Skip to content

Commit

Permalink
NODE-5655 add docker auth to tests
Browse files Browse the repository at this point in the history
  • Loading branch information
braek-neck committed Sep 25, 2024
1 parent e06056b commit 019bffe
Show file tree
Hide file tree
Showing 10 changed files with 74 additions and 9 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
branches: ['main']
types: ['opened', 'reopened', 'synchronize']
paths:
- '.github/workflows/ci.yaml'
- '.github/workflows/test.yaml'
- 'helm/**'
- 'files/**'
- 'cmd/**'
Expand Down
24 changes: 22 additions & 2 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,10 @@ jobs:
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: kv-gitlab-ci/data/github/sidecar api_token
secrets: |
kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
kv-gitlab-ci/data/github/sidecar api_token ;
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -162,6 +165,7 @@ jobs:

- name: Create cluster
run: |
echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin
kind create cluster \
--config ${GITHUB_WORKSPACE}/helm/test/kind/kind.yaml \
--image kindest/node:v${{ matrix.kubeVersion }} \
Expand All @@ -184,6 +188,12 @@ jobs:
- name: Install Helm chart
run: |
unset KUBERNETES_SERVICE_HOST
echo "[test-env] creating secret docker-registry ..."
kubectl create secret docker-registry dockerhub-secret \
--docker-server="https://index.docker.io/v1/" \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
helm install wallarm-sidecar ./helm -f helm/values.test.yaml \
--set config.wallarm.api.token=${API_TOKEN} \
--debug \
Expand All @@ -200,6 +210,12 @@ jobs:
- name: Deploy pytest
run: |
unset KUBERNETES_SERVICE_HOST
kubectl create namespace pytest
kubectl -n pytest create secret docker-registry dockerhub-secret \
--docker-server="https://index.docker.io/v1/" \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
kubectl apply -f kind/docker/manifests/init/pytest.yaml
while [[ -z $(kubectl -n pytest get pods -o name) ]]; do
sleep 1
Expand Down Expand Up @@ -227,7 +243,10 @@ jobs:
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN
secrets: |
kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN ;
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -236,6 +255,7 @@ jobs:

- name: Create cluster
run: |
echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin
kind create cluster --image kindest/node:v1.28.7
kubectl wait --for=condition=Ready pods --all --timeout=180s -n kube-system
Expand Down
4 changes: 3 additions & 1 deletion helm/ci/deployment-existing-secret-values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
imagePullSecrets:
- name: dockerhub-secret
config:
wallarm:
api:
existingSecret:
enabled: true
enabled: true
4 changes: 3 additions & 1 deletion helm/ci/deployment-external-tarantool-values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
imagePullSecrets:
- name: dockerhub-secret
postanalytics:
external:
enabled: true
host: tarantool.domain.internal
host: tarantool.domain.internal
2 changes: 2 additions & 0 deletions helm/ci/deployment-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
imagePullSecrets:
- name: dockerhub-secret
14 changes: 12 additions & 2 deletions helm/test/integration_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@ def create_namespace(namespace: str) -> None:
logger.info('Create namespace ...')
Helpers.subprocess_run(cmd)

@staticmethod
def copy_docker_reg(namespace: str, docker_reg_name: str, source_docker_reg_namespace: str) -> None:
cmd = f"kubectl get secret {docker_reg_name} -n {source_docker_reg_namespace} -o yaml | sed 's/namespace: {source_docker_reg_namespace}/namespace: {namespace}/g' | kubectl apply -n {namespace} -f -"
logger.info('Copy dockerhub-secret ...')
Helpers.subprocess_run(cmd)

@staticmethod
def create_resources(path: str, namespace: str) -> None:
cmd = f'kubectl --namespace {namespace} create -k {path}/'
Expand All @@ -75,8 +81,9 @@ def delete_namespace(namespace: str) -> None:
Helpers.subprocess_run(cmd)

@staticmethod
def setup_resources(path: str, namespace: str) -> None:
def setup_resources(path: str, namespace: str, docker_reg_name: str, source_docker_reg_namespace: str) -> None:
Helpers.create_namespace(namespace)
#Helpers.copy_docker_reg(namespace, docker_reg_name, source_docker_reg_namespace)
Helpers.create_resources(path, namespace)
Helpers.wait_pods(namespace)

Expand Down Expand Up @@ -118,10 +125,13 @@ def test_main_functionality(self, config, helpers, teardown_namespace):
allowed_url = base_url + ALLOWED_HTTP_PATH
forbidden_url = base_url + FORBIDDEN_HTTP_PATH

source_docker_reg_namespace = "pytest"
docker_reg_name = "dockerhub-secret"

# Register teardown and setup resources for test
teardown_namespace['namespace'] = namespace

helpers.setup_resources(config_path, namespace)
helpers.setup_resources(config_path, namespace, docker_reg_name, source_docker_reg_namespace)

# Need delay here to ensure that service is ready to send traffic to pods
sleep(2)
Expand Down
24 changes: 23 additions & 1 deletion helm/test/run_chart_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,21 @@ CT_NAMESPACE="ct"
SECRET_NAME="wallarm-api-token"
SECRET_KEY="token"

# This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set.
DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"

if [ "${DOCKERHUB_USER:-false}" = "false" ]; then
DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server"
fi

DOCKERHUB_SECRET_NAME="dockerhub-secret"
DOCKERHUB_USER="${DOCKERHUB_USER:-fake_user}"
DOCKERHUB_PASSWORD="${DOCKERHUB_PASSWORD:-fake_password}"

HELM_EXTRA_ARGS="--timeout 180s"
HELM_EXTRA_SET_ARGS="--set config.wallarm.api.token=${WALLARM_API_TOKEN} ${HELM_ARGS:-}"
HELM_EXTRA_SET_ARGS="--set config.wallarm.api.token=${WALLARM_API_TOKEN} \
--set imagePullSecrets[0].name=${DOCKERHUB_SECRET_NAME} \
${HELM_ARGS:-}"

# Handle the case when we run chart testing with '--upgrade' option
if [[ "${CT_MODE:-}" == "upgrade" ]]; then
Expand All @@ -43,6 +56,15 @@ if ! kubectl -n ${CT_NAMESPACE} get secret "${SECRET_NAME}" &> /dev/null; then
kubectl -n ${CT_NAMESPACE} create secret generic "${SECRET_NAME}" --from-literal="${SECRET_KEY}"="${WALLARM_API_TOKEN}"
fi

if ! kubectl -n ${CT_NAMESPACE} get secret "${DOCKERHUB_SECRET_NAME}" &> /dev/null; then
echo "Creating secret ${DOCKERHUB_SECRET_NAME}..."
kubectl -n ${CT_NAMESPACE} create secret docker-registry "${DOCKERHUB_SECRET_NAME}" \
--docker-server=${DOCKERHUB_REGISTRY_SERVER} \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
fi

cat <<EOF > ct.sh
#!/bin/bash
set -e
Expand Down
4 changes: 3 additions & 1 deletion helm/values.test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,6 @@ config:
fallback: "off"

controller:
replicaCount: 1
replicaCount: 1
imagePullSecrets:
- name: dockerhub-secret
2 changes: 2 additions & 0 deletions kind/docker/manifests/init/pytest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ spec:
labels:
app.kubernetes.io/name: pytest
spec:
imagePullSecrets:
- name: dockerhub-secret
serviceAccountName: pytest
containers:
- name: pytest
Expand Down
3 changes: 2 additions & 1 deletion test/smoke/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ export INJECTION_STRATEGY="${INJECTION_STRATEGY:-single}"

K8S_VERSION=${K8S_VERSION:-1.28.7}

DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"

# This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set.
DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"

if [ "${DOCKERHUB_USER:-false}" = "false" ]; then
DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server"
fi
Expand Down

0 comments on commit 019bffe

Please sign in to comment.