KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-01 22:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
cert-manager-webhook-example/.github/workflows/test-kubernetes.yaml
Valentin Klopfenstein 3fa3cceac7 Add space, iteration time and fix replica conditional
2024-08-16 14:02:14 +02:00

122 lines
4.5 KiB
YAML
Raw Blame History

name: Run webhook tests in a full environment
on:
workflow_call:
secrets:
DNSIMPLE_API_TOKEN:
required: true
DNSIMPLE_ZONE_NAME:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Start minikube
uses: medyagh/setup-minikube@master
with:
kubernetes-version: 1.29.3
- name: Install cert-manager, patch upstream dns servers, wait for readiness
run: |
echo "Target cert-manager version: ${{ vars.TARGET_CERT_MANAGER_VERSION }}"
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${{ vars.TARGET_CERT_MANAGER_VERSION }}/cert-manager.yaml
# Patch cert-manager to use DNSimple's nameservers for faster propagation-checks
kubectl patch deployment cert-manager -n cert-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--dns01-recursive-nameservers=ns1.dnsimple.com:53"}]'
kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook -n cert-manager
- name: Install cert-manager-webhook-dnsimple, wait for readiness
env:
DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }}
DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME}}
run: |
helm install cert-manager-webhook-dnsimple ./charts/cert-manager-webhook-dnsimple \
--namespace cert-manager \
--set dnsimple.token="$DNSIMPLE_API_TOKEN" \
--set groupName="acme.$DNSIMPLE_ZONE_NAME" \
--set image.repository=ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple \
--set clusterIssuer.staging.enabled=true \
--set clusterIssuer.email="noreply@$DNSIMPLE_ZONE_NAME" \
--set image.tag=commit-${{ github.sha }}
helm -n cert-manager list
max_wait_time_seconds=600
sleep_between_iterations=10
start=$(date +%s)
end=$(( $start + $max_wait_time_seconds ))
echo ""
echo "Awaiting succesful deployment for max ${max_wait_time_seconds} seconds or until $(date --date="@$end")"
while [ $(date +%s) -le $end ]; do
echo "[i] New iteration at $(date +%s)"
kubectl -n cert-manager get po
if [ $(kubectl -n cert-manager get po | grep Crash | wc -l) -gt 0 ]; then
echo "::error title=Deployment is failing::At least one pod is crashing"
for pod in $(kubectl -n cert-manager get po | grep Crash | awk '{print $1}'); do
echo "Logs for pod '$pod'"
kubectl -n cert-manager logs $pod
done
exit 1
fi
replicas=$(kubectl -n cert-manager get deploy/cert-manager-webhook-dnsimple -o=jsonpath={.status.unavailableReplicas})
if [[ $([ -z $replicas ]) || $replicas -gt 0 ]]; then
sleep $sleep_between_iterations
else
echo "Replicas of deployment cert-manager-webhook-dnsimple have become available."
exit 0
fi
done
echo "::error title=Deployment timed out::Have timed out waiting for good deployment health"
exit 1
- name: Create sample certificate that uses the webhook
env:
DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }}
run: |
echo """apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: dnsimple-test
namespace: default
spec:
dnsNames:
- gh-action-test.$DNSIMPLE_ZONE_NAME
issuerRef:
name: cert-manager-webhook-dnsimple-staging
kind: ClusterIssuer
secretName: dnsimple-test-tls
""" > certificate.yaml
kubectl apply -f certificate.yaml
- name: Assert that the DNS record was created
env:
DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }}
timeout-minutes: 10
run: |
while true; do
if nslookup -type=TXT _acme-challenge.gh-action-test.$DNSIMPLE_ZONE_NAME ns1.dnsimple.com; then
break
fi
sleep 30
done
- name: Check the certificate status
run: |
kubectl wait --for=condition=ready --timeout=600s certificate/dnsimple-test
# this should not be necessary since the certificate is usually ready once the DNS record is propagated
kubectl get certificate dnsimple-test -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep True
Reference in a new issue View git blame Copy permalink