diff --git a/.github/workflows/caname-id-test.yml b/.github/workflows/caname-id-test.yml index b42a043..b5f760c 100644 --- a/.github/workflows/caname-id-test.yml +++ b/.github/workflows/caname-id-test.yml @@ -25,6 +25,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build @@ -173,6 +176,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build diff --git a/.github/workflows/clientauth-test.yml b/.github/workflows/clientauth-test.yml index c09b53f..c007b8e 100644 --- a/.github/workflows/clientauth-test.yml +++ b/.github/workflows/clientauth-test.yml @@ -30,6 +30,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build @@ -56,11 +59,11 @@ jobs: sudo microk8s.kubectl get pods -A sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25 - - name: "install kubectl cert-manager plugin" + - name: "install cmctl" run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz" - tar xzf kubectl-cert-manager.tar.gz - sudo mv kubectl-cert_manager /usr/local/bin + OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH} + sudo chmod +x cmctl + sudo mv cmctl /usr/local/bin - name: "install yq" run: sudo snap install yq @@ -133,7 +136,7 @@ jobs: - name: "check certificate resource" run: | - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued" @@ -145,7 +148,7 @@ jobs: - name: "renew certificate" run: | - sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer + sudo -E cmctl renew ncm-cert -n ncm-issuer - name: "sleep for 15s" uses: juliangruber/sleep-action@v1 @@ -155,9 +158,9 @@ jobs: - name: "check certificate resource" run: | sudo microk8s.kubectl get certificaterequest -n ncm-issuer - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" + sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der openssl x509 -in /tmp/cert.der -text -noout diff --git a/.github/workflows/pkey-tests.yml b/.github/workflows/pkey-tests.yml index d27563e..3f68697 100644 --- a/.github/workflows/pkey-tests.yml +++ b/.github/workflows/pkey-tests.yml @@ -28,6 +28,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build @@ -55,11 +58,11 @@ jobs: sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25 - - name: "install kubectl cert-manager plugin" + - name: "install cmctl" run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/${{ env.CERTMGR_VERSION }}/kubectl-cert_manager-$OS-$ARCH.tar.gz" - tar xzf kubectl-cert-manager.tar.gz - sudo mv kubectl-cert_manager /usr/local/bin + OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH} + sudo chmod +x cmctl + sudo mv cmctl /usr/local/bin - name: "install yq" run: sudo snap install yq @@ -127,7 +130,7 @@ jobs: - name: "check certificate resource" run: | - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued" @@ -143,7 +146,7 @@ jobs: - name: "renew certificate" run: | - sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer + sudo -E cmctl renew ncm-cert -n ncm-issuer - name: "sleep for 15s" uses: juliangruber/sleep-action@v1 @@ -153,9 +156,9 @@ jobs: - name: "check certificate resource" run: | sudo microk8s.kubectl get certificaterequest -n ncm-issuer - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" + sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der openssl x509 -in /tmp/cert.der -text -noout @@ -206,6 +209,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build @@ -232,11 +238,11 @@ jobs: sudo microk8s.kubectl get pods -A sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25 - - name: "install kubectl cert-manager plugin" + - name: "install cmctl" run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/${{ env.CERTMGR_VERSION }}/kubectl-cert_manager-$OS-$ARCH.tar.gz" - tar xzf kubectl-cert-manager.tar.gz - sudo mv kubectl-cert_manager /usr/local/bin + OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH} + sudo chmod +x cmctl + sudo mv cmctl /usr/local/bin - name: "install yq" run: sudo snap install yq @@ -304,7 +310,7 @@ jobs: - name: "check certificate resource" run: | - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued" @@ -320,7 +326,7 @@ jobs: - name: "renew certificate" run: | - sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer + sudo -E cmctl renew ncm-cert -n ncm-issuer - name: "sleep for 15s" uses: juliangruber/sleep-action@v1 @@ -330,9 +336,9 @@ jobs: - name: "check certificate resource" run: | sudo microk8s.kubectl get certificaterequest -n ncm-issuer - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" + sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der openssl x509 -in /tmp/cert.der -text -noout diff --git a/.github/workflows/san-test.yml b/.github/workflows/san-test.yml index d9e69df..5274a32 100644 --- a/.github/workflows/san-test.yml +++ b/.github/workflows/san-test.yml @@ -41,6 +41,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build diff --git a/.github/workflows/signer-tests.yml b/.github/workflows/signer-tests.yml index 6eb7936..f8eb2d0 100644 --- a/.github/workflows/signer-tests.yml +++ b/.github/workflows/signer-tests.yml @@ -30,6 +30,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "install cert-manager charts" run: | sudo microk8s.kubectl create namespace cert-manager @@ -56,11 +59,11 @@ jobs: sudo microk8s.kubectl get pods -A sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25 - - name: "install kubectl cert-manager plugin" + - name: "install cmctl" run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz" - tar xzf kubectl-cert-manager.tar.gz - sudo mv kubectl-cert_manager /usr/local/bin + OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH} + sudo chmod +x cmctl + sudo mv cmctl /usr/local/bin - name: "install yq" run: sudo snap install yq @@ -124,7 +127,7 @@ jobs: - name: "check certificate resource" run: | - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued" @@ -138,7 +141,7 @@ jobs: - name: "renew certificate" run: | - sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer + sudo -E cmctl renew ncm-cert -n ncm-issuer - name: "sleep for 10s" uses: juliangruber/sleep-action@v1 @@ -148,9 +151,9 @@ jobs: - name: "check certificate resource" run: | sudo microk8s.kubectl get certificaterequest -n ncm-issuer - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer + sudo -E cmctl status certificate ncm-cert -n ncm-issuer sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" + sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate" sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der openssl x509 -in /tmp/cert.der -text -noout @@ -203,6 +206,9 @@ jobs: echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV - run: echo "k8s ${{ env.K8S_VERSION }}" + - name: Set KUBECONFIG for MicroK8s + run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV + - name: "build ncm-issuer image" run: | make docker-build @@ -229,11 +235,11 @@ jobs: sudo microk8s.kubectl get pods -A sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25 - - name: "install kubectl cert-manager plugin" + - name: "install cmctl" run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz" - tar xzf kubectl-cert-manager.tar.gz - sudo mv kubectl-cert_manager /usr/local/bin + OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH} + sudo chmod +x cmctl + sudo mv cmctl /usr/local/bin - name: "install yq" run: sudo snap install yq @@ -308,7 +314,7 @@ jobs: - name: "check certificate resource" run: | - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert + sudo -E cmctl status certificate ncm-cert -n ncm-cert sudo microk8s.kubectl describe cert ncm-cert -n ncm-cert sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 sudo microk8s.kubectl describe cert ncm-cert -n ncm-cert | grep "The certificate has been successfully issued" @@ -322,7 +328,7 @@ jobs: - name: "renew certificate" run: | - sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-cert + sudo -E cmctl renew ncm-cert -n ncm-cert - name: "sleep for 10s" uses: juliangruber/sleep-action@v1 @@ -332,9 +338,9 @@ jobs: - name: "check certificate resource" run: | sudo microk8s.kubectl get certificaterequest -n ncm-cert - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert + sudo -E cmctl status certificate ncm-cert -n ncm-cert sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25 - sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert | grep "No CertificateRequest found for this Certificate" + sudo -E cmctl status certificate ncm-cert -n ncm-cert | grep "No CertificateRequest found for this Certificate" sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-cert | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der openssl x509 -in /tmp/cert.der -text -noout