ci/cd - various fixes for k8s tests

.github/workflows/staging.yml

@@ -88,16 +88,16 @@ jobs:
   #     DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   #     PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
   #     PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
-  build-rhel:
-    uses: ./.github/workflows/staging-linux-build.yml
-    with:
-      LINUX: rhel
-      PACKAGE: rpm
-    secrets:
-      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
-      PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
-      PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+  # build-rhel:
+  #   uses: ./.github/workflows/staging-linux-build.yml
+  #   with:
+  #     LINUX: rhel
+  #     PACKAGE: rpm
+  #   secrets:
+  #     DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+  #     DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+  #     PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
+  #     PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
 
   # Code security
   code-security:
@@ -124,13 +124,13 @@ jobs:
           category: "/language:${{matrix.language}}"
 
   # Create infrastructures
-  # create-infra-docker:
-  #   needs: [code-security, build-bw, build-scheduler]
-  #   uses: ./.github/workflows/staging-create-infra.yml
-  #   with:
-  #     TYPE: docker
-  #   secrets:
-  #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+  create-infra-docker:
+    needs: [code-security, build-bw, build-scheduler]
+    uses: ./.github/workflows/staging-create-infra.yml
+    with:
+      TYPE: docker
+    secrets:
+      CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
   # create-infra-autoconf:
   #   needs: [code-security, build-bw, build-scheduler, build-autoconf]
   #   uses: ./.github/workflows/staging-create-infra.yml
@@ -152,7 +152,7 @@ jobs:
   #     TYPE: k8s
   #   secrets:
   #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
-  create-infra-linux:
+  # create-infra-linux:
     # needs:
     #   [
     #     code-security,
@@ -162,21 +162,21 @@ jobs:
     #     build-fedora,
     #     build-rhel,
     #   ]
-    needs: [code-security, build-rhel]
-    uses: ./.github/workflows/staging-create-infra.yml
-    with:
-      TYPE: linux
-    secrets:
-      CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+    # needs: [code-security, build-rhel]
+    # uses: ./.github/workflows/staging-create-infra.yml
+    # with:
+    #   TYPE: linux
+    # secrets:
+    #   CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
 
   # Perform tests
-  # tests-docker:
-  #   needs: [create-infra-docker]
-  #   uses: ./.github/workflows/staging-tests.yml
-  #   with:
-  #     TYPE: docker
-  #     RUNS_ON: "['self-hosted', 'bw-docker']"
-  #   secrets: inherit
+  tests-docker:
+    needs: [create-infra-docker]
+    uses: ./.github/workflows/staging-tests.yml
+    with:
+      TYPE: docker
+      RUNS_ON: "['self-hosted', 'bw-docker']"
+    secrets: inherit
   # tests-autoconf:
   #   needs: [create-infra-autoconf]
   #   uses: ./.github/workflows/staging-tests.yml
@@ -191,20 +191,20 @@ jobs:
   #     TYPE: swarm
   #     RUNS_ON: "['self-hosted', 'bw-swarm']"
   #   secrets: inherit
-  # tests-k8s:
-  #   needs: [create-infra-k8s]
-  #   uses: ./.github/workflows/staging-tests.yml
-  #   with:
-  #     TYPE: k8s
-  #     RUNS_ON: "['ubuntu-latest']"
-  #   secrets: inherit
-  tests-linux:
-    needs: [create-infra-linux]
+  tests-k8s:
+    needs: [create-infra-k8s]
     uses: ./.github/workflows/staging-tests.yml
     with:
-      TYPE: linux
-      RUNS_ON: "['self-hosted', 'bw-linux']"
+      TYPE: k8s
+      RUNS_ON: "['ubuntu-latest']"
     secrets: inherit
+  # tests-linux:
+  #   needs: [create-infra-linux]
+  #   uses: ./.github/workflows/staging-tests.yml
+  #   with:
+  #     TYPE: linux
+  #     RUNS_ON: "['self-hosted', 'bw-linux']"
+  #   secrets: inherit
   tests-ui:
     needs: [code-security, build-ui]
     uses: ./.github/workflows/staging-tests-ui.yml
@@ -215,14 +215,14 @@ jobs:
       PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
 
   # Delete infrastructures
-  # delete-infra-docker:
-  #   if: ${{ always() }}
-  #   needs: [tests-docker]
-  #   uses: ./.github/workflows/staging-delete-infra.yml
-  #   with:
-  #     TYPE: docker
-  #   secrets:
-  #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+  delete-infra-docker:
+    if: ${{ always() }}
+    needs: [tests-docker]
+    uses: ./.github/workflows/staging-delete-infra.yml
+    with:
+      TYPE: docker
+    secrets:
+      CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
   # delete-infra-autoconf:
   #   if: ${{ always() }}
   #   needs: [tests-autoconf]
@@ -239,22 +239,22 @@ jobs:
   #     TYPE: swarm
   #   secrets:
   #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
-  # delete-infra-k8s:
-  #   if: ${{ always() }}
-  #   needs: [tests-k8s]
-  #   uses: ./.github/workflows/staging-delete-infra.yml
-  #   with:
-  #     TYPE: k8s
-  #   secrets:
-  #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
-  delete-infra-linux:
+  delete-infra-k8s:
     if: ${{ always() }}
-    needs: [tests-linux]
+    needs: [tests-k8s]
     uses: ./.github/workflows/staging-delete-infra.yml
     with:
-      TYPE: linux
+      TYPE: k8s
     secrets:
       CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+  # delete-infra-linux:
+  #   if: ${{ always() }}
+  #   needs: [tests-linux]
+  #   uses: ./.github/workflows/staging-delete-infra.yml
+  #   with:
+  #     TYPE: linux
+  #   secrets:
+  #     CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
 
   # # Push containers
   # push-bunkerweb:

misc/integrations/k8s.mariadb.ui.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb

misc/integrations/k8s.mariadb.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb
@@ -97,8 +97,6 @@ spec:
             periodSeconds: 1
             timeoutSeconds: 1
             failureThreshold: 3
-      #imagePullSecrets:
-      #- name: secret-registry
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -126,8 +124,6 @@ spec:
               value: "yes"
             - name: "DATABASE_URI"
               value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
-      #imagePullSecrets:
-      #- name: secret-registry
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -145,6 +141,7 @@ spec:
       labels:
         app: bunkerweb-scheduler
     spec:
+      serviceAccountName: sa-bunkerweb
       containers:
         - name: bunkerweb-scheduler
           image: bunkerity/bunkerweb-scheduler:1.4.6
@@ -154,8 +151,6 @@ spec:
               value: "yes"
             - name: "DATABASE_URI"
               value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
-      #imagePullSecrets:
-      #- name: secret-registry
 ---
 apiVersion: apps/v1
 kind: Deployment

misc/integrations/k8s.mysql.ui.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb

misc/integrations/k8s.mysql.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb

misc/integrations/k8s.postgres.ui.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb

misc/integrations/k8s.postgres.yml

@@ -43,7 +43,7 @@ spec:
         app: bunkerweb
       # mandatory annotation
       annotations:
-        bunkerweb.io/AUTOCONF: "yes"
+        bunkerweb.io/INSTANCE: "yes"
     spec:
       containers:
         - name: bunkerweb

tests/KubernetesTest.py

@@ -48,10 +48,26 @@ class KubernetesTest(Test):
             yamls = []
             with open(deploy, "r") as f :
                 data = safe_load_all(f.read())
+            append_env = {
+                "AUTO_LETS_ENCRYPT": "yes",
+                "USE_LETS_ENCRYPT_STAGING": "yes",
+                "USE_REAL_IP": "yes",
+                "USE_PROXY_PROTOCOL": "yes",
+                "REAL_IP_FROM": "100.64.0.0/16"
+                "REAL_IP_HEADER": "proxy_protocol"
+            }
+            replace_env = {
+                "API_WHITELIST_IP": "127.0.0.1/8 100.64.0.0/10"
+            }
             for yaml in data :
                 if yaml["metadata"]["name"] == "bunkerweb" :
-                    yaml["spec"]["template"]["spec"]["containers"][0]["env"].append({"name": "AUTO_LETS_ENCRYPT", "value": "yes"})
-                    yaml["spec"]["template"]["spec"]["containers"][0]["env"].append({"name": "USE_LETS_ENCRYPT_STAGING", "value": "yes"})
+                    for k, v in append_env.items() :
+                        yaml["spec"]["template"]["spec"]["containers"][0]["env"].append({"name": k, "value": v})
+                    for ele in yaml["spec"]["template"]["spec"]["containers"][0]["env"] :
+                        if ele["name"] in replace_env :
+                            ele["value"] = replace_env[ele["name"]]
+                if yaml["metadata"]["name"] in ["bunkerweb", "bunkerweb-controller", "bunkerweb-scheduler"] :
+                    yaml["spec"]["template"]["spec"]["imagePullSecrets"] = [{"name": "secret-registry"}]
                 yamls.append(yaml)
             with open(deploy, "w") as f :
                 f.write(dump_all(yamls))
@@ -76,8 +92,6 @@ class KubernetesTest(Test):
                 + "/infra/scheduler-tests:"
                 + getenv("IMAGE_TAG"),
             )
-            Test.replace_in_file(deploy, r"#i", "i")
-            Test.replace_in_file(deploy, r"#-", "-")
             proc = run(
                 "kubectl apply -f bunkerweb.yml", cwd="/tmp/kubernetes", shell=True
             )