mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-16 04:28:42 +00:00
Code Activity

chore: improve cluster startup in conformance tests (#9103)

Browse source 
* chore: improve cluster startup in conformance tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix flake

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix flake

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-12-07 13:00:03 +01:00 committed by GitHub
parent f924cdd022
commit fd45cc5eee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 223 additions and 235 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

378
.github/workflows/conformance.yaml vendored
View file

@ -116,27 +116,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
make kind-create-cluster config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -145,26 +142,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -191,28 +187,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
export KIND_CONFIG=vap-v1alpha1 config: ./scripts/config/kind/vap-v1alpha1.yaml
make kind-create-cluster # deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -221,26 +213,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -267,28 +258,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
export KIND_CONFIG=vap-v1beta1 config: ./scripts/config/kind/vap-v1beta1.yaml
make kind-create-cluster # deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -297,26 +284,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -345,28 +331,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
export KIND_CONFIG=vap-v1alpha1 config: ./scripts/config/kind/vap-v1alpha1.yaml
make kind-create-cluster # deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -375,26 +357,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -421,28 +402,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
export KIND_CONFIG=vap-v1beta1 config: ./scripts/config/kind/vap-v1beta1.yaml
make kind-create-cluster # deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -451,26 +428,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -504,27 +480,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
make kind-create-cluster config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -533,26 +506,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -585,27 +557,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
make kind-create-cluster config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -614,26 +583,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -733,7 +701,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -765,27 +733,24 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install chainsaw
shell: bash uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
run: | with:
# For AMD64 / x86_64 release: v0.0.8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 # create cluster
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster - name: Create kind cluster
shell: bash uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
run: | with:
set -e node_image: kindest/node:${{ matrix.k8s-version.version }}
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }} cluster_name: kind
make kind-create-cluster config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -794,26 +759,25 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
set -e set -e
chainsaw test --config ./test/conformance/chainsaw/_config/common.yaml --test-dir ./test/conformance/chainsaw/${{ matrix.tests }} --no-color=false cd ./test/conformance/chainsaw && chainsaw test --test-dir ./${{ matrix.tests }}
# debug
- name: Debug failure - name: Debug failure
if: failure() if: failure()
uses: ./.github/actions/kyverno-logs uses: ./.github/actions/kyverno-logs
@ -929,7 +893,7 @@ jobs:
- name: Install CRDs - name: Install CRDs
run: | run: |
set -e set -e
kubectl apply -f ./policies/CRDs kubectl apply -f ./policies/.chainsaw/crds
- name: Test with Chainsaw - name: Test with Chainsaw
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@ -1017,7 +981,7 @@ jobs:
KYVERNO_EXPERIMENTAL=true kyverno fix test ./test/cli --save --compress KYVERNO_EXPERIMENTAL=true kyverno fix test ./test/cli --save --compress
make verify-cli-tests make verify-cli-tests
required: conformance-required:
needs: needs:
- standard - standard
- ttl - ttl

54
Makefile
View file

@ -32,33 +32,33 @@ USE_CONFIG ?= standard
# TOOLS # # TOOLS #
######### #########
TOOLS_DIR := $(PWD)/.tools TOOLS_DIR ?= $(PWD)/.tools
KIND := $(TOOLS_DIR)/kind KIND ?= $(TOOLS_DIR)/kind
KIND_VERSION := v0.20.0 KIND_VERSION ?= v0.20.0
CONTROLLER_GEN := $(TOOLS_DIR)/controller-gen CONTROLLER_GEN ?= $(TOOLS_DIR)/controller-gen
CONTROLLER_GEN_VERSION := v0.12.0 CONTROLLER_GEN_VERSION ?= v0.12.0
CLIENT_GEN := $(TOOLS_DIR)/client-gen CLIENT_GEN ?= $(TOOLS_DIR)/client-gen
LISTER_GEN := $(TOOLS_DIR)/lister-gen LISTER_GEN ?= $(TOOLS_DIR)/lister-gen
INFORMER_GEN := $(TOOLS_DIR)/informer-gen INFORMER_GEN ?= $(TOOLS_DIR)/informer-gen
OPENAPI_GEN := $(TOOLS_DIR)/openapi-gen OPENAPI_GEN ?= $(TOOLS_DIR)/openapi-gen
REGISTER_GEN := $(TOOLS_DIR)/register-gen REGISTER_GEN ?= $(TOOLS_DIR)/register-gen
DEEPCOPY_GEN := $(TOOLS_DIR)/deepcopy-gen DEEPCOPY_GEN ?= $(TOOLS_DIR)/deepcopy-gen
DEFAULTER_GEN := $(TOOLS_DIR)/defaulter-gen DEFAULTER_GEN ?= $(TOOLS_DIR)/defaulter-gen
APPLYCONFIGURATION_GEN := $(TOOLS_DIR)/applyconfiguration-gen APPLYCONFIGURATION_GEN ?= $(TOOLS_DIR)/applyconfiguration-gen
CODE_GEN_VERSION := v0.28.0 CODE_GEN_VERSION ?= v0.28.0
GEN_CRD_API_REFERENCE_DOCS := $(TOOLS_DIR)/gen-crd-api-reference-docs GEN_CRD_API_REFERENCE_DOCS ?= $(TOOLS_DIR)/gen-crd-api-reference-docs
GEN_CRD_API_REFERENCE_DOCS_VERSION := latest GEN_CRD_API_REFERENCE_DOCS_VERSION ?= latest
GO_ACC := $(TOOLS_DIR)/go-acc GO_ACC ?= $(TOOLS_DIR)/go-acc
GO_ACC_VERSION := latest GO_ACC_VERSION ?= latest
GOIMPORTS := $(TOOLS_DIR)/goimports GOIMPORTS ?= $(TOOLS_DIR)/goimports
GOIMPORTS_VERSION := latest GOIMPORTS_VERSION ?= latest
HELM := $(TOOLS_DIR)/helm HELM ?= $(TOOLS_DIR)/helm
HELM_VERSION := v3.12.3 HELM_VERSION ?= v3.12.3
HELM_DOCS := $(TOOLS_DIR)/helm-docs HELM_DOCS ?= $(TOOLS_DIR)/helm-docs
HELM_DOCS_VERSION := v1.11.0 HELM_DOCS_VERSION ?= v1.11.0
KO := $(TOOLS_DIR)/ko KO ?= $(TOOLS_DIR)/ko
KO_VERSION := v0.14.1 KO_VERSION ?= v0.14.1
KUBE_VERSION := v1.25.0 KUBE_VERSION ?= v1.25.0
TOOLS := $(KIND) $(CONTROLLER_GEN) $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(OPENAPI_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(DEFAULTER_GEN) $(APPLYCONFIGURATION_GEN) $(GEN_CRD_API_REFERENCE_DOCS) $(GO_ACC) $(GOIMPORTS) $(HELM) $(HELM_DOCS) $(KO) TOOLS := $(KIND) $(CONTROLLER_GEN) $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(OPENAPI_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(DEFAULTER_GEN) $(APPLYCONFIGURATION_GEN) $(GEN_CRD_API_REFERENCE_DOCS) $(GO_ACC) $(GOIMPORTS) $(HELM) $(HELM_DOCS) $(KO)
ifeq ($(GOOS), darwin) ifeq ($(GOOS), darwin)
SED := gsed SED := gsed

0
test/conformance/chainsaw/_config/common.yaml → test/conformance/chainsaw/.chainsaw.yaml
View file

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: failure-policy-test-noconfigmap-diffimage-success name: failure-policy-test-noconfigmap-diffimage-success
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: keyed-basic-namespace-selector name: keyed-basic-namespace-selector
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: keyed-basic name: keyed-basic
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-secret/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: keyed-secret name: keyed-secret
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/noconfigmap-diffimage-success/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: noconfigmap-diffimage-success name: noconfigmap-diffimage-success
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/notary-attestation-verification/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: notary-attestation-verification name: notary-attestation-verification
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/notary-image-verification-secret-from-policy/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: notary-image-verification-secret-from-policy name: notary-image-verification-secret-from-policy
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

2
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/notary-image-verification/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: notary-image-verification name: notary-image-verification
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:

8
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/rollback-image-verification/chainsaw-test.yaml
View file

@ -4,6 +4,8 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: rollback-image-verification name: rollback-image-verification
spec: spec:
timeouts:
delete: 2m
steps: steps:
- name: step-01 - name: step-01
try: try:
@ -19,10 +21,16 @@ spec:
file: deployment_new.yaml file: deployment_new.yaml
- assert: - assert:
file: deployment-assert.yaml file: deployment-assert.yaml
finally:
- sleep:
duration: 5s
- name: step-03 - name: step-03
try: try:
- script: - script:
content: kubectl -n verify-images rollout undo deployment nginx-deployment content: kubectl -n verify-images rollout undo deployment nginx-deployment
finally:
- sleep:
duration: 5s
- name: step-04 - name: step-04
try: try:
- assert: - assert: