Skip to content

Enabled internal TLS between k8s pods by default #727

Enabled internal TLS between k8s pods by default

Enabled internal TLS between k8s pods by default #727

Workflow file for this run

name: E2E Tests
on:
pull_request:
types:
- opened
- synchronize
push:
branches:
- master
schedule:
- cron: "0 1 * * *"
workflow_dispatch:
jobs:
k3s:
name: "k3s (experimental)"
runs-on: ubuntu-22.04
# NOTE: Just a thought in case the timeouts fail; might not be
# necessary, but might not hurt either, would vary based on the
# size of the testing matrix, too.
timeout-minutes: 30
strategy:
fail-fast: false
max-parallel: 1
matrix:
# TODO: Document which versions we support and cover them.
# https://github.com/StackStorm/stackstorm-k8s/issues/342
# https://github.com/k3s-io/k3s/releases
k3s-channel:
- "v1.28.3+k3s1"
steps:
- name: Checkout source
uses: actions/checkout@v3
- name: Set up K3s
id: k3s
uses: jupyterhub/action-k3s-helm@v3
with:
k3s-channel: ${{ matrix.k3s-channel }}
- name: Setup cert-manager
run: |
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.crds.yaml
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.5
- name: Update stackstorm-ha chart dependencies
run: |
set -x
helm dependency update
- name: Helm install
run: |
openssl req -x509 -nodes -days 2 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=StackStorm CA"
helm install --timeout 15m0s --debug --wait \
--name-template stackstorm-ha . \
--set "secret.ca.crt=$(cat tls.crt | base64)"
--set "secret.ca.key=$(cat tls.key | base64)"
- name: Helm test
run: |
helm test stackstorm-ha
- name: Helm upgrade with RBAC enabled
run: |
helm upgrade --set st2.rbac.enabled=true \
--timeout 10m0s --debug --wait stackstorm-ha .
- name: Helm test
run: |
helm test stackstorm-ha
- name: Show all Kubernetes resources
if: ${{ always() }}
run: |
kubectl get all