From 1dbade38338d16e4686171a5a3d90a3ca9db4915 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 31 Jan 2024 11:22:48 +0800 Subject: [PATCH] ci: add mtls test ref: 3978 Signed-off-by: Chris --- test_framework/Jenkinsfile | 4 ++++ test_framework/scripts/longhorn-setup.sh | 9 ++++++++- test_framework/templates/longhorn-grpc-tls.yml | 10 ++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 test_framework/templates/longhorn-grpc-tls.yml diff --git a/test_framework/Jenkinsfile b/test_framework/Jenkinsfile index 3f2c7bd508..3b1de30efa 100644 --- a/test_framework/Jenkinsfile +++ b/test_framework/Jenkinsfile @@ -23,6 +23,9 @@ def REGISTRY_URL def REGISTRY_USERNAME def REGISTRY_PASSWORD +// parameter for mTls +def ENABLE_MTLS = params.ENABLE_MTLS ? params.ENABLE_MTLS : false + // parameter for hdd test def USE_HDD = params.USE_HDD ? params.USE_HDD : false @@ -115,6 +118,7 @@ node { --env PYTEST_CUSTOM_OPTIONS="${PYTEST_CUSTOM_OPTIONS}" \ --env BACKUP_STORE_TYPE="${BACKUP_STORE_TYPE}" \ --env TF_VAR_use_hdd=${USE_HDD} \ + --env TF_VAR_enable_mtls=${ENABLE_MTLS} \ --env TF_VAR_arch=${ARCH} \ --env TF_VAR_k8s_distro_name=${K8S_DISTRO_NAME} \ --env TF_VAR_k8s_distro_version=${K8S_DISTRO_VERSION} \ diff --git a/test_framework/scripts/longhorn-setup.sh b/test_framework/scripts/longhorn-setup.sh index db4519ad27..99f2dcd29c 100755 --- a/test_framework/scripts/longhorn-setup.sh +++ b/test_framework/scripts/longhorn-setup.sh @@ -54,6 +54,11 @@ install_cluster_autoscaler(){ } +enable_mtls(){ + kubectl apply -f "${TF_VAR_tf_workspace}/templates/longhorn-grpc-tls.yml" -n ${LONGHORN_NAMESPACE} +} + + install_csi_snapshotter_crds(){ CSI_SNAPSHOTTER_REPO_URL="https://github.com/kubernetes-csi/external-snapshotter.git" CSI_SNAPSHOTTER_REPO_DIR="${TMPDIR}/k8s-csi-external-snapshotter" @@ -441,7 +446,9 @@ main(){ install_backupstores fi install_csi_snapshotter_crds - + if [[ "${TF_VAR_enable_mtls}" == true ]]; then + enable_mtls + fi if [[ "${AIR_GAP_INSTALLATION}" == true ]]; then if [[ "${LONGHORN_INSTALL_METHOD}" == "manifest-file" ]]; then create_registry_secret diff --git a/test_framework/templates/longhorn-grpc-tls.yml b/test_framework/templates/longhorn-grpc-tls.yml new file mode 100644 index 0000000000..cf612e29f9 --- /dev/null +++ b/test_framework/templates/longhorn-grpc-tls.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: longhorn-grpc-tls + namespace: longhorn-system +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lVTHN6YnlpMVN6dSs5UlJmZkl3TDJlNFkzSytzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xiRzl1WjJodmNtNHRZMkV3SUJjTk1qUXdNVEkyTVRjMU5EUTVXaGdQTXpBeQpNekExTWpreE56VTBORGxhTUJZeEZEQVNCZ05WQkFNTUMyeHZibWRvYjNKdUxXTmhNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFucGFFbG4xRjFhT2hzekZTcVJ0TUliNWdLTkNZSUhzRml4WGEKZTJiZ2hKRThQdUZ0bUdzekhlQVpBeWNueHM1L1J3cU1ieVBPbDFuL3FlU2RJMUg5QnMvNUQwZk1tUEFQMm94aQozZ3B2cXhRbzZwdE5PMGwxUnVBcmZmKytQKzNqd2RNdWpDMDdWVW9HZUpsbWoxNUpLbTZRQWJ1cURnejEyaDNjCmYvUzg5bWJWeXowZXMwMktTQnRqVm5RRTBlSVdGakg1SnVyVEU0bEJpT1hWbktHSUZnQXYzZ3pxeXZsdUo3VVgKUml5TC9UaVp1VS9aSnFtQlJpQyttWGpiUndlVTRvMW1mNGlrN1dPQXIzY2FNOUUzQVgvaDlMbzhYTXhDM1hqVAphdkZta2NnWXZhSlhicWhqak9VWVhlNmo1UmN6dnNUVk8wOXBsL3RlTld3Mkx4ZmFsUUlEQVFBQm8xTXdVVEFkCkJnTlZIUTRFRmdRVTNybmVhNVBoVFVzMVJCSG1ZT0lSdmdpR0p1Z3dId1lEVlIwakJCZ3dGb0FVM3JuZWE1UGgKVFVzMVJCSG1ZT0lSdmdpR0p1Z3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBR3F4emxpdHVrVlFhUFZENmFZSC9xQ0IyRnh5WW1WU3pBVGJncGlwU3JrZHFBWmJRVUNQdXUvSnVMdGlSCjBuYXFicHkzZ2J6K0IzY1VPZlJjQWpxd2VQclpRMUVOTVF4TUZGZEJ2MG51Tko2TllFWWlKUEVhSFlhdE1IZlgKaXVndTZwcXNmZW56dlROMG1MeGx0eDBycVdXNnFiT1k4OGdVKzA1bXl2c0dTUjdWUldsQ2Yyc1FnQmtteWJHbgozSTBuaFFMVHd1N2Y2VkUrd21GeEhlUDl3OWN1Mk8wbFdMV1ZHTno1ZExybGdDcCsrdWttZDlMOFlPbW1tT3lVCkhVVm5rOGY5Ykk2NG9ENjNNS0M2UU83Kzk0ZnRETFBSRFZxVHBReE5pV25QOWl2M0lIVlQvUS93TkN5OVNYQUIKRzJ3Qm1nLzJ0eFY0S09HSHRCamxlb1BxcUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZBekNDQSt1Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFEREF0c2IyNW4KYUc5eWJpMWpZVEFnRncweU5EQXhNall4TnpVNU16aGFHQTh6TURJek1EVXlPVEUzTlRrek9Gb3dHekVaTUJjRwpBMVVFQXd3UWJHOXVaMmh2Y200dFltRmphMlZ1WkRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUpOcXpVVnlHUG8wK3ZoNHl1d0lHYkkydXZNRm4wc3ZaMmlBZjlGRmdHRmFTU25PbnAycElWajkKcVl0UjluM1JwT0lDdUhvS1hucmQ5OWJxZlpTRXBwam1tTTIvYXFMcWZPVkRLWkQ2eURkZ2FhQ3U3NWo4UHBoQgpKOGFHKzlUMGJzaEhHbDRRamZHb0wrK3ZtemxQdk9vWGcwMW5uN29IRjVWcmtjNmNMRm1qazRGM0J4Z0lGL25aCmNiVVRlMFV0anBMazRvV1RHNll6aUVzbTY0cEJHWkc0TzZidkZpWnZzeFlqSy83RFVHUEdHOS9GTUw2SC9RNXEKQ3NKMjNsbU5MdnJtOUNCb3pUTWcvbUpPcDVyOVVkdDdHbGExM1BEcG0rUEpwMVpreENmdlZOUzd2ZWtmUXM4ZAovbXlkQ2xRLzQ4RUZHTm0vVkluM1NXeUhZOUhXTEowQ0F3RUFBYU9DQWxNd2dnSlBNSUlDQ3dZRFZSMFJCSUlDCkFqQ0NBZjZDRUd4dmJtZG9iM0p1TFdKaFkydGxibVNDSUd4dmJtZG9iM0p1TFdKaFkydGxibVF1Ykc5dVoyaHYKY200dGMzbHpkR1Z0Z2lSc2IyNW5hRzl5YmkxaVlXTnJaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQwpFV3h2Ym1kb2IzSnVMV1p5YjI1MFpXNWtnaUZzYjI1bmFHOXliaTFtY205dWRHVnVaQzVzYjI1bmFHOXliaTF6CmVYTjBaVzJDSld4dmJtZG9iM0p1TFdaeWIyNTBaVzVrTG14dmJtZG9iM0p1TFhONWMzUmxiUzV6ZG1PQ0YyeHYKYm1kb2IzSnVMV1Z1WjJsdVpTMXRZVzVoWjJWeWdpZHNiMjVuYUc5eWJpMWxibWRwYm1VdGJXRnVZV2RsY2k1cwpiMjVuYUc5eWJpMXplWE4wWlcyQ0syeHZibWRvYjNKdUxXVnVaMmx1WlMxdFlXNWhaMlZ5TG14dmJtZG9iM0p1CkxYTjVjM1JsYlM1emRtT0NHR3h2Ym1kb2IzSnVMWEpsY0d4cFkyRXRiV0Z1WVdkbGNvSW9iRzl1WjJodmNtNHQKY21Wd2JHbGpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJZSXNiRzl1WjJodmNtNHRjbVZ3YkdsagpZUzF0WVc1aFoyVnlMbXh2Ym1kb2IzSnVMWE41YzNSbGJTNXpkbU9DREd4dmJtZG9iM0p1TFdOemFZSWNiRzl1CloyaHZjbTR0WTNOcExteHZibWRvYjNKdUxYTjVjM1JsYllJZ2JHOXVaMmh2Y200dFkzTnBMbXh2Ym1kb2IzSnUKTFhONWMzUmxiUzV6ZG1PQ0VHeHZibWRvYjNKdUxXSmhZMnRsYm1TSEJIOEFBQUV3SFFZRFZSME9CQllFRklkdwpxZlQ5WmxUcVQrYkk5QnhuYnJtS3V1R1BNQjhHQTFVZEl3UVlNQmFBRk42NTNtdVQ0VTFMTlVRUjVtRGlFYjRJCmhpYm9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ5UFdBTzlZbjI3Ym84QmgwbGVKWGNieUpDWjV1aGczREUKdzZuRU9rT3ZndCtkUXNYSDdqL0F1K3F0V0I1b0owY01aOVJjUkhEczZ4ZVp3S2Q3c1FxZE92dVJGUUZ3SW9tdgpDTGd4L1F6TzJucDlQZnNGV253ODNILzM5N3pyNnpSd2thWXRSYlZISGNSbGd4c1orLzhjc2FVZVhXdEZvQWdkCnNMckpWR2IwTWdkc0s4RlJFa2JpUWJLZDd6YXg0RDdzQVFWaUVYMmw2NUpBOG5WcUx1U2ZsWENZNDZGUWs4RXEKT3hWdGFWeE00bS9hWW1tQkxOVklrakMvVVZzL1NadGxrRFNOQjFqaFlkVWkralZvYlZFZURNS0Jhakl1bzAxUwpVWDZXUCt2dEFWZEVVb1Nqc0dqZzRMTVlNWGhpUDlRMnZlK1dDOExCeGZBaHZIRUUzaGo3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1RhczFGY2hqNk5QcjQKZU1yc0NCbXlOcnJ6Qlo5TEwyZG9nSC9SUllCaFdra3B6cDZkcVNGWS9hbUxVZlo5MGFUaUFyaDZDbDU2M2ZmVwo2bjJVaEthWTVwak52MnFpNm56bFF5bVErc2czWUdtZ3J1K1kvRDZZUVNmR2h2dlU5RzdJUnhwZUVJM3hxQy92CnI1czVUN3pxRjROTlo1KzZCeGVWYTVIT25DeFpvNU9CZHdjWUNCZjUyWEcxRTN0RkxZNlM1T0tGa3h1bU00aEwKSnV1S1FSbVJ1RHVtN3hZbWI3TVdJeXYrdzFCanhodmZ4VEMraC8wT2FnckNkdDVaalM3NjV2UWdhTTB6SVA1aQpUcWVhL1ZIYmV4cFd0ZHp3Nlp2anlhZFdaTVFuNzFUVXU3M3BIMExQSGY1c25RcFVQK1BCQlJqWnYxU0o5MGxzCmgyUFIxaXlkQWdNQkFBRUNnZ0VBUjVYTzdXQ3RHVjg5MmdmS1Bsam1wWUJuUXhqaFZDREdYZHc4ZFZLRE40TWcKMFNEcExGVlRnTVBaSDNMak9CRGtPTzRxUi9VZUVSc1Z2WExzSFlGVzV4dmZhdFgvZ2ZKTlNRVld1M1RVWWZPNwpCMUM3djdZSjdXU0NYS2p5eEdRWUljQkpZUkUzNUhnUUl4dkt6RWRZelBJekRCVDhYdGtQempySXVLUms4dmU3CnVNNkY0TE9tNEhtL0xIWlZteVNpNGhxQkhtSWEzS1diVEhGRGk5ODBqZm0vQjVORWNzV0sxSk96TW1DeS9lV0gKSU9jK0p4Nmk5dFk3YTliQ3ladlBzVFFOazV3dXlTaUQvMFloTVhBalBUVGNnRDlYL2xSRGtKRjVzejd5UXk4Ngpyemw0UU9QMXpSWG04Ykt6WUxCcFpxc2M1em4wcEdrTXJzd2ZXYmxXbndLQmdRREZhQWZQWXExRVdpMmd4WFE2ClFHZkRWQk1UK0pNSGIyZE4wL3k2NkVzS2huc2dEN2tFOVFqdm4vSnVCd3haRXZveDhPcHhzdFU0UjM2YmNHYnQKYUUyOTFyU3BDckpwK1R3OVVmamg0SlB3c1R0bjZvZXNjaVZHcDZGMzVlaFZTQlNnaVJ2L2hEdXhQaThwVWFRagpGS1FDbFhFTkliU3MwNy9oNFdYdzFjVmNYd0tCZ1FDL0xGVUdSSGl4bnNYelJsRkhITHZ1Znk1eSswSmNTcFVnCmFncFN3MFFNRE04VWpybnVIc3lxWXlBbkk4c1UyVXdJUVlFNkU5cEwrWWNVRVVrYUJsU2wyYkNibWVFVkpLZVkKOWlpUmwvejZ5T2Y1WlJ0Y09MdVhBRUtabTU4WVd0bFRaWGJvYnd3RVZNa1N0KzJNWml1SjZrQjlyMnRoOWxySwpMNG16SVRFWWd3S0JnUUNmTVA5clhGWUIwdjhNc1c3RE13RDZZYWhvNklJWTh0dkp4WFAvZmloVnVwRThEN0hTCnI0K2ZQY3NRczVwZmtwQTFDZVRsLzZNMm1XRWVGSXpNVXRxdWhxQjEyV3g3VFVRbzV4dmZlMjJTSWpxWDJHZkUKeHVBTWxFNEFGR1ZCc0xrQnBNL3hSRCttOVZDdTcybC82THRDWWlVaXc5V2hzYmtCZlBUcVBGbkYzUUtCZ0RidwpkSmJTZ3FUNDdnWlZ4UEhjemgxaUsyVWIxQnhWeXJsLy8rdDg5a2RJUHhLM1diT1c0bFp0R2tabFFPMkM3UmpLClNtcjRYWm5MNGdmZ1Y5UEUwZnEvcnNObzI0aUoraWc1UmJ0aHBIQWw0SlNKZSsxcTJHNHl3dkVHQ2hpanN5VUcKV2IrK2VnT2NvaFJoQzBGMzh6YzFQTWRoN0VoQTFpS1l1c2ZoMkF3bEFvR0JBTDBtOW9od1lhK3N0aytQTUI0SgpSaE1WeHNGUzlBRENXQ01jVHFrVktHQnRseVc3S1Q0ZVh4NGRFVUpYQktnaVJURVI1VCtyMzI4OVdEd05HWTIzCmFuN0dHTThCSHJ4WVdKdGtpOEFnNE1scHkvbS9YN1c4bkFjUjZpSGVVWEpPL21pa21ydjR4M0ZKODNJK2RUZlAKLy9QaU4rOFkyR1VHMGNYSzlsbFFaT0dKCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \ No newline at end of file