Skip to content

Commit

Permalink
Merge branch 'main' into release
Browse files Browse the repository at this point in the history
  • Loading branch information
marcofranssen committed May 25, 2023
2 parents f7403f4 + efdeb2e commit 191d1f0
Show file tree
Hide file tree
Showing 57 changed files with 1,626 additions and 176 deletions.
8 changes: 4 additions & 4 deletions .github/tests/charts.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
{
"name": "kube-prometheus-stack",
"repo": "https://prometheus-community.github.io/helm-charts",
"version": "45.26.0"
"version": "45.29.0"
},
{
"name": "cert-manager",
"repo": "https://charts.jetstack.io",
"version": "v1.11.1"
"version": "v1.12.0"
},
{
"name": "ingress-nginx",
Expand All @@ -17,11 +17,11 @@
{
"name": "mysql",
"repo": "https://charts.bitnami.com/bitnami",
"version": "9.7.2"
"version": "9.10.1"
},
{
"name": "postgresql",
"repo": "https://charts.bitnami.com/bitnami",
"version": "12.2.2"
"version": "12.5.3"
}
]
20 changes: 20 additions & 0 deletions .github/tests/spire-oidc-insecure/values.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
spire-server:
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
hosts:
- host: ingress-nginx-controller.spire-oidc-insecure
paths:
- path: /
pathType: Prefix

spire-agent:
server:
address: ingress-nginx-controller.spire-oidc-insecure
port: 443

spiffe-oidc-discovery-provider:
enabled: true

Expand Down
13 changes: 13 additions & 0 deletions .github/tests/tornjak/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/usr/bin/env bash

set -x

SCRIPT=$(readlink -f "$0")
SCRIPTPATH=$(dirname "$SCRIPT")

helm install \
--namespace spire-server \
--values "${SCRIPTPATH}/../../../examples/production/values.yaml" \
--values "${SCRIPTPATH}/../../../examples/tornjak/values.yaml" \
spire charts/spire --wait
helm test spire -n spire-server
23 changes: 23 additions & 0 deletions .github/tests/tornjak/post-install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env bash

set -x

SCRIPT="$(readlink -f "$0")"
SCRIPTPATH="$(dirname "${SCRIPT}")"
scenario="${scenario:-$(basename "${SCRIPTPATH}")}"

# shellcheck source=/dev/null
source "${SCRIPTPATH}/../common.sh"

print_helm_releases
print_spire_workload_status spire-server spire-system

kubectl rollout status --watch --timeout 180s --namespace spire-server deployments.apps spire-tornjak-frontend
kubectl -n spire-server get deploy spire-tornjak-frontend
kubectl -n spire-server get service spire-tornjak-frontend


if [[ "$1" -ne 0 ]]; then
get_namespace_details spire-server
get_namespace_details spire-system
fi
6 changes: 6 additions & 0 deletions .github/tests/tornjak/pre-install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env bash

kubectl create namespace spire-system
kubectl label namespace spire-system pod-security.kubernetes.io/enforce=privileged
kubectl create namespace spire-server
kubectl label namespace spire-server pod-security.kubernetes.io/enforce=restricted
1 change: 1 addition & 0 deletions .github/workflows/check-versions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ jobs:
id: cpr
uses: peter-evans/create-pull-request@v5.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: Bump test chart dependencies
branch: bump-test-chart-deps
commit-message: Bump test chart dependencies
Expand Down
60 changes: 60 additions & 0 deletions .github/workflows/helm-chart-ci-ignore.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Helm Chart CI

on:
pull_request:
types: [synchronize, opened, reopened]
paths-ignore:
- 'charts/**'
- '.github/workflows/helm-chart-ci.yaml'
- '.github/kind/conf/kind-config.yaml'
- '.github/tests/**/*.yaml'
- '.github/tests/**/*.sh'
- '.github/tests/**/*.json'
- 'examples/**/*.yaml'
- 'helm-docs.sh'

jobs:
lint-chart:
runs-on: ubuntu-22.04
steps:
- run: 'echo "Skipping linter"'

checks:
runs-on: ubuntu-22.04
steps:
- run: 'echo "Skipping checks"'

build-matrix:
name: Build matrix
runs-on: ubuntu-22.04

steps:
- name: Checkout
uses: actions/checkout@v3.5.2

- id: set-matrix
name: Collect all tests
run: |
tests="$(echo -e "default\n$(find .github/tests -maxdepth 1 -type d | grep -Ev 'tests$' | xargs -I % basename % | sort | uniq)")"
tests_json="$(echo "$tests" | jq -c --slurp --raw-input 'split("\n") | map(select(. != ""))')"
echo "tests=$tests_json" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}

test:
runs-on: ubuntu-22.04
needs:
- build-matrix

strategy:
matrix:
k8s:
- v1.27.0
- v1.26.3
- v1.25.8
values:
- ${{ fromJson(needs.build-matrix.outputs.tests) }}

steps:
- run: 'echo "Skipping tests"'
17 changes: 3 additions & 14 deletions .github/workflows/helm-chart-ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
- '.github/kind/conf/kind-config.yaml'
- '.github/tests/**/*.yaml'
- '.github/tests/**/*.sh'
- '.github/tests/**/*.json'
- 'examples/**/*.yaml'
- 'helm-docs.sh'

Expand Down Expand Up @@ -92,14 +93,6 @@ jobs:
with:
version: ${{ env.CHART_TESTING_VERSION }}

- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.base_ref }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Run chart-testing (lint)
run: |
ct lint --debug ${{ github.base_ref != 'release' && '--check-version-increment=false' || '' }} \
Expand All @@ -114,8 +107,6 @@ jobs:

needs: [lint-chart]

if: needs.lint-chart.outputs.changed == 'true'

steps:
- name: Checkout
uses: actions/checkout@v3.5.2
Expand All @@ -137,8 +128,6 @@ jobs:
- lint-chart
- build-matrix

if: needs.lint-chart.outputs.changed == 'true'

strategy:
fail-fast: false
matrix:
Expand All @@ -153,7 +142,6 @@ jobs:
- v1.24.12
- v1.23.17
- v1.22.17
- v1.21.14
values:
- ${{ fromJson(needs.build-matrix.outputs.tests) }}

Expand All @@ -179,7 +167,7 @@ jobs:
version: ${{ env.CHART_TESTING_VERSION }}

- name: Create kind ${{ matrix.k8s }} cluster
uses: helm/kind-action@v1.5.0
uses: helm/kind-action@v1.7.0
# Only build a kind cluster if there are chart changes to test.
with:
version: v0.18.0
Expand Down Expand Up @@ -209,6 +197,7 @@ jobs:
"${TEST_DIR}/install.sh"
else
ct install --debug \
--charts "charts/spire" \
--namespace "${scenario}" \
--target-branch ${{ github.base_ref }} \
--exclude-deprecated \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Setup cosign
uses: sigstore/cosign-installer@v3.0.3
uses: sigstore/cosign-installer@v3.0.5
with:
cosign-release: v2.0.2

Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ Unless otherwise noted in an application chart README, the following dependencie
|:-----------|:-------------------|
| SPIRE | `1.5.3`+, `1.6.x` |
| Helm | `3.x` |
| Kubernetes | `1.21+` |
| Kubernetes | `1.22+` |

> **Note**: For Kubernetes, we will officially support the last 3 versions as described in [k8s versioning](https://kubernetes.io/releases/version-skew-policy/#supported-versions). Any version before the last 3 we will try to support as long it doesn't bring security issues or any big maintenance burden. *The first version we tested this chart with is `1.21`.*
> **Note**: For Kubernetes, we will officially support the last 3 versions as described in [k8s versioning](https://kubernetes.io/releases/version-skew-policy/#supported-versions). Any version before the last 3 we will try to support as long it doesn't bring security issues or any big maintenance burden. *The first version we tested this chart with is `1.22`.*
## Contributing

Expand Down
8 changes: 6 additions & 2 deletions charts/spire/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: spire
description: >
A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.
type: application
version: 0.7.0
appVersion: "1.6.3"
version: 0.8.0
appVersion: "1.6.4"
keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"]
home: https://github.com/spiffe/helm-charts/tree/main/charts/spire
sources:
Expand Down Expand Up @@ -38,6 +38,10 @@ dependencies:
condition: spiffe-oidc-discovery-provider.enabled
repository: file://./charts/spiffe-oidc-discovery-provider
version: 0.1.0
- name: tornjak-frontend
condition: tornjak-frontend.enabled
repository: file://./charts/tornjak-frontend
version: 0.1.0
annotations:
artifacthub.io/category: security
artifacthub.io/license: Apache-2.0
Loading

0 comments on commit 191d1f0

Please sign in to comment.