Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NODE-5655 add docker auth to tests #187

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
branches: ['main']
types: ['opened', 'reopened', 'synchronize']
paths:
- '.github/workflows/ci.yaml'
- '.github/workflows/test.yaml'
- 'helm/**'
- 'files/**'
- 'cmd/**'
Expand Down
22 changes: 20 additions & 2 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,10 @@ jobs:
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: kv-gitlab-ci/data/github/sidecar api_token
secrets: |
kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
kv-gitlab-ci/data/github/sidecar api_token ;

- name: Checkout
uses: actions/checkout@v3
Expand All @@ -162,6 +165,7 @@ jobs:

- name: Create cluster
run: |
echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin
kind create cluster \
--config ${GITHUB_WORKSPACE}/helm/test/kind/kind.yaml \
--image kindest/node:v${{ matrix.kubeVersion }} \
Expand All @@ -184,6 +188,11 @@ jobs:
- name: Install Helm chart
run: |
unset KUBERNETES_SERVICE_HOST
echo "[test-env] creating secret docker-registry ..."
kubectl create secret docker-registry dockerhub-secret \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
helm install wallarm-sidecar ./helm -f helm/values.test.yaml \
--set config.wallarm.api.token=${API_TOKEN} \
--debug \
Expand All @@ -200,6 +209,11 @@ jobs:
- name: Deploy pytest
run: |
unset KUBERNETES_SERVICE_HOST
kubectl create namespace pytest
kubectl -n pytest create secret docker-registry dockerhub-secret \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
kubectl apply -f kind/docker/manifests/init/pytest.yaml
while [[ -z $(kubectl -n pytest get pods -o name) ]]; do
sleep 1
Expand Down Expand Up @@ -227,7 +241,10 @@ jobs:
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN
secrets: |
kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN ;

- name: Checkout
uses: actions/checkout@v3
Expand All @@ -236,6 +253,7 @@ jobs:

- name: Create cluster
run: |
echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin
kind create cluster --image kindest/node:v1.28.7
kubectl wait --for=condition=Ready pods --all --timeout=180s -n kube-system

Expand Down
4 changes: 3 additions & 1 deletion helm/ci/deployment-existing-secret-values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
imagePullSecrets:
- name: dockerhub-secret
config:
wallarm:
api:
existingSecret:
enabled: true
enabled: true
4 changes: 3 additions & 1 deletion helm/ci/deployment-external-tarantool-values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
imagePullSecrets:
- name: dockerhub-secret
postanalytics:
external:
enabled: true
host: tarantool.domain.internal
host: tarantool.domain.internal
2 changes: 2 additions & 0 deletions helm/ci/deployment-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
imagePullSecrets:
- name: dockerhub-secret
22 changes: 21 additions & 1 deletion helm/test/run_chart_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,20 @@ CT_NAMESPACE="ct"
SECRET_NAME="wallarm-api-token"
SECRET_KEY="token"


# This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set.
if [ "${DOCKERHUB_USER:-false}" = "false" ]; then
DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server"
fi

DOCKERHUB_SECRET_NAME="dockerhub-secret"
DOCKERHUB_USER="${DOCKERHUB_USER:-fake_user}"
DOCKERHUB_PASSWORD="${DOCKERHUB_PASSWORD:-fake_password}"

HELM_EXTRA_ARGS="--timeout 180s"
HELM_EXTRA_SET_ARGS="--set config.wallarm.api.token=${WALLARM_API_TOKEN} ${HELM_ARGS:-}"
HELM_EXTRA_SET_ARGS="--set config.wallarm.api.token=${WALLARM_API_TOKEN} \
--set imagePullSecrets[0].name=${DOCKERHUB_SECRET_NAME} \
${HELM_ARGS:-}"

# Handle the case when we run chart testing with '--upgrade' option
if [[ "${CT_MODE:-}" == "upgrade" ]]; then
Expand All @@ -43,6 +55,14 @@ if ! kubectl -n ${CT_NAMESPACE} get secret "${SECRET_NAME}" &> /dev/null; then
kubectl -n ${CT_NAMESPACE} create secret generic "${SECRET_NAME}" --from-literal="${SECRET_KEY}"="${WALLARM_API_TOKEN}"
fi

if ! kubectl -n ${CT_NAMESPACE} get secret "${DOCKERHUB_SECRET_NAME}" &> /dev/null; then
echo "Creating secret ${DOCKERHUB_SECRET_NAME}..."
kubectl -n ${CT_NAMESPACE} create secret docker-registry "${DOCKERHUB_SECRET_NAME}" \
--docker-username="${DOCKERHUB_USER}" \
--docker-password="${DOCKERHUB_PASSWORD}" \
[email protected]
fi

cat <<EOF > ct.sh
#!/bin/bash
set -e
Expand Down
4 changes: 3 additions & 1 deletion helm/values.test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,6 @@ config:
fallback: "off"

controller:
replicaCount: 1
replicaCount: 1
imagePullSecrets:
- name: dockerhub-secret
2 changes: 2 additions & 0 deletions kind/docker/manifests/init/pytest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ spec:
labels:
app.kubernetes.io/name: pytest
spec:
imagePullSecrets:
- name: dockerhub-secret
serviceAccountName: pytest
containers:
- name: pytest
Expand Down
3 changes: 2 additions & 1 deletion test/smoke/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ export INJECTION_STRATEGY="${INJECTION_STRATEGY:-single}"

K8S_VERSION=${K8S_VERSION:-1.28.7}

DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"

# This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set.
DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/"

if [ "${DOCKERHUB_USER:-false}" = "false" ]; then
DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server"
fi
Expand Down
Loading