mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Fix to Rotate CA e2e test (#7101)
* Include note on service keys Signed-off-by: Derek Nola <derek.nola@suse.com> * Fix rotate cert ca test Signed-off-by: Derek Nola <derek.nola@suse.com> * Remove periods Signed-off-by: Derek Nola <derek.nola@suse.com> * Add new test to nightly script Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola
GitHub
parent
85b261096c
commit
9980504196
@ -12,13 +12,14 @@
|
|||||||
#
|
#
|
||||||
# This script will also auto-generate certificates and keys for both root and intermediate
|
# This script will also auto-generate certificates and keys for both root and intermediate
|
||||||
# certificate authorities if none are found.
|
# certificate authorities if none are found.
|
||||||
|
# If you have existing certs, you must place then in `DATA_DIR/server/tls`.
|
||||||
# If you have only an existing root CA, provide:
|
# If you have only an existing root CA, provide:
|
||||||
# root-ca.pem
|
# root-ca.pem
|
||||||
# root-ca.key.
|
# root-ca.key
|
||||||
# If you have an existing root and intermediate CA, provide:
|
# If you have an existing root and intermediate CA, provide:
|
||||||
# root-ca.pem
|
# root-ca.pem
|
||||||
# intermediate-ca.pem
|
# intermediate-ca.pem
|
||||||
# intermediate-ca.key.
|
# intermediate-ca.key
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
umask 027
|
umask 027
|
||||||
|
|||||||
8
tests/e2e/rotateca/Vagrantfile
vendored
8
tests/e2e/rotateca/Vagrantfile
vendored
@ -1,6 +1,6 @@
|
|||||||
ENV['VAGRANT_NO_PARALLEL'] = 'no'
|
ENV['VAGRANT_NO_PARALLEL'] = 'no'
|
||||||
NODE_ROLES = (ENV['E2E_NODE_ROLES'] ||
|
NODE_ROLES = (ENV['E2E_NODE_ROLES'] ||
|
||||||
["server-0", "server-1", "server-2", "agent-1"])
|
["server-0", "server-1", "server-2", "agent-0"])
|
||||||
NODE_BOXES = (ENV['E2E_NODE_BOXES'] ||
|
NODE_BOXES = (ENV['E2E_NODE_BOXES'] ||
|
||||||
['generic/ubuntu2204', 'generic/ubuntu2204', 'generic/ubuntu2204', 'generic/ubuntu2204'])
|
['generic/ubuntu2204', 'generic/ubuntu2204', 'generic/ubuntu2204', 'generic/ubuntu2204'])
|
||||||
GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master")
|
GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master")
|
||||||
@ -26,8 +26,12 @@ def provision(vm, role, role_num, node_num)
|
|||||||
vm.provision "shell", inline: "ping -c 2 k3s.io"
|
vm.provision "shell", inline: "ping -c 2 k3s.io"
|
||||||
|
|
||||||
if role.include?("server") && role_num == 0
|
if role.include?("server") && role_num == 0
|
||||||
|
vm.provision 'file' do |scp|
|
||||||
|
scp.source = '../../../contrib/util/generate-custom-ca-certs.sh'
|
||||||
|
scp.destination = '/tmp/generate-custom-ca-certs.sh'
|
||||||
|
end
|
||||||
vm.provision 'custom-ca', type: 'shell', run: 'once' do |script|
|
vm.provision 'custom-ca', type: 'shell', run: 'once' do |script|
|
||||||
script.path = '../../../contrib/util/certs.sh'
|
script.inline = 'bash /tmp/generate-custom-ca-certs.sh'
|
||||||
script.env = {'PRODUCT' => 'vagrant-e2e-test', 'DATA_DIR' => '/var/lib/rancher/k3s'}
|
script.env = {'PRODUCT' => 'vagrant-e2e-test', 'DATA_DIR' => '/var/lib/rancher/k3s'}
|
||||||
end
|
end
|
||||||
vm.provision 'k3s-install', type: 'k3s', run: 'once' do |k3s|
|
vm.provision 'k3s-install', type: 'k3s', run: 'once' do |k3s|
|
||||||
|
|||||||
@ -25,7 +25,7 @@ func Test_E2ECustomCARotation(t *testing.T) {
|
|||||||
RegisterFailHandler(Fail)
|
RegisterFailHandler(Fail)
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
suiteConfig, reporterConfig := GinkgoConfiguration()
|
suiteConfig, reporterConfig := GinkgoConfiguration()
|
||||||
RunSpecs(t, "Secrets Encryption Test Suite", suiteConfig, reporterConfig)
|
RunSpecs(t, "Custom Certificate Rotation Test Suite", suiteConfig, reporterConfig)
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -80,7 +80,7 @@ var _ = Describe("Verify Custom CA Rotation", Ordered, func() {
|
|||||||
cmds := []string{
|
cmds := []string{
|
||||||
"sudo mkdir -p /opt/rancher/k3s/server",
|
"sudo mkdir -p /opt/rancher/k3s/server",
|
||||||
"sudo cp -r /var/lib/rancher/k3s/server/tls /opt/rancher/k3s/server",
|
"sudo cp -r /var/lib/rancher/k3s/server/tls /opt/rancher/k3s/server",
|
||||||
"curl -ksL https://raw.githubusercontent.com/brandond/k3s/custom-cert-gen/contrib/util/certs.sh | sudo DATA_DIR=/opt/rancher/k3s bash -s -",
|
"sudo DATA_DIR=/opt/rancher/k3s /tmp/generate-custom-ca-certs.sh",
|
||||||
}
|
}
|
||||||
for _, cmd := range cmds {
|
for _, cmd := range cmds {
|
||||||
_, err := e2e.RunCmdOnNode(cmd, serverNodeNames[0])
|
_, err := e2e.RunCmdOnNode(cmd, serverNodeNames[0])
|
||||||
@ -89,7 +89,7 @@ var _ = Describe("Verify Custom CA Rotation", Ordered, func() {
|
|||||||
})
|
})
|
||||||
|
|
||||||
It("Rotates CA Certificates", func() {
|
It("Rotates CA Certificates", func() {
|
||||||
cmd := "sudo k3s certificate rotate-ca --path=/opt/rancher/k3s"
|
cmd := "sudo k3s certificate rotate-ca --path=/opt/rancher/k3s/server"
|
||||||
_, err := e2e.RunCmdOnNode(cmd, serverNodeNames[0])
|
_, err := e2e.RunCmdOnNode(cmd, serverNodeNames[0])
|
||||||
Expect(err).NotTo(HaveOccurred())
|
Expect(err).NotTo(HaveOccurred())
|
||||||
})
|
})
|
||||||
|
|||||||
@ -41,6 +41,9 @@ echo 'RUNNING EXTERNAL IP TEST'
|
|||||||
echo 'RUNNING SNAPSHOT AND RESTORE TEST'
|
echo 'RUNNING SNAPSHOT AND RESTORE TEST'
|
||||||
/usr/local/go/bin/go test -v snapshotrestore/snapshotrestore_test.go -nodeOS="$nodeOS" -serverCount=1 -agentCount=1 -timeout=30m -json -ci | tee -a k3s_"$OS".log
|
/usr/local/go/bin/go test -v snapshotrestore/snapshotrestore_test.go -nodeOS="$nodeOS" -serverCount=1 -agentCount=1 -timeout=30m -json -ci | tee -a k3s_"$OS".log
|
||||||
|
|
||||||
|
echo 'RUNNING ROTATE CUSTOM CA TEST'
|
||||||
|
/usr/local/go/bin/go test -v rotateca/rotateca_test.go -nodeOS="$nodeOS" -serverCount=1 -agentCount=1 -timeout=30m -json -ci | tee -a k3s_"$OS".log
|
||||||
|
|
||||||
E2E_RELEASE_CHANNEL="latest" && export E2E_RELEASE_CHANNEL
|
E2E_RELEASE_CHANNEL="latest" && export E2E_RELEASE_CHANNEL
|
||||||
echo 'RUNNING CLUSTER UPGRADE TEST'
|
echo 'RUNNING CLUSTER UPGRADE TEST'
|
||||||
E2E_REGISTRY=true /usr/local/go/bin/go test -v upgradecluster/upgradecluster_test.go -nodeOS="$nodeOS" -serverCount=$((servercount)) -agentCount=$((agentcount)) -timeout=1h -json -ci | tee -a k3s_"$OS".log
|
E2E_REGISTRY=true /usr/local/go/bin/go test -v upgradecluster/upgradecluster_test.go -nodeOS="$nodeOS" -serverCount=$((servercount)) -agentCount=$((agentcount)) -timeout=1h -json -ci | tee -a k3s_"$OS".log
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user