From 804ecc5e1b3d2ee97f7c47fe377943184a3ff378 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 11:02:20 +0100 Subject: [PATCH 01/25] feat(ci): add steps for 1.30, 1.31 --- .drone.yml | 149 ++++++++++++++++++++++++++--------------------------- 1 file changed, 74 insertions(+), 75 deletions(-) diff --git a/.drone.yml b/.drone.yml index c03dad6..c8f8e85 100644 --- a/.drone.yml +++ b/.drone.yml @@ -43,7 +43,7 @@ steps: - clone - name: render - image: quay.io/sighup/e2e-testing:1.1.0_0.2.2_2.16.1_1.9.4_1.20.7_3.8.7_2.4.1 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 pull: always depends_on: - clone @@ -56,26 +56,26 @@ steps: depends_on: - render commands: - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.26.0 - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.27.0 # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.28.0 # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.29.0 + # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. + - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.30.0 + # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. + - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.31.0 --- -name: e2e-kubernetes-1.26 +name: e2e-kubernetes-1.28 kind: pipeline type: docker -depends_on: - - policeman - node: runner: internal +depends_on: + - policeman + platform: os: linux arch: amd64 @@ -94,10 +94,10 @@ steps: path: /shared depends_on: [clone] settings: - action: custom-cluster-126 - pipeline_id: cluster-126 + action: custom-cluster-128 + pipeline_id: cluster-128 local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.26.6" + cluster_version: "1.28.0" instance_path: /shared aws_default_region: from_secret: aws_region @@ -123,7 +123,7 @@ steps: - refs/tags/** - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -133,7 +133,7 @@ steps: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service commands: - - export KUBECONFIG=/shared/kube/kubeconfig-126 + - export KUBECONFIG=/shared/kube/kubeconfig-128 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/setup.sh @@ -160,7 +160,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-126 + - export KUBECONFIG=/shared/kube/kubeconfig-128 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/vulns.sh @@ -170,7 +170,7 @@ steps: - refs/tags/** - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.27.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -180,7 +180,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-126 + - export KUBECONFIG=/shared/kube/kubeconfig-128 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/chartmuseum.sh @@ -190,7 +190,7 @@ steps: - refs/tags/** - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -200,7 +200,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-126 + - export KUBECONFIG=/shared/kube/kubeconfig-128 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/replication.sh @@ -215,6 +215,8 @@ steps: volumes: - name: shared path: /shared + - name: dockersock + path: /var/run/docker.sock environment: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service @@ -227,7 +229,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-126 + - export KUBECONFIG=/shared/kube/kubeconfig-128 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/registry.sh @@ -238,12 +240,12 @@ steps: - refs/tags/** - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v1.26.4 + image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 pull: always depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] settings: action: destroy - pipeline_id: cluster-126 + pipeline_id: cluster-128 aws_default_region: from_secret: aws_region aws_access_key_id: @@ -272,9 +274,9 @@ volumes: temp: {} - name: dockersock host: - path: /var/run/docker.sock + path: /var/run/docker.sock --- -name: e2e-kubernetes-1.27 +name: e2e-kubernetes-1.29 kind: pipeline type: docker @@ -302,10 +304,10 @@ steps: path: /shared depends_on: [clone] settings: - action: custom-cluster-127 - pipeline_id: cluster-127 + action: custom-cluster-129 + pipeline_id: cluster-129 local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.27.3" + cluster_version: "1.29.0" instance_path: /shared aws_default_region: from_secret: aws_region @@ -331,7 +333,7 @@ steps: - refs/tags/** - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.27.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -341,7 +343,7 @@ steps: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service commands: - - export KUBECONFIG=/shared/kube/kubeconfig-127 + - export KUBECONFIG=/shared/kube/kubeconfig-129 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/setup.sh @@ -368,7 +370,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-127 + - export KUBECONFIG=/shared/kube/kubeconfig-129 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/vulns.sh @@ -378,7 +380,7 @@ steps: - refs/tags/** - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.27.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -388,7 +390,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-127 + - export KUBECONFIG=/shared/kube/kubeconfig-129 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/chartmuseum.sh @@ -398,7 +400,7 @@ steps: - refs/tags/** - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.27.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always volumes: - name: shared @@ -408,7 +410,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-127 + - export KUBECONFIG=/shared/kube/kubeconfig-129 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/replication.sh @@ -437,7 +439,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-127 + - export KUBECONFIG=/shared/kube/kubeconfig-129 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/registry.sh @@ -448,12 +450,12 @@ steps: - refs/tags/** - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v1.27.1 + image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 pull: always depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] settings: action: destroy - pipeline_id: cluster-127 + pipeline_id: cluster-129 aws_default_region: from_secret: aws_region aws_access_key_id: @@ -484,16 +486,16 @@ volumes: host: path: /var/run/docker.sock --- -name: e2e-kubernetes-1.28 +name: e2e-kubernetes-1.30 kind: pipeline type: docker -node: - runner: internal - depends_on: - policeman +node: + runner: internal + platform: os: linux arch: amd64 @@ -512,10 +514,10 @@ steps: path: /shared depends_on: [clone] settings: - action: custom-cluster-128 - pipeline_id: cluster-128 + action: custom-cluster-130 + pipeline_id: cluster-130 local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.28.0" + cluster_version: "1.30.0" instance_path: /shared aws_default_region: from_secret: aws_region @@ -541,7 +543,7 @@ steps: - refs/tags/** - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -551,7 +553,7 @@ steps: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 + - export KUBECONFIG=/shared/kube/kubeconfig-130 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/setup.sh @@ -578,7 +580,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-128 + - export KUBECONFIG=/shared/kube/kubeconfig-130 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/vulns.sh @@ -588,7 +590,7 @@ steps: - refs/tags/** - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -598,7 +600,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 + - export KUBECONFIG=/shared/kube/kubeconfig-130 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/chartmuseum.sh @@ -608,7 +610,7 @@ steps: - refs/tags/** - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -618,7 +620,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 + - export KUBECONFIG=/shared/kube/kubeconfig-130 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/replication.sh @@ -633,8 +635,6 @@ steps: volumes: - name: shared path: /shared - - name: dockersock - path: /var/run/docker.sock environment: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service @@ -647,7 +647,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-128 + - export KUBECONFIG=/shared/kube/kubeconfig-130 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/registry.sh @@ -658,12 +658,12 @@ steps: - refs/tags/** - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 + image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 pull: always depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] settings: action: destroy - pipeline_id: cluster-128 + pipeline_id: cluster-130 aws_default_region: from_secret: aws_region aws_access_key_id: @@ -693,9 +693,8 @@ volumes: - name: dockersock host: path: /var/run/docker.sock - --- -name: e2e-kubernetes-1.29 +name: e2e-kubernetes-1.31 kind: pipeline type: docker @@ -716,17 +715,17 @@ trigger: steps: - name: init - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 + image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 pull: always volumes: - name: shared path: /shared depends_on: [clone] settings: - action: custom-cluster-129 - pipeline_id: cluster-129 + action: custom-cluster-131 + pipeline_id: cluster-131 local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.29.0" + cluster_version: "1.31.0" instance_path: /shared aws_default_region: from_secret: aws_region @@ -752,7 +751,7 @@ steps: - refs/tags/** - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -762,7 +761,7 @@ steps: DYNAMIC_DNS_SERVICE: from_secret: dynamic_dns_service commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 + - export KUBECONFIG=/shared/kube/kubeconfig-131 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/setup.sh @@ -789,7 +788,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-129 + - export KUBECONFIG=/shared/kube/kubeconfig-131 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/vulns.sh @@ -799,7 +798,7 @@ steps: - refs/tags/** - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -809,7 +808,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 + - export KUBECONFIG=/shared/kube/kubeconfig-131 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/chartmuseum.sh @@ -819,7 +818,7 @@ steps: - refs/tags/** - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 pull: always volumes: - name: shared @@ -829,7 +828,7 @@ steps: from_secret: dynamic_dns_service depends_on: [e2e-setup] commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 + - export KUBECONFIG=/shared/kube/kubeconfig-131 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/replication.sh @@ -858,7 +857,7 @@ steps: - git checkout v1.1.0 - ./install.sh /usr/local - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-129 + - export KUBECONFIG=/shared/kube/kubeconfig-131 - export INSTANCE_IP=$(cat /shared/machine/ip) - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/registry.sh @@ -869,12 +868,12 @@ steps: - refs/tags/** - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 + image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 pull: always depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] settings: action: destroy - pipeline_id: cluster-129 + pipeline_id: cluster-131 aws_default_region: from_secret: aws_region aws_access_key_id: @@ -910,10 +909,10 @@ kind: pipeline type: docker depends_on: - - e2e-kubernetes-1.26 - - e2e-kubernetes-1.27 - e2e-kubernetes-1.28 - - e2e-kubernetes-1.29 + - e2e-kubernetes-1.28 + - e2e-kubernetes-1.30 + - e2e-kubernetes-1.31 platform: os: linux From 448b37477e54e12cbf52bbd8099ba7cab4acf9f0 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 11:07:58 +0100 Subject: [PATCH 02/25] docs: update compatibility matrix --- docs/COMPATIBILITY_MATRIX.md | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/COMPATIBILITY_MATRIX.md b/docs/COMPATIBILITY_MATRIX.md index 612038d..8b6fa22 100644 --- a/docs/COMPATIBILITY_MATRIX.md +++ b/docs/COMPATIBILITY_MATRIX.md @@ -1,18 +1,19 @@ # Compatibility Matrix -| Module Version / Kubernetes Version | 1.14.X | 1.15.X | 1.16.X | 1.17.X | 1.18.X | 1.19.X | 1.20.X | 1.21.X | 1.22.X | 1.23.X | 1.24.X | 1.25.X | 1.26.X | 1.27.X | 1.28.X | 1.29.X | -| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | -| v1.0.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | -| v1.0.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | -| v1.1.0 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | -| v1.1.1 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | -| v1.1.2 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | -| v1.2.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | -| v2.0.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | -| v3.0.0 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | -| v3.0.1 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | -| v3.0.2 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | -| v3.1.0 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Module Version / Kubernetes Version | 1.14.X | 1.15.X | 1.16.X | 1.17.X | 1.18.X | 1.19.X | 1.20.X | 1.21.X | 1.22.X | 1.23.X | 1.24.X | 1.25.X | 1.26.X | 1.27.X | 1.28.X | 1.29.X | 1.30.X | 1.31.X | +| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | +| v1.0.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | | | +| v1.0.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | | | +| v1.1.0 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | | | +| v1.1.1 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | | | +| v1.1.2 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | +| v1.2.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | +| v2.0.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | +| v3.0.0 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | +| v3.0.1 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | +| v3.0.2 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | +| v3.1.0 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | +| v3.2.0 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | - :white_check_mark: Compatible - :warning: Has issues From 420e71696807be7300e8bd50ccc846764b4968ec Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 11:09:52 +0100 Subject: [PATCH 03/25] docs: update readme, release, maintenance --- README.md | 12 ++++-------- docs/releases/v3.2.0.md | 8 ++++++++ katalog/harbor/MAINTENANCE.md | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) create mode 100644 docs/releases/v3.2.0.md diff --git a/README.md b/README.md index bccaf98..e51e081 100644 --- a/README.md +++ b/README.md @@ -27,16 +27,12 @@ Click on each package to see its full documentation. | Kubernetes Version | Compatibility | Notes | | ------------------ | :----------------: | --------------------------------------------------- | -| `1.22.x` | :white_check_mark: | Conformance tests passed. | -| `1.23.x` | :white_check_mark: | Conformance tests passed. | -| `1.24.x` | :white_check_mark: | Conformance tests passed. | -| `1.25.x` | :white_check_mark: | Conformance tests passed. | -| `1.26.x` | :white_check_mark: | Conformance tests passed. | -| `1.27.x` | :white_check_mark: | Conformance tests passed. | | `1.28.x` | :white_check_mark: | Conformance tests passed. | | `1.29.x` | :white_check_mark: | Conformance tests passed. | +| `1.30.x` | :white_check_mark: | Conformance tests passed. | +| `1.31.x` | :white_check_mark: | Conformance tests passed. | -Check the [compatibility matrix][compatibility-matrix] for additional information on previous releases of the module. +The table shows the latest 4 compatible versions. Check the [compatibility matrix][compatibility-matrix] for the complete list of all supported versions. ## Usage @@ -56,7 +52,7 @@ All packages in this repository have the following dependencies, for package spe ```yaml bases: - name: registry/harbor - version: "v3.1.0" + version: "v3.2.0" ``` > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format. diff --git a/docs/releases/v3.2.0.md b/docs/releases/v3.2.0.md new file mode 100644 index 0000000..a83c481 --- /dev/null +++ b/docs/releases/v3.2.0.md @@ -0,0 +1,8 @@ +# Registry Module version 3.2.0 + +## Changelog +- Added compatibility with Kubernetes versions 1.30.x and 1.31.x. + +## Upgrade path + +To upgrade this module from `v3.1.0` to `v3.2.0`, you need to download this new version, then apply the `kustomize` project. No further action is required. \ No newline at end of file diff --git a/katalog/harbor/MAINTENANCE.md b/katalog/harbor/MAINTENANCE.md index 74bf787..389e1dd 100644 --- a/katalog/harbor/MAINTENANCE.md +++ b/katalog/harbor/MAINTENANCE.md @@ -20,10 +20,12 @@ All the following examples are tested in the pipeline ### e2e tests -[chartmuseum](../../katalog/tests/harbor/chartmuseum.sh) -[registry-notary](../../katalog/tests/harbor/registry-notary.sh) -[registry](../../katalog/tests/harbor/registry.sh) -[replication](../../katalog/tests/harbor/replication.sh) +- [setup](../../katalog/tests/harbor/setup.sh) +- [vulns](../../katalog/tests/harbor/vulns.sh) +- [chartmuseum](../../katalog/tests/harbor/chartmuseum.sh) +- [replication](../../katalog/tests/harbor/replication.sh) +- [registry](../../katalog/tests/harbor/registry.sh) +- [registry-notary](../../katalog/tests/harbor/registry-notary.sh) ### Dashboard and Rules From 2223999a039b4c87ec48a17a16b606b6807859a9 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 11:11:14 +0100 Subject: [PATCH 04/25] docs: update harbor from Incubating to Graduated-level --- katalog/harbor/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/katalog/harbor/README.md b/katalog/harbor/README.md index a6f21d0..465a9ba 100644 --- a/katalog/harbor/README.md +++ b/katalog/harbor/README.md @@ -3,7 +3,7 @@ ## What is Harbor? > Harbor is an open-source container image registry that secures images with role-based access control, scans images -> for vulnerabilities, and signs images as trusted. As a CNCF Incubating project, Harbor delivers compliance, +> for vulnerabilities, and signs images as trusted. As a CNCF Graduated-level project, Harbor delivers compliance, > performance, and interoperability to help you consistently and securely manage images across cloud-native compute > platforms like Kubernetes and Docker. From b7b85495ffedfc013feb35d697478b159eb191e4 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 11:25:36 +0100 Subject: [PATCH 05/25] docs: disable line length linter rule in compatibility matrix --- docs/COMPATIBILITY_MATRIX.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/COMPATIBILITY_MATRIX.md b/docs/COMPATIBILITY_MATRIX.md index 8b6fa22..09a5f11 100644 --- a/docs/COMPATIBILITY_MATRIX.md +++ b/docs/COMPATIBILITY_MATRIX.md @@ -1,5 +1,7 @@ # Compatibility Matrix + + | Module Version / Kubernetes Version | 1.14.X | 1.15.X | 1.16.X | 1.17.X | 1.18.X | 1.19.X | 1.20.X | 1.21.X | 1.22.X | 1.23.X | 1.24.X | 1.25.X | 1.26.X | 1.27.X | 1.28.X | 1.29.X | 1.30.X | 1.31.X | | ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | | v1.0.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | | | | | | | @@ -15,6 +17,8 @@ | v3.1.0 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | v3.2.0 | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | + + - :white_check_mark: Compatible - :warning: Has issues - :x: Incompatible From 195c1a92aec1bc527fa365b155ed7563d8470a8a Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 28 Oct 2024 17:23:49 +0100 Subject: [PATCH 06/25] refactor(ci): migrate to kind and test k8s 1.28 only --- .drone.yml | 821 ++++------------------------------------------------- 1 file changed, 53 insertions(+), 768 deletions(-) diff --git a/.drone.yml b/.drone.yml index c8f8e85..c91abdc 100644 --- a/.drone.yml +++ b/.drone.yml @@ -6,6 +6,9 @@ name: license kind: pipeline type: docker +clone: + depth: 1 + steps: - name: check image: docker.io/library/golang:1.20 @@ -13,11 +16,15 @@ steps: commands: - go install github.com/google/addlicense@v1.1.1 - addlicense -c "SIGHUP s.r.l" -v -l bsd --check . + --- name: policeman kind: pipeline type: docker +clone: + depth: 1 + platform: os: linux arch: amd64 @@ -58,11 +65,8 @@ steps: commands: # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.28.0 - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.29.0 - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.30.0 - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.31.0 --- @@ -70,12 +74,12 @@ name: e2e-kubernetes-1.28 kind: pipeline type: docker -node: - runner: internal - depends_on: - policeman +clone: + depth: 1 + platform: os: linux arch: amd64 @@ -86,823 +90,107 @@ trigger: - refs/tags/** steps: - - name: init - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [clone] - settings: - action: custom-cluster-128 - pipeline_id: cluster-128 - local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.28.0" - instance_path: /shared - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - ref: - include: - - refs/tags/** - - - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [init] - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/setup.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-vulns - image: quay.io/sighup/skopeo:v1.0.0 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-128 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/vulns.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/chartmuseum.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.28.5_3.5.3_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-128 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/replication.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-registry - image: quay.io/sighup/skopeo:v1.0.0 + - name: create-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 pull: always + depends_on: + - clone volumes: - - name: shared - path: /shared - name: dockersock path: /var/run/docker.sock environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + KIND_CONFIG: ./katalog/tests/harbor/config/kind-config + CLUSTER_VERSION: v1.28.0 + KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-128 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/registry.sh - - bats -t katalog/tests/harbor/registry-notary.sh - when: - ref: - include: - - refs/tags/** - - - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 - pull: always - depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] - settings: - action: destroy - pipeline_id: cluster-128 - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - status: - - success - - failure - -volumes: - - name: shared - temp: {} - - name: dockersock - host: - path: /var/run/docker.sock ---- -name: e2e-kubernetes-1.29 -kind: pipeline -type: docker - -node: - runner: internal - -depends_on: - - policeman - -platform: - os: linux - arch: amd64 - -trigger: - ref: - include: - - refs/tags/** - -steps: - - name: init - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [clone] - settings: - action: custom-cluster-129 - pipeline_id: cluster-129 - local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.29.0" - instance_path: /shared - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - ref: - include: - - refs/tags/** + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always - volumes: - - name: shared - path: /shared - depends_on: [init] + network_mode: host environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service + KUBECONFIG: kubeconfig-harbor-v1.28.0 + depends_on: + - create-kind-cluster commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" + - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh - when: - ref: - include: - - refs/tags/** - name: e2e-vulns - image: quay.io/sighup/skopeo:v1.0.0 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always - volumes: - - name: shared - path: /shared + network_mode: host environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + KUBECONFIG: kubeconfig-harbor-v1.28.0 + depends_on: + - e2e-setup commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-129 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/vulns.sh - when: - ref: - include: - - refs/tags/** - name: e2e-chartmuseum image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always - volumes: - - name: shared - path: /shared + network_mode: host environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + KUBECONFIG: kubeconfig-harbor-v1.28.0 + depends_on: + - e2e-setup commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/chartmuseum.sh - when: - ref: - include: - - refs/tags/** - name: e2e-replication image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always - volumes: - - name: shared - path: /shared + network_mode: host environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + KUBECONFIG: kubeconfig-harbor-v1.28.0 + depends_on: + - e2e-setup commands: - - export KUBECONFIG=/shared/kube/kubeconfig-129 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/replication.sh - when: - ref: - include: - - refs/tags/** - name: e2e-registry - image: quay.io/sighup/skopeo:v1.0.0 + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 pull: always + network_mode: host volumes: - - name: shared - path: /shared - name: dockersock path: /var/run/docker.sock environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-129 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/registry.sh - - bats -t katalog/tests/harbor/registry-notary.sh - when: - ref: - include: - - refs/tags/** - - - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 - pull: always - depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] - settings: - action: destroy - pipeline_id: cluster-129 - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - status: - - success - - failure - -volumes: - - name: shared - temp: {} - - name: dockersock - host: - path: /var/run/docker.sock ---- -name: e2e-kubernetes-1.30 -kind: pipeline -type: docker - -depends_on: - - policeman - -node: - runner: internal - -platform: - os: linux - arch: amd64 - -trigger: - ref: - include: - - refs/tags/** - -steps: - - name: init - image: quay.io/sighup/e2e-testing-drone-plugin:v2.1.0 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [clone] - settings: - action: custom-cluster-130 - pipeline_id: cluster-130 - local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.30.0" - instance_path: /shared - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - ref: - include: - - refs/tags/** - - - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [init] - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-130 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/setup.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-vulns - image: quay.io/sighup/skopeo:v1.0.0 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-130 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/vulns.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-130 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/chartmuseum.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-130 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/replication.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-registry - image: quay.io/sighup/skopeo:v1.0.0 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + KUBECONFIG: kubeconfig-harbor-v1.28.0 + depends_on: + - e2e-setup commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-130 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - bats -t katalog/tests/harbor/registry.sh - bats -t katalog/tests/harbor/registry-notary.sh - when: - ref: - include: - - refs/tags/** - - - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 - pull: always - depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] - settings: - action: destroy - pipeline_id: cluster-130 - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - status: - - success - - failure -volumes: - - name: shared - temp: {} - - name: dockersock - host: - path: /var/run/docker.sock ---- -name: e2e-kubernetes-1.31 -kind: pipeline -type: docker - -node: - runner: internal - -depends_on: - - policeman - -platform: - os: linux - arch: amd64 - -trigger: - ref: - include: - - refs/tags/** - -steps: - - name: init - image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [clone] - settings: - action: custom-cluster-131 - pipeline_id: cluster-131 - local_kind_config_path: katalog/tests/harbor/config/kind-config - cluster_version: "1.31.0" - instance_path: /shared - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user - when: - ref: - include: - - refs/tags/** - - - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - depends_on: [init] - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-131 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/setup.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-vulns - image: quay.io/sighup/skopeo:v1.0.0 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-131 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/vulns.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 - pull: always + - name: delete-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-131 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/chartmuseum.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 - pull: always - volumes: - - name: shared - path: /shared - environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] - commands: - - export KUBECONFIG=/shared/kube/kubeconfig-131 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/replication.sh - when: - ref: - include: - - refs/tags/** - - - name: e2e-registry - image: quay.io/sighup/skopeo:v1.0.0 - pull: always - volumes: - - name: shared - path: /shared - name: dockersock path: /var/run/docker.sock environment: - DYNAMIC_DNS_SERVICE: - from_secret: dynamic_dns_service - depends_on: [e2e-setup] + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 commands: - - apt update - - apt install curl jq git bash ca-certificates -y - - git clone https://github.com/bats-core/bats-core.git /tmp/bats-core - - cd /tmp/bats-core - - git checkout v1.1.0 - - ./install.sh /usr/local - - cd - - - export KUBECONFIG=/shared/kube/kubeconfig-131 - - export INSTANCE_IP=$(cat /shared/machine/ip) - - export EXTERNAL_DNS="$INSTANCE_IP.$DYNAMIC_DNS_SERVICE" - - bats -t katalog/tests/harbor/registry.sh - - bats -t katalog/tests/harbor/registry-notary.sh - when: - ref: - include: - - refs/tags/** - - - name: destroy - image: quay.io/sighup/e2e-testing-drone-plugin:v2.2.0 - pull: always - depends_on: [e2e-vulns, e2e-chartmuseum, e2e-replication, e2e-registry] - settings: - action: destroy - pipeline_id: cluster-131 - aws_default_region: - from_secret: aws_region - aws_access_key_id: - from_secret: aws_access_key_id - aws_secret_access_key: - from_secret: aws_secret_access_key - terraform_tf_states_bucket_name: - from_secret: terraform_tf_states_bucket_name - dockerhub_username: - from_secret: dockerhub_username - dockerhub_password: - from_secret: dockerhub_password - vsphere_server: - from_secret: vsphere_server - vsphere_password: - from_secret: vsphere_password - vsphere_user: - from_secret: vsphere_user + - kind delete cluster --name $${CLUSTER_NAME} || true + depends_on: + - e2e-vulns + - e2e-chartmuseum + - e2e-replication + - e2e-registry when: status: - success - failure volumes: - - name: shared - temp: {} - name: dockersock host: path: /var/run/docker.sock + --- name: release kind: pipeline @@ -910,9 +198,6 @@ type: docker depends_on: - e2e-kubernetes-1.28 - - e2e-kubernetes-1.28 - - e2e-kubernetes-1.30 - - e2e-kubernetes-1.31 platform: os: linux From ef2c343498f1e8d933432429a59aad28b26e5b94 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 10:01:55 +0100 Subject: [PATCH 07/25] refactor(ci): update EXTERNAL_DNS and retest k8s 1.28 --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index c91abdc..6e00690 100644 --- a/.drone.yml +++ b/.drone.yml @@ -113,6 +113,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + EXTERNAL_DNS: "127.0.0.1.nip.io" depends_on: - create-kind-cluster commands: From 40d1ae6f21b40c0278f62584198db2cb9ade7ba8 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 11:08:17 +0100 Subject: [PATCH 08/25] refactor(ci): add connectivity test --- katalog/tests/harbor/setup.sh | 11 +++++++++++ katalog/tests/harbor/vulns.sh | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/katalog/tests/harbor/setup.sh b/katalog/tests/harbor/setup.sh index 46c6145..534d548 100644 --- a/katalog/tests/harbor/setup.sh +++ b/katalog/tests/harbor/setup.sh @@ -89,3 +89,14 @@ load "./../lib/helper" [ "$status" -eq 0 ] } +@test "[SETUP] Check Harbor Connectivity" { + info + test(){ + curl -k -v https://harbor.${EXTERNAL_DNS}/api/v2.0/health >&3 + kubectl get ingress -n registry >&3 + kubectl describe ingress -n registry >&3 + } + loop_it test 30 5 + status=${loop_it_result} + [ "$status" -eq 0 ] +} diff --git a/katalog/tests/harbor/vulns.sh b/katalog/tests/harbor/vulns.sh index ff881a7..ce41928 100644 --- a/katalog/tests/harbor/vulns.sh +++ b/katalog/tests/harbor/vulns.sh @@ -83,7 +83,7 @@ load "./../lib/helper" if [ "${vulns}" == "null" ]; then echo "# No vulnerabilities found. Retrying" >&3; return 1; fi if [ "${vulns}" -eq "0" ]; then echo "# No vulnerabilities found. Retrying" >&3; return 1; fi } - loop_it test 30 30 + loop_it test 10 10 status=${loop_it_result} [ "$status" -eq 0 ] } From df41ce7c75311136b20c9b592cfa00b5c9f9dba2 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 11:26:08 +0100 Subject: [PATCH 09/25] refactor(ci): add env var and charts setup tests --- .drone.yml | 4 ++++ katalog/tests/harbor/chartmuseum.sh | 30 ++++++++++++++++++++--------- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6e00690..b95091c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -126,6 +126,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + EXTERNAL_DNS: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -137,6 +138,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + EXTERNAL_DNS: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -148,6 +150,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + EXTERNAL_DNS: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -162,6 +165,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + EXTERNAL_DNS: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: diff --git a/katalog/tests/harbor/chartmuseum.sh b/katalog/tests/harbor/chartmuseum.sh index a5143ff..4486abd 100644 --- a/katalog/tests/harbor/chartmuseum.sh +++ b/katalog/tests/harbor/chartmuseum.sh @@ -8,17 +8,29 @@ load "./../lib/helper" @test "[CHARTS] Setup" { - info - setup(){ - helm repo add stable https://charts.helm.sh/stable - helm plugin install https://github.com/chartmuseum/helm-push - helm fetch stable/nginx-ingress --version 1.36.2 - helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${EXTERNAL_DNS}"/chartrepo/library --insecure-skip-tls-verify - } - run setup - [ "$status" -eq 0 ] + info + setup(){ + echo "Adding stable repo" >&3 + helm repo add stable https://charts.helm.sh/stable + + echo "Installing helm-push plugin" >&3 + helm plugin install https://github.com/chartmuseum/helm-push + + echo "Fetching nginx-ingress" >&3 + helm fetch stable/nginx-ingress --version 1.36.2 + + echo "Testing Harbor connection" >&3 + curl -k -v https://harbor.${EXTERNAL_DNS}/api/v2.0/health >&3 + + echo "Adding Harbor repo" >&3 + helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${EXTERNAL_DNS}"/chartrepo/library --insecure-skip-tls-verify + } + run setup + echo "Setup output: $output" >&3 + [ "$status" -eq 0 ] } + @test "[CHARTS] Push nginx ingress chart to Harbor" { info deploy(){ From 6a6e86af09a8b9bab6309ea14b1b2f127938292b Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 11:31:17 +0100 Subject: [PATCH 10/25] chore(lint): add double quote --- katalog/tests/harbor/chartmuseum.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/katalog/tests/harbor/chartmuseum.sh b/katalog/tests/harbor/chartmuseum.sh index 4486abd..a08e79c 100644 --- a/katalog/tests/harbor/chartmuseum.sh +++ b/katalog/tests/harbor/chartmuseum.sh @@ -20,7 +20,7 @@ load "./../lib/helper" helm fetch stable/nginx-ingress --version 1.36.2 echo "Testing Harbor connection" >&3 - curl -k -v https://harbor.${EXTERNAL_DNS}/api/v2.0/health >&3 + curl -k -v https://harbor."${EXTERNAL_DNS}"/api/v2.0/health >&3 echo "Adding Harbor repo" >&3 helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${EXTERNAL_DNS}"/chartrepo/library --insecure-skip-tls-verify From 49b18540d23d4cb84f14b947682e95c92f207f52 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 12:05:40 +0100 Subject: [PATCH 11/25] refactor(ci): add e2e tests for k8s 1.29, 1.30, 1.31 --- .drone.yml | 397 +++++++++++++++++++++++- katalog/tests/harbor/chartmuseum.sh | 12 +- katalog/tests/harbor/registry-notary.sh | 6 +- katalog/tests/harbor/registry.sh | 6 +- katalog/tests/harbor/replication.sh | 28 +- katalog/tests/harbor/setup.sh | 8 +- katalog/tests/harbor/vulns.sh | 14 +- 7 files changed, 426 insertions(+), 45 deletions(-) diff --git a/.drone.yml b/.drone.yml index b95091c..cf0aba0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -63,7 +63,7 @@ steps: depends_on: - render commands: - # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. + # Using --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet. - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.28.0 - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.29.0 - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.30.0 @@ -113,7 +113,8 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 - EXTERNAL_DNS: "127.0.0.1.nip.io" + # Using nip.io DNS wildcard service to resolve .127.0.0.1.nip.io to localhost where Kind exposes services. + TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - create-kind-cluster commands: @@ -126,7 +127,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 - EXTERNAL_DNS: "127.0.0.1.nip.io" + TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -138,7 +139,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 - EXTERNAL_DNS: "127.0.0.1.nip.io" + TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -150,7 +151,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 - EXTERNAL_DNS: "127.0.0.1.nip.io" + TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -165,7 +166,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 - EXTERNAL_DNS: "127.0.0.1.nip.io" + TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup commands: @@ -196,6 +197,387 @@ volumes: host: path: /var/run/docker.sock +--- +name: e2e-kubernetes-1.29 +kind: pipeline +type: docker + +depends_on: + - policeman + +clone: + depth: 1 + +platform: + os: linux + arch: amd64 + +trigger: + ref: + include: + - refs/tags/** + +steps: + - name: create-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 + pull: always + depends_on: + - clone + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KIND_CONFIG: ./katalog/tests/harbor/config/kind-config + CLUSTER_VERSION: v1.29.0 + KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 + commands: + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} + + - name: e2e-setup + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.29.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - create-kind-cluster + commands: + - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done + - bats -t katalog/tests/harbor/setup.sh + + - name: e2e-vulns + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.29.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/vulns.sh + + - name: e2e-chartmuseum + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.29.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/chartmuseum.sh + + - name: e2e-replication + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.29.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/replication.sh + + - name: e2e-registry + image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + pull: always + network_mode: host + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KUBECONFIG: kubeconfig-harbor-v1.29.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/registry.sh + - bats -t katalog/tests/harbor/registry-notary.sh + + - name: delete-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 + commands: + - kind delete cluster --name $${CLUSTER_NAME} || true + depends_on: + - e2e-vulns + - e2e-chartmuseum + - e2e-replication + - e2e-registry + when: + status: + - success + - failure + +volumes: + - name: dockersock + host: + path: /var/run/docker.sock + +--- +name: e2e-kubernetes-1.30 +kind: pipeline +type: docker + +depends_on: + - policeman + +clone: + depth: 1 + +platform: + os: linux + arch: amd64 + +trigger: + ref: + include: + - refs/tags/** + +steps: + - name: create-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.30.5_3.10.0 + pull: always + depends_on: + - clone + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KIND_CONFIG: ./katalog/tests/harbor/config/kind-config + CLUSTER_VERSION: v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.0 + commands: + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} + + - name: e2e-setup + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.30.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - create-kind-cluster + commands: + - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done + - bats -t katalog/tests/harbor/setup.sh + + - name: e2e-vulns + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.30.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/vulns.sh + + - name: e2e-chartmuseum + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.30.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/chartmuseum.sh + + - name: e2e-replication + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.30.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/replication.sh + + - name: e2e-registry + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.30.5_3.10.0_4.33.3 + pull: always + network_mode: host + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KUBECONFIG: kubeconfig-harbor-v1.30.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/registry.sh + - bats -t katalog/tests/harbor/registry-notary.sh + + - name: delete-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.30.5_3.10.0 + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.0 + commands: + - kind delete cluster --name $${CLUSTER_NAME} || true + depends_on: + - e2e-vulns + - e2e-chartmuseum + - e2e-replication + - e2e-registry + when: + status: + - success + - failure + +volumes: + - name: dockersock + host: + path: /var/run/docker.sock + +--- +name: e2e-kubernetes-1.31 +kind: pipeline +type: docker + +depends_on: + - policeman + +clone: + depth: 1 + +platform: + os: linux + arch: amd64 + +trigger: + ref: + include: + - refs/tags/** + +steps: + - name: create-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0 + pull: always + depends_on: + - clone + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KIND_CONFIG: ./katalog/tests/harbor/config/kind-config + CLUSTER_VERSION: v1.31.0 + KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 + commands: + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} + + - name: e2e-setup + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.31.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - create-kind-cluster + commands: + - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done + - bats -t katalog/tests/harbor/setup.sh + + - name: e2e-vulns + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.31.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/vulns.sh + + - name: e2e-chartmuseum + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.31.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/chartmuseum.sh + + - name: e2e-replication + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 + pull: always + network_mode: host + environment: + KUBECONFIG: kubeconfig-harbor-v1.31.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/replication.sh + + - name: e2e-registry + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.31.1_3.10.0_4.33.3 + pull: always + network_mode: host + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + KUBECONFIG: kubeconfig-harbor-v1.31.0 + TEST_DOMAIN: "127.0.0.1.nip.io" + depends_on: + - e2e-setup + commands: + - bats -t katalog/tests/harbor/registry.sh + - bats -t katalog/tests/harbor/registry-notary.sh + + - name: delete-kind-cluster + image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0 + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 + commands: + - kind delete cluster --name $${CLUSTER_NAME} || true + depends_on: + - e2e-vulns + - e2e-chartmuseum + - e2e-replication + - e2e-registry + when: + status: + - success + - failure + +volumes: + - name: dockersock + host: + path: /var/run/docker.sock + --- name: release kind: pipeline @@ -203,6 +585,9 @@ type: docker depends_on: - e2e-kubernetes-1.28 + - e2e-kubernetes-1.28 + - e2e-kubernetes-1.30 + - e2e-kubernetes-1.31 platform: os: linux diff --git a/katalog/tests/harbor/chartmuseum.sh b/katalog/tests/harbor/chartmuseum.sh index a08e79c..7c1b6b8 100644 --- a/katalog/tests/harbor/chartmuseum.sh +++ b/katalog/tests/harbor/chartmuseum.sh @@ -12,18 +12,14 @@ load "./../lib/helper" setup(){ echo "Adding stable repo" >&3 helm repo add stable https://charts.helm.sh/stable - echo "Installing helm-push plugin" >&3 helm plugin install https://github.com/chartmuseum/helm-push - echo "Fetching nginx-ingress" >&3 helm fetch stable/nginx-ingress --version 1.36.2 - echo "Testing Harbor connection" >&3 - curl -k -v https://harbor."${EXTERNAL_DNS}"/api/v2.0/health >&3 - + curl -k -v https://harbor."${TEST_DOMAIN}"/api/v2.0/health >&3 echo "Adding Harbor repo" >&3 - helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${EXTERNAL_DNS}"/chartrepo/library --insecure-skip-tls-verify + helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${TEST_DOMAIN}"/chartrepo/library --insecure-skip-tls-verify } run setup echo "Setup output: $output" >&3 @@ -44,10 +40,10 @@ load "./../lib/helper" @test "[CHARTS] Check nginx ingress is in chartmuseum" { info test(){ - name=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/search?q=nginx-ingress" \ + name=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/search?q=nginx-ingress" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.chart[0].Chart.name') - version=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/search?q=nginx-ingress" \ + version=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/search?q=nginx-ingress" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.chart[0].Chart.version') if [ "${name}" != "library/nginx-ingress" ]; then return 1; fi diff --git a/katalog/tests/harbor/registry-notary.sh b/katalog/tests/harbor/registry-notary.sh index ae523e0..1b5d07d 100644 --- a/katalog/tests/harbor/registry-notary.sh +++ b/katalog/tests/harbor/registry-notary.sh @@ -9,7 +9,7 @@ load "./../lib/helper" @test "[REGISTRY] Setup" { info setup(){ - skopeo login harbor."${EXTERNAL_DNS}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] @@ -18,7 +18,7 @@ load "./../lib/helper" @test "[NOTARY] Setup" { info setup(){ - curl -k -X PUT "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library" \ + curl -k -X PUT "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ --data '{"metadata": {"enable_content_trust": "true","enable_content_trust_cosign": "true"}}' \ @@ -31,7 +31,7 @@ load "./../lib/helper" @test "[NOTARY] Try to pull unsigned image" { info pull(){ - skopeo copy docker://harbor."${EXTERNAL_DNS}"/library/busybox:1.31 dir:"$HOME"/busybox:1.31 --insecure-policy --tls-verify=false + skopeo copy docker://harbor."${TEST_DOMAIN}"/library/busybox:1.31 dir:"$HOME"/busybox:1.31 --insecure-policy --tls-verify=false } run pull [[ "$status" -ne 0 ]] diff --git a/katalog/tests/harbor/registry.sh b/katalog/tests/harbor/registry.sh index 9ceb125..8d5df28 100644 --- a/katalog/tests/harbor/registry.sh +++ b/katalog/tests/harbor/registry.sh @@ -10,7 +10,7 @@ load "./../lib/helper" @test "[REGISTRY] Setup" { info setup(){ - skopeo login harbor."${EXTERNAL_DNS}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] @@ -19,7 +19,7 @@ load "./../lib/helper" @test "[REGISTRY] Deploy busybox image" { info deploy(){ - skopeo copy docker://library/busybox:1.31 docker://harbor."${EXTERNAL_DNS}"/library/busybox:1.31 --insecure-policy --tls-verify=false + skopeo copy docker://library/busybox:1.31 docker://harbor."${TEST_DOMAIN}"/library/busybox:1.31 --insecure-policy --tls-verify=false } run deploy [ "$status" -eq 0 ] @@ -28,7 +28,7 @@ load "./../lib/helper" @test "[REGISTRY] Check busybox image is in the registry" { info test(){ - tag=$(curl -k -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/busybox/artifacts/1.31/tags" \ + tag=$(curl -k -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/busybox/artifacts/1.31/tags" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].name) if [ "${tag}" != "1.31" ]; then return 1; fi diff --git a/katalog/tests/harbor/replication.sh b/katalog/tests/harbor/replication.sh index e67ac24..8f9b225 100644 --- a/katalog/tests/harbor/replication.sh +++ b/katalog/tests/harbor/replication.sh @@ -10,12 +10,12 @@ load "./../lib/helper" @test "[REPLICATION] Setup upstream" { info setup(){ - curl -k -X POST "https://harbor.${EXTERNAL_DNS}/api/v2.0/registries" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/registries" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ --data '{"name":"dockerhub","type":"docker-hub","url":"https://hub.docker.com","insecure":true}' \ --user "admin:Harbor12345" --fail - curl -k -X POST "https://harbor.${EXTERNAL_DNS}/api/v2.0/registries/ping" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/registries/ping" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ --data '{"name":"dockerhub","type":"docker-hub","url":"https://hub.docker.com","insecure":true}' \ @@ -28,10 +28,10 @@ load "./../lib/helper" @test "[REPLICATION] Setup testing replication policy" { info setup(){ - docker_hub_registry_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/registries" \ + docker_hub_registry_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/registries" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - curl -k -X POST "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/policies" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/policies" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ --data '{"name":"test-from-dockerhub","src_registry":{"id":'"${docker_hub_registry_id}"'},"dest_registry":{"id":0},"dest_namespace":"library","filters":[{"type":"name","value":"nginx/nginx-prometheus-exporter"},{"type":"tag","value":"0.4.*"}],"trigger":{"type":"manual"},"deletion":false,"override":true,"enabled":true}' \ @@ -45,10 +45,10 @@ load "./../lib/helper" @test "[REPLICATION] Start test replication policy" { info start(){ - replication_policy_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/policies" \ + replication_policy_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/policies" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - curl -k -X POST "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/executions" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/executions" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ --data '{"policy_id":'"${replication_policy_id}"'}' \ @@ -61,13 +61,13 @@ load "./../lib/helper" @test "[REPLICATION] Check replication execution" { info test(){ - replication_policy_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/policies" \ + replication_policy_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/policies" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - replication_execution_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/executions?policy_id=${replication_policy_id}" \ + replication_execution_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/executions?policy_id=${replication_policy_id}" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - replication_execution_status=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/executions/${replication_execution_id}" \ + replication_execution_status=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/executions/${replication_execution_id}" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .status) if [ "${replication_execution_status}" != "Succeed" ]; then return 1; fi @@ -80,7 +80,7 @@ load "./../lib/helper" @test "[REPLICATION] Check replicated images are available in harbor" { info test(){ - curl -k -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/nginx-prometheus-exporter/artifacts/0.4.0" \ + curl -k -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/nginx-prometheus-exporter/artifacts/0.4.0" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail } @@ -91,16 +91,16 @@ load "./../lib/helper" @test "[REPLICATION] Delete" { info delete(){ - replication_policy_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/policies" \ + replication_policy_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/policies" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - curl -k -X DELETE "https://harbor.${EXTERNAL_DNS}/api/v2.0/replication/policies/${replication_policy_id}" \ + curl -k -X DELETE "https://harbor.${TEST_DOMAIN}/api/v2.0/replication/policies/${replication_policy_id}" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail - registry_id=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/registries" \ + registry_id=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/registries" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r .[0].id) - curl -k -X DELETE "https://harbor.${EXTERNAL_DNS}/api/v2.0/registries/${registry_id}" \ + curl -k -X DELETE "https://harbor.${TEST_DOMAIN}/api/v2.0/registries/${registry_id}" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail } diff --git a/katalog/tests/harbor/setup.sh b/katalog/tests/harbor/setup.sh index 534d548..fa785cc 100644 --- a/katalog/tests/harbor/setup.sh +++ b/katalog/tests/harbor/setup.sh @@ -52,7 +52,7 @@ load "./../lib/helper" [ "$status" -eq 0 ] } -@test "[SETUP] requirements - Prepare Harbor manifests (externalIP)" { +@test "[SETUP] requirements - Prepare Harbor manifests" { info files_to_change=""" examples/full-harbor/kustomization.yaml @@ -61,7 +61,7 @@ load "./../lib/helper" """ for file in ${files_to_change} do - sed -i'' -e 's/%YOUR_DOMAIN%/'"${EXTERNAL_DNS}"'/g' "${file}" + sed -i'' -e 's/%YOUR_DOMAIN%/'"${TEST_DOMAIN}"'/g' "${file}" done } @@ -89,10 +89,10 @@ load "./../lib/helper" [ "$status" -eq 0 ] } -@test "[SETUP] Check Harbor Connectivity" { +@test "[SETUP] Check Harbor connectivity" { info test(){ - curl -k -v https://harbor.${EXTERNAL_DNS}/api/v2.0/health >&3 + curl -k -v https://harbor."${TEST_DOMAIN}"/api/v2.0/health >&3 kubectl get ingress -n registry >&3 kubectl describe ingress -n registry >&3 } diff --git a/katalog/tests/harbor/vulns.sh b/katalog/tests/harbor/vulns.sh index ce41928..45f1272 100644 --- a/katalog/tests/harbor/vulns.sh +++ b/katalog/tests/harbor/vulns.sh @@ -10,7 +10,7 @@ load "./../lib/helper" @test "[VULNS] Setup" { info setup(){ - skopeo login harbor."${EXTERNAL_DNS}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] @@ -19,7 +19,7 @@ load "./../lib/helper" @test "[VULNS] Deploy insecure image" { info deploy(){ - skopeo copy docker://vulnerables/web-dvwa:1.9 docker://harbor."${EXTERNAL_DNS}"/library/web-dvwa:1.9 --insecure-policy --tls-verify=false + skopeo copy docker://vulnerables/web-dvwa:1.9 docker://harbor."${TEST_DOMAIN}"/library/web-dvwa:1.9 --insecure-policy --tls-verify=false } run deploy [ "$status" -eq 0 ] @@ -28,7 +28,7 @@ load "./../lib/helper" @test "[VULNS] Check insecure image is in the registry" { info test(){ - tag=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/tags" \ + tag=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/tags" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.[0].name') if [ "${tag}" != "1.9" ]; then return 1; fi @@ -40,7 +40,7 @@ load "./../lib/helper" @test "[VULNS] Check scanner status" { info test(){ - health=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/1/scanner" \ + health=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/1/scanner" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.health') if [ "${health}" != "healthy" ]; then return 1; fi @@ -54,7 +54,7 @@ load "./../lib/helper" test(){ # Trigger Scan echo "# Trigger the scan" >&3 - curl -k -X POST "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/scan" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/scan" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail # Wait for scan @@ -65,7 +65,7 @@ load "./../lib/helper" echo "# Wait to get the scan report" >&3 while [[ "${scan_status}" != "Success" ]] && [[ "${retries}" -lt ${mas_retries} ]] do - scan_status=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ + scan_status=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ -H "accept: application/json" \ -H 'x-accept-vulnerabilities: application/vnd.security.vulnerability.report; version=1.1' \ --user "admin:Harbor12345" --fail | jq -r '.scan_overview["application/vnd.security.vulnerability.report; version=1.1"].scan_status') @@ -75,7 +75,7 @@ load "./../lib/helper" if [ "${scan_status}" != "Success" ]; then return 1; fi # See scan report echo "# Checking scan report" >&3 - vulns=$(curl -k -s -X GET "https://harbor.${EXTERNAL_DNS}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ + vulns=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ -H "accept: application/json" \ -H 'x-accept-vulnerabilities: application/vnd.security.vulnerability.report; version=1.1, application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0' \ --user "admin:Harbor12345" --fail | jq -r '.scan_overview["application/vnd.security.vulnerability.report; version=1.1"].summary.total') From 4adbc5ffeebb0060b0514285181b8eacfe010acb Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 12:21:56 +0100 Subject: [PATCH 12/25] chore(ci): update kind cluster to v1.30.4 --- .drone.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index cf0aba0..391376d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -355,9 +355,9 @@ steps: path: /var/run/docker.sock environment: KIND_CONFIG: ./katalog/tests/harbor/config/kind-config - CLUSTER_VERSION: v1.30.0 - KUBECONFIG: kubeconfig-harbor-v1.30.0 - CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.0 + CLUSTER_VERSION: v1.30.4 + KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 commands: - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} @@ -367,7 +367,7 @@ steps: pull: always network_mode: host environment: - KUBECONFIG: kubeconfig-harbor-v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - create-kind-cluster @@ -380,7 +380,7 @@ steps: pull: always network_mode: host environment: - KUBECONFIG: kubeconfig-harbor-v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -392,7 +392,7 @@ steps: pull: always network_mode: host environment: - KUBECONFIG: kubeconfig-harbor-v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -404,7 +404,7 @@ steps: pull: always network_mode: host environment: - KUBECONFIG: kubeconfig-harbor-v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -419,7 +419,7 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - KUBECONFIG: kubeconfig-harbor-v1.30.0 + KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -433,7 +433,7 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 commands: - kind delete cluster --name $${CLUSTER_NAME} || true depends_on: From aed56a7eeda51b3c7a83dadeb2d95fa112d58657 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 12:23:31 +0100 Subject: [PATCH 13/25] fix(ci): add dependencies to avoid kind ports conflict --- .drone.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.drone.yml b/.drone.yml index 391376d..e30ff03 100644 --- a/.drone.yml +++ b/.drone.yml @@ -204,6 +204,7 @@ type: docker depends_on: - policeman + - e2e-kubernetes-1.28 clone: depth: 1 @@ -331,6 +332,7 @@ type: docker depends_on: - policeman + - e2e-kubernetes-1.29 clone: depth: 1 @@ -458,6 +460,7 @@ type: docker depends_on: - policeman + - e2e-kubernetes-1.30 clone: depth: 1 From 50c83906f2ee51e581c2e157485bbf8bd33d6ed6 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Tue, 29 Oct 2024 14:18:56 +0100 Subject: [PATCH 14/25] fix(ci): add missing furyctl in setup step --- .drone.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index e30ff03..9069b41 100644 --- a/.drone.yml +++ b/.drone.yml @@ -374,6 +374,7 @@ steps: depends_on: - create-kind-cluster commands: + - curl -LOs https://github.com/sighupio/furyctl/releases/download/v0.11.1/furyctl-linux-amd64 && chmod +x furyctl-linux-amd64 && mv furyctl-linux-amd64 /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh @@ -502,6 +503,7 @@ steps: depends_on: - create-kind-cluster commands: + - curl -LOs https://github.com/sighupio/furyctl/releases/download/v0.11.1/furyctl-linux-amd64 && chmod +x furyctl-linux-amd64 && mv furyctl-linux-amd64 /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh From 4908f8db1f083c0251cfcb9885ec0e37e57637ac Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 14:02:34 +0100 Subject: [PATCH 15/25] apply suggestion Co-authored-by: Ramiro Algozino --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 9069b41..7e44223 100644 --- a/.drone.yml +++ b/.drone.yml @@ -590,7 +590,7 @@ type: docker depends_on: - e2e-kubernetes-1.28 - - e2e-kubernetes-1.28 + - e2e-kubernetes-1.29 - e2e-kubernetes-1.30 - e2e-kubernetes-1.31 From 7e22ab080dd14debb23e972c70b967eb71b0dc62 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 14:02:51 +0100 Subject: [PATCH 16/25] apply suggestion Co-authored-by: Ramiro Algozino --- docs/releases/v3.2.0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/releases/v3.2.0.md b/docs/releases/v3.2.0.md index a83c481..627770d 100644 --- a/docs/releases/v3.2.0.md +++ b/docs/releases/v3.2.0.md @@ -1,6 +1,7 @@ # Registry Module version 3.2.0 ## Changelog + - Added compatibility with Kubernetes versions 1.30.x and 1.31.x. ## Upgrade path From 22f84990cb50fc69fcbbb8aa5d4816622b2aeb1d Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 14:50:52 +0100 Subject: [PATCH 17/25] feat(ci): use a newer furyctl version in e2e-setup --- .drone.yml | 34 ++++++++++++------- .../config/{Furyfile.yml => Furyfile.yaml} | 0 katalog/tests/harbor/setup.sh | 2 +- 3 files changed, 23 insertions(+), 13 deletions(-) rename katalog/tests/harbor/config/{Furyfile.yml => Furyfile.yaml} (100%) diff --git a/.drone.yml b/.drone.yml index 7e44223..d87c6c9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,21 +108,24 @@ steps: - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 # Using nip.io DNS wildcard service to resolve .127.0.0.1.nip.io to localhost where Kind exposes services. TEST_DOMAIN: "127.0.0.1.nip.io" + FURYCTL_VERSION: v0.29.10 depends_on: - create-kind-cluster commands: + - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp + - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh - name: e2e-vulns - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -134,7 +137,7 @@ steps: - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -146,7 +149,7 @@ steps: - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -158,7 +161,7 @@ steps: - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host volumes: @@ -237,20 +240,23 @@ steps: - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" + FURYCTL_VERSION: v0.29.10 depends_on: - create-kind-cluster commands: + - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp + - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh - name: e2e-vulns - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -262,7 +268,7 @@ steps: - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -274,7 +280,7 @@ steps: - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host environment: @@ -286,7 +292,7 @@ steps: - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry - image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.12.0_1.9.4_1.29.1_3.5.3_4.33.3 + image: quay.io/sighup/e2e-testing:1.1.0_3.12.0_1.29.1_3.10.0_4.33.3 pull: always network_mode: host volumes: @@ -371,10 +377,12 @@ steps: environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" + FURYCTL_VERSION: v0.29.10 depends_on: - create-kind-cluster commands: - - curl -LOs https://github.com/sighupio/furyctl/releases/download/v0.11.1/furyctl-linux-amd64 && chmod +x furyctl-linux-amd64 && mv furyctl-linux-amd64 /usr/local/bin/furyctl + - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp + - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh @@ -500,10 +508,12 @@ steps: environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" + FURYCTL_VERSION: v0.29.10 depends_on: - create-kind-cluster commands: - - curl -LOs https://github.com/sighupio/furyctl/releases/download/v0.11.1/furyctl-linux-amd64 && chmod +x furyctl-linux-amd64 && mv furyctl-linux-amd64 /usr/local/bin/furyctl + - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp + - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done - bats -t katalog/tests/harbor/setup.sh diff --git a/katalog/tests/harbor/config/Furyfile.yml b/katalog/tests/harbor/config/Furyfile.yaml similarity index 100% rename from katalog/tests/harbor/config/Furyfile.yml rename to katalog/tests/harbor/config/Furyfile.yaml diff --git a/katalog/tests/harbor/setup.sh b/katalog/tests/harbor/setup.sh index fa785cc..f98487e 100644 --- a/katalog/tests/harbor/setup.sh +++ b/katalog/tests/harbor/setup.sh @@ -21,7 +21,7 @@ load "./../lib/helper" info install_ingress(){ cd katalog/tests/harbor/config - furyctl vendor -H + furyctl legacy vendor -H cd - kustomize build katalog/tests/harbor/config | kubectl apply -f - } From 37374df7afc62523610119ff8dd4327d59165ecf Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 16:29:55 +0100 Subject: [PATCH 18/25] refactor(ci): update kind template with dynamic ports --- .drone.yml | 36 ++++++-- examples/external-db/kustomization.yaml | 2 +- examples/external-db/patch/ingress.yml | 8 +- .../external-db/secrets/notary/server.json | 2 +- examples/full-harbor/kustomization.yaml | 2 +- examples/full-harbor/patch/ingress.yml | 8 +- .../full-harbor/secrets/notary/server.json | 2 +- katalog/tests/harbor/chartmuseum.sh | 4 +- .../tests/harbor/config/generate-template.sh | 87 +++++++++++++++++++ katalog/tests/harbor/registry-notary.sh | 2 +- katalog/tests/harbor/registry.sh | 2 +- katalog/tests/harbor/replication.sh | 28 +++--- katalog/tests/harbor/setup.sh | 3 +- katalog/tests/harbor/vulns.sh | 10 +-- 14 files changed, 152 insertions(+), 44 deletions(-) create mode 100644 katalog/tests/harbor/config/generate-template.sh diff --git a/.drone.yml b/.drone.yml index d87c6c9..e241fcd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -90,6 +90,12 @@ trigger: - refs/tags/** steps: + - name: generate-kind-config + image: alpine:latest + pull: always + commands: + - sh ./katalog/tests/harbor/config/generate-template.sh v1.28.0 + - name: create-kind-cluster image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 pull: always @@ -99,12 +105,11 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - KIND_CONFIG: ./katalog/tests/harbor/config/kind-config CLUSTER_VERSION: v1.28.0 KUBECONFIG: kubeconfig-harbor-v1.28.0 CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 commands: - - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config ./config-$${CLUSTER_NAME}.yaml - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup @@ -222,6 +227,12 @@ trigger: - refs/tags/** steps: + - name: generate-kind-config + image: alpine:latest + pull: always + commands: + - sh ./katalog/tests/harbor/config/generate-template.sh v1.29.0 + - name: create-kind-cluster image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0 pull: always @@ -231,12 +242,11 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - KIND_CONFIG: ./katalog/tests/harbor/config/kind-config CLUSTER_VERSION: v1.29.0 KUBECONFIG: kubeconfig-harbor-v1.29.0 CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 commands: - - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config ./config-$${CLUSTER_NAME}.yaml - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup @@ -353,6 +363,12 @@ trigger: - refs/tags/** steps: + - name: generate-kind-config + image: alpine:latest + pull: always + commands: + - sh ./katalog/tests/harbor/config/generate-template.sh v1.30.4 + - name: create-kind-cluster image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.30.5_3.10.0 pull: always @@ -362,12 +378,11 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - KIND_CONFIG: ./katalog/tests/harbor/config/kind-config CLUSTER_VERSION: v1.30.4 KUBECONFIG: kubeconfig-harbor-v1.30.4 CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 commands: - - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config ./config-$${CLUSTER_NAME}.yaml - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup @@ -484,6 +499,12 @@ trigger: - refs/tags/** steps: + - name: generate-kind-config + image: alpine:latest + pull: always + commands: + - sh ./katalog/tests/harbor/config/generate-template.sh v1.31.0 + - name: create-kind-cluster image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0 pull: always @@ -493,12 +514,11 @@ steps: - name: dockersock path: /var/run/docker.sock environment: - KIND_CONFIG: ./katalog/tests/harbor/config/kind-config CLUSTER_VERSION: v1.31.0 KUBECONFIG: kubeconfig-harbor-v1.31.0 CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 commands: - - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config $${KIND_CONFIG} + - kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config ./config-$${CLUSTER_NAME}.yaml - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG} - name: e2e-setup diff --git a/examples/external-db/kustomization.yaml b/examples/external-db/kustomization.yaml index a5affbd..85821bc 100644 --- a/examples/external-db/kustomization.yaml +++ b/examples/external-db/kustomization.yaml @@ -37,7 +37,7 @@ configMapGenerator: - POSTGRESQL_USERNAME=%YOUR_DB_USER% - POSTGRESQL_DATABASE=registry - POSTGRESQL_SSLMODE=disable - - EXT_ENDPOINT=https://harbor.%YOUR_DOMAIN% + - EXT_ENDPOINT=https://harbor.%YOUR_DOMAIN%:%YOUR_PORT% - CLAIR_DB_HOST=%YOUR_DB_HOSTNAME% - CLAIR_DB_PORT=%YOUR_DB_PORT% - CLAIR_DB_USERNAME=%YOUR_DB_USER% diff --git a/examples/external-db/patch/ingress.yml b/examples/external-db/patch/ingress.yml index 60dff47..b42e105 100644 --- a/examples/external-db/patch/ingress.yml +++ b/examples/external-db/patch/ingress.yml @@ -21,19 +21,19 @@ - op: replace path: /spec/rules/0/host - value: harbor.%YOUR_DOMAIN% + value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/rules/1/host - value: notary.%YOUR_DOMAIN% + value: notary.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/tls/0/hosts/0 - value: harbor.%YOUR_DOMAIN% + value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/tls/0/hosts/1 - value: notary.%YOUR_DOMAIN% + value: notary.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: "/metadata/annotations/cert-manager.io~1cluster-issuer" diff --git a/examples/external-db/secrets/notary/server.json b/examples/external-db/secrets/notary/server.json index b65a249..edcba15 100755 --- a/examples/external-db/secrets/notary/server.json +++ b/examples/external-db/secrets/notary/server.json @@ -19,7 +19,7 @@ "auth": { "type": "token", "options": { - "realm": "https://harbor.%YOUR_DOMAIN%/service/token", + "realm": "https://harbor.%YOUR_DOMAIN%:%YOUR_PORT%/service/token", "service": "harbor-notary", "issuer": "harbor-token-issuer", "rootcertbundle": "/root.crt" diff --git a/examples/full-harbor/kustomization.yaml b/examples/full-harbor/kustomization.yaml index b3dca2e..e18e8ff 100644 --- a/examples/full-harbor/kustomization.yaml +++ b/examples/full-harbor/kustomization.yaml @@ -29,7 +29,7 @@ configMapGenerator: - POSTGRESQL_USERNAME=postgres - POSTGRESQL_DATABASE=registry - POSTGRESQL_SSLMODE=disable - - EXT_ENDPOINT=https://harbor.%YOUR_DOMAIN% + - EXT_ENDPOINT=https://harbor.%YOUR_DOMAIN%:%YOUR_PORT% - LOG_LEVEL=debug - _REDIS_URL=redis:6379 - _REDIS_URL_REG=redis://redis:6379/2 diff --git a/examples/full-harbor/patch/ingress.yml b/examples/full-harbor/patch/ingress.yml index 60dff47..b42e105 100644 --- a/examples/full-harbor/patch/ingress.yml +++ b/examples/full-harbor/patch/ingress.yml @@ -21,19 +21,19 @@ - op: replace path: /spec/rules/0/host - value: harbor.%YOUR_DOMAIN% + value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/rules/1/host - value: notary.%YOUR_DOMAIN% + value: notary.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/tls/0/hosts/0 - value: harbor.%YOUR_DOMAIN% + value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: /spec/tls/0/hosts/1 - value: notary.%YOUR_DOMAIN% + value: notary.%YOUR_DOMAIN%:%YOUR_PORT% - op: replace path: "/metadata/annotations/cert-manager.io~1cluster-issuer" diff --git a/examples/full-harbor/secrets/notary/server.json b/examples/full-harbor/secrets/notary/server.json index c4c58fe..2baebe0 100755 --- a/examples/full-harbor/secrets/notary/server.json +++ b/examples/full-harbor/secrets/notary/server.json @@ -19,7 +19,7 @@ "auth": { "type": "token", "options": { - "realm": "https://harbor.%YOUR_DOMAIN%/service/token", + "realm": "https://harbor.%YOUR_DOMAIN%:%YOUR_PORT%/service/token", "service": "harbor-notary", "issuer": "harbor-token-issuer", "rootcertbundle": "/root.crt" diff --git a/katalog/tests/harbor/chartmuseum.sh b/katalog/tests/harbor/chartmuseum.sh index 7c1b6b8..3eb5251 100644 --- a/katalog/tests/harbor/chartmuseum.sh +++ b/katalog/tests/harbor/chartmuseum.sh @@ -40,10 +40,10 @@ load "./../lib/helper" @test "[CHARTS] Check nginx ingress is in chartmuseum" { info test(){ - name=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/search?q=nginx-ingress" \ + name=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}:${HTTPS_PORT}/api/v2.0/search?q=nginx-ingress" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.chart[0].Chart.name') - version=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/search?q=nginx-ingress" \ + version=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}:${HTTPS_PORT}/api/v2.0/search?q=nginx-ingress" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail | jq -r '.chart[0].Chart.version') if [ "${name}" != "library/nginx-ingress" ]; then return 1; fi diff --git a/katalog/tests/harbor/config/generate-template.sh b/katalog/tests/harbor/config/generate-template.sh new file mode 100644 index 0000000..fe128a2 --- /dev/null +++ b/katalog/tests/harbor/config/generate-template.sh @@ -0,0 +1,87 @@ +#!/bin/sh +# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# Assign command line arguments to variables or read from environment +KUBE_VERSION=${1:-$KUBE_VERSION} +DEFAULT_PORT1=${2:-${PORT1:-1080}} # Use command line argument, then environment variable, then 1080 as default +DEFAULT_PORT2=${3:-${PORT2:-2080}} # Use command line argument, then environment variable, then 2080 as default + +# Validate that the Kubernetes version argument has been provided +if [ -z "$KUBE_VERSION" ]; then + echo "Error: Kubernetes version is missing. Provide it as an argument or set the KUBE_VERSION environment variable." + echo "Usage: sh $0 [v]X.Y.Z [DEFAULT_PORT1] [DEFAULT_PORT2]" + echo "Example: sh $0 1.26.3 or sh $0 v1.26.3" + exit 1 +fi + +# Validate the Kubernetes version format (vX.Y.Z) +VERSION_REGEX='^v[0-9]+\.[0-9]+\.[0-9]+$' +if ! echo "$KUBE_VERSION" | grep -E "$VERSION_REGEX" > /dev/null; then + echo "Error: Kubernetes version format is invalid. Expected '[v]X.Y.Z'." + echo "Example: sh $0 1.26.3 or sh $0 v1.26.3" + exit 2 +fi + +# Extract the minor version part (Y) from the Kubernetes version +MINOR_VERSION=$(echo "$KUBE_VERSION" | cut -d'.' -f2) + +# Validate that the DRONE_BUILD_NUMBER environment variable is set and is an integer +if [ -z "$DRONE_BUILD_NUMBER" ] || ! echo "$DRONE_BUILD_NUMBER" | grep -E '^[0-9]+$' > /dev/null; then + echo "Error: DRONE_BUILD_NUMBER is not set or is not an integer." + exit 3 +fi + +# Calculate unique port numbers based on the major Kubernetes version, DRONE_BUILD_NUMBER, and default port values +UNIQUE_PORT1=$((MINOR_VERSION + DRONE_BUILD_NUMBER + DEFAULT_PORT1)) +UNIQUE_PORT2=$((MINOR_VERSION + DRONE_BUILD_NUMBER + DEFAULT_PORT2)) + +# Ensure unique ports are greater than 1024 and less than 30000 +if [ "$UNIQUE_PORT1" -le 1024 ] || [ "$UNIQUE_PORT1" -ge 30000 ] || [ "$UNIQUE_PORT2" -le 1024 ] || [ "$UNIQUE_PORT2" -ge 30000 ]; then + echo "Error: Calculated ports must be greater than 1024 and less than 30000. HTTP_PORT = $UNIQUE_PORT2 HTTPS_PORT = $UNIQUE_PORT1" + exit 4 +fi + +CLUSTER_NAME="${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-${KUBE_VERSION}" +DEFAULT_OUTPUT=./ + +CONFIG_FILE="${DEFAULT_OUTPUT}config-${CLUSTER_NAME}.yaml" +cat > "$CONFIG_FILE" < "$DRONE_ENV_REF" <&3 - curl -k -X POST "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/scan" \ + curl -k -X POST "https://harbor.${TEST_DOMAIN}:${HTTPS_PORT}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9/scan" \ -H "accept: application/json" \ --user "admin:Harbor12345" --fail # Wait for scan @@ -65,7 +65,7 @@ load "./../lib/helper" echo "# Wait to get the scan report" >&3 while [[ "${scan_status}" != "Success" ]] && [[ "${retries}" -lt ${mas_retries} ]] do - scan_status=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ + scan_status=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}:${HTTPS_PORT}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ -H "accept: application/json" \ -H 'x-accept-vulnerabilities: application/vnd.security.vulnerability.report; version=1.1' \ --user "admin:Harbor12345" --fail | jq -r '.scan_overview["application/vnd.security.vulnerability.report; version=1.1"].scan_status') @@ -75,7 +75,7 @@ load "./../lib/helper" if [ "${scan_status}" != "Success" ]; then return 1; fi # See scan report echo "# Checking scan report" >&3 - vulns=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ + vulns=$(curl -k -s -X GET "https://harbor.${TEST_DOMAIN}:${HTTPS_PORT}/api/v2.0/projects/library/repositories/web-dvwa/artifacts/1.9?with_scan_overview=true" \ -H "accept: application/json" \ -H 'x-accept-vulnerabilities: application/vnd.security.vulnerability.report; version=1.1, application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0' \ --user "admin:Harbor12345" --fail | jq -r '.scan_overview["application/vnd.security.vulnerability.report; version=1.1"].summary.total') From 467395c1bb8fff13d598a6d95b851816464f95f4 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 16:52:28 +0100 Subject: [PATCH 19/25] fix(ci): add dynamic port on tests --- katalog/tests/harbor/chartmuseum.sh | 4 ++-- katalog/tests/harbor/registry-notary.sh | 2 +- katalog/tests/harbor/registry.sh | 2 +- katalog/tests/harbor/setup.sh | 2 +- katalog/tests/harbor/vulns.sh | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/katalog/tests/harbor/chartmuseum.sh b/katalog/tests/harbor/chartmuseum.sh index 3eb5251..b307c80 100644 --- a/katalog/tests/harbor/chartmuseum.sh +++ b/katalog/tests/harbor/chartmuseum.sh @@ -17,9 +17,9 @@ load "./../lib/helper" echo "Fetching nginx-ingress" >&3 helm fetch stable/nginx-ingress --version 1.36.2 echo "Testing Harbor connection" >&3 - curl -k -v https://harbor."${TEST_DOMAIN}"/api/v2.0/health >&3 + curl -k -v https://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/api/v2.0/health >&3 echo "Adding Harbor repo" >&3 - helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${TEST_DOMAIN}"/chartrepo/library --insecure-skip-tls-verify + helm repo add --username=admin --password=Harbor12345 harbor-test https://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/chartrepo/library --insecure-skip-tls-verify } run setup echo "Setup output: $output" >&3 diff --git a/katalog/tests/harbor/registry-notary.sh b/katalog/tests/harbor/registry-notary.sh index 3cd235d..bb7beb4 100644 --- a/katalog/tests/harbor/registry-notary.sh +++ b/katalog/tests/harbor/registry-notary.sh @@ -31,7 +31,7 @@ load "./../lib/helper" @test "[NOTARY] Try to pull unsigned image" { info pull(){ - skopeo copy docker://harbor."${TEST_DOMAIN}"/library/busybox:1.31 dir:"$HOME"/busybox:1.31 --insecure-policy --tls-verify=false + skopeo copy docker://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/library/busybox:1.31 dir:"$HOME"/busybox:1.31 --insecure-policy --tls-verify=false } run pull [[ "$status" -ne 0 ]] diff --git a/katalog/tests/harbor/registry.sh b/katalog/tests/harbor/registry.sh index 0bdfc92..de59a1a 100644 --- a/katalog/tests/harbor/registry.sh +++ b/katalog/tests/harbor/registry.sh @@ -19,7 +19,7 @@ load "./../lib/helper" @test "[REGISTRY] Deploy busybox image" { info deploy(){ - skopeo copy docker://library/busybox:1.31 docker://harbor."${TEST_DOMAIN}"/library/busybox:1.31 --insecure-policy --tls-verify=false + skopeo copy docker://library/busybox:1.31 docker://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/library/busybox:1.31 --insecure-policy --tls-verify=false } run deploy [ "$status" -eq 0 ] diff --git a/katalog/tests/harbor/setup.sh b/katalog/tests/harbor/setup.sh index f474f87..a8dc308 100644 --- a/katalog/tests/harbor/setup.sh +++ b/katalog/tests/harbor/setup.sh @@ -93,7 +93,7 @@ load "./../lib/helper" @test "[SETUP] Check Harbor connectivity" { info test(){ - curl -k -v https://harbor."${TEST_DOMAIN}"/api/v2.0/health >&3 + curl -k -v https://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/api/v2.0/health >&3 kubectl get ingress -n registry >&3 kubectl describe ingress -n registry >&3 } diff --git a/katalog/tests/harbor/vulns.sh b/katalog/tests/harbor/vulns.sh index c36a876..f614bed 100644 --- a/katalog/tests/harbor/vulns.sh +++ b/katalog/tests/harbor/vulns.sh @@ -19,7 +19,7 @@ load "./../lib/helper" @test "[VULNS] Deploy insecure image" { info deploy(){ - skopeo copy docker://vulnerables/web-dvwa:1.9 docker://harbor."${TEST_DOMAIN}"/library/web-dvwa:1.9 --insecure-policy --tls-verify=false + skopeo copy docker://vulnerables/web-dvwa:1.9 docker://harbor."${TEST_DOMAIN}":"${HTTPS_PORT}"/library/web-dvwa:1.9 --insecure-policy --tls-verify=false } run deploy [ "$status" -eq 0 ] From 6d9cfd6b8140fd81e2f31ffe5a77865c0d2c17e6 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 16:53:08 +0100 Subject: [PATCH 20/25] fix(ci): rollback unwanted string replacements in ingress patches --- examples/external-db/patch/ingress.yml | 6 +++--- examples/full-harbor/patch/ingress.yml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/external-db/patch/ingress.yml b/examples/external-db/patch/ingress.yml index b42e105..dff6fdd 100644 --- a/examples/external-db/patch/ingress.yml +++ b/examples/external-db/patch/ingress.yml @@ -21,15 +21,15 @@ - op: replace path: /spec/rules/0/host - value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% + value: harbor.%YOUR_DOMAIN% - op: replace path: /spec/rules/1/host - value: notary.%YOUR_DOMAIN%:%YOUR_PORT% + value: notary.%YOUR_DOMAIN% - op: replace path: /spec/tls/0/hosts/0 - value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% + value: harbor.%YOUR_DOMAIN% - op: replace path: /spec/tls/0/hosts/1 diff --git a/examples/full-harbor/patch/ingress.yml b/examples/full-harbor/patch/ingress.yml index b42e105..60dff47 100644 --- a/examples/full-harbor/patch/ingress.yml +++ b/examples/full-harbor/patch/ingress.yml @@ -21,19 +21,19 @@ - op: replace path: /spec/rules/0/host - value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% + value: harbor.%YOUR_DOMAIN% - op: replace path: /spec/rules/1/host - value: notary.%YOUR_DOMAIN%:%YOUR_PORT% + value: notary.%YOUR_DOMAIN% - op: replace path: /spec/tls/0/hosts/0 - value: harbor.%YOUR_DOMAIN%:%YOUR_PORT% + value: harbor.%YOUR_DOMAIN% - op: replace path: /spec/tls/0/hosts/1 - value: notary.%YOUR_DOMAIN%:%YOUR_PORT% + value: notary.%YOUR_DOMAIN% - op: replace path: "/metadata/annotations/cert-manager.io~1cluster-issuer" From 1950382db629d1a32c097b4cffbbad504bce78d1 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 17:17:14 +0100 Subject: [PATCH 21/25] fix(ci): source environment variables from generated env file --- .drone.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.drone.yml b/.drone.yml index e241fcd..366aff8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -124,6 +124,7 @@ steps: depends_on: - create-kind-cluster commands: + - . ./env-$${CLUSTER_NAME}.env - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done @@ -139,6 +140,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum @@ -151,6 +153,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication @@ -163,6 +166,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry @@ -178,6 +182,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/registry.sh - bats -t katalog/tests/harbor/registry-notary.sh @@ -260,6 +265,7 @@ steps: depends_on: - create-kind-cluster commands: + - . ./env-$${CLUSTER_NAME}.env - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done @@ -275,6 +281,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum @@ -287,6 +294,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication @@ -299,6 +307,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry @@ -314,6 +323,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/registry.sh - bats -t katalog/tests/harbor/registry-notary.sh @@ -396,6 +406,7 @@ steps: depends_on: - create-kind-cluster commands: + - . ./env-$${CLUSTER_NAME}.env - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done @@ -411,6 +422,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum @@ -423,6 +435,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication @@ -435,6 +448,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry @@ -450,6 +464,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/registry.sh - bats -t katalog/tests/harbor/registry-notary.sh @@ -532,6 +547,7 @@ steps: depends_on: - create-kind-cluster commands: + - . ./env-$${CLUSTER_NAME}.env - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp - mv /tmp/furyctl /usr/local/bin/furyctl && chmod +x /usr/local/bin/furyctl - until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done @@ -547,6 +563,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/vulns.sh - name: e2e-chartmuseum @@ -559,6 +576,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/chartmuseum.sh - name: e2e-replication @@ -571,6 +589,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/replication.sh - name: e2e-registry @@ -586,6 +605,7 @@ steps: depends_on: - e2e-setup commands: + - . ./env-$${CLUSTER_NAME}.env - bats -t katalog/tests/harbor/registry.sh - bats -t katalog/tests/harbor/registry-notary.sh From 5ef3a85eff4e7d15d95bc5a917bdadc543a396cc Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 17:25:38 +0100 Subject: [PATCH 22/25] fix(ci): add cluster name env var --- .drone.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.drone.yml b/.drone.yml index 366aff8..7983452 100644 --- a/.drone.yml +++ b/.drone.yml @@ -118,6 +118,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 # Using nip.io DNS wildcard service to resolve .127.0.0.1.nip.io to localhost where Kind exposes services. TEST_DOMAIN: "127.0.0.1.nip.io" FURYCTL_VERSION: v0.29.10 @@ -136,6 +137,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -149,6 +151,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -162,6 +165,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -178,6 +182,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.28.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.28.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -260,6 +265,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" FURYCTL_VERSION: v0.29.10 depends_on: @@ -277,6 +283,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -290,6 +297,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -303,6 +311,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -319,6 +328,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.29.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.29.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -401,6 +411,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" FURYCTL_VERSION: v0.29.10 depends_on: @@ -418,6 +429,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -431,6 +443,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -444,6 +457,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -460,6 +474,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.30.4 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.30.4 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -542,6 +557,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" FURYCTL_VERSION: v0.29.10 depends_on: @@ -559,6 +575,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -572,6 +589,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -585,6 +603,7 @@ steps: network_mode: host environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup @@ -601,6 +620,7 @@ steps: path: /var/run/docker.sock environment: KUBECONFIG: kubeconfig-harbor-v1.31.0 + CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-harbor-v1.31.0 TEST_DOMAIN: "127.0.0.1.nip.io" depends_on: - e2e-setup From 04cff700c4aaea03be1afc5070237ab41b708c13 Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Wed, 30 Oct 2024 17:46:51 +0100 Subject: [PATCH 23/25] fix(ci): reverse unique port numbers --- katalog/tests/harbor/config/generate-template.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/katalog/tests/harbor/config/generate-template.sh b/katalog/tests/harbor/config/generate-template.sh index fe128a2..6006a5a 100644 --- a/katalog/tests/harbor/config/generate-template.sh +++ b/katalog/tests/harbor/config/generate-template.sh @@ -74,8 +74,8 @@ EOF DRONE_ENV_REF="${DEFAULT_OUTPUT}env-${CLUSTER_NAME}.env" cat > "$DRONE_ENV_REF" < Date: Wed, 30 Oct 2024 17:57:05 +0100 Subject: [PATCH 24/25] fix(ci): add https port where missing in tests --- katalog/tests/harbor/registry-notary.sh | 2 +- katalog/tests/harbor/registry.sh | 2 +- katalog/tests/harbor/vulns.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/katalog/tests/harbor/registry-notary.sh b/katalog/tests/harbor/registry-notary.sh index bb7beb4..afa1fbc 100644 --- a/katalog/tests/harbor/registry-notary.sh +++ b/katalog/tests/harbor/registry-notary.sh @@ -9,7 +9,7 @@ load "./../lib/helper" @test "[REGISTRY] Setup" { info setup(){ - skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}":"${HTTPS_PORT}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] diff --git a/katalog/tests/harbor/registry.sh b/katalog/tests/harbor/registry.sh index de59a1a..95b0bb9 100644 --- a/katalog/tests/harbor/registry.sh +++ b/katalog/tests/harbor/registry.sh @@ -10,7 +10,7 @@ load "./../lib/helper" @test "[REGISTRY] Setup" { info setup(){ - skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}":"${HTTPS_PORT}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] diff --git a/katalog/tests/harbor/vulns.sh b/katalog/tests/harbor/vulns.sh index f614bed..cd3b43d 100644 --- a/katalog/tests/harbor/vulns.sh +++ b/katalog/tests/harbor/vulns.sh @@ -10,7 +10,7 @@ load "./../lib/helper" @test "[VULNS] Setup" { info setup(){ - skopeo login harbor."${TEST_DOMAIN}" -u admin -p Harbor12345 --tls-verify=false + skopeo login harbor."${TEST_DOMAIN}":"${HTTPS_PORT}" -u admin -p Harbor12345 --tls-verify=false } run setup [ "$status" -eq 0 ] From 9f9a704cfe56c86c4313ac76e20bae6ae533fc4f Mon Sep 17 00:00:00 2001 From: Stefano Ghinelli Date: Mon, 4 Nov 2024 08:59:24 +0100 Subject: [PATCH 25/25] docs: update release notes --- docs/releases/v3.2.0.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/releases/v3.2.0.md b/docs/releases/v3.2.0.md index 627770d..931f05c 100644 --- a/docs/releases/v3.2.0.md +++ b/docs/releases/v3.2.0.md @@ -4,6 +4,8 @@ - Added compatibility with Kubernetes versions 1.30.x and 1.31.x. +> NOTE: This release only extends the Kubernetes compatibility to versions 1.30 and 1.31. No functional changes are included, users can continue using their current version. + ## Upgrade path To upgrade this module from `v3.1.0` to `v3.2.0`, you need to download this new version, then apply the `kustomize` project. No further action is required. \ No newline at end of file