* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve test-pad rancher script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve hardened script and added kube-bench utility script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Apply same audits for 1.22 and older
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add python pip pakacge to install aws cli
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload build artifacts to aws s3 instead of gcp bucket
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload logs to aws s3 instead of google buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace gcloud auth with aws credentials for artifact uploading to buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace usage of google bucket with aws s3 buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add EncryptSecrets to Critical Control Args
* use deep comparison to extract differences
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Problem:
Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution:
As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated. This commit migrates all references for k3s to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
CA cert will never be equal to the serving-kube-apiserver cert so it seems like a copy-paste error.
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
* add new data-dir subtest
* Added node flag subtest
* Fix to E2E tests
* Convert existing test to new server logging
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add rancher install sript, taints to cp/etcd roles
* Revert back to generic/ubuntu2004, libvirt networking is unreliable on opensuse
* Added support for alpine
* Rancher deployment script
* Refactor installType into function
* Cleanup splitserver test
Signed-off-by: Derek Nola <derek.nola@suse.com>
* New startup integration test
* Add testing section to PR template
* Move helper functions to direct k8s client calls
Signed-off-by: Derek Nola <derek.nola@suse.com>
Also update all use of 'go get' => 'go install', update CI tooling for
1.18 compatibility, and gofmt everything so lint passes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump etcd to v3.5.4-k3s1
* Fix issue with datastore corruption on cluster-reset
* Disable unnecessary components during cluster reset
Disable control-plane components and the tunnel setup during
cluster-reset, even when not doing a restore. This reduces the amount of
log clutter during cluster reset/restore, making any errors encountered
more obvious.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Simplify role in existing tests
* Update other tests to output vagrant log on failure
* go test for split server
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Initial mysql, postgres external db
* Convert test options to env variables
* Add explicit ETCD option and bump memory for docker node
Signed-off-by: Derek Nola <derek.nola@suse.com>
Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Upgrade and convert ginkgo from v1 to v2
* Move all integration tests into integration folder
* Update TESTING.md
Signed-off-by: Derek Nola <derek.nola@suse.com>
Update CentOS 8 smoke vm's with vault repositories
Problem: CentOS 8 reached its EOL alongside its public mirrors, making
all the smoke test fail at provisioning time.
Solution: Point all the CentOS repositories to vault.
Signed-off-by: Jonnatan Jossemar Cordero <jonnatan.cordero@suse.com>
* Remove sudo commands from integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added cleanup fucntion
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Implement better int cleanup
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Rename test utils
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable K3sCmd to be a single string
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed parsePod function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* codespell
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Revert startup timeout
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reorder sonobuoy tests, drop concurrent tests to 3
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Disable etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Skip parallel testing for etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder
Signed-off-by: Derek Nola <derek.nola@suse.com>
- updated `tests/TESTING.md`
- cgroup, snapshotter, and install tests all under tests/vagrant
- cgroup and snapshotter workflows trigger for all code changes on all branches (excluding markdown docs, install script, and other vagrant tests)
- install workflow triggers for relevant script and fixture changes, only on master or pull-requests that target it
- integration and unit test workflows should not trigger for install script changes nor anything under tests/vagrant
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
* Add etcd extra args support for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
* Add etcd custom argument integration test
Signed-off-by: Chris Kim <oats87g@gmail.com>
* go generate
Signed-off-by: Chris Kim <oats87g@gmail.com>
- also updated k3s-uninstall.sh on zypper and TU systems
- fix#4409 for Fedora CoreOS
new installer tests via github actions:
- fedora-coreos
- opensuse-microos
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
Support invoking install.sh on SLE Micro with or without SELinux
enabled. Same deal for SLES.
Additionally, easy-to-invoke assertions, via Vagrant, that the local
install.sh works correctly:
- tests/install/centos-7 (stand-in for rhel 7)
- tests/install/centos-8 (stand-in for rhel 8)
- tests/install/opensuse-leap (stand-in for sles)
- tests/install/opensuse-microos (stand-in for sle-micro)
- tests/install/ubuntu-focal
Addresses #3188
Addresses #3917
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments
Signed-off-by: dereknola <derek.nola@suse.com>
Add `.github/workflows/cgroup2.yaml` for running Fedora on Vagrant on
GitHub Actions to test cgroup2 environment.
Only very basic smoke tests are executed, as Vagrant is too slow to run
the entire sonobuoy.
Relevant:
- kubernetes-sigs/kind PR 2017
- https://github.com/rootless-containers/usernetes/blob/v20210201.0/.github/workflows/main.yaml
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The "$()" form of command substitution solves a problem of inconsistent
behavior when using backquotes and is recommended over the legacy
backticks.
Change-Id: I7f0df0535822b64680b6c076e930814417bf1480
Signed-off-by: Joakim Roubert <joakimr@axis.com>
There are some issues and quirks in the markdown documentation files
suggested by the markdownlint project checker that might benefit from
being fixed, which this patch does.
Change-Id: I33245825e5bb543b5ce1732204984d4a0b169668
Signed-off-by: Joakim Roubert <joakimr@axis.com>