Skip to content

Add SCC for clusterController on OpenShift #2851

Add SCC for clusterController on OpenShift

Add SCC for clusterController on OpenShift #2851

Workflow file for this run

name: Chart build
on:
workflow_dispatch: {}
# Normally using pull_request_target along with checking out the ref of the PR is not
# a good idea, but this is low risk since it's a Helm chart repo.
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review]
# pull_request:
# branches:
# - develop
jobs:
test-chart:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
# Lint all chart values including those in the ci directory.
- name: Run chart-testing (lint)
run: ct lint --chart-dirs=cost-analyzer/ --charts cost-analyzer/ --validate-maintainers=false
# Run `helm template` on the main values file plus all those in the ci directory.
- name: Helm template
run: |
helm template cost-analyzer/ -f cost-analyzer/values.yaml > full.yaml
directory="cost-analyzer/ci"
for file in "$directory"/*; do
if [ -f "$file" ]; then
helm template cost-analyzer/ -f "$file" >> full.yaml
fi
done
# Run Kubeconform on the combined, templatized output across all tested values stored in `full.yaml`.
# Ensure all the rendered resources are valid.
- name: Kubeconform
uses: docker://ghcr.io/yannh/kubeconform:latest
with:
entrypoint: /kubeconform
args: "-summary -ignore-missing-schemas -output text full.yaml"
# Test cluster versions.
deploy-chart:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.22
version: v1.22.17
- name: v1.23
version: v1.23.17
- name: v1.24
version: v1.24.17
- name: v1.25
version: v1.25.16
- name: v1.26
version: v1.26.15
- name: v1.27
version: v1.27.16
- name: v1.28
version: v1.28.13
- name: v1.29
version: v1.29.8
- name: v1.30
version: v1.30.4
- name: v1.31
version: v1.31.0
needs: test-chart
name: ${{ matrix.k8s-version.name }} test
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Create KinD cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: v0.20.0
node_image: kindest/node:${{ matrix.k8s-version.version }}
kubectl_version: ${{ matrix.k8s-version.version }}
# Create necessary test files in the cluster. Some configurations of the chart
# require pre-existing files like Secrets in order for volume mounts to be valid. Without them,
# Pods won't come up and tests will fail.
- name: Create kubecost Namespace and test files
run: |
kubectl create ns kubecost
kubectl -n kubecost create -f .github/ci-files
# Install the chart with default values and check results.
- name: Install Kubecost chart
working-directory: ./cost-analyzer
run: helm install --wait --wait-for-jobs kubecost . -n kubecost
# run: ct install --namespace kubecost --chart-dirs=cost-analyzer/ --charts cost-analyzer/
- name: Wait for ready
run: kubectl wait -n kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s
- name: Run Helm tests
run: helm test -n kubecost kubecost
- name: Uninstall chart
run: helm uninstall kubecost -n kubecost --no-hooks --wait
- name: Cleanup all Pods in Kubecost Namespace
run: kubectl -n kubecost delete deployments,daemonsets,statefulsets,pods --all --force
# Loops over all the other values files in the ci directory and installs the chart, runs Helm tests, and uninstalls.
# Additional sleeps seem necessary for the main Kubecost Pod to be completely available, both frontend and backend.
- name: Install, test, remove chart for other values
id: loopingtests
run: |
directory="cost-analyzer/ci"
for file in "$directory"/*; do
if [ -f "$file" ]; then
echo "### Sleeping for 30 seconds ###"
sleep 30
echo "### Performing installation with values from $file ###"
helm install --wait --wait-for-jobs kubecost cost-analyzer/ -n kubecost -f "$file"
echo "### Waiting for cost-analyzer Pod readiness. ###"
kubectl wait -n kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s
echo "### Sleeping for 60 seconds longer. ###"
sleep 60
echo "### [DEBUG] Listing Pods in Kubecost Namespace. ###"
kubectl -n kubecost get pods
echo "### Performing helm tests ###"
helm test -n kubecost $(helm ls -n kubecost --all --short)
echo "### Performing uninstallation ###"
helm uninstall $(helm ls -n kubecost --all --short) -n kubecost --no-hooks --wait
echo "### Cleaning up all Pods and Pod controllers in Kubecost Namespace ###"
kubectl -n kubecost delete deployments,daemonsets,statefulsets,pods --all --force
fi
done
deploy-ocp:
runs-on: ubuntu-latest
needs: test-chart
strategy:
matrix:
cluster:
- distribution: openshift
version: 4.13.0-okd
- distribution: openshift
version: 4.14.0-okd
- distribution: openshift
version: 4.15.0-okd
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
# Outputs: `cluster-kubeconfig`, `cluster-id`
- name: Create Cluster
id: create-cluster
uses: replicatedhq/compatibility-actions/create-cluster@v1
with:
kubernetes-distribution: ${{ matrix.cluster.distribution }}
kubernetes-version: ${{ matrix.cluster.version }}
cluster-name: ${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}
timeout-minutes: 10
ttl: 10m
export-kubeconfig: true
api-token: ${{ secrets.REPLICATED_API_TOKEN }}
# kubeconfig-path: /tmp/kubeconfig # optional, specifies path for Kubeconfig file
- name: Create kubecost Namespace and test files
run: |
kubectl create ns kubecost
kubectl -n kubecost create -f .github/ci-files
# Install the chart with OCP values and check results.
- name: Install Kubecost chart with OCP values
working-directory: ./cost-analyzer
run: |
helm install --wait --wait-for-jobs kubecost . -n kubecost -f values-openshift.yaml \
--set global.platforms.openshift.route.enabled=true \
--set global.platforms.openshift.scc.nodeExporter=true \
--set global.platforms.openshift.scc.networkCosts=true \
--set networkCosts.enabled=true \
--set prometheus.nodeExporter.enabled=true
# run: ct install --namespace kubecost --chart-dirs=cost-analyzer/ --charts cost-analyzer/
- name: Wait for ready
run: kubectl wait -n kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s
- name: Run Helm tests
run: helm test -n kubecost kubecost
- name: Remove Cluster
id: remove-cluster
uses: replicatedhq/compatibility-actions/remove-cluster@v1
continue-on-error: true
with:
api-token: ${{ secrets.REPLICATED_API_TOKEN }}
cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}
deploy-eks:
runs-on: ubuntu-latest
needs: test-chart
strategy:
matrix:
cluster:
- distribution: eks
version: v1.28
- distribution: eks
version: v1.29
- distribution: eks
version: v1.30
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
# Outputs: `cluster-kubeconfig`, `cluster-id`
- name: Create Cluster
id: create-cluster
uses: replicatedhq/compatibility-actions/create-cluster@v1
with:
kubernetes-distribution: ${{ matrix.cluster.distribution }}
kubernetes-version: ${{ matrix.cluster.version }}
cluster-name: ${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}
timeout-minutes: 10
ttl: 10m
export-kubeconfig: true
api-token: ${{ secrets.REPLICATED_API_TOKEN }}
# kubeconfig-path: /tmp/kubeconfig # optional, specifies path for Kubeconfig file
- name: Create kubecost Namespace and test files
run: |
kubectl create ns kubecost
kubectl -n kubecost create -f .github/ci-files
# Install the chart with EKS values and check results.
- name: Install Kubecost chart with EKS values
working-directory: ./cost-analyzer
run: |
helm install --wait --wait-for-jobs kubecost . -n kubecost -f values-eks-cost-monitoring.yaml \
--set persistentVolume.storageClass=gp2 \
--set prometheus.server.persistentVolume.storageClass=gp2
# run: ct install --namespace kubecost --chart-dirs=cost-analyzer/ --charts cost-analyzer/
- name: Wait for ready
run: kubectl wait -n kubecost --for=condition=ready pod --selector app.kubernetes.io/name=cost-analyzer --timeout=120s
- name: Run Helm tests
run: helm test -n kubecost kubecost
- name: Remove Cluster
id: remove-cluster
uses: replicatedhq/compatibility-actions/remove-cluster@v1
continue-on-error: true
with:
api-token: ${{ secrets.REPLICATED_API_TOKEN }}
cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}