diff --git a/.github/actions/kots-e2e/action.yml b/.github/actions/kots-e2e/action.yml index 4e95d628c1..496e05a365 100644 --- a/.github/actions/kots-e2e/action.yml +++ b/.github/actions/kots-e2e/action.yml @@ -100,7 +100,6 @@ runs: timeout-minutes: '120' ttl: ${{ inputs.k8s-cluster-ttl }} instance-type: ${{ inputs.k8s-distribution == 'gke' && 'n2-standard-4' || '' }} - node-count: ${{ inputs.k8s-distribution == 'gke' && '3' || '' }} export-kubeconfig: true - name: execute suite "${{ inputs.test-focus }}" diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 47eeaa812c..8a3492bb85 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -650,50 +650,9 @@ jobs: # replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' - # validate-smoke-test: - # runs-on: ubuntu-20.04 - # needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] - # strategy: - # fail-fast: false - # matrix: - # cluster: [ - # {distribution: k3s, version: v1.24}, - # {distribution: k3s, version: v1.25}, - # {distribution: k3s, version: v1.26}, - # {distribution: eks, version: v1.27} - # ] - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # - name: download e2e deps - # uses: actions/download-artifact@v3 - # with: - # name: e2e - # path: e2e/bin/ - # - run: docker load -i e2e/bin/e2e-deps.tar - # - run: chmod +x e2e/bin/* - # - name: download kots binary - # uses: actions/download-artifact@v3 - # with: - # name: kots - # path: bin/ - # - run: chmod +x bin/* - # - uses: ./.github/actions/kots-e2e - # with: - # test-focus: 'Smoke Test' - # kots-namespace: 'smoke-test' - # k8s-distribution: ${{ matrix.cluster.distribution }} - # k8s-version: ${{ matrix.cluster.version }} - # testim-access-token: '${{ secrets.TESTIM_ACCESS_TOKEN }}' - # testim-branch: ${{ github.head_ref == 'main' && 'master' || github.head_ref }} - # aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' - # aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' - # replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' - - - validate-smoke-test-compatibility-matrix: + validate-smoke-test: runs-on: ubuntu-20.04 - needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite, get-compatibility-matrix-versions ] + needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] strategy: fail-fast: false matrix: @@ -727,86 +686,76 @@ jobs: replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' - # validate-minimal-rbac: - # runs-on: ubuntu-20.04 - # needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] - # strategy: - # fail-fast: false - # matrix: - # cluster: [ - # {distribution: k3s, version: v1.24}, - # {distribution: k3s, version: v1.25}, - # {distribution: k3s, version: v1.26}, - # {distribution: eks, version: v1.27} - # ] - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # - name: download e2e deps - # uses: actions/download-artifact@v3 - # with: - # name: e2e - # path: e2e/bin/ - # - run: docker load -i e2e/bin/e2e-deps.tar - # - run: chmod +x e2e/bin/* - # - name: download kots binary - # uses: actions/download-artifact@v3 - # with: - # name: kots - # path: bin/ - # - run: chmod +x bin/* - # - uses: ./.github/actions/kots-e2e - # with: - # test-focus: 'Minimal RBAC' - # kots-namespace: 'minimal-rbac' - # k8s-distribution: ${{ matrix.cluster.distribution }} - # k8s-version: ${{ matrix.cluster.version }} - # testim-access-token: '${{ secrets.TESTIM_ACCESS_TOKEN }}' - # testim-branch: ${{ github.head_ref == 'main' && 'master' || github.head_ref }} - # aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' - # aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' - # replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' + validate-minimal-rbac: + runs-on: ubuntu-20.04 + needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] + strategy: + fail-fast: false + matrix: + cluster: ${{ fromJson(needs.get-compatibility-matrix-versions.outputs.versions-to-test) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: download e2e deps + uses: actions/download-artifact@v3 + with: + name: e2e + path: e2e/bin/ + - run: docker load -i e2e/bin/e2e-deps.tar + - run: chmod +x e2e/bin/* + - name: download kots binary + uses: actions/download-artifact@v3 + with: + name: kots + path: bin/ + - run: chmod +x bin/* + - uses: ./.github/actions/kots-e2e + with: + test-focus: 'Minimal RBAC' + kots-namespace: 'minimal-rbac' + k8s-distribution: ${{ matrix.cluster.distribution }} + k8s-version: ${{ matrix.cluster.version }} + testim-access-token: '${{ secrets.TESTIM_ACCESS_TOKEN }}' + testim-branch: ${{ github.head_ref == 'main' && 'master' || github.head_ref }} + aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' + aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' + replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' - # validate-backup-and-restore: - # runs-on: ubuntu-20.04 - # needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] - # strategy: - # fail-fast: false - # matrix: - # cluster: [ - # {distribution: k3s, version: v1.24}, - # {distribution: k3s, version: v1.25}, - # {distribution: k3s, version: v1.26}, - # {distribution: eks, version: v1.27} - # ] - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # - name: download e2e deps - # uses: actions/download-artifact@v3 - # with: - # name: e2e - # path: e2e/bin/ - # - run: docker load -i e2e/bin/e2e-deps.tar - # - run: chmod +x e2e/bin/* - # - name: download kots binary - # uses: actions/download-artifact@v3 - # with: - # name: kots - # path: bin/ - # - run: chmod +x bin/* - # - uses: ./.github/actions/kots-e2e - # with: - # test-focus: 'Backup and Restore' - # kots-namespace: 'backup-and-restore' - # k8s-distribution: ${{ matrix.cluster.distribution }} - # k8s-version: ${{ matrix.cluster.version }} - # testim-access-token: '${{ secrets.TESTIM_ACCESS_TOKEN }}' - # testim-branch: ${{ github.head_ref == 'main' && 'master' || github.head_ref }} - # aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' - # aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' - # replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' + validate-backup-and-restore: + runs-on: ubuntu-20.04 + needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-e2e, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] + strategy: + fail-fast: false + matrix: + cluster: ${{ fromJson(needs.get-compatibility-matrix-versions.outputs.versions-to-test) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: download e2e deps + uses: actions/download-artifact@v3 + with: + name: e2e + path: e2e/bin/ + - run: docker load -i e2e/bin/e2e-deps.tar + - run: chmod +x e2e/bin/* + - name: download kots binary + uses: actions/download-artifact@v3 + with: + name: kots + path: bin/ + - run: chmod +x bin/* + - uses: ./.github/actions/kots-e2e + with: + test-focus: 'Backup and Restore' + kots-namespace: 'backup-and-restore' + k8s-distribution: ${{ matrix.cluster.distribution }} + k8s-version: ${{ matrix.cluster.version }} + testim-access-token: '${{ secrets.TESTIM_ACCESS_TOKEN }}' + testim-branch: ${{ github.head_ref == 'main' && 'master' || github.head_ref }} + aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' + aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' + replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' # validate-no-required-config: @@ -998,106 +947,102 @@ jobs: # replicated-api-token: '${{ secrets.C11Y_MATRIX_TOKEN }}' - # validate-minimal-rbac-override: - # runs-on: ubuntu-20.04 - # needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] - # strategy: - # fail-fast: false - # matrix: - # cluster: [ - # {distribution: k3s, version: v1.24}, - # {distribution: k3s, version: v1.25}, - # {distribution: k3s, version: v1.26}, - # {distribution: kind, version: v1.27.0} - # ] - # env: - # APP_SLUG: minimal-rbac - # APP_VERSION_LABEL: "0.0.1" - # steps: - # - name: Checkout - # uses: actions/checkout@v3 + validate-minimal-rbac-override: + runs-on: ubuntu-20.04 + needs: [ enable-tests, can-run-ci, build-push-kotsadm-image, build-kurl-proxy, build-migrations, push-minio, push-mc, push-rqlite ] + strategy: + fail-fast: false + matrix: + cluster: ${{ fromJson(needs.get-compatibility-matrix-versions.outputs.versions-to-test) }} + env: + APP_SLUG: minimal-rbac + APP_VERSION_LABEL: "0.0.1" + steps: + - name: Checkout + uses: actions/checkout@v3 - # - name: Create Cluster - # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 - # with: - # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} - # kubernetes-distribution: ${{ matrix.cluster.distribution }} - # kubernetes-version: ${{ matrix.cluster.version }} - # cluster-name: automated-kots-${{ github.run_id }}-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }} - # timeout-minutes: '120' - # ttl: 2h - # export-kubeconfig: true + - name: Create Cluster + id: create-cluster + uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d + with: + api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} + kubernetes-distribution: ${{ matrix.cluster.distribution }} + kubernetes-version: ${{ matrix.cluster.version }} + cluster-name: automated-kots-${{ github.run_id }}-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }} + timeout-minutes: '120' + ttl: 2h + instance-type: ${{ matrix.cluster.distribution == 'gke' && 'n2-standard-4' || '' }} + export-kubeconfig: true - # - name: download kots binary - # uses: actions/download-artifact@v3 - # with: - # name: kots - # path: bin/ + - name: download kots binary + uses: actions/download-artifact@v3 + with: + name: kots + path: bin/ - # - run: chmod +x bin/kots + - run: chmod +x bin/kots - # - name: minimal rbac override on command line - # run: | - # kubectl delete ns "$APP_SLUG" --ignore-not-found - # ./bin/kots \ - # install "$APP_SLUG/automated" \ - # --app-version-label "$APP_VERSION_LABEL" \ - # --no-port-forward \ - # --namespace "$APP_SLUG" \ - # --shared-password password \ - # --kotsadm-registry ttl.sh \ - # --kotsadm-namespace automated-${{ github.run_id }} \ - # --kotsadm-tag 24h \ - # --use-minimal-rbac - # if kubectl get roles -n "$APP_SLUG" | grep -q kotsadm; then - # echo "Found kotsadm role in ${APP_SLUG}" - # else - # echo "No kotsadm role found in appication namespace" - # exit 1 - # fi - # if kubectl get clusterroles | grep -q kotsadm; then - # echo "Found kotsadm cluster roles in minimal RBAC install" - # exit - # fi - # - name: no minimal rbac override on command line - # run: | - # kubectl delete ns "$APP_SLUG" --ignore-not-found - # ./bin/kots \ - # install "$APP_SLUG/automated" \ - # --app-version-label "$APP_VERSION_LABEL" \ - # --no-port-forward \ - # --namespace "$APP_SLUG" \ - # --shared-password password \ - # --kotsadm-registry ttl.sh \ - # --kotsadm-namespace automated-${{ github.run_id }} \ - # --kotsadm-tag 24h - # if kubectl get roles -n "$APP_SLUG" | grep -q kotsadm; then - # echo "Found kotsadm role in cluster scoped install" - # exit 1 - # fi - # if kubectl get clusterroles | grep -q kotsadm; then - # echo "Found kotsadm cluster role in cluster scoped install" - # else - # echo "No kotsadm cluster role in cluster scoped install" - # exit 1 - # fi - # - name: Generate support bundle on failure - # if: failure() - # uses: ./.github/actions/generate-support-bundle - # with: - # kots-namespace: "$APP_SLUG" - # aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' - # aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' + - name: minimal rbac override on command line + run: | + kubectl delete ns "$APP_SLUG" --ignore-not-found + ./bin/kots \ + install "$APP_SLUG/automated" \ + --app-version-label "$APP_VERSION_LABEL" \ + --no-port-forward \ + --namespace "$APP_SLUG" \ + --shared-password password \ + --kotsadm-registry ttl.sh \ + --kotsadm-namespace automated-${{ github.run_id }} \ + --kotsadm-tag 24h \ + --use-minimal-rbac + if kubectl get roles -n "$APP_SLUG" | grep -q kotsadm; then + echo "Found kotsadm role in ${APP_SLUG}" + else + echo "No kotsadm role found in appication namespace" + exit 1 + fi + if kubectl get clusterroles | grep -q kotsadm; then + echo "Found kotsadm cluster roles in minimal RBAC install" + exit + fi + - name: no minimal rbac override on command line + run: | + kubectl delete ns "$APP_SLUG" --ignore-not-found + ./bin/kots \ + install "$APP_SLUG/automated" \ + --app-version-label "$APP_VERSION_LABEL" \ + --no-port-forward \ + --namespace "$APP_SLUG" \ + --shared-password password \ + --kotsadm-registry ttl.sh \ + --kotsadm-namespace automated-${{ github.run_id }} \ + --kotsadm-tag 24h + if kubectl get roles -n "$APP_SLUG" | grep -q kotsadm; then + echo "Found kotsadm role in cluster scoped install" + exit 1 + fi + if kubectl get clusterroles | grep -q kotsadm; then + echo "Found kotsadm cluster role in cluster scoped install" + else + echo "No kotsadm cluster role in cluster scoped install" + exit 1 + fi + - name: Generate support bundle on failure + if: failure() + uses: ./.github/actions/generate-support-bundle + with: + kots-namespace: "$APP_SLUG" + aws-access-key-id: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_ACCESS_KEY_ID }}' + aws-secret-access-key: '${{ secrets.E2E_SUPPORT_BUNDLE_AWS_SECRET_ACCESS_KEY }}' - # - name: Remove Cluster - # id: remove-cluster - # uses: replicatedhq/replicated-actions/remove-cluster@v1 - # if: ${{ always() && steps.create-cluster.outputs.cluster-id != '' }} - # continue-on-error: true - # with: - # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} - # cluster-id: ${{ steps.create-cluster.outputs.cluster-id }} + - name: Remove Cluster + id: remove-cluster + uses: replicatedhq/replicated-actions/remove-cluster@v1 + if: ${{ always() && steps.create-cluster.outputs.cluster-id != '' }} + continue-on-error: true + with: + api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} + cluster-id: ${{ steps.create-cluster.outputs.cluster-id }} # validate-multi-namespace: @@ -1124,7 +1069,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1312,7 +1257,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1418,7 +1363,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1572,7 +1517,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1668,7 +1613,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1761,7 +1706,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -1877,7 +1822,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -2099,7 +2044,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -2466,7 +2411,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -2602,7 +2547,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -2895,7 +2840,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -3066,7 +3011,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -3169,7 +3114,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }} @@ -3362,7 +3307,7 @@ jobs: # - name: Create Cluster # id: create-cluster - # uses: replicatedhq/replicated-actions/create-cluster@v1 + # uses: replicatedhq/replicated-actions/create-cluster@d7366f04c9773b3ab509c521a12a57e9f1f5339d # with: # api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} # kubernetes-distribution: ${{ matrix.cluster.distribution }}