:
OLM_VERSION: ${{ inputs.olm-version }}
shell: bash
run: |
curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh -o install.sh
chmod +x install.sh
./install.sh ${OLM_VERSION}
# for helm charts we are testing that require ingress
- name: Setup kind cluster - Install ingress controller 🧰
shell: bash
run: |
helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
--create-namespace --namespace=ingress-controller \
--set controller.hostNetwork=true
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: haproxy
annotations:
ingressclass.kubernetes.io/is-default-class: 'true'
spec:
controller: haproxy-ingress.github.io/controller
EOF
# for helm charts we are testing that require/expect certain default namespaces from Red Hat OpenShift
- name: Setup kind cluster - create expected namespaces 🧰
shell: bash
run: |
kubectl create namespace openshift-operators
# install private registry for those that need it
- name: Setup kind cluster - install private registry 🧰
env:
LOCAL_REGISTRY_USER: ${{ inputs.local-registry-user }}
LOCAL_REGISTRY_PASSWORD: ${{ inputs.local-registry-password }}
LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
shell: bash
run: |
helm upgrade --install private-registry _test/private-registry \
--namespace registry \
--create-namespace \
--wait \
--set registryUser=${LOCAL_REGISTRY_USER} \
--set registryPassword=${LOCAL_REGISTRY_PASSWORD} \
--set registryIngressHost=${LOCAL_REGISTRY_URI}
if: inputs.local-registry-enabled == 'true'

# copy images needed by CT tests that use private registry to the private registry
- name: Setup kind cluster - Copy images into private registry 🔺
env:
LOCAL_REGISTRY_USER: ${{ inputs.local-registry-user }}
LOCAL_REGISTRY_PASSWORD: ${{ inputs.local-registry-password }}
LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
LOCAL_REGISTRY_IMAGES: ${{ inputs.local-registry-images }}
shell: bash
run: |
for image in ${LOCAL_REGISTRY_IMAGES}; do
image_name_regex='.*\/(.*$)'
if [[ "${image}" =~ ${image_name_regex} ]]; then
image_name="${BASH_REMATCH[1]}"
remote_image="docker://${image}"
local_image="docker://${LOCAL_REGISTRY_URI}/${image_name}"
echo "Copy image (${remote_image}) to local registry (${local_image})"
skopeo copy \
--dest-creds ${LOCAL_REGISTRY_USER}:${LOCAL_REGISTRY_PASSWORD} \
--dest-tls-verify=false \
${remote_image} \
${local_image}
else
echo "ERROR: parsing image name from source image uri: ${image}"
exit 1
fi
done
if: inputs.local-registry-enabled == 'true'

# SOURCE: https://kind.sigs.k8s.io/docs/user/local-registry/
- name: Setup kind cluster - Add the registry config to the nodes 🧰
env:
LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
CLUSTER_NAME: chart-testing
shell: bash
run: |
REGISTRY_DIR="/etc/containerd/certs.d/${LOCAL_REGISTRY_URI}"
for node in $(kind get nodes -n "${CLUSTER_NAME}"); do
docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
[host."http://${LOCAL_REGISTRY_URI}"]
EOF
done
if: inputs.local-registry-enabled == 'true'
150 changes: 62 additions & 88 deletions .github/workflows/install-integration-tests-operators-installer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,12 @@
#
# NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources

name: Install Integration Test - operators-installer
name: Install Integration Tests - operators-installer

on:
pull_request:
paths:
- .github/**
- _test/charts-integration-tests/operators-installer/**
- charts/operators-installer/**

# Declare default permissions as read only.
Expand All @@ -19,87 +18,20 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

env:
registry_user: registryuser1
registry_password: registrypassword1

jobs:
install-integration-test:
test-install-and-multi-stage-upgrade:
runs-on: ubuntu-latest
env:
# renovate: datasource=github-releases depName=helm/helm
HELM_VERSION: v3.16.3
# renovate: datasource=github-tags depName=python/cpython
PYTHON_VERSION: v3.13.0
# renovate: datasource=github-releases depName=kubernetes-sigs/kind
KIND_VERSION: v0.25.0
# renovate: datasource=github-releases depName=operator-framework/operator-lifecycle-manager
OLM_VERSION: v0.30.0
TEST_NAMESPACE: 'operators-installer-integration-test'
steps:
- name: Checkout 🛎️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

- name: Setup Helm 🧰
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: ${{ env.HELM_VERSION }}

- name: Setup Python 🐍
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Setup kind cluster 🧰
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: ${{ env.KIND_VERSION }}
config: charts/operators-installer/_integration-tests/kind-config.yaml

# for helm charts we are testing that require installing operators
- name: Setup kind cluster - Install OLM 🧰
run: |
curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh -o install.sh
chmod +x install.sh
./install.sh ${OLM_VERSION}
# for helm charts we are testing that require ingress
- name: Setup kind cluster - Install ingress controller 🧰
run: |
helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
--create-namespace --namespace=ingress-controller \
--set controller.hostNetwork=true
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: haproxy
annotations:
ingressclass.kubernetes.io/is-default-class: 'true'
spec:
controller: haproxy-ingress.github.io/controller
EOF
# for testing operators-installer image from private repository
- name: Setup private registry in kind cluster 🧰
run: |
helm upgrade --install private-registry charts/operators-installer/_integration-tests/private-registry \
--namespace registry \
--create-namespace \
--wait \
--set registryUser=${registry_user} \
--set registryPassword=${registry_password}
# copies image used to install argo into local private registry
- name: Copy image into private repository 💿
run: |
skopeo copy \
--dest-creds ${registry_user}:${registry_password} \
--dest-tls-verify=false \
docker://$(awk '$1 ~/Image:/ {print $2}' charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml) \
docker://registry.localhost/origin-cli:5000

# set up kind cluster (using re-usable local composite action)
- name: Setup Kind Cluster for Helm Chart Testing 🧰
uses: ./.github/actions/setup-kind-cluster-for-helm-chart-testing

# NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources
- name: Run integration tests 🧪
Expand All @@ -108,27 +40,69 @@ jobs:
echo "##########################################################################################################"
echo "# Install argo at old version #"
echo "##########################################################################################################"
helm upgrade --install operators-installer-integration-test charts/operators-installer \
--namespace operators-installer-integration-test \
helm upgrade --install install-and-multi-stage-upgrade charts/operators-installer \
--namespace ${TEST_NAMESPACE} \
--create-namespace \
--wait \
--values charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml \
--debug --timeout 10m0s
echo "##########################################################################################################"
echo "# Create pull secret used in next step #"
echo "# Upgrade argo to newer version requiring many intermediate updates along the way #"
echo "##########################################################################################################"
oc create secret docker-registry local-registry-pullsecret \
--namespace operators-installer-integration-test \
--docker-password="${registry_user}" \
--docker-username="${registry_password}" \
--docker-server=registry.localhost
helm upgrade --install install-and-multi-stage-upgrade charts/operators-installer \
--namespace ${TEST_NAMESPACE} \
--wait \
--values charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml \
--debug --timeout 30m0s
test-approver-job-image-from-authenticated-registry:
runs-on: ubuntu-latest
env:
TEST_NAMESPACE: 'external-secrets-operator'
LOCAL_REGISTRY_USER: registryuser1
LOCAL_REGISTRY_PASSWORD: registrypassword1
LOCAL_REGISTRY_URI: registry.localhost
LOCAL_REGISTRY_IMAGES: "quay.io/openshift/origin-cli:4.15" # space separated
steps:
- name: Checkout 🛎️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

# set up kind cluster (using re-usable local composite action)
- name: Setup Kind Cluster for Helm Chart Testing 🧰
uses: ./.github/actions/setup-kind-cluster-for-helm-chart-testing
with:
local-registry-enabled: true
local-registry-user: ${{ env.LOCAL_REGISTRY_USER }}
local-registry-password: ${{ env.LOCAL_REGISTRY_PASSWORD }}
local-registry-uri: ${{ env.LOCAL_REGISTRY_URI }}
local-registry-images: "quay.io/openshift/origin-cli:4.15" # space separated

# create test namespace
- name: Setup kind cluster - create test namespace 🧰
run: |
kubectl create namespace ${TEST_NAMESPACE}
# create pull secret for pulling images
- name: Setup kind cluster - create pull secret for private registry 🧰
run: |
kubectl create secret docker-registry local-registry-pullsecret \
--namespace ${TEST_NAMESPACE} \
--docker-username="${LOCAL_REGISTRY_USER}" \
--docker-password="${LOCAL_REGISTRY_PASSWORD}" \
--docker-server=${LOCAL_REGISTRY_URI}
# NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources
- name: Run integration tests 🧪
timeout-minutes: 10
run: |
echo "##########################################################################################################"
echo "# Upgrade argo to newer version requiring many intermediate updates along the way #"
echo "# Install operator using approver job image from private authenticated registry #"
echo "##########################################################################################################"
helm upgrade --install operators-installer-integration-test charts/operators-installer \
--namespace operators-installer-integration-test \
helm upgrade --install approver-from-authed-registry charts/operators-installer \
--namespace ${TEST_NAMESPACE} \
--wait \
--values charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml \
--debug --timeout 35m0s
--values charts/operators-installer/_integration-tests/test-install-operator-with-approver-image-from-private-registry.yaml \
--debug --timeout 9m0s
Loading

0 comments on commit 4d4d791

Please sign in to comment.