backend: Fix missing k8s token when in "in-cluster" mode #5178
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# "Setup minikube as CI step in GitHub Actions" | |
# https://minikube.sigs.k8s.io/docs/tutorials/setup_minikube_in_github_actions/ | |
# https://github.com/marketplace/actions/setup-minikube | |
name: Build Container and test | |
on: | |
pull_request: | |
paths: | |
- 'backend/**' | |
- 'frontend/**' | |
- Makefile | |
- '.github/**' | |
- Dockerfile | |
- Dockerfile.plugins | |
- 'e2e-tests/**' | |
push: | |
branches: | |
- main | |
- rc-* | |
- testing-rc-* | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
name: build discover and deploy | |
permissions: | |
actions: write # needed to upload artifacts | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 | |
with: | |
node-version: 20.x | |
- name: Start cluster | |
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.0.0 | |
with: | |
cluster_name: test | |
# now you can run kubectl to see the pods in the cluster | |
- name: Try the cluster! | |
run: kubectl get pods -A | |
- name: Restore image-cache Folder | |
id: cache-image-restore | |
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: ~/image-cache | |
# cache the container image. All the paths this PR depends on except the e2e-tests folder for the key. | |
key: ${{ runner.os }}-image-${{ hashFiles('backend/pkg/**', 'backend/cmd/**', 'backend/go.*', 'frontend/src/**', 'frontend/package.json', 'frontend/package-lock.json', 'Makefile', '.github/workflows/build-container.yml', 'Dockerfile', 'Dockerfile.plugins') }} | |
- name: Restore Cached Docker Images | |
if: steps.cache-image-restore.outputs.cache-hit == 'true' | |
run: | | |
export SHELL=/bin/bash | |
docker load -i ~/image-cache/headlamp-plugins-test.tar | |
docker load -i ~/image-cache/headlamp.tar | |
- name: Make a .plugins folder for testing later | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
run: | | |
echo "Extract pod-counter plugin into .plugins folder, which will be copied into image later by 'make image'." | |
cd plugins/examples/pod-counter | |
npm ci | |
npm run build | |
cd ../../../ | |
cd plugins/headlamp-plugin | |
npm ci | |
node bin/headlamp-plugin.js extract ../examples/pod-counter ../../.plugins/ | |
cd ../../ | |
ls -laR .plugins | |
- name: Remove unnecessary files | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
run: | | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
- name: Build image | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
run: | | |
export SHELL=/bin/bash | |
DOCKER_IMAGE_VERSION=latest make image | |
DOCKER_IMAGE_VERSION=latest DOCKER_PLUGINS_IMAGE_NAME=headlamp-plugins-test make build-plugins-container | |
echo -n "verifying images:" | |
docker images | |
- name: Import images to kind | |
run: | | |
export SHELL=/bin/bash | |
kind load docker-image ghcr.io/headlamp-k8s/headlamp-plugins-test:latest --name test | |
kind load docker-image ghcr.io/headlamp-k8s/headlamp:latest --name test | |
- name: Test .plugins folder | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
run: | | |
export SHELL=/bin/bash | |
echo "----------------------------" | |
echo "Test .plugins folder is copied to the right place in the image by 'make image'" | |
echo "--- Files in the image /headlamp/ folder: ---" | |
docker run --rm --entrypoint=/bin/sh ghcr.io/headlamp-k8s/headlamp:latest -c "cd /headlamp/ && find ." | |
echo "----- Checking if the .plugins/ are copied to the right place in the image -----" | |
docker run --rm --entrypoint=/bin/sh ghcr.io/headlamp-k8s/headlamp:latest -c "set -e; (cd /headlamp/plugins && [ -e pod-counter/package.json ] && [ -e pod-counter/main.js ]) || exit 1" | |
echo "----- Checking if the plugins/example folder match copied docker plugins -----" | |
# List contents of /plugins inside the container | |
docker_output=$(docker run --rm --entrypoint=/bin/sh ghcr.io/headlamp-k8s/headlamp-plugins-test:latest -c "set -e; ls /plugins || exit 1") | |
# Get the list of folders inside the examples folder | |
examples_folder="plugins/examples" | |
examples_content=$(ls "$examples_folder") | |
# Check if the Docker output matches the examples folder content | |
if [[ "$docker_output" == "$examples_content" ]]; then | |
echo "Docker output matches examples folder content" | |
else | |
echo "Docker output does not match examples folder content" | |
echo "Docker output: $docker_output" | |
echo "----------------------------" | |
echo "Examples content: $examples_content" | |
exit 1 | |
fi | |
- name: Deploy to cluster | |
run: kubectl apply -f e2e-tests/kubernetes-headlamp-ci.yaml | |
- name: Run e2e tests | |
run: | | |
echo "------------------------------------sleeping 12...------------------------------------" | |
sleep 12 | |
kubectl get services --all-namespaces | |
kubectl get deployments -n kube-system | |
echo "------------------Waiting for headlamp deployment to be available...------------------" | |
kubectl wait deployment -n kube-system headlamp --for condition=Available=True --timeout=30s | |
echo "----------------------------------Opening the service----------------------------------" | |
IP_ADDRESS=$(kubectl get nodes -o=jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') | |
SERVICE_PORT=$(kubectl get services headlamp -n kube-system -o=jsonpath='{.spec.ports[0].nodePort}') | |
export SERVICE_URL="http://${IP_ADDRESS}:${SERVICE_PORT}" | |
echo $SERVICE_URL | |
curl -L $SERVICE_URL | grep -q "Headlamp: Kubernetes Web UI" | |
echo "--------------------------------Getting HEADLAMP_TOKEN--------------------------------" | |
kubectl create serviceaccount headlamp-admin --namespace kube-system | |
kubectl create clusterrolebinding headlamp-admin --serviceaccount=kube-system:headlamp-admin --clusterrole=cluster-admin | |
export HEADLAMP_TOKEN=$(kubectl create token headlamp-admin --duration 24h -n kube-system) | |
echo "---------------------------------Certificate handling---------------------------------" | |
export KUBECONFIG=$HOME/.kube/config | |
ca_data=$(yq e '.clusters[0].cluster."certificate-authority-data"' $KUBECONFIG | base64 --decode) | |
echo "$ca_data" > ca.crt | |
kubectl config set-cluster kind-test --certificate-authority=$(pwd)/ca.crt --server=https://${IP_ADDRESS}:${SERVICE_PORT} | |
kubectl config unset clusters.kind-test.certificate-authority-data | |
cc_data=$(yq e '.users[0].user."client-certificate-data"' $KUBECONFIG | base64 --decode) | |
echo "$cc_data" > client.crt | |
ck_data=$(yq e '.users[0].user."client-key-data"' $KUBECONFIG | base64 --decode) | |
echo "$ck_data" > client.key | |
kubectl config set-credentials admin@kind-test --client-certificate=$(pwd)/client.crt --client-key=$(pwd)/client.key | |
kubectl config unset [email protected] | |
kubectl config unset [email protected] | |
echo "Modified kubeconfig:" | |
cat $KUBECONFIG | |
echo "-----------------------------Running playwright e2e tests-----------------------------" | |
cd e2e-tests | |
npm ci | |
npx playwright install --with-deps | |
HEADLAMP_TEST_URL=$SERVICE_URL npx playwright test | |
exit_code=$? | |
if [ $exit_code -ne 0 ]; then | |
echo "Playwright tests failed with exit code $exit_code" | |
exit 1 | |
else | |
echo "Playwright tests passed successfully" | |
fi | |
- name: Save Docker Images to Tar files in image-cache Folder | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
run: | | |
export SHELL=/bin/bash | |
mkdir -p ~/image-cache | |
docker save -o ~/image-cache/headlamp-plugins-test.tar ghcr.io/headlamp-k8s/headlamp-plugins-test | |
docker save -o ~/image-cache/headlamp.tar ghcr.io/headlamp-k8s/headlamp | |
- name: Cache image-cache Folder | |
if: steps.cache-image-restore.outputs.cache-hit != 'true' | |
id: cache-image-save | |
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: ~/image-cache | |
key: ${{ steps.cache-image-restore.outputs.cache-primary-key }} | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: always() | |
with: | |
name: e2e-tests-report | |
path: e2e-tests/playwright-report/ | |
retention-days: 30 |