-
Notifications
You must be signed in to change notification settings - Fork 19
/
kind-setup.sh
executable file
·130 lines (115 loc) · 4.03 KB
/
kind-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
# Set-Up a kind cluster with kubeseal and kubeseal-webgui
# The ui will listen on http:$(localhost:7180)
set -eo pipefail
API_URL="https://$(hostname -f):7143"
cat <<EOF | kind create cluster --name chart-testing --wait 3m --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 80
hostPort: 7180
protocol: TCP
- containerPort: 443
hostPort: 7143
protocol: TCP
EOF
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
# Build, load and start image
docker build -t kubesealwebgui/api:snapshot -f Dockerfile.api .
docker build -t kubesealwebgui/ui:snapshot -f Dockerfile.ui .
kind load docker-image --name chart-testing kubesealwebgui/api:snapshot
kind load docker-image --name chart-testing kubesealwebgui/ui:snapshot
kubectl create namespace kubeseal-webgui
helm template \
--release-name e2e-test \
--create-namespace \
--namespace kubeseal-webgui \
--set api.image.tag=snapshot \
--set api.url="${API_URL}" \
--set autoFetchCertResources=null \
--set image.pullPolicy=Never \
--set ingress.enabled=true \
--set ingress.hostname="$(hostname -f)" \
--set resources=null \
--set sealedSecrets.autoFetchCert=true \
--set ui.image.tag=snapshot \
--set securityContext.runAsUser=1042 \
chart/kubeseal-webgui \
| kubectl apply -f - --namespace kubeseal-webgui
kubectl wait --namespace kubeseal-webgui \
--for=condition=ready pod \
--selector=app=kubeseal-webgui \
--timeout=90s
for _i in {1..3}; do
curl -i -k -D - -f "${API_URL}" ||
sleep 5
done
kubectl create namespace e2e
strict_secret=$(
echo '{"secret": "strict-secret", "namespace": "e2e", "scope": "strict", "secrets": [{"key": "a-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value')
namespace_secret=$(
echo '{"namespace": "e2e", "scope": "namespace-wide", "secrets": [{"key": "a-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="a-secret") | "a-secret: " + .value')
cluster_secret=$(
echo '{"scope": "cluster-wide", "secrets": [{"key": "different-secret","value": "YQ=="}]}' |
curl -f -H 'content-type: application/json' -X POST -k --data @- "${API_URL}/secrets" |
jq -r -s '.[0][] | select(.key=="different-secret") | "a-secret: " + .value')
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: strict-secret
namespace: e2e
annotations: { }
spec:
encryptedData:
${strict_secret}
EOF
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: namespace-secret
namespace: e2e
annotations: { sealedsecrets.bitnami.com/namespace-wide: "true" }
spec:
encryptedData:
${namespace_secret}
EOF
cat <<EOF | kubectl apply -n e2e -f -
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cluster-secret
namespace: e2e
annotations: { sealedsecrets.bitnami.com/cluster-wide: "true" }
spec:
encryptedData:
${cluster_secret}
EOF
sleep 5
for secret_name in strict-secret namespace-secret cluster-secret; do
echo -n "Testing ${secret_name} "
test "$(kubectl get secret "${secret_name}" -n e2e \
-o go-template --template '{{ index .data "a-secret" }}')" = "YQ==" ||
{ echo ERR; exit 1; } &&
echo OK
done