Enabled internal TLS between k8s pods by default #727
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: E2E Tests | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
push: | |
branches: | |
- master | |
schedule: | |
- cron: "0 1 * * *" | |
workflow_dispatch: | |
jobs: | |
k3s: | |
name: "k3s (experimental)" | |
runs-on: ubuntu-22.04 | |
# NOTE: Just a thought in case the timeouts fail; might not be | |
# necessary, but might not hurt either, would vary based on the | |
# size of the testing matrix, too. | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
# TODO: Document which versions we support and cover them. | |
# https://github.com/StackStorm/stackstorm-k8s/issues/342 | |
# https://github.com/k3s-io/k3s/releases | |
k3s-channel: | |
- "v1.28.3+k3s1" | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v3 | |
- name: Set up K3s | |
id: k3s | |
uses: jupyterhub/action-k3s-helm@v3 | |
with: | |
k3s-channel: ${{ matrix.k3s-channel }} | |
- name: Setup cert-manager | |
run: | | |
helm repo add jetstack https://charts.jetstack.io --force-update | |
helm repo update | |
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.crds.yaml | |
helm install \ | |
cert-manager jetstack/cert-manager \ | |
--namespace cert-manager \ | |
--create-namespace \ | |
--version v1.14.5 | |
- name: Update stackstorm-ha chart dependencies | |
run: | | |
set -x | |
helm dependency update | |
- name: Helm install | |
run: | | |
openssl req -x509 -nodes -days 2 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=StackStorm CA" | |
helm install --timeout 15m0s --debug --wait \ | |
--name-template stackstorm-ha . \ | |
--set "secret.ca.crt=$(cat tls.crt | base64)" | |
--set "secret.ca.key=$(cat tls.key | base64)" | |
- name: Helm test | |
run: | | |
helm test stackstorm-ha | |
- name: Helm upgrade with RBAC enabled | |
run: | | |
helm upgrade --set st2.rbac.enabled=true \ | |
--timeout 10m0s --debug --wait stackstorm-ha . | |
- name: Helm test | |
run: | | |
helm test stackstorm-ha | |
- name: Show all Kubernetes resources | |
if: ${{ always() }} | |
run: | | |
kubectl get all |