mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-14 11:48:53 +00:00
Code Activity

chore: monitor helm secret size (#8195)

Browse source 
* chore: monitor helm secret size

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* below case

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Update .github/workflows/conformance.yaml

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Update .github/workflows/conformance.yaml

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Update .github/workflows/conformance.yaml

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Update .github/workflows/conformance.yaml

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-08-31 15:19:23 +02:00 committed by GitHub
parent c583b64120
commit f3ad487bf7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 111 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

131
.github/workflows/conformance.yaml vendored
View file

@ -24,7 +24,10 @@ jobs:
with: with:
build-cache-key: build-images build-cache-key: build-images
- name: ko build - name: ko build
run: VERSION=${{ github.ref_name }} make docker-save-image-all shell: bash
run: |
set -e
VERSION=${{ github.ref_name }} make docker-save-image-all
- name: upload images archive - name: upload images archive
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
@ -85,7 +88,9 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster - name: Create kind cluster
shell: bash
run: | run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster make kind-create-cluster
- name: Download kyverno images archive - name: Download kyverno images archive
@ -93,24 +98,29 @@ jobs:
with: with:
name: kyverno.tar name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive shell: bash
- name: Install kyverno
run: | run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl - name: Test with kuttl
shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \ set -e
--config ./test/conformance/kuttl/_config/common.yaml ./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration: # runs conformance test suites with configuration:
ttl: ttl:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -146,7 +156,9 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster - name: Create kind cluster
shell: bash
run: | run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster make kind-create-cluster
- name: Download kyverno images archive - name: Download kyverno images archive
@ -154,19 +166,25 @@ jobs:
with: with:
name: kyverno.tar name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive shell: bash
- name: Install kyverno
run: | run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl - name: Test with kuttl
shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \ set -e
--config ./test/conformance/kuttl/_config/common.yaml ./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -207,7 +225,9 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster - name: Create kind cluster
shell: bash
run: | run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster make kind-create-cluster
- name: Download kyverno images archive - name: Download kyverno images archive
@ -215,19 +235,25 @@ jobs:
with: with:
name: kyverno.tar name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive shell: bash
- name: Install kyverno
run: | run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl - name: Test with kuttl
shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \ set -e
--config ./test/conformance/kuttl/_config/common.yaml ./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -322,7 +348,9 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster - name: Create kind cluster
shell: bash
run: | run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster make kind-create-cluster
- name: Download kyverno images archive - name: Download kyverno images archive
@ -330,19 +358,25 @@ jobs:
with: with:
name: kyverno.tar name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive shell: bash
- name: Install kyverno
run: | run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl - name: Test with kuttl
shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \ set -e
--config ./test/conformance/kuttl/_config/common.yaml ./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -414,7 +448,9 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster - name: Create kind cluster
shell: bash
run: | run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster make kind-create-cluster
- name: Download kyverno images archive - name: Download kyverno images archive
@ -422,23 +458,78 @@ jobs:
with: with:
name: kyverno.tar name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive shell: bash
- name: Install kyverno
run: | run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Build Kyverno CLI - name: Build Kyverno CLI
shell: bash
run: | run: |
set -e set -e
make build-cli make build-cli
ln -s $PWD/cmd/cli/kubectl-kyverno/kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno ln -s $PWD/cmd/cli/kubectl-kyverno/kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno
echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH
- name: Test policy library with kuttl - name: Test policy library with kuttl
shell: bash
run: | run: |
set -e
cd policies cd policies
../.tools/kubectl-kuttl test ./${{ matrix.tests }} --config ./kuttl-test.yaml ../.tools/kubectl-kuttl test ./${{ matrix.tests }} --config ./kuttl-test.yaml
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
monitor-helm-secret-size:
runs-on: ubuntu-latest
permissions:
packages: read
needs: prepare-images
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Check secret size
shell: bash
run: |
set -e
set -u
SIZE=$(kubectl get secrets -n kyverno sh.helm.release.v1.kyverno.v1 -o jsonpath='{.data.release}' | base64 -d | wc -c | awk '{print $1}')
MAX_ALLOWED=1030000
if [ "$SIZE" -gt "$MAX_ALLOWED" ]; then
echo "Helm secret size ($SIZE bytes) is above the max allowed ($MAX_ALLOWED bytes)"
exit 1
else
echo "Helm secret size ($SIZE bytes) is below the max allowed ($MAX_ALLOWED bytes)"
fi