Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 31 additions & 28 deletions .github/workflows/run-e2e-tests-on-operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,15 @@ on:
workflow_dispatch:
inputs:
operator_type:
description: The operator type [public, gcp, azure, aws]
description: The operator type [public, gcp, azure, aws, eks]
required: true
type: choice
options:
- public
- gcp
- azure
- aws
- eks
identity_scope:
description: The identity scope [UID2, EUID]
required: true
Expand All @@ -35,30 +36,31 @@ on:
description: 'Image: E2E image version'
type: string
default: latest
core_branch:
description: 'Config: Core branch for config'
type: string
default: main
optout_branch:
description: 'Config: Optout branch for config'
type: string
default: main
admin_branch:
description: 'Config: Admin branch for config'

branch:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have to merge these inputs together as github has a limit of 10 inputs: https://github.com/orgs/community/discussions/8774

description: The arguments for custom branches
type: string
default: main
default: '{
"core": "main",
"optout": "main",
"admin": "main" }'
aws:
description: The arguments for AWS private operator
type: string
default: '{
"region": "us-east-1",
"ami": "ami-xxxxx",
"pcr0": "xxxxx" }'
eks:
description: The arguments for EKS operator
type: string
default: '{
"pcr0": "xxxxx" }'

workflow_call:
inputs:
operator_type:
description: The operator type [public, gcp, azure, aws]
description: The operator type [public, gcp, azure, aws, eks]
type: string
default: public
identity_scope:
Expand All @@ -81,45 +83,46 @@ on:
description: 'Image: E2E image version'
type: string
default: latest
core_branch:
description: 'Config: Core branch for config'
branch:
description: The arguments for custom branches
type: string
default: main
optout_branch:
description: 'Config: Optout branch for config'
type: string
default: main
admin_branch:
description: 'Config: Admin branch for config'
type: string
default: main
default: '{
"core": "main",
"optout": "main",
"admin": "main" }'
aws:
description: The arguments for AWS private operator
type: string
default: '{
"region": "us-east-1",
"ami": "ami-xxxxx",
"pcr0": "xxxxx" }'
eks:
description: The arguments for EKS operator
type: string
default: '{
"pcr0": "xxxxx" }'

jobs:
e2e-test:
name: E2E Test
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-run-e2e-tests.yaml@v2
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-run-e2e-tests.yaml@v3
with:
operator_type: ${{ inputs.operator_type }}
operator_image_version: ${{ inputs.operator_image_version }}
core_image_version: ${{ inputs.core_image_version }}
optout_image_version: ${{ inputs.optout_image_version }}
e2e_image_version: ${{ inputs.e2e_image_version }}
operator_branch: ${{ github.ref }}
core_branch: ${{ inputs.core_branch }}
optout_branch: ${{ inputs.optout_branch }}
admin_branch: ${{ inputs.admin_branch }}
branch_core: ${{ fromJson(inputs.branch).core }}
branch_optout: ${{ fromJson(inputs.branch).optout }}
branch_admin: ${{ fromJson(inputs.branch).admin }}
uid2_e2e_identity_scope: ${{ inputs.identity_scope }}
gcp_workload_identity_provider_id: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER_ID }}
gcp_service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
gcp_project: ${{ vars.GCP_PROJECT }}
aws_region: ${{ fromJson(inputs.aws).region }}
aws_ami: ${{ fromJson(inputs.aws).ami }}
aws_pcr0: ${{ fromJson(inputs.aws).pcr0 }}
eks_pcr0: ${{ fromJson(inputs.eks).pcr0 }}
secrets: inherit
88 changes: 88 additions & 0 deletions scripts/aws/eks/deployment_files/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels: &Labels
app: uid2-operator
flavor: operator
annotations: &Annotations
env: integ
name: uid2-operator
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels: *Labels
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
template:
metadata:
labels: *Labels
annotations: *Annotations
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: aws-nitro-enclaves-k8s-dp # this ensures that the pod is only deployed to nodes that have the nitro extension installed
operator: In
values:
- enabled
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app # this ensures that a new pod is not deployed if there is already a pod with the label 'app=nginx' in the same topologyKey i.e. kubernetes.io/hostname
operator: In
values:
- uid2-operator
topologyKey: kubernetes.io/hostname
containers:
- image: IMAGE_PLACEHOLDER
imagePullPolicy: Always
name: uid2-operator
env:
- name: test
value: test
ports:
- containerPort: 80
protocol: TCP
- name: prometheus
containerPort: 9080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ops/healthcheck
port: 80
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
aws.ec2.nitro/nitro_enclaves: "1"
hugepages-1Gi: 24Gi
cpu: 250m
requests:
aws.ec2.nitro/nitro_enclaves: "1"
hugepages-1Gi: 24Gi
cpu: 250m
volumeMounts:
- name: secret-volume
mountPath: "/etc/secret/secret-value"
readOnly: true
- name: hugepage
mountPath: /dev/hugepages
readOnly: false
volumes:
- name: hugepage
emptyDir:
medium: HugePages-1Gi
- name: secret-volume
secret:
secretName: github-test-secret