Copy tls.crt to ca.crt always unless ca.crt exists #107
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Qualif | |
on: | |
push: | |
branches: | |
- "*" | |
pull_request: | |
branches: | |
- "master" | |
- "bitnami" | |
jobs: | |
qualif: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v1 | |
- name: Lint | |
shell: bash | |
run: | | |
helm lint . | |
- name: setup cluster | |
shell: bash | |
run: | | |
curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 | |
chmod +x /tmp/kind | |
/tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac | |
kubectl apply -f https://projectcontour.io/quickstart/contour.yaml | |
kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}' | |
- name: setup chaos mesh | |
shell: bash | |
run: | | |
curl -sSL https://mirrors.chaos-mesh.org/v2.1.3/install.sh | bash -s -- --local kind | |
- name: setup certs | |
shell: bash | |
run: | | |
openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout tls.key -out tls.crt -days 365 | |
cp tls.crt ca.crt | |
kubectl create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt | |
- name: deploy openldap-stack-ha | |
shell: bash | |
run: | | |
cd "$GITHUB_WORKSPACE" | |
helm install openldap-stack-ha -f .bin/myval.yaml . | |
kubectl rollout status sts openldap-stack-ha | |
- name: verify deployment | |
shell: bash | |
run: | | |
echo "test access to openldap database" | |
sudo apt-get install -y ldap-utils | |
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' | |
- name: test phpldapadmin access | |
shell: bash | |
run: | | |
echo "test access to phpldapadmin" | |
echo "127.0.0.1 phpldapadmin.example ssl-ldap2.example" | sudo tee -a /etc/hosts | |
curl phpldapadmin.example:8080 | |
- name: test self service pwd access | |
shell: bash | |
run: | | |
echo "test access to ssp" | |
curl ssl-ldap2.example:8080 | |
- name: verify certs | |
shell: bash | |
run: | | |
echo "verify certificate" | |
openssl s_client -showcerts -connect localhost:30636 </dev/null | grep "issuer=CN = example.com" | |
- name: apply chaos tests | |
shell: bash | |
run: | | |
echo "test access to openldap database" | |
kubectl apply -f .bin/chaos.yaml | |
- name: test write | |
shell: bash | |
run: | | |
echo "test access to openldap database" | |
LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/user.ldif | |
LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt | |
if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 5 ]; then exit 1 ; fi | |
if ! grep -q "objectClass: ownCloud" /tmp/test-write.txt; then echo exit 1; fi | |
- name: chaos tests | |
shell: bash | |
run: | | |
echo "test access to openldap database" | |
for i in {1..20}; do LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done | |
- name: deploy openldap-stack-ha-single-node | |
shell: bash | |
run: | | |
helm delete openldap-stack-ha | |
cd "$GITHUB_WORKSPACE" | |
helm install openldap-stack-ha -n single --create-namespace -f .bin/singleNode.yaml . | |
kubectl rollout status sts openldap-stack-ha -n single | |
- name: verify single node deployment | |
shell: bash | |
run: | | |
echo "test access to openldap database" | |
sudo apt-get install -y ldap-utils | |
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-single-node.txt | |
cat /tmp/test-single-node.txt | |
if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi | |