From 7384961985c823b687caa92acedb4d0eaea07318 Mon Sep 17 00:00:00 2001 From: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> Date: Thu, 17 Aug 2023 16:24:37 -0700 Subject: [PATCH] CSPL-2444: Pipeline issues (#1220) * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixing docker image in workflows Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * adding ebs driver add on code Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixed .env file with latest version of k8s Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixed .env file with ekctl version Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixed .env file with ekctl version Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> * fixed aws ebs csi driver Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> --------- Signed-off-by: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com> --- .env | 6 +-- .../workflows/automated-release-workflow.yml | 1 - .../workflows/bundle-push-post-release.yml | 7 ++-- .github/workflows/int-test-azure-workflow.yml | 2 +- .github/workflows/int-test-workflow.yml | 2 +- .../workflows/manual-int-test-workflow.yml | 4 +- .../namespace-scope-int-workflow.yml | 5 +-- .../workflows/nightly-int-test-workflow.yml | 8 ++-- test/deploy-eks-cluster.sh | 38 +++++++++++++++++-- test/env.sh | 2 +- 10 files changed, 52 insertions(+), 23 deletions(-) diff --git a/.env b/.env index 70432b03c..305492c98 100644 --- a/.env +++ b/.env @@ -2,8 +2,8 @@ OPERATOR_SDK_VERSION=v1.28.1 REVIEWERS=pdhanoya-splunk,smohan-splunk,sgontla,gaurav-splunk,jryb,vivekr-splunk,kumarajeet GO_VERSION=1.19.2 AWSCLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.8.6.zip -KUBECTL_VERSION=v1.25.3 +KUBECTL_VERSION=v1.28.0 AZ_CLI_VERSION=2.30.0 EKSCTL_VERSION=v0.143.0 -EKS_CLUSTER_K8_VERSION=1.22 -SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:9.0.5 +EKS_CLUSTER_K8_VERSION=1.26 +SPLUNK_ENTERPRISE_RELEASE_IMAGE=docker.io/splunk/splunk:9.0.5 \ No newline at end of file diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 9b69f468b..12437a957 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -38,7 +38,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.5.0 - - name: Configure Docker Credentials uses: docker/login-action@v1 with: diff --git a/.github/workflows/bundle-push-post-release.yml b/.github/workflows/bundle-push-post-release.yml index b3db7cb8e..b122242cf 100644 --- a/.github/workflows/bundle-push-post-release.yml +++ b/.github/workflows/bundle-push-post-release.yml @@ -17,7 +17,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Deep Fetch + - name: Deep Fetch run: | git fetch --prune --unshallow @@ -31,7 +31,6 @@ jobs: go-version: ${{ steps.dotenv.outputs.GO_VERSION }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.5.0 - - name: Configure Docker Credentials uses: docker/login-action@v1 with: @@ -44,13 +43,13 @@ jobs: export OS=$(uname | awk '{print tolower($0)}') export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} - sudo chmod +x operator-sdk_${OS}_${ARCH} + sudo chmod +x operator-sdk_${OS}_${ARCH} sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk - name: Pull RC Splunk Operator Image run: | docker pull splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} - + - name: Run Bundle Push for the release run: | make bundle-build bundle-push catalog-build catalog-push IMAGE_TAG_BASE=docker.io/splunk/splunk-operator VERSION=${{ github.event.inputs.release_version }} IMG=docker.io/splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} \ No newline at end of file diff --git a/.github/workflows/int-test-azure-workflow.yml b/.github/workflows/int-test-azure-workflow.yml index e32e6a25a..f4e8d1451 100644 --- a/.github/workflows/int-test-azure-workflow.yml +++ b/.github/workflows/int-test-azure-workflow.yml @@ -124,7 +124,7 @@ jobs: # AZURE_MANAGED_ID_ENABLED: "${{ matrix.auth_method_managed_id }}" AZURE_MANAGED_ID_ENABLED: "false" steps: - # Need this because apps are downloaded from S3. + # Need this because apps are downloaded from S3. - name: Set Test Cluster Name run: | echo "TEST_CLUSTER_NAME=az${{ github.run_id }}" >> $GITHUB_ENV diff --git a/.github/workflows/int-test-workflow.yml b/.github/workflows/int-test-workflow.yml index fd41f8401..17b34ff19 100644 --- a/.github/workflows/int-test-workflow.yml +++ b/.github/workflows/int-test-workflow.yml @@ -121,7 +121,7 @@ jobs: uses: actions/setup-go@v2 with: go-version: ${{ steps.dotenv.outputs.GO_VERSION }} - - name: Install Ginkgo + - name: Install Ginkgo run: | make setup/ginkgo - name: Install Helm diff --git a/.github/workflows/manual-int-test-workflow.yml b/.github/workflows/manual-int-test-workflow.yml index 2a3a517f2..0aad051ed 100644 --- a/.github/workflows/manual-int-test-workflow.yml +++ b/.github/workflows/manual-int-test-workflow.yml @@ -60,7 +60,7 @@ jobs: run: >- if grep -q "appframework" <<< "${{ matrix.test }}"; then echo "CLUSTER_WORKERS=5" >> $GITHUB_ENV - echo "CLUSTER_NODES=2" >> $GITHUB_ENV + echo "CLUSTER_NODES=2" >> $GITHUB_ENV fi - name: Checkout code uses: actions/checkout@v2 @@ -197,5 +197,5 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PUSH_TOKEN}} - - name: Push Splunk Operator Image to Docker Hub + - name: Push Splunk Operator Image to Docker Hub run: docker push ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} \ No newline at end of file diff --git a/.github/workflows/namespace-scope-int-workflow.yml b/.github/workflows/namespace-scope-int-workflow.yml index 34aecbd36..13dc5bd4b 100644 --- a/.github/workflows/namespace-scope-int-workflow.yml +++ b/.github/workflows/namespace-scope-int-workflow.yml @@ -55,7 +55,7 @@ jobs: run: >- if grep -q "appframework" <<< "${{ matrix.test }}"; then echo "CLUSTER_WORKERS=5" >> $GITHUB_ENV - echo "CLUSTER_NODES=2" >> $GITHUB_ENV + echo "CLUSTER_NODES=2" >> $GITHUB_ENV fi - name: Checkout code uses: actions/checkout@v2 @@ -80,7 +80,7 @@ jobs: uses: actions/setup-go@v2 with: go-version: ${{ steps.dotenv.outputs.GO_VERSION }} - - name: Install Ginkgo + - name: Install Ginkgo run: | make setup/ginkgo - name: Install EKS CTL @@ -156,4 +156,3 @@ jobs: if: ${{ always() }} run: | make cluster-down - \ No newline at end of file diff --git a/.github/workflows/nightly-int-test-workflow.yml b/.github/workflows/nightly-int-test-workflow.yml index 012235441..91537feac 100644 --- a/.github/workflows/nightly-int-test-workflow.yml +++ b/.github/workflows/nightly-int-test-workflow.yml @@ -29,7 +29,7 @@ jobs: export OS=$(uname | awk '{print tolower($0)}') export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} - sudo chmod +x operator-sdk_${OS}_${ARCH} + sudo chmod +x operator-sdk_${OS}_${ARCH} sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 @@ -100,10 +100,10 @@ jobs: run: >- if grep -q "appframework" <<< "${{ matrix.test }}"; then echo "CLUSTER_WORKERS=5" >> $GITHUB_ENV - echo "CLUSTER_NODES=2" >> $GITHUB_ENV + echo "CLUSTER_NODES=2" >> $GITHUB_ENV fi - uses: actions/checkout@v2 - with: + with: ref: develop - name: Dotenv Action id: dotenv @@ -234,5 +234,5 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PUSH_TOKEN}} - - name: Push Splunk Operator Image to Docker Hub + - name: Push Splunk Operator Image to Docker Hub run: docker push ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} \ No newline at end of file diff --git a/test/deploy-eks-cluster.sh b/test/deploy-eks-cluster.sh index 558533cf6..f418b6d83 100755 --- a/test/deploy-eks-cluster.sh +++ b/test/deploy-eks-cluster.sh @@ -16,8 +16,8 @@ if [[ -z "${ECR_REPOSITORY}" ]]; then fi if [[ -z "${EKS_CLUSTER_K8_VERSION}" ]]; then - echo "EKS_CLUSTER_K8_VERSION not set. Changing to 1.22" - export EKS_CLUSTER_K8_VERSION="1.22" + echo "EKS_CLUSTER_K8_VERSION not set. Changing to 1.26" + export EKS_CLUSTER_K8_VERSION="1.26" fi function deleteCluster() { @@ -35,6 +35,8 @@ function deleteCluster() { echo "Unable to delete cluster - ${TEST_CLUSTER_NAME}" return 1 fi + rolename= echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF)}' + aws iam delete-role --role-name ${rolename} return 0 } @@ -54,6 +56,36 @@ function createCluster() { echo "Unable to create cluster - ${TEST_CLUSTER_NAME}" return 1 fi + eksctl utils associate-iam-oidc-provider --cluster=${TEST_CLUSTER_NAME} --approve + oidc_id=$(aws eks describe-cluster --name ${TEST_CLUSTER_NAME} --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5) + account_id=$(aws sts get-caller-identity --query "Account" --output text) + oidc_provider=$(aws eks describe-cluster --name ${TEST_CLUSTER_NAME} --region "us-west-2" --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///") + namespace=kube-system + service_account=ebs-csi-controller-sa + kubectl create serviceaccount ${service_account} --namespace ${namespace} + echo "{ + \"Version\": \"2012-10-17\", + \"Statement\": [ + { + \"Effect\": \"Allow\", + \"Principal\": { + \"Federated\": \"arn:aws:iam::$account_id:oidc-provider/$oidc_provider\" + }, + \"Action\": \"sts:AssumeRoleWithWebIdentity\", + \"Condition\": { + \"StringEquals\": { + \"$oidc_provider:aud\": \"sts.amazonaws.com\", + \"$oidc_provider:sub\": \"system:serviceaccount:$namespace:$service_account\" + } + } + } + ] + }" >aws-ebs-csi-driver-trust-policy.json + rolename=$(echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF)}') + aws iam create-role --role-name ${rolename} --assume-role-policy-document file://aws-ebs-csi-driver-trust-policy.json --description "irsa role for ${TEST_CLUSTER_NAME}" + aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --role-name ${rolename} + kubectl annotate serviceaccount -n $namespace $service_account eks.amazonaws.com/role-arn=arn:aws:iam::$account_id:role/${rolename} + eksctl create addon --name aws-ebs-csi-driver --cluster ${TEST_CLUSTER_NAME} --service-account-role-arn arn:aws:iam::$account_id:role/${rolename} --force else echo "Retrieving kubeconfig for ${TEST_CLUSTER_NAME}" # Cluster exists but kubeconfig may not @@ -72,4 +104,4 @@ function createCluster() { # Output echo "EKS cluster nodes:" eksctl get cluster --name=${TEST_CLUSTER_NAME} -} +} \ No newline at end of file diff --git a/test/env.sh b/test/env.sh index 38d2ed743..ae48d9cfe 100644 --- a/test/env.sh +++ b/test/env.sh @@ -11,7 +11,7 @@ : "${ECR_REGISTRY:=}" : "${VPC_PUBLIC_SUBNET_STRING:=}" : "${VPC_PRIVATE_SUBNET_STRING:=}" -: "${EKS_CLUSTER_K8_VERSION:=1.22}" +: "${EKS_CLUSTER_K8_VERSION:=1.26}" # Below env variables required to run license master test cases : "${ENTERPRISE_LICENSE_S3_PATH:=}" : "${TEST_S3_BUCKET:=}"