refactor(operator): Operator refactor #1643
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci-test-controllers | |
| on: | |
| pull_request: | |
| branches: | |
| - "main" | |
| paths: | |
| - "pkg/**" | |
| - ".github/workflows/ci-test-controllers.yml" | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| jobs: | |
| kubearmor-controller-test: | |
| name: Build and Test KubeArmorController Using Ginkgo | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 30 | |
| env: | |
| RUNTIME: "containerd" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'KubeArmor/go.mod' | |
| - name: Check what paths were updated | |
| uses: dorny/paths-filter@v2 | |
| id: filter | |
| with: | |
| filters: | | |
| kubearmor: | |
| - "KubeArmor/**" | |
| - "protobuf/**" | |
| controller: | |
| - 'pkg/KubeArmorController/**' | |
| - name: Setup a Kubernetes environment | |
| run: ./.github/workflows/install-k3s.sh | |
| - name: Install the latest LLVM toolchain | |
| if: steps.filter.outputs.kubearmor == 'true' | |
| run: ./.github/workflows/install-llvm.sh | |
| - name: Compile libbpf | |
| if: steps.filter.outputs.kubearmor == 'true' | |
| run: ./.github/workflows/install-libbpf.sh | |
| - name: Generate KubeArmor artifacts | |
| if: steps.filter.outputs.kubearmor == 'true' | |
| run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh | |
| - name: Build KubeArmorController | |
| run: make -C pkg/KubeArmorController/ docker-build TAG=latest | |
| - name: Build Kubearmor-Operator | |
| working-directory: pkg/KubeArmorOperator | |
| run: | | |
| make docker-build | |
| - name: Install KubeArmor Latest and KubeArmorController using Helm | |
| run: | | |
| # save images | |
| docker save kubearmor/kubearmor-controller:latest | sudo k3s ctr images import - | |
| docker save kubearmor/kubearmor-operator:latest | sudo k3s ctr images import - | |
| docker save kubearmor/kubearmor-snitch:latest | sudo k3s ctr images import - | |
| chart_version=$(grep '^version:' ./deployments/helm/KubeArmor/Chart.yaml | awk '{print $2}') | |
| echo "installing kubearmor chart version $chart_version" | |
| helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace --set kubearmorOperator.image.tag=latest \ | |
| --set kubearmorOperator.imagePullPolicy=Never --set snitch.imagePullPolicy=Never --set helm.repository=embed --set helm.version=$chart_version --set helm.chart=kubearmor | |
| kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator | |
| kubectl get pods -A | |
| sleep 3 # need this sleep because webhook server initialization may take some time | |
| kubectl wait --for=condition=established --timeout=5m crd/kubearmorconfigs.operator.kubearmor.com | |
| kubectl wait --for=condition=complete --timeout=5m -n kubearmor job -l kubearmor-app=kubearmor-snitch | |
| # create kubearmorconfig | |
| if [[ ${{ steps.filter.outputs.kubearmor }} == 'true' ]]; then | |
| docker save kubearmor/kubearmor:latest | sudo k3s ctr images import - | |
| docker save kubearmor/kubearmor-init:latest | sudo k3s ctr images import - | |
| kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml --dry-run=client -o json | \ | |
| jq '.spec.kubearmorControllerImage.imagePullPolicy = "Never"' | \ | |
| kubectl apply -f - | |
| else | |
| # use latest kubearmor if no changes in kubearmor or protobuf dir | |
| kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml --dry-run=client -o json | \ | |
| jq '.spec.kubearmorControllerImage.imagePullPolicy = "Never" | .spec.kubearmorImage.imagePullPolicy = "Always" | .spec.kubearmorInitImage.imagePullPolicy = "Always"' | \ | |
| kubectl apply -f - | |
| fi | |
| kubectl wait --for=condition=ReleaseDeployed --timeout=5m kubearmorconfig.operator.kubearmor.com/kubearmorconfig-test -n kubearmor | |
| kubectl wait --timeout=7m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor | |
| kubectl get pods -A | |
| - name: Test KubeArmor using Ginkgo | |
| run: | | |
| go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| ginkgo --vv --flake-attempts=10 --timeout=10m smoke/ | |
| working-directory: ./tests/k8s_env | |
| timeout-minutes: 30 | |
| - name: Get karmor sysdump | |
| if: ${{ failure() }} | |
| run: | | |
| kubectl describe pod -n kubearmor -l kubearmor-app=kubearmor | |
| curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin | |
| mkdir -p /tmp/kubearmor/ && cd /tmp/kubearmor && karmor sysdump | |
| - name: Archive log artifacts | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: kubearmor.logs | |
| path: | | |
| /tmp/kubearmor/ | |
| /tmp/kubearmor.* |