Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix, replacing the kubectl plugin with recommended cert-manager binary #35

Merged
merged 5 commits into from
Jul 25, 2024
+64 −40
Merged

Fix, replacing the kubectl plugin with recommended cert-manager binary #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a817742
Fix: replace cert-manager plugin with cmctl binary
Jul 23, 2024
749ba47
Fix: replace cert-manager plugin with cmctl binary, use sudo for safety
Jul 23, 2024
22e7e2f
Fix: replace cert-manager plugin with cmctl binary, usage changed in …
Jul 23, 2024
428a59f
Testing setting KUBECONFIG for cmctl binary, pass env variable to com…
Jul 24, 2024
5201585
Testing setting KUBECONFIG for cmctl binary, fix typo
Jul 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/caname-id-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand Down Expand Up @@ -173,6 +176,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand Down
19 changes: 11 additions & 8 deletions .github/workflows/clientauth-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand All @@ -56,11 +59,11 @@ jobs:
sudo microk8s.kubectl get pods -A
sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25

- name: "install kubectl cert-manager plugin"
- name: "install cmctl"
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz"
tar xzf kubectl-cert-manager.tar.gz
sudo mv kubectl-cert_manager /usr/local/bin
OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
sudo chmod +x cmctl
sudo mv cmctl /usr/local/bin

- name: "install yq"
run: sudo snap install yq
Expand Down Expand Up @@ -133,7 +136,7 @@ jobs:

- name: "check certificate resource"
run: |
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued"
Expand All @@ -145,7 +148,7 @@ jobs:

- name: "renew certificate"
run: |
sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer
sudo -E cmctl renew ncm-cert -n ncm-issuer

- name: "sleep for 15s"
uses: juliangruber/sleep-action@v1
Expand All @@ -155,9 +158,9 @@ jobs:
- name: "check certificate resource"
run: |
sudo microk8s.kubectl get certificaterequest -n ncm-issuer
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der
openssl x509 -in /tmp/cert.der -text -noout

Expand Down
38 changes: 22 additions & 16 deletions .github/workflows/pkey-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand Down Expand Up @@ -55,11 +58,11 @@ jobs:
sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25


- name: "install kubectl cert-manager plugin"
- name: "install cmctl"
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/${{ env.CERTMGR_VERSION }}/kubectl-cert_manager-$OS-$ARCH.tar.gz"
tar xzf kubectl-cert-manager.tar.gz
sudo mv kubectl-cert_manager /usr/local/bin
OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
sudo chmod +x cmctl
sudo mv cmctl /usr/local/bin

- name: "install yq"
run: sudo snap install yq
Expand Down Expand Up @@ -127,7 +130,7 @@ jobs:

- name: "check certificate resource"
run: |
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued"
Expand All @@ -143,7 +146,7 @@ jobs:

- name: "renew certificate"
run: |
sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer
sudo -E cmctl renew ncm-cert -n ncm-issuer

- name: "sleep for 15s"
uses: juliangruber/sleep-action@v1
Expand All @@ -153,9 +156,9 @@ jobs:
- name: "check certificate resource"
run: |
sudo microk8s.kubectl get certificaterequest -n ncm-issuer
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der
openssl x509 -in /tmp/cert.der -text -noout

Expand Down Expand Up @@ -206,6 +209,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand All @@ -232,11 +238,11 @@ jobs:
sudo microk8s.kubectl get pods -A
sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25

- name: "install kubectl cert-manager plugin"
- name: "install cmctl"
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/${{ env.CERTMGR_VERSION }}/kubectl-cert_manager-$OS-$ARCH.tar.gz"
tar xzf kubectl-cert-manager.tar.gz
sudo mv kubectl-cert_manager /usr/local/bin
OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
sudo chmod +x cmctl
sudo mv cmctl /usr/local/bin

- name: "install yq"
run: sudo snap install yq
Expand Down Expand Up @@ -304,7 +310,7 @@ jobs:

- name: "check certificate resource"
run: |
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued"
Expand All @@ -320,7 +326,7 @@ jobs:

- name: "renew certificate"
run: |
sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer
sudo -E cmctl renew ncm-cert -n ncm-issuer

- name: "sleep for 15s"
uses: juliangruber/sleep-action@v1
Expand All @@ -330,9 +336,9 @@ jobs:
- name: "check certificate resource"
run: |
sudo microk8s.kubectl get certificaterequest -n ncm-issuer
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der
openssl x509 -in /tmp/cert.der -text -noout

Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/san-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand Down
38 changes: 22 additions & 16 deletions .github/workflows/signer-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "install cert-manager charts"
run: |
sudo microk8s.kubectl create namespace cert-manager
Expand All @@ -56,11 +59,11 @@ jobs:
sudo microk8s.kubectl get pods -A
sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25

- name: "install kubectl cert-manager plugin"
- name: "install cmctl"
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz"
tar xzf kubectl-cert-manager.tar.gz
sudo mv kubectl-cert_manager /usr/local/bin
OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
sudo chmod +x cmctl
sudo mv cmctl /usr/local/bin

- name: "install yq"
run: sudo snap install yq
Expand Down Expand Up @@ -124,7 +127,7 @@ jobs:

- name: "check certificate resource"
run: |
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl describe cert ncm-cert -n ncm-issuer | grep "The certificate has been successfully issued"
Expand All @@ -138,7 +141,7 @@ jobs:

- name: "renew certificate"
run: |
sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-issuer
sudo -E cmctl renew ncm-cert -n ncm-issuer

- name: "sleep for 10s"
uses: juliangruber/sleep-action@v1
Expand All @@ -148,9 +151,9 @@ jobs:
- name: "check certificate resource"
run: |
sudo microk8s.kubectl get certificaterequest -n ncm-issuer
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer
sudo -E cmctl status certificate ncm-cert -n ncm-issuer
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo -E cmctl status certificate ncm-cert -n ncm-issuer | grep "No CertificateRequest found for this Certificate"
sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-issuer | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der
openssl x509 -in /tmp/cert.der -text -noout

Expand Down Expand Up @@ -203,6 +206,9 @@ jobs:
echo K8S_VERSION=$(sudo microk8s.kubectl version --short=true|grep -Po 'Server Version: \K.*' -m 1) >> $GITHUB_ENV
- run: echo "k8s ${{ env.K8S_VERSION }}"

- name: Set KUBECONFIG for MicroK8s
run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV

- name: "build ncm-issuer image"
run: |
make docker-build
Expand All @@ -229,11 +235,11 @@ jobs:
sudo microk8s.kubectl get pods -A
sudo microk8s.kubectl -n cert-manager logs `sudo microk8s.kubectl get pods -n cert-manager -l app=cert-manager -o jsonpath='{.items[0].metadata.name}'`|tail -25

- name: "install kubectl cert-manager plugin"
- name: "install cmctl"
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz "https://github.com/cert-manager/cert-manager/releases/download/v${{ matrix.certmgr-version }}/kubectl-cert_manager-$OS-$ARCH.tar.gz"
tar xzf kubectl-cert-manager.tar.gz
sudo mv kubectl-cert_manager /usr/local/bin
OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/'); curl -fsSL -o cmctl https://github.com/cert-manager/cmctl/releases/latest/download/cmctl_${OS}_${ARCH}
sudo chmod +x cmctl
sudo mv cmctl /usr/local/bin

- name: "install yq"
run: sudo snap install yq
Expand Down Expand Up @@ -308,7 +314,7 @@ jobs:

- name: "check certificate resource"
run: |
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert
sudo -E cmctl status certificate ncm-cert -n ncm-cert
sudo microk8s.kubectl describe cert ncm-cert -n ncm-cert
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl describe cert ncm-cert -n ncm-cert | grep "The certificate has been successfully issued"
Expand All @@ -322,7 +328,7 @@ jobs:

- name: "renew certificate"
run: |
sudo microk8s.kubectl cert-manager renew ncm-cert -n ncm-cert
sudo -E cmctl renew ncm-cert -n ncm-cert

- name: "sleep for 10s"
uses: juliangruber/sleep-action@v1
Expand All @@ -332,9 +338,9 @@ jobs:
- name: "check certificate resource"
run: |
sudo microk8s.kubectl get certificaterequest -n ncm-cert
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert
sudo -E cmctl status certificate ncm-cert -n ncm-cert
sudo microk8s.kubectl -n ncm-issuer logs `sudo microk8s.kubectl get pods -A -l app=ncm-issuer -o jsonpath='{.items[0].metadata.name}'`|tail -25
sudo microk8s.kubectl cert-manager status certificate ncm-cert -n ncm-cert | grep "No CertificateRequest found for this Certificate"
sudo -E cmctl status certificate ncm-cert -n ncm-cert | grep "No CertificateRequest found for this Certificate"
sudo microk8s.kubectl describe certificaterequest ncm-cert -n ncm-cert | grep "Certificate:" | awk '{print $2}' | base64 -d > /tmp/cert.der
openssl x509 -in /tmp/cert.der -text -noout

Expand Down
Loading