fix: explicitly set insecureSkipTLSVerify as disabled for upgrades (#… #625
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Helm Chart CI (Core) | |
on: | |
# Trigger the workflow on push or pull request, | |
# but only for the main branch | |
push: | |
branches: | |
- main | |
paths: | |
- '.github/workflows/ci-core.yml' | |
- 'keda/**' | |
pull_request: | |
branches: | |
- main | |
- release/* | |
paths: | |
- '.github/workflows/ci-core.yml' | |
- 'keda/**' | |
jobs: | |
lint-helm-3-x: | |
name: Lint Helm Chart | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Helm install | |
uses: Azure/setup-helm@v3 | |
- name: Lint 'KEDA' Helm chart | |
run: helm lint keda | |
deploy-helm-3-x: | |
name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} in '${{matrix.namespace}}' namespace (${{ (matrix.enableAzureWorkloadIdentity == true && 'With Azure Workload Identity') || 'Without Azure Workload Identity' }} | ${{ (matrix.enableCertManager == true && 'With cert-manager') || 'Without cert-manager' }}) | |
needs: lint-helm-3-x | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
enableAzureWorkloadIdentity: [false, true] | |
kubernetesVersion: [v1.28, v1.27, v1.26, v1.25] | |
namespace: ["keda", "not-keda"] | |
enableCertManager: [false, true] | |
include: | |
# Azure Workload Identity | |
- enableAzureWorkloadIdentity: true | |
tenantId: contoso | |
clientId: ABC | |
- enableAzureWorkloadIdentity: false | |
tenantId: "" | |
clientId: "" | |
# Images are defined on every Kind release | |
# See https://github.com/kubernetes-sigs/kind/releases | |
- kubernetesVersion: v1.28 | |
kindImage: kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 | |
- kubernetesVersion: v1.27 | |
kindImage: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 | |
- kubernetesVersion: v1.26 | |
kindImage: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb | |
- kubernetesVersion: v1.25 | |
kindImage: kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Helm install | |
uses: Azure/setup-helm@v3 | |
- name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster | |
uses: helm/kind-action@main | |
with: | |
node_image: ${{ matrix.kindImage }} | |
- name: Show Kubernetes version | |
run: | | |
kubectl version | |
- name: Show Kubernetes nodes | |
run: | | |
kubectl get nodes -o wide | |
- name: Show Helm version | |
run: | | |
helm version | |
- name: Generate values | |
run: | | |
cat <<EOF > test-values.yaml | |
image: | |
keda: | |
tag: main | |
metricsApiServer: | |
tag: main | |
webhooks: | |
tag: main | |
podIdentity: | |
azureWorkload: | |
enabled: ${{ matrix.enableAzureWorkloadIdentity }} | |
tenantId: ${{ matrix.tenantId }} | |
clientId: ${{ matrix.clientId }} | |
podDisruptionBudget: | |
operator: | |
maxUnavailable: 1 | |
metricServer: | |
maxUnavailable: 1 | |
webhooks: | |
maxUnavailable: 1 | |
prometheus: | |
operator: | |
enabled: true | |
podMonitor: | |
enabled: true | |
serviceMonitor: | |
enabled: true | |
relabelings: | |
- regex: (go_.*) | |
action: drop | |
webhooks: | |
enabled: true | |
serviceMonitor: | |
enabled: true | |
relabelings: | |
- regex: (go_.*) | |
action: drop | |
metricServer: | |
enabled: true | |
serviceMonitor: | |
enabled: true | |
relabelings: | |
- regex: (go_.*) | |
action: drop | |
webhooks: | |
failurePolicy: Fail | |
certificates: | |
autoGenerated: true | |
certManager: | |
enabled: ${{ matrix.enableCertManager }} | |
generateCA: true | |
extraObjects: | |
- apiVersion: keda.sh/v1alpha1 | |
kind: ClusterTriggerAuthentication | |
metadata: | |
name: aws-credentials | |
namespace: keda | |
annotations: | |
helm.sh/hook: post-install | |
spec: | |
podIdentity: | |
provider: aws-eks | |
additionalAnnotations: | |
sample: "annotation" | |
service: | |
additionalAnnotations: | |
hello: "cloud-native world" | |
EOF | |
- name: Install deps | |
run: | | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo update | |
helm install prometheus-stack prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace --wait | |
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true | |
- name: Create KEDA's namespace (${{ matrix.namespace }}) | |
run: kubectl create ns ${{ matrix.namespace }} | |
- name: Template Helm chart | |
run: helm template keda ./keda/ --namespace ${{ matrix.namespace }} --values test-values.yaml | |
- name: Install Helm chart | |
run: helm install keda ./keda/ --namespace ${{ matrix.namespace }} --values test-values.yaml --wait | |
- name: Show Kubernetes resources | |
run: kubectl get all --namespace ${{ matrix.namespace }} | |
if: always() | |
- name: Get all CRDs | |
run: kubectl get crds -o wide | |
- name: Verify clustertriggerauthentications.keda.sh CRD is installed | |
run: kubectl get crd/clustertriggerauthentications.keda.sh -o wide | |
- name: Verify triggerauthentications.keda.sh CRD is installed | |
run: kubectl get crd/triggerauthentications.keda.sh -o wide | |
- name: Verify scaledjobs.keda.sh CRD is installed | |
run: kubectl get crd/scaledjobs.keda.sh -o wide | |
- name: Verify scaledobjects.keda.sh CRD is installed | |
run: kubectl get crd/scaledobjects.keda.sh -o wide | |
- name: Get all ScaledObjects | |
run: kubectl get scaledobjects -o wide | |
- name: Get all ScaledJobs | |
run: kubectl get scaledjobs -o wide | |
- name: Get all TriggerAuthentication | |
run: kubectl get triggerauth -o wide | |
- name: Get all ClusterTriggerAuthentication | |
run: kubectl get clustertriggerauth -o wide | |
- name: Deploy Nginx with autoscaling | |
run: kubectl apply -f ./samples/nginx-scaledobject.yml | |
- name: Get our Nginx ScaledObject | |
run: kubectl get scaledobjects/nginx-autoscaling -o wide | |
if: always() |