-
Notifications
You must be signed in to change notification settings - Fork 120
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #163 from jp-gouin/fix-ci
Update ci/bump container version/fix issues
- Loading branch information
Showing
10 changed files
with
211 additions
and
134 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
name: 'Setup env' | ||
description: 'Greet someone' | ||
inputs: | ||
install-chaos: | ||
description: 'Setup ChaosMesh' | ||
required: true | ||
default: false | ||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Lint | ||
shell: bash | ||
run: | | ||
curl -fsSL -o /tmp/get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | ||
chmod 700 /tmp/get_helm.sh | ||
/tmp/get_helm.sh | ||
helm lint . | ||
- name: setup cluster | ||
shell: bash | ||
run: | | ||
curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 | ||
chmod +x /tmp/kind | ||
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | ||
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | ||
rm -f kubectl | ||
sudo apt update | ||
sudo apt-get install -y ldap-utils | ||
/tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8 | ||
kubectl apply -f https://projectcontour.io/quickstart/contour.yaml | ||
kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}' | ||
- name: setup chaos mesh | ||
if: ${{ inputs.install-chaos == 'true' }} | ||
shell: bash | ||
run: | | ||
curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh | bash -s -- --local kind |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
name: Test-HA | ||
on: | ||
workflow_call: | ||
jobs: | ||
qualif: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v1 | ||
- name: Run custom action | ||
# Use the location in the repository (without action.yml) | ||
uses: ./.github/actions/setup | ||
with: | ||
install-chaos: true | ||
- name: setup certs | ||
shell: bash | ||
run: | | ||
openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout tls.key -out tls.crt -days 365 | ||
cp tls.crt ca.crt | ||
kubectl create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt | ||
- name: deploy openldap-stack-ha | ||
shell: bash | ||
run: | | ||
cd "$GITHUB_WORKSPACE" | ||
helm install openldap-stack-ha -f .bin/myval.yaml . | ||
kubectl rollout status sts openldap-stack-ha | ||
- name: verify deployment | ||
shell: bash | ||
run: | | ||
echo "test access to openldap database" | ||
sleep 10 | ||
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' | ||
- name: test phpldapadmin access | ||
shell: bash | ||
run: | | ||
echo "test access to phpldapadmin" | ||
echo "127.0.0.1 phpldapadmin.example ssl-ldap2.example" | sudo tee -a /etc/hosts | ||
curl phpldapadmin.example:8080 | ||
- name: test self service pwd access | ||
shell: bash | ||
run: | | ||
echo "test access to ssp" | ||
curl ssl-ldap2.example:8080 | ||
- name: verify certs | ||
shell: bash | ||
run: | | ||
echo "verify certificate" | ||
echo | openssl s_client -showcerts -servername example.com -connect localhost:30636 2>/dev/null | openssl x509 -inform pem -noout -text > /tmp/test-cert.txt | ||
if ! grep -q "CN = example.com" /tmp/test-cert.txt; then echo exit 1; fi | ||
- name: apply chaos tests | ||
shell: bash | ||
run: | | ||
echo "test access to openldap database" | ||
kubectl apply -f .bin/chaos.yaml | ||
- name: test write | ||
shell: bash | ||
run: | | ||
echo "Write test to openldap database" | ||
LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/user.ldif | ||
LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt | ||
if ! grep "Einstein" /tmp/test-write.txt; then echo 'no Einstein entry found' ; fi | ||
if ! grep "objectClass: ownCloud" /tmp/test-write.txt; then echo 'no ownCloud entry found'; fi | ||
- name: test memberOf | ||
shell: bash | ||
run: | | ||
echo "MemberOf test to openldap database" | ||
LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)" > /tmp/test-write.txt | ||
if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 2 ]; then exit 1 ; fi | ||
if ! grep -q "uid=test1,ou=People,dc=example,dc=org" /tmp/test-write.txt; then echo exit 1; fi | ||
- name: chaos tests | ||
shell: bash | ||
run: | | ||
echo "test access to openldap database" | ||
for i in {1..20}; do LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: Test-Other | ||
on: | ||
workflow_call: | ||
jobs: | ||
qualif: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v1 | ||
- name: Run custom action | ||
# Use the location in the repository (without action.yml) | ||
uses: ./.github/actions/setup | ||
with: | ||
install-chaos: false | ||
- name: deploy openldap-stack-ha-disable-ldap-port | ||
shell: bash | ||
run: | | ||
cd "$GITHUB_WORKSPACE" | ||
helm install openldap-stack-ha -n no-ldap-port --create-namespace -f .bin/disableLdapPort.yaml . | ||
kubectl -n no-ldap-port rollout status sts openldap-stack-ha -n no-ldap-port | ||
- name: verify no ldap port deployment | ||
shell: bash | ||
run: | | ||
echo "test access to openldap database" | ||
echo "Write test to openldap database" | ||
LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/simpleUser.ldif | ||
sleep 10 | ||
LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt | ||
cat /tmp/test-write.txt | ||
if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 3 ]; then exit 1 ; fi | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
name: Test-SingleNode | ||
on: | ||
workflow_call: | ||
jobs: | ||
qualif: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v1 | ||
- name: Run custom action | ||
# Use the location in the repository (without action.yml) | ||
uses: ./.github/actions/setup | ||
with: | ||
install-chaos: false | ||
- name: deploy openldap-stack-ha-single-node | ||
shell: bash | ||
run: | | ||
cd "$GITHUB_WORKSPACE" | ||
kubectl create ns single | ||
kubectl create secret generic my-super-secret -n single --from-literal=LDAP_ADMIN_PASSWORD=Not@SecurePassw0rd --from-literal=LDAP_CONFIG_ADMIN_PASSWORD=Not@SecurePassw0rd | ||
helm install openldap-stack-ha -n single -f .bin/singleNode.yaml . | ||
kubectl rollout status sts openldap-stack-ha -n single | ||
kubectl logs -n single openldap-stack-ha-0 | ||
- name: verify single node deployment | ||
shell: bash | ||
run: | | ||
sleep 10 | ||
echo "test access to openldap database" | ||
LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=singlenode,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=singlenode,dc=org' > /tmp/test-single-node.txt | ||
cat /tmp/test-single-node.txt | ||
if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{{- if .Values.serviceAccount.create -}} | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: {{ include "openldap.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace | quote }} | ||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} | ||
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} | ||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} | ||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} | ||
{{- end }} | ||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.