Skip to content

Commit b51b718

Browse files
committed
integration tests: test deploying as restricted admin (sourcegraph#570)
* integration tests: test deploying as restricted admin * hook it in for a try * try again * try again * try again * try again * try again * try again * try again * fixed bug revealed by test * comment out restricted test for now * add to pipeline * add to pipeline 2 * add to pipeline 3 * test ray * forgot namespace * no rollout for service * not https * code review keegan * integration test label * migrate doc calls out required kustomize * migrate doc calls out required kustomize 2 * testing prune * revert prune testing * fresh create needs different overlay chain * lsif-server to precise code intel rename
1 parent 249dc0a commit b51b718

23 files changed

+262
-4
lines changed
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
#!/usr/bin/env bash
2+
3+
set -ex
4+
5+
cd $(dirname "${BASH_SOURCE[0]}")/..
6+
7+
export DEPLOY_SOURCEGRAPH_ROOT=$(pwd)
8+
export TEST_GCP_PROJECT=sourcegraph-server
9+
export TEST_GCP_ZONE=us-central1-a
10+
export TEST_GCP_USERNAME=buildkite@sourcegraph-dev.iam.gserviceaccount.com
11+
export BUILD_CREATOR=$BUILDKITE_BUILD_CREATOR
12+
export BUILD_UUID=$BUILDKITE_BUILD_ID
13+
export BUILD_BRANCH=$BUILDKITE_BRANCH
14+
15+
${DEPLOY_SOURCEGRAPH_ROOT}/tests/integration/restricted/test.sh
16+

.buildkite/integration-test.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,4 @@ export GENERATED_BASE=`mktemp -d`
1515
kustomize build overlays/non-root-create-cluster -o ${GENERATED_BASE}
1616

1717
go test ./... -v -timeout 25m ${maybe_short_flag}
18+

.buildkite/pipeline.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,11 @@ steps:
1515
concurrency_group: deploy-sourcegraph/integration
1616
command: .buildkite/integration-test.sh
1717

18+
- label: ":k8s:"
19+
concurrency: 5
20+
concurrency_group: deploy-sourcegraph/integration-restricted
21+
command: .buildkite/integration-restricted-test.sh
22+
1823
- wait
1924

2025
- label: ":gcompute: :floppy_disk: 🧹"

base/kustomization.yaml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,10 @@ resources:
44
- searcher/searcher.Service.yaml
55
- searcher/searcher.Deployment.yaml
66
- backend.Service.yaml
7-
- frontend/sourcegraph-frontend.Role.yaml
87
- frontend/sourcegraph-frontend-internal.Service.yaml
98
- frontend/sourcegraph-frontend.Deployment.yaml
109
- frontend/sourcegraph-frontend.ServiceAccount.yaml
1110
- frontend/sourcegraph-frontend.Service.yaml
12-
- frontend/sourcegraph-frontend.RoleBinding.yaml
1311
- frontend/sourcegraph-frontend.Ingress.yaml
1412
- redis/redis-store.Service.yaml
1513
- redis/redis-store.Deployment.yaml
@@ -33,11 +31,9 @@ resources:
3331
- pgsql/pgsql.Service.yaml
3432
- pgsql/pgsql.Deployment.yaml
3533
- prometheus/prometheus.ServiceAccount.yaml
36-
- prometheus/prometheus.ClusterRoleBinding.yaml
3734
- prometheus/prometheus.ConfigMap.yaml
3835
- prometheus/prometheus.Deployment.yaml
3936
- prometheus/prometheus.PersistentVolumeClaim.yaml
40-
- prometheus/prometheus.ClusterRole.yaml
4137
- prometheus/prometheus.Service.yaml
4238
- query-runner/query-runner.Service.yaml
4339
- query-runner/query-runner.Deployment.yaml

base/rbac-roles/kustomization.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
resources:
4+
- sourcegraph-frontend.Role.yaml
5+
- sourcegraph-frontend.RoleBinding.yaml
6+
- prometheus.ClusterRoleBinding.yaml
7+
- prometheus.ClusterRole.yaml

docs/migrate.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,18 @@ version you are upgrading to should be applied (unless otherwise noted).
66

77
## 3.14 (Unreleased)
88

9+
The `kubectl-apply-all.sh` command now uses `kustomize` and requires `kubectl` client version >= 1.14.
10+
11+
If your kubectl client version is older and doesn't support `apply -k` you need to
12+
install the standalone [kustomize](https://kustomize.io/) binary, generate the YAML files with `kustomize build` and
13+
then use the built YAML with `kubectl apply -f`. For example use:
14+
15+
```shell script
16+
kustomize build base | kubectl apply -f -
17+
kustomize build base/rbac-roles | kubectl apply -f -
18+
```
19+
in your version of `kubectl-apply-all.sh` if you cannot upgrade `kubectl` to a client version >= 1.14.
20+
921
### Existing installations: Migrating the container user from root to non-root
1022

1123
Version 3.14 changes the security context of the installation by switching to a non-root user for all containers.

0 commit comments

Comments
 (0)