Skip to content

make all kyverno policies optional and disabled by default #1960

make all kyverno policies optional and disabled by default

make all kyverno policies optional and disabled by default #1960

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: test kubriX k3d stack on kind cluster
# Controls when the workflow will run
on:
# do a full cluster test in main branch and when opening or changing PRs
push:
branches: [ "main" ]
pull_request:
types: [opened, synchronize]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
KUBRIX_REPO_BRANCH: ${{ github.head_ref || github.ref_name }}
KUBRIX_REPO: "https://github.com/${{ github.repository }}"
jobs:
create-cluster:
runs-on: ubuntu-latest
permissions: read-all
strategy:
matrix:
target-type:
- KIND-DELIVERY
- KIND-OBSERVABILITY
- KIND-SECURITY
- KIND-PORTAL
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1
with:
cluster_name: kubrix-cluster
config: ${{ github.workspace }}/.github/kind-config.yaml
- name: install mkcert
shell: bash
run: |
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
- name: install k8sgpt
shell: bash
run: |
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.30/k8sgpt_amd64.deb
sudo dpkg -i k8sgpt_amd64.deb
k8sgpt analyze
- name: install kubriX stack
env:
KUBRIX_TARGET_TYPE: ${{ matrix.target-type }}
KUBRIX_BACKSTAGE_GITHUB_CLIENTSECRET: "dummy"
KUBRIX_BACKSTAGE_GITHUB_CLIENTID: "dummy"
KUBRIX_BACKSTAGE_GITHUB_TOKEN: "dummy"
KUBRIX_ARGOCD_APPSET_TOKEN: ${{ secrets.GITHUB_TOKEN }}
KUBRIX_REPO_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
KUBRIX_REPO_USERNAME: "dummy"
KUBRIX_INSTALL_DEBUG: "false"
shell: bash
run: |
./install-platform.sh
- name: argocd show diff
if: always()
env:
KUBRIX_TARGET_TYPE: ${{ matrix.target-type }}
shell: bash
run: |
target_chart_values_file=platform-apps/target-chart/values-$(echo ${KUBRIX_TARGET_TYPE} | awk '{print tolower($0)}').yaml
argocd_apps=$(cat $target_chart_values_file | awk '/^ - name:/ { printf "%s", "sx-"$3" "}' )
curl -kL -o argocd https://argocd-127-0-0-1.nip.io/download/argocd-linux-amd64
chmod u+x argocd
ls -l
INITIAL_ARGOCD_PASSWORD=$( kubectl get secret -n argocd argocd-initial-admin-secret -o=jsonpath={'.data.password'} | base64 -d )
./argocd login argocd-127-0-0-1.nip.io --grpc-web --insecure --username admin --password ${INITIAL_ARGOCD_PASSWORD}
for app in ${argocd_apps} ; do echo "$app diff" ; ./argocd app diff $app --grpc-web ; done
- name: kubectl get applications
if: always()
shell: bash
run: |
kubectl get applications -n argocd
kubectl get applications -n argocd -o yaml
- name: analyze with k8sgpt
if: always()
shell: bash
run: |
k8sgpt analyze
- name: mustgather data for troubleshooting
if: ${{ failure() }}
shell: bash
run: |
echo "===== node describe ======"
kubectl describe node kubrix-cluster-control-plane
echo "===== node top ======"
kubectl top node
echo "===== node yaml ======"
kubectl get nodes -o yaml
echo "===== yaml output of all applications ======"
kubectl get application -n argocd -o yaml
- name: mustgather logs for troubleshooting
if: ${{ failure() }}
shell: bash
run: |
kubectl logs -n argocd statefulset/sx-argocd-application-controller
kubectl logs -n argocd deployment/sx-argocd-repo-server
kubectl logs -n argocd deployment/sx-argocd-applicationset-controller