From eeeb54ebabfdaef6ac0e170217dd241d22ed8c86 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 18:24:14 +0000 Subject: [PATCH 01/16] Configure e2e test helm chart with k8s version specific values.yaml --- .travis.yml | 2 ++ hack/e2e.sh | 10 +++++--- hack/testdata/values-v1.7.0.yaml | 42 ++++++++++++++++++++++++++++++++ hack/testdata/values-v1.8.0.yaml | 38 +++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+), 4 deletions(-) create mode 100644 hack/testdata/values-v1.7.0.yaml create mode 100644 hack/testdata/values-v1.8.0.yaml diff --git a/.travis.yml b/.travis.yml index cb55719ca..b8344a85e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,6 +17,7 @@ jobs: before_script: - ./hack/install-e2e-dependencies.sh script: + - export CHART_VALUES=$(pwd)/hack/testdata/values-${KUBERNETES_VERSION}.yaml - make BUILD_TAG=latest build e2e-test - stage: test @@ -25,6 +26,7 @@ jobs: before_script: - ./hack/install-e2e-dependencies.sh script: + - export CHART_VALUES=$(pwd)/hack/testdata/values-${KUBERNETES_VERSION}.yaml - make BUILD_TAG=latest build e2e-test - stage: test diff --git a/hack/e2e.sh b/hack/e2e.sh index 51b65f954..6326a816e 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -19,12 +19,14 @@ source "${SCRIPT_DIR}/libe2e.sh" helm delete --purge "${RELEASE_NAME}" || true kube_delete_namespace_and_wait "${USER_NAMESPACE}" +if [ "${CHART_VALUES}" == "" ]; then + echo "CHART_VALUES must be set"; + exit 1 +fi + echo "Installing navigator..." helm install --wait --name "${RELEASE_NAME}" contrib/charts/navigator \ - --set apiserver.image.pullPolicy=Never \ - --set apiserver.logLevel=100 \ - --set controller.image.pullPolicy=Never \ - --set controller.logLevel=100 + --values ${CHART_VALUES} # Wait for navigator API to be ready function navigator_ready() { diff --git a/hack/testdata/values-v1.7.0.yaml b/hack/testdata/values-v1.7.0.yaml new file mode 100644 index 000000000..68da3916a --- /dev/null +++ b/hack/testdata/values-v1.7.0.yaml @@ -0,0 +1,42 @@ +# Default values for navigator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +createAPIService: true + +rbac: + enabled: true + +apiserver: + ## Set to true to skip deploying the apiserver components RBAC policies, + ## which require cluster admin access to deploy. + rbacDisabled: false + + extraArgs: + - --requestheader-client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - --requestheader-username-headers=X-Remote-User + - --requestheader-group-headers=X-Remote-Group + - --requestheader-extra-headers-prefix=X-Remote-Extra + - --v=100 + + ## Optional: if not set, a service account will be automatically created + # serviceAccount: "apiserver-svc-acct" + image: + repository: jetstackexperimental/navigator-apiserver + tag: latest + pullPolicy: Never + +controller: + ## Optional: namespace to watch for resources in. This can be used when RBAC + ## restricts you to a single namespace. + # namespace: default + ## Optional: if not set, a service account will be automatically created + # serviceAccount: "controller-svc-acct" + image: + repository: jetstackexperimental/navigator-controller + tag: latest + pullPolicy: Never + +resources: + requests: + cpu: 50m + memory: 64Mi diff --git a/hack/testdata/values-v1.8.0.yaml b/hack/testdata/values-v1.8.0.yaml new file mode 100644 index 000000000..39a6f865d --- /dev/null +++ b/hack/testdata/values-v1.8.0.yaml @@ -0,0 +1,38 @@ +# Default values for navigator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +createAPIService: true + +rbac: + enabled: true + +apiserver: + ## Set to true to skip deploying the apiserver components RBAC policies, + ## which require cluster admin access to deploy. + rbacDisabled: false + + extraArgs: + - --v=100 + + ## Optional: if not set, a service account will be automatically created + # serviceAccount: "apiserver-svc-acct" + image: + repository: jetstackexperimental/navigator-apiserver + tag: latest + pullPolicy: Never + +controller: + ## Optional: namespace to watch for resources in. This can be used when RBAC + ## restricts you to a single namespace. + # namespace: default + ## Optional: if not set, a service account will be automatically created + # serviceAccount: "controller-svc-acct" + image: + repository: jetstackexperimental/navigator-controller + tag: latest + pullPolicy: Never + +resources: + requests: + cpu: 50m + memory: 64Mi From 4eae5b687ebc5f26f9f2695080e4293003d2e903 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 18:24:56 +0000 Subject: [PATCH 02/16] Allow specifying extraArgs to navigator-apiserver --- contrib/charts/navigator/templates/apiserver.yaml | 6 +----- contrib/charts/navigator/values.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/contrib/charts/navigator/templates/apiserver.yaml b/contrib/charts/navigator/templates/apiserver.yaml index c2de8e51e..41e75a472 100644 --- a/contrib/charts/navigator/templates/apiserver.yaml +++ b/contrib/charts/navigator/templates/apiserver.yaml @@ -36,11 +36,7 @@ spec: args: - navigator-apiserver - --etcd-servers=http://localhost:2379 - - --requestheader-client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --requestheader-username-headers=X-Remote-User - - --requestheader-group-headers=X-Remote-Group - - --requestheader-extra-headers-prefix=X-Remote-Extra - - --v={{ .Values.apiserver.logLevel }} +{{ toYaml .Values.apiserver.extraArgs | indent 10 }} resources: {{ toYaml .Values.resources | indent 12 }} - name: etcd diff --git a/contrib/charts/navigator/values.yaml b/contrib/charts/navigator/values.yaml index 8a9b6ad5f..dd1550489 100644 --- a/contrib/charts/navigator/values.yaml +++ b/contrib/charts/navigator/values.yaml @@ -11,6 +11,13 @@ apiserver: ## which require cluster admin access to deploy. rbacDisabled: false + ## Extra arguments to pass to the navigator-apiserver + extraArgs: +# - --requestheader-client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt +# - --requestheader-username-headers=X-Remote-User +# - --requestheader-group-headers=X-Remote-Group +# - --requestheader-extra-headers-prefix=X-Remote-Extra - --proxy-client-cert-file="${CERT_DIR}/client-auth-proxy.crt" + ## Optional: if not set, a service account will be automatically created # serviceAccount: "apiserver-svc-acct" image: From d873ea2670a2f5c6f544c3c157ceb6e8bbd9809f Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 18:25:14 +0000 Subject: [PATCH 03/16] Remove global navigator api group clusterrole --- hack/prepare-e2e.sh | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/hack/prepare-e2e.sh b/hack/prepare-e2e.sh index 276db445c..6d30146ff 100755 --- a/hack/prepare-e2e.sh +++ b/hack/prepare-e2e.sh @@ -32,33 +32,7 @@ items: kind: ServiceAccount name: tiller namespace: kube-system -### Generic ### -# Create a ClusterRole to work with ElasticsearchCluster resources -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRole - metadata: - name: navigator:authenticated - # this rule defined on the role for specifically the - # namespace-lifecycle admission-controller - rules: - - apiGroups: ["navigator.jetstack.io"] - resources: ["elasticsearchclusters", "pilots"] - verbs: ["get", "list", "watch", "create", "update", "delete"] -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - name: "navigator:authenticated" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: navigator:authenticated - subjects: - - kind: Group - name: system:authenticated - apiGroup: rbac.authorization.k8s.io - - kind: Group - name: system:unauthenticated - apiGroup: rbac.authorization.k8s.io + EOF helm init --service-account=tiller From 6d89d41183f518483ae9f8afd097ba4b7a74edae Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 18:25:28 +0000 Subject: [PATCH 04/16] Grant navigator-controller access to status subresources --- contrib/charts/navigator/templates/rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/charts/navigator/templates/rbac.yaml b/contrib/charts/navigator/templates/rbac.yaml index b900f75d2..ca0705692 100644 --- a/contrib/charts/navigator/templates/rbac.yaml +++ b/contrib/charts/navigator/templates/rbac.yaml @@ -87,7 +87,7 @@ items: name: "{{ template "fullname" . }}:controller" rules: - apiGroups: ["navigator.jetstack.io"] - resources: ["elasticsearchclusters", "pilots"] + resources: ["elasticsearchclusters", "pilots", "elasticsearchclusters/status", "pilots/status"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: [""] resources: ["services", "configmaps", "serviceaccounts", "pods"] From a7a26b9b32a00f9cf687913fa5d4be890b841a69 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 19:08:25 +0000 Subject: [PATCH 05/16] Use kubeadm bootstrapper --- hack/install-e2e-dependencies.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index 8cc41249d..086e866df 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -29,7 +29,8 @@ sudo -E CHANGE_MINIKUBE_NONE_USER=true minikube start \ -v 100 \ --vm-driver=none \ --kubernetes-version="$KUBERNETES_VERSION" \ - --extra-config=apiserver.Authorization.Mode=RBAC + --extra-config=apiserver.Authorization.Mode=RBAC \ + --bootstrapper=kubeadm echo "Waiting up to 5 minutes for Kubernetes to be ready..." if ! retry TIMEOUT=300 kubectl get nodes; then From 551087a00fe639d41acdd0dc1d047751f7005d3d Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 9 Nov 2017 19:13:18 +0000 Subject: [PATCH 06/16] Print kubelet journal on failure --- hack/install-e2e-dependencies.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index 086e866df..cad5e569c 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -25,12 +25,14 @@ docker run -v /usr/local/bin:/hostbin quay.io/jetstack/ubuntu-nsenter cp /nsente # Create a cluster. We do this as root as we are using the 'docker' driver. # We enable RBAC on the cluster too, to test the RBAC in Navigators chart -sudo -E CHANGE_MINIKUBE_NONE_USER=true minikube start \ +if ! sudo -E CHANGE_MINIKUBE_NONE_USER=true minikube start \ -v 100 \ --vm-driver=none \ --kubernetes-version="$KUBERNETES_VERSION" \ --extra-config=apiserver.Authorization.Mode=RBAC \ - --bootstrapper=kubeadm + --bootstrapper=kubeadm; then + sudo journalctl -xu kubelet.service +fi echo "Waiting up to 5 minutes for Kubernetes to be ready..." if ! retry TIMEOUT=300 kubectl get nodes; then From a4ca7a9b1ca9dea8bd9541f8a45206839a70e15c Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 12:47:19 +0000 Subject: [PATCH 07/16] Running navigator e2e on prow --- Makefile | 13 +++++++++---- hack/install-e2e-dependencies.sh | 28 +++++----------------------- hack/testdata/values-v1.7.0.yaml | 4 ++-- hack/testdata/values-v1.8.0.yaml | 4 ++-- 4 files changed, 18 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index 582e96061..43189cbb7 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,7 @@ REGISTRY := jetstackexperimental IMAGE_NAME := navigator BUILD_TAG := build IMAGE_TAGS := canary +CHART_VALUES := ${HACK_DIR}/testdata/values-${KUBERNETES_VERSION}.yaml BUILD_IMAGE_DIR := hack/builder BUILD_IMAGE_NAME := navigator/builder @@ -32,11 +33,15 @@ all: verify build docker_build test: go_test -.hack_e2e: - @${HACK_DIR}/prepare-e2e.sh - @${HACK_DIR}/e2e.sh +.run_e2e: + export CHART_VALUES=${CHART_VALUES}; \ + ${HACK_DIR}/prepare-e2e.sh; \ + ${HACK_DIR}/e2e.sh -e2e-test: docker_build .hack_e2e +.e2e_init: + ${HACK_DIR}/install-e2e-dependencies.sh + +e2e-test: .e2e_init build docker_build .run_e2e build: $(CMDS) diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index cad5e569c..60ac8280b 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -6,33 +6,15 @@ set -eux SCRIPT_DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" source "${SCRIPT_DIR}/libe2e.sh" -curl -Lo helm.tar.gz \ - https://storage.googleapis.com/kubernetes-helm/helm-v2.6.1-linux-amd64.tar.gz -tar xvf helm.tar.gz -sudo mv linux-amd64/helm /usr/local/bin - -curl -Lo kubectl \ - https://storage.googleapis.com/kubernetes-release/release/$KUBERNETES_VERSION/bin/linux/amd64/kubectl -chmod +x kubectl -sudo mv kubectl /usr/local/bin/ - -curl -Lo minikube \ - https://storage.googleapis.com/minikube/releases/v0.23.0/minikube-linux-amd64 -chmod +x minikube -sudo mv minikube /usr/local/bin/ - -docker run -v /usr/local/bin:/hostbin quay.io/jetstack/ubuntu-nsenter cp /nsenter /hostbin/nsenter - # Create a cluster. We do this as root as we are using the 'docker' driver. # We enable RBAC on the cluster too, to test the RBAC in Navigators chart -if ! sudo -E CHANGE_MINIKUBE_NONE_USER=true minikube start \ +minikube start \ -v 100 \ - --vm-driver=none \ + --vm-driver=kvm \ --kubernetes-version="$KUBERNETES_VERSION" \ - --extra-config=apiserver.Authorization.Mode=RBAC \ - --bootstrapper=kubeadm; then - sudo journalctl -xu kubelet.service -fi + --bootstrapper=kubeadm + # TODO: re-enable RBAC + # --extra-config=apiserver.Authorization.Mode=RBAC echo "Waiting up to 5 minutes for Kubernetes to be ready..." if ! retry TIMEOUT=300 kubectl get nodes; then diff --git a/hack/testdata/values-v1.7.0.yaml b/hack/testdata/values-v1.7.0.yaml index 68da3916a..8c1fcdf59 100644 --- a/hack/testdata/values-v1.7.0.yaml +++ b/hack/testdata/values-v1.7.0.yaml @@ -22,7 +22,7 @@ apiserver: # serviceAccount: "apiserver-svc-acct" image: repository: jetstackexperimental/navigator-apiserver - tag: latest + tag: canary pullPolicy: Never controller: @@ -33,7 +33,7 @@ controller: # serviceAccount: "controller-svc-acct" image: repository: jetstackexperimental/navigator-controller - tag: latest + tag: canary pullPolicy: Never resources: diff --git a/hack/testdata/values-v1.8.0.yaml b/hack/testdata/values-v1.8.0.yaml index 39a6f865d..d0205f26b 100644 --- a/hack/testdata/values-v1.8.0.yaml +++ b/hack/testdata/values-v1.8.0.yaml @@ -18,7 +18,7 @@ apiserver: # serviceAccount: "apiserver-svc-acct" image: repository: jetstackexperimental/navigator-apiserver - tag: latest + tag: canary pullPolicy: Never controller: @@ -29,7 +29,7 @@ controller: # serviceAccount: "controller-svc-acct" image: repository: jetstackexperimental/navigator-controller - tag: latest + tag: canary pullPolicy: Never resources: From 595389e23bb04a79fa025449bc6cbd1c5c3b0ee2 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 13:35:04 +0000 Subject: [PATCH 08/16] Set profile name on minikube start --- hack/install-e2e-dependencies.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index 60ac8280b..7e4d1b5cb 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -12,7 +12,8 @@ minikube start \ -v 100 \ --vm-driver=kvm \ --kubernetes-version="$KUBERNETES_VERSION" \ - --bootstrapper=kubeadm + --bootstrapper=kubeadm \ + --profile="$HOSTNAME" # TODO: re-enable RBAC # --extra-config=apiserver.Authorization.Mode=RBAC From 086f5c4404959635ee9050f519457ffa5ff0a878 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 13:57:00 +0000 Subject: [PATCH 09/16] Use minikube docker daemon --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 43189cbb7..3899830fd 100644 --- a/Makefile +++ b/Makefile @@ -63,6 +63,7 @@ verify: .hack_verify go_verify DOCKER_BUILD_TARGETS = $(addprefix docker_build_, $(CMDS)) $(DOCKER_BUILD_TARGETS): $(eval DOCKER_BUILD_CMD := $(subst docker_build_,,$@)) + eval $$(minikube docker-env); \ docker build -t $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_BUILD_CMD):$(BUILD_TAG) -f Dockerfile.$(DOCKER_BUILD_CMD) . docker_build: $(DOCKER_BUILD_TARGETS) @@ -71,6 +72,7 @@ $(DOCKER_PUSH_TARGETS): $(eval DOCKER_PUSH_CMD := $(subst docker_push_,,$@)) set -e; \ for tag in $(IMAGE_TAGS); do \ + eval $$(minikube docker-env); \ docker tag $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$(BUILD_TAG) $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag} ; \ docker push $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag}; \ done From 942b24f8ec53e15d957baad3fb510bed275948e0 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 14:14:15 +0000 Subject: [PATCH 10/16] Set minikube profile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 3899830fd..41d3fec5d 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ verify: .hack_verify go_verify DOCKER_BUILD_TARGETS = $(addprefix docker_build_, $(CMDS)) $(DOCKER_BUILD_TARGETS): $(eval DOCKER_BUILD_CMD := $(subst docker_build_,,$@)) - eval $$(minikube docker-env); \ + eval $$(minikube docker-env --profile $$HOSTNAME); \ docker build -t $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_BUILD_CMD):$(BUILD_TAG) -f Dockerfile.$(DOCKER_BUILD_CMD) . docker_build: $(DOCKER_BUILD_TARGETS) @@ -72,7 +72,7 @@ $(DOCKER_PUSH_TARGETS): $(eval DOCKER_PUSH_CMD := $(subst docker_push_,,$@)) set -e; \ for tag in $(IMAGE_TAGS); do \ - eval $$(minikube docker-env); \ + eval $$(minikube docker-env --profile $$HOSTNAME); \ docker tag $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$(BUILD_TAG) $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag} ; \ docker push $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag}; \ done From 30d966d25df165630ccd4091153d4578bb9f5312 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 14:40:40 +0000 Subject: [PATCH 11/16] Hardcode shell name --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 41d3fec5d..ab07c8114 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,4 @@ +SHELL := /bin/bash BINDIR ?= bin HACK_DIR ?= hack NAVIGATOR_PKG = github.com/jetstack/navigator @@ -63,7 +64,7 @@ verify: .hack_verify go_verify DOCKER_BUILD_TARGETS = $(addprefix docker_build_, $(CMDS)) $(DOCKER_BUILD_TARGETS): $(eval DOCKER_BUILD_CMD := $(subst docker_build_,,$@)) - eval $$(minikube docker-env --profile $$HOSTNAME); \ + eval $$(minikube docker-env --profile $$HOSTNAME --shell sh); \ docker build -t $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_BUILD_CMD):$(BUILD_TAG) -f Dockerfile.$(DOCKER_BUILD_CMD) . docker_build: $(DOCKER_BUILD_TARGETS) @@ -72,7 +73,7 @@ $(DOCKER_PUSH_TARGETS): $(eval DOCKER_PUSH_CMD := $(subst docker_push_,,$@)) set -e; \ for tag in $(IMAGE_TAGS); do \ - eval $$(minikube docker-env --profile $$HOSTNAME); \ + eval $$(minikube docker-env --profile $$HOSTNAME --shell sh); \ docker tag $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$(BUILD_TAG) $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag} ; \ docker push $(REGISTRY)/$(IMAGE_NAME)-$(DOCKER_PUSH_CMD):$${tag}; \ done From 892b505c70fa27686d0d828f8d9dfc1dd529a5b2 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 15:09:27 +0000 Subject: [PATCH 12/16] Fix e2e image tag --- hack/testdata/values-v1.7.0.yaml | 8 ++------ hack/testdata/values-v1.8.0.yaml | 4 ++-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/hack/testdata/values-v1.7.0.yaml b/hack/testdata/values-v1.7.0.yaml index 8c1fcdf59..c77ec595b 100644 --- a/hack/testdata/values-v1.7.0.yaml +++ b/hack/testdata/values-v1.7.0.yaml @@ -12,17 +12,13 @@ apiserver: rbacDisabled: false extraArgs: - - --requestheader-client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - --requestheader-username-headers=X-Remote-User - - --requestheader-group-headers=X-Remote-Group - - --requestheader-extra-headers-prefix=X-Remote-Extra - --v=100 ## Optional: if not set, a service account will be automatically created # serviceAccount: "apiserver-svc-acct" image: repository: jetstackexperimental/navigator-apiserver - tag: canary + tag: build pullPolicy: Never controller: @@ -33,7 +29,7 @@ controller: # serviceAccount: "controller-svc-acct" image: repository: jetstackexperimental/navigator-controller - tag: canary + tag: build pullPolicy: Never resources: diff --git a/hack/testdata/values-v1.8.0.yaml b/hack/testdata/values-v1.8.0.yaml index d0205f26b..c77ec595b 100644 --- a/hack/testdata/values-v1.8.0.yaml +++ b/hack/testdata/values-v1.8.0.yaml @@ -18,7 +18,7 @@ apiserver: # serviceAccount: "apiserver-svc-acct" image: repository: jetstackexperimental/navigator-apiserver - tag: canary + tag: build pullPolicy: Never controller: @@ -29,7 +29,7 @@ controller: # serviceAccount: "controller-svc-acct" image: repository: jetstackexperimental/navigator-controller - tag: canary + tag: build pullPolicy: Never resources: From be7bf4fd07d496b6a431a3753fe87c84d862b2b8 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 15:18:30 +0000 Subject: [PATCH 13/16] Remove travis e2e tests --- .travis.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.travis.yml b/.travis.yml index b8344a85e..294277432 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,28 +11,6 @@ services: jobs: include: - - stage: test - env: - - KUBERNETES_VERSION=v1.8.0 - before_script: - - ./hack/install-e2e-dependencies.sh - script: - - export CHART_VALUES=$(pwd)/hack/testdata/values-${KUBERNETES_VERSION}.yaml - - make BUILD_TAG=latest build e2e-test - - - stage: test - env: - - KUBERNETES_VERSION=v1.7.0 - before_script: - - ./hack/install-e2e-dependencies.sh - script: - - export CHART_VALUES=$(pwd)/hack/testdata/values-${KUBERNETES_VERSION}.yaml - - make BUILD_TAG=latest build e2e-test - - - stage: test - script: - - make verify - - stage: build script: - make go_build docker_build From 00ddc075f337058e57348a931e731e18397906b0 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 10 Nov 2017 18:25:24 +0000 Subject: [PATCH 14/16] Update e2e testdata --- hack/testdata/{values-v1.7.0.yaml => values-v1.7.10.yaml} | 0 hack/testdata/{values-v1.8.0.yaml => values-v1.8.3.yaml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename hack/testdata/{values-v1.7.0.yaml => values-v1.7.10.yaml} (100%) rename hack/testdata/{values-v1.8.0.yaml => values-v1.8.3.yaml} (100%) diff --git a/hack/testdata/values-v1.7.0.yaml b/hack/testdata/values-v1.7.10.yaml similarity index 100% rename from hack/testdata/values-v1.7.0.yaml rename to hack/testdata/values-v1.7.10.yaml diff --git a/hack/testdata/values-v1.8.0.yaml b/hack/testdata/values-v1.8.3.yaml similarity index 100% rename from hack/testdata/values-v1.8.0.yaml rename to hack/testdata/values-v1.8.3.yaml From 7c77e2c542649ac6caa43cf317bf12cb76d1336f Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Sat, 11 Nov 2017 00:15:33 +0000 Subject: [PATCH 15/16] Only run travis build on master branch --- .travis.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 294277432..2bdd3eef2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,12 +9,12 @@ go_import_path: github.com/jetstack/navigator services: - docker -jobs: - include: - - stage: build - script: - - make go_build docker_build - - if [ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ]; then - mkdir -p ~/.docker && echo "${DOCKER_AUTH_CONFIG}" > ~/.docker/config.json && chmod 600 ~/.docker/config.json; - make docker_push IMAGE_TAGS="${TRAVIS_COMMIT} latest"; - fi +- make docker_build +- if [ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ]; then + mkdir -p ~/.docker && echo "${DOCKER_AUTH_CONFIG}" > ~/.docker/config.json && chmod 600 ~/.docker/config.json; + make docker_push IMAGE_TAGS="${TRAVIS_COMMIT} latest"; + fi + +branches: + only: + - master From 0d6c8aa58ea9a05a3a349bebf591aa4302f072a1 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Sat, 11 Nov 2017 00:31:50 +0000 Subject: [PATCH 16/16] Unify testdata values.yaml. Update minikube start comment. --- Makefile | 2 +- hack/install-e2e-dependencies.sh | 4 +- hack/testdata/values-v1.8.3.yaml | 38 ------------------- .../{values-v1.7.10.yaml => values.yaml} | 0 4 files changed, 2 insertions(+), 42 deletions(-) delete mode 100644 hack/testdata/values-v1.8.3.yaml rename hack/testdata/{values-v1.7.10.yaml => values.yaml} (100%) diff --git a/Makefile b/Makefile index ab07c8114..2e840a898 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ REGISTRY := jetstackexperimental IMAGE_NAME := navigator BUILD_TAG := build IMAGE_TAGS := canary -CHART_VALUES := ${HACK_DIR}/testdata/values-${KUBERNETES_VERSION}.yaml +CHART_VALUES := ${HACK_DIR}/testdata/values.yaml BUILD_IMAGE_DIR := hack/builder BUILD_IMAGE_NAME := navigator/builder diff --git a/hack/install-e2e-dependencies.sh b/hack/install-e2e-dependencies.sh index 7e4d1b5cb..d5d2ee461 100755 --- a/hack/install-e2e-dependencies.sh +++ b/hack/install-e2e-dependencies.sh @@ -7,15 +7,13 @@ SCRIPT_DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" source "${SCRIPT_DIR}/libe2e.sh" # Create a cluster. We do this as root as we are using the 'docker' driver. -# We enable RBAC on the cluster too, to test the RBAC in Navigators chart +# The kubeadm bootstrapper enables RBAC by default. minikube start \ -v 100 \ --vm-driver=kvm \ --kubernetes-version="$KUBERNETES_VERSION" \ --bootstrapper=kubeadm \ --profile="$HOSTNAME" - # TODO: re-enable RBAC - # --extra-config=apiserver.Authorization.Mode=RBAC echo "Waiting up to 5 minutes for Kubernetes to be ready..." if ! retry TIMEOUT=300 kubectl get nodes; then diff --git a/hack/testdata/values-v1.8.3.yaml b/hack/testdata/values-v1.8.3.yaml deleted file mode 100644 index c77ec595b..000000000 --- a/hack/testdata/values-v1.8.3.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Default values for navigator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -createAPIService: true - -rbac: - enabled: true - -apiserver: - ## Set to true to skip deploying the apiserver components RBAC policies, - ## which require cluster admin access to deploy. - rbacDisabled: false - - extraArgs: - - --v=100 - - ## Optional: if not set, a service account will be automatically created - # serviceAccount: "apiserver-svc-acct" - image: - repository: jetstackexperimental/navigator-apiserver - tag: build - pullPolicy: Never - -controller: - ## Optional: namespace to watch for resources in. This can be used when RBAC - ## restricts you to a single namespace. - # namespace: default - ## Optional: if not set, a service account will be automatically created - # serviceAccount: "controller-svc-acct" - image: - repository: jetstackexperimental/navigator-controller - tag: build - pullPolicy: Never - -resources: - requests: - cpu: 50m - memory: 64Mi diff --git a/hack/testdata/values-v1.7.10.yaml b/hack/testdata/values.yaml similarity index 100% rename from hack/testdata/values-v1.7.10.yaml rename to hack/testdata/values.yaml