Skip to content

Commit 605151d

Browse files
author
Leonid Podolinskiy
authored
Patch cves (#22)
* bump go to 1.22 and update dependencies update makefile * bump go ver in the ci * upd go ver in the dockerfile
1 parent 290875f commit 605151d

14 files changed

+580
-482
lines changed

.github/workflows/e2e.yaml

+180-185
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,16 @@
11
name: "Tests"
22

33
on:
4-
pull_request:
4+
pull_request:
55
branches:
66
- main
77
paths-ignore:
8-
- 'lightrun-init-agent/**'
9-
- '.github/**'
10-
- 'docs/**'
11-
- 'grafana/**'
8+
- "lightrun-init-agent/**"
9+
- ".github/**"
10+
- "docs/**"
11+
- "grafana/**"
1212

13-
jobs:
13+
jobs:
1414
e2e_test:
1515
name: Build controller and install helm chart
1616
runs-on: ubuntu-latest
@@ -20,189 +20,184 @@ jobs:
2020
ports:
2121
- 5000:5000
2222
steps:
23-
- uses: actions/checkout@v3
24-
25-
- name: Setup Go environment
26-
uses: actions/setup-go@v4
27-
with:
28-
go-version: '1.20'
29-
30-
- name: Run tests
31-
shell: bash
32-
run: |
33-
make test
34-
35-
- name: Spin up k3s cluster
36-
shell: bash
37-
run: |
38-
39-
# Add local registry to /etc/hosts
40-
echo '127.0.0.1 localreg.com' | sudo tee -a /etc/hosts
41-
42-
# Install kubectl
43-
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
44-
45-
# Install helm
46-
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
47-
chmod 700 get_helm.sh
48-
./get_helm.sh
49-
50-
#Install k3s
51-
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.28.5+k3s1" sh -s -
52-
53-
mkdir ~/.kube || echo "~/.kube already existed"
54-
sudo chmod 777 /etc/rancher/k3s/k3s.yaml
55-
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
56-
sudo chmod 777 ~/.kube/config
57-
58-
cat <<EOF >> /tmp/registries.yaml
59-
mirrors:
60-
"localreg.com:5000":
61-
endpoint:
62-
- "http://localreg.com:5000"
63-
EOF
64-
65-
sudo cp /tmp/registries.yaml /etc/rancher/k3s/
66-
sudo chmod 777 /etc/rancher/k3s/registries.yaml
67-
68-
#printf "\nRegistry file\n"
69-
#cat /etc/rancher/k3s/registries.yaml
70-
71-
#printf "\nkube config\n"
72-
#cat ~/.kube/config
73-
74-
# ensure that node is created
75-
timeout 2m bash -c 'until kubectl get node $HOSTNAME; do sleep 1; done'
76-
77-
# test for 120 to see if node will go ready
78-
kubectl wait --timeout=120s --for=condition=Ready node/$(echo $HOSTNAME| awk '{print tolower($0)}')
79-
80-
# Restart need to update local registry config
81-
printf "Restart k3s service\n"
82-
sudo systemctl restart k3s
83-
kubectl wait --timeout=120s --for=condition=Ready node/$(echo $HOSTNAME| awk '{print tolower($0)}')
84-
85-
- name: Build and push to local repo
86-
uses: docker/build-push-action@v3
87-
with:
88-
context: .
89-
push: true
90-
tags: localreg.com:5000/lightrun-k8s-operator:0.0.0-${{ github.run_number }}
91-
92-
93-
- name: Install chart and test controller
94-
shell: bash
95-
run: |
96-
#printf "Check local registry image\n"
97-
#curl http://localreg.com:5000/v2/lightrun-k8s-operator/manifests/0.0.0-${{ github.run_number }}
98-
99-
100-
yq -i '.controllerManager.manager.image.repository = "localreg.com:5000/lightrun-k8s-operator"' .github/workflows/tests_data/chart_values.yaml
101-
yq -i '.controllerManager.manager.image.tag = "0.0.0-${{ github.run_number }}"' .github/workflows/tests_data/chart_values.yaml
102-
yq -i '.spec.agentName = "ci-k3s-controller-chart-test-${{ github.run_number }}"' .github/workflows/tests_data/lightrunjavaagent.yaml
103-
yq -i '.spec.agentTags += ["ci-k3s-controller-chart-test-${{ github.run_number }}"]' .github/workflows/tests_data/lightrunjavaagent.yaml
104-
yq -i '.managerConfig.operatorScope.namespacedScope = true' .github/workflows/tests_data/chart_values.yaml
105-
106-
kubectl create ns lightrun-k8s-operator
107-
kubectl create ns app-ns
108-
kubectl config set-context --current --namespace=app-ns
109-
110-
printf "Deploy Java app\n"
111-
kubectl apply -f examples/deployment.yaml
112-
113-
114-
printf "Add agent secret\n"
115-
cat <<EOF | kubectl create -f -
116-
apiVersion: v1
117-
metadata:
118-
name: lightrun-secrets
119-
stringData:
120-
lightrun_key: ${{ secrets.DOGFOOD_KEY }}
121-
pinned_cert_hash: ${{ secrets.DOGFOOD_CERT }}
122-
kind: Secret
123-
type: Opaque
124-
EOF
125-
126-
127-
printf "Update generated parts of helm chart\n"
128-
make before-push
129-
printf "Install helm chart\n"
130-
helm install -n lightrun-k8s-operator lightrun-k8s-operator ./helm-chart -f .github/workflows/tests_data/chart_values.yaml
131-
132-
kubectl wait deployment sample-deployment --for condition=Available=True --timeout=90s
133-
134-
kubectl get deployments -n lightrun-k8s-operator
135-
kubectl get pods -n lightrun-k8s-operator
136-
kubectl wait deployment -n lightrun-k8s-operator lightrun-k8s-operator-controller-manager --for condition=Available=True --timeout=200s
137-
kubectl get pods -n lightrun-k8s-operator
138-
139-
140-
kubectl apply -f .github/workflows/tests_data/lightrunjavaagent.yaml
141-
kubectl wait deployment sample-deployment --for condition=Available=True --timeout=90s
142-
143-
144-
printf "Wait 1 minute\n"
145-
sleep 60
146-
printf "\nController logs\n\n"
147-
kubectl logs --tail=500 -l control-plane=controller-manager -n lightrun-k8s-operator
148-
149-
150-
151-
152-
printf "\n\nAgent INFO log\n"
153-
kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.INFO
154-
printf "\n\nAgent ERROR log\n"
155-
kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.ERROR || true
156-
157-
158-
printf "\nSearching for "registered" in INFO log\n"
159-
if kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.INFO | grep Debuggee |grep registered > /dev/null; then
160-
printf "\n----------------\nAgent registered succesfully!\n----------------\n"
161-
else
162-
printf "\n----------------\nAgent failed to register!\n----------------\n"
163-
export AGENT_REGISTERED=false
164-
fi
165-
166-
167-
168-
169-
printf "Add resources in restricted namespace\n"
170-
kubectl create ns restricted
171-
kubectl config set-context --current --namespace=restricted
172-
printf "Deploy Java app\n"
173-
kubectl apply -f examples/deployment.yaml
174-
175-
printf "Add agent secret\n"
176-
cat <<EOF | kubectl create -f -
177-
apiVersion: v1
178-
metadata:
179-
name: lightrun-secrets
180-
stringData:
181-
lightrun_key: ${{ secrets.DOGFOOD_KEY }}
182-
pinned_cert_hash: ${{ secrets.DOGFOOD_CERT }}
183-
kind: Secret
184-
type: Opaque
185-
EOF
23+
- uses: actions/checkout@v3
24+
25+
- name: Setup Go environment
26+
uses: actions/setup-go@v4
27+
with:
28+
go-version: "1.22"
29+
30+
- name: Run tests
31+
shell: bash
32+
run: |
33+
make test
34+
35+
- name: Spin up k3s cluster
36+
shell: bash
37+
run: |
18638
187-
kubectl apply -f .github/workflows/tests_data/lightrunjavaagent.yaml
39+
# Add local registry to /etc/hosts
40+
echo '127.0.0.1 localreg.com' | sudo tee -a /etc/hosts
18841
189-
sleep 5
190-
kubectl describe deployment sample-deployment
42+
# Install kubectl
43+
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
19144
192-
printf "Controller logs\n\n\n"
193-
kubectl logs --tail=500 -l control-plane=controller-manager -n lightrun-k8s-operator
45+
# Install helm
46+
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
47+
chmod 700 get_helm.sh
48+
./get_helm.sh
19449
195-
printf "LightrunJavaAgents status\n\n\n"
196-
kubectl get lrja --all-namespaces
50+
#Install k3s
51+
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.28.5+k3s1" sh -s -
19752
198-
printf "\nCleanup\n\n"
199-
bash /usr/local/bin/k3s-uninstall.sh
200-
rm -rf ~/.kube
201-
202-
if [[ $AGENT_REGISTERED == "false" ]]; then
203-
exit 1
204-
fi
205-
206-
53+
mkdir ~/.kube || echo "~/.kube already existed"
54+
sudo chmod 777 /etc/rancher/k3s/k3s.yaml
55+
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
56+
sudo chmod 777 ~/.kube/config
20757
58+
cat <<EOF >> /tmp/registries.yaml
59+
mirrors:
60+
"localreg.com:5000":
61+
endpoint:
62+
- "http://localreg.com:5000"
63+
EOF
20864
65+
sudo cp /tmp/registries.yaml /etc/rancher/k3s/
66+
sudo chmod 777 /etc/rancher/k3s/registries.yaml
67+
68+
#printf "\nRegistry file\n"
69+
#cat /etc/rancher/k3s/registries.yaml
70+
71+
#printf "\nkube config\n"
72+
#cat ~/.kube/config
73+
74+
# ensure that node is created
75+
timeout 2m bash -c 'until kubectl get node $HOSTNAME; do sleep 1; done'
76+
77+
# test for 120 to see if node will go ready
78+
kubectl wait --timeout=120s --for=condition=Ready node/$(echo $HOSTNAME| awk '{print tolower($0)}')
79+
80+
# Restart need to update local registry config
81+
printf "Restart k3s service\n"
82+
sudo systemctl restart k3s
83+
kubectl wait --timeout=120s --for=condition=Ready node/$(echo $HOSTNAME| awk '{print tolower($0)}')
84+
85+
- name: Build and push to local repo
86+
uses: docker/build-push-action@v3
87+
with:
88+
context: .
89+
push: true
90+
tags: localreg.com:5000/lightrun-k8s-operator:0.0.0-${{ github.run_number }}
91+
92+
- name: Install chart and test controller
93+
shell: bash
94+
run: |
95+
#printf "Check local registry image\n"
96+
#curl http://localreg.com:5000/v2/lightrun-k8s-operator/manifests/0.0.0-${{ github.run_number }}
97+
98+
99+
yq -i '.controllerManager.manager.image.repository = "localreg.com:5000/lightrun-k8s-operator"' .github/workflows/tests_data/chart_values.yaml
100+
yq -i '.controllerManager.manager.image.tag = "0.0.0-${{ github.run_number }}"' .github/workflows/tests_data/chart_values.yaml
101+
yq -i '.spec.agentName = "ci-k3s-controller-chart-test-${{ github.run_number }}"' .github/workflows/tests_data/lightrunjavaagent.yaml
102+
yq -i '.spec.agentTags += ["ci-k3s-controller-chart-test-${{ github.run_number }}"]' .github/workflows/tests_data/lightrunjavaagent.yaml
103+
yq -i '.managerConfig.operatorScope.namespacedScope = true' .github/workflows/tests_data/chart_values.yaml
104+
105+
kubectl create ns lightrun-k8s-operator
106+
kubectl create ns app-ns
107+
kubectl config set-context --current --namespace=app-ns
108+
109+
printf "Deploy Java app\n"
110+
kubectl apply -f examples/deployment.yaml
111+
112+
113+
printf "Add agent secret\n"
114+
cat <<EOF | kubectl create -f -
115+
apiVersion: v1
116+
metadata:
117+
name: lightrun-secrets
118+
stringData:
119+
lightrun_key: ${{ secrets.DOGFOOD_KEY }}
120+
pinned_cert_hash: ${{ secrets.DOGFOOD_CERT }}
121+
kind: Secret
122+
type: Opaque
123+
EOF
124+
125+
126+
printf "Update generated parts of helm chart\n"
127+
make before-push
128+
printf "Install helm chart\n"
129+
helm install -n lightrun-k8s-operator lightrun-k8s-operator ./helm-chart -f .github/workflows/tests_data/chart_values.yaml
130+
131+
kubectl wait deployment sample-deployment --for condition=Available=True --timeout=90s
132+
133+
kubectl get deployments -n lightrun-k8s-operator
134+
kubectl get pods -n lightrun-k8s-operator
135+
kubectl wait deployment -n lightrun-k8s-operator lightrun-k8s-operator-controller-manager --for condition=Available=True --timeout=200s
136+
kubectl get pods -n lightrun-k8s-operator
137+
138+
139+
kubectl apply -f .github/workflows/tests_data/lightrunjavaagent.yaml
140+
kubectl wait deployment sample-deployment --for condition=Available=True --timeout=90s
141+
142+
143+
printf "Wait 1 minute\n"
144+
sleep 60
145+
printf "\nController logs\n\n"
146+
kubectl logs --tail=500 -l control-plane=controller-manager -n lightrun-k8s-operator
147+
148+
149+
150+
151+
printf "\n\nAgent INFO log\n"
152+
kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.INFO
153+
printf "\n\nAgent ERROR log\n"
154+
kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.ERROR || true
155+
156+
157+
printf "\nSearching for "registered" in INFO log\n"
158+
if kubectl exec -t deploy/sample-deployment -c app -- cat /tmp/lightrun_java_agent.INFO | grep Debuggee |grep registered > /dev/null; then
159+
printf "\n----------------\nAgent registered succesfully!\n----------------\n"
160+
else
161+
printf "\n----------------\nAgent failed to register!\n----------------\n"
162+
export AGENT_REGISTERED=false
163+
fi
164+
165+
166+
167+
168+
printf "Add resources in restricted namespace\n"
169+
kubectl create ns restricted
170+
kubectl config set-context --current --namespace=restricted
171+
printf "Deploy Java app\n"
172+
kubectl apply -f examples/deployment.yaml
173+
174+
printf "Add agent secret\n"
175+
cat <<EOF | kubectl create -f -
176+
apiVersion: v1
177+
metadata:
178+
name: lightrun-secrets
179+
stringData:
180+
lightrun_key: ${{ secrets.DOGFOOD_KEY }}
181+
pinned_cert_hash: ${{ secrets.DOGFOOD_CERT }}
182+
kind: Secret
183+
type: Opaque
184+
EOF
185+
186+
kubectl apply -f .github/workflows/tests_data/lightrunjavaagent.yaml
187+
188+
sleep 5
189+
kubectl describe deployment sample-deployment
190+
191+
printf "Controller logs\n\n\n"
192+
kubectl logs --tail=500 -l control-plane=controller-manager -n lightrun-k8s-operator
193+
194+
printf "LightrunJavaAgents status\n\n\n"
195+
kubectl get lrja --all-namespaces
196+
197+
printf "\nCleanup\n\n"
198+
bash /usr/local/bin/k3s-uninstall.sh
199+
rm -rf ~/.kube
200+
201+
if [[ $AGENT_REGISTERED == "false" ]]; then
202+
exit 1
203+
fi

0 commit comments

Comments
 (0)