Change production example to be an integration test (#237)

* Change production example to be an integration test The documentation is a better example then the test now. Separate the two. Signed-off-by: Kevin Fox <[email protected]> * Fix job name reference Signed-off-by: Kevin Fox <[email protected]> * Fix job name reference Signed-off-by: Kevin Fox <[email protected]> * Update postgresql example Signed-off-by: Kevin Fox <[email protected]> * Update mysql example Signed-off-by: Kevin Fox <[email protected]> * Update nested and mysql Signed-off-by: Kevin Fox <[email protected]> * Fix typo Signed-off-by: Kevin Fox <[email protected]> * Add support for integration tests in the tests/integration dir Signed-off-by: Kevin Fox <[email protected]> * Fix split issue and typo Signed-off-by: Kevin Fox <[email protected]> * Fix split issue Signed-off-by: Kevin Fox <[email protected]> * Try folding example your values into bash so that its not laying around in an fs for a user to accidently use. Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Cleanup Signed-off-by: Kevin Fox <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> Co-authored-by: Faisal Memon <[email protected]>
spiffe · Mar 20, 2024 · 993ee85 · 993ee85
1 parent 72768ec
commit 993ee85
Show file tree

Hide file tree

Showing 16 changed files with 36 additions and 114 deletions.
diff --git a/.github/tests/common.sh b/.github/tests/common.sh
@@ -70,3 +70,23 @@ $(helm ls -A | sed 's/\t/ | /g' | sed 's/^/| /' | sed 's/$/ |/' | sed '/^| NAME.
 
 EOF
 }
+
+# Used just for testing. You should provide your own values as described in the install instructions.
+common_test_your_values () {
+cat > /tmp/$$.example-your-values.yaml <<EOF
+global:
+ spire:
+ recommendations:
+ enabled: true
+ clusterName: production
+ trustDomain: production.other
+ caSubject:
+ country: US
+ organization: Production
+ commonName: production.other
+EOF
+echo "/tmp/$$.example-your-values.yaml"
+}
+
+COMMON_TEST_YOUR_VALUES="$(common_test_your_values)"
+export COMMON_TEST_YOUR_VALUES
diff --git a/.github/workflows/helm-chart-ci.yaml b/.github/workflows/helm-chart-ci.yaml
@@ -343,4 +343,4 @@ jobs:
  verbosity: 1
 
  - name: Install and test example
- run: examples/production/run-tests.sh -u
+ run: tests/integration/production/run-tests.sh -u
diff --git a/examples/external-mysql/README.md b/examples/external-mysql/README.md
@@ -10,13 +10,11 @@ If manually deploying for testing, you can safely put the password into an envir
 source ../bin/readpw.sh
 ```
 
-Next, edit values.yaml with your settings. Check it into your git repo if using one.
+Follow the instructions as described at https://artifacthub.io/packages/helm/spiffe/spire, and copy in the settings from
+examples/external-mysql/values.yaml into your values file.
 
-Then, deploy the chart pointing at your mysql instance like so:
+You can add the password at install runtime like so:
 
 ```shell
-helm upgrade --install --namespace spire-server spire charts/spire -f examples/external-mysql/values.yaml --set "spire-server.dataStore.sql.password=${DBPW}"
+helm upgrade --install --namespace spire-mgmt spire spire -f your-values.yaml --set "spire-server.dataStore.sql.password=${DBPW}" --repo https://spiffe.github.io/helm-charts-hardened/
 ```
-
-See the [production example](../production) for production recommendations.
-See [values.yaml](./values.yaml) for more details on the chart configurations to achieve this setup.
diff --git a/examples/external-mysql/run-tests.sh b/examples/external-mysql/run-tests.sh
@@ -54,6 +54,6 @@ helm upgrade --install mysql mysql --version "$VERSION_MYSQL" --repo "$HELM_REPO
  --wait
 
 helm upgrade --install --namespace "spire-server" \
- --values "${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../production/values.yaml,${SCRIPTPATH}/../production/values-node-pod-antiaffinity.yaml,${SCRIPTPATH}/../production/example-your-values.yaml" \
+ --values "${COMMON_TEST_YOUR_VALUES},${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../misc/values-node-pod-antiaffinity.yaml" \
  --set 'spire-server.dataStore.sql.password=sp1ff3Test' --wait spire charts/spire
 helm test --namespace "spire-server" spire
diff --git a/examples/external-postgresql/README.md b/examples/external-postgresql/README.md
@@ -10,14 +10,12 @@ If manually deploying for testing, you can safely put the password into an envir
 source ../bin/readpw.sh
 ```
 
-Next, edit values.yaml with your settings. Check it into your git repo if using one.
+Follow the instructions as described at https://artifacthub.io/packages/helm/spiffe/spire, and copy in the settings from
+examples/external-postgresql/values.yaml into your values file.
 
-Then, deploy the chart pointing at your postgresql instance like so:
+You can add the password at install runtime like so:
 
 ```shell
-helm upgrade --install --namespace spire-server spire charts/spire -f examples/external-postgresql/values.yaml --set "spire-server.dataStore.sql.password=${DBPW}"
+helm upgrade --install --namespace spire-mgmt spire spire -f your-values.yaml --set "spire-server.dataStore.sql.password=${DBPW}" --repo https://spiffe.github.io/helm-charts-hardened/
 
 ```
-
-See the [production example](../production) for production recommendations.
-See [values.yaml](./values.yaml) for more details on the chart configurations to achieve this setup.
diff --git a/examples/external-postgresql/run-tests.sh b/examples/external-postgresql/run-tests.sh
@@ -50,10 +50,10 @@ kubectl label namespace spire-server pod-security.kubernetes.io/enforce=restrict
 
 helm upgrade --install postgresql postgresql --version "$VERSION_POSTGRESQL" --repo "$HELM_REPO_POSTGRESQL" \
  --namespace spire-server \
- --values "${DEPS}/postgresql.yaml,${SCRIPTPATH}/../production/values.yaml,${SCRIPTPATH}/../production/values-node-pod-antiaffinity.yaml" \
+ --values "${DEPS}/postgresql.yaml" \
  --wait
 
 helm upgrade --install --namespace "spire-server" \
- --values "${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../production/values.yaml,${SCRIPTPATH}/../production/values-node-pod-antiaffinity.yaml,${SCRIPTPATH}/../production/example-your-values.yaml" \
+ --values "${COMMON_TEST_YOUR_VALUES},${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../misc/values-node-pod-antiaffinity.yaml" \
  --set 'spire-server.dataStore.sql.password=sp1ff3Test' --wait spire charts/spire
 helm test --namespace "spire-server" spire
diff --git a/...duction/values-node-pod-antiaffinity.yaml → ...es/misc/values-node-pod-antiaffinity.yaml b/...duction/values-node-pod-antiaffinity.yaml → ...es/misc/values-node-pod-antiaffinity.yaml
diff --git a/examples/nested/run-tests.sh b/examples/nested/run-tests.sh
@@ -55,7 +55,7 @@ helm upgrade --install --create-namespace spire charts/spire \
  --values "${DEPS}/spire-root-server-values.yaml" \
  --wait
 
-helm upgrade --install --create-namespace --namespace spire-server --values "${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../production/values.yaml,${SCRIPTPATH}/../production/values-node-pod-antiaffinity.yaml,${SCRIPTPATH}/../production/example-your-values.yaml" \
+helm upgrade --install --create-namespace --namespace spire-server --values "${COMMON_TEST_YOUR_VALUES},${SCRIPTPATH}/values.yaml,${SCRIPTPATH}/../misc/values-node-pod-antiaffinity.yaml" \
  --wait spire charts/spire
 helm test --namespace spire-server spire
 
diff --git a/examples/production/README.md b/examples/production/README.md
diff --git a/examples/production/example-your-values.yaml b/examples/production/example-your-values.yaml
diff --git a/examples/production/values.yaml b/examples/production/values.yaml
diff --git a/examples/production/run-tests.sh → tests/integration/production/run-tests.sh b/examples/production/run-tests.sh → tests/integration/production/run-tests.sh
@@ -7,11 +7,11 @@ UPGRADE_REPO=https://spiffe.github.io/helm-charts-hardened
 
 SCRIPT="$(readlink -f "$0")"
 SCRIPTPATH="$(dirname "${SCRIPT}")"
-TESTDIR="${SCRIPTPATH}/../../.github/tests"
+TESTDIR="${SCRIPTPATH}/../../../.github/tests"
 DEPS="${TESTDIR}/dependencies"
 
 # shellcheck source=/dev/null
-source "${SCRIPTPATH}/../../.github/scripts/parse-versions.sh"
+source "${SCRIPTPATH}/../../../.github/scripts/parse-versions.sh"
 # shellcheck source=/dev/null
 source "${TESTDIR}/common.sh"
 
@@ -122,16 +122,14 @@ install_and_test() {
  # shellcheck disable=SC2086
  "${helm_install[@]}" spire "$1" \
  --namespace "${ns}" \
- --values "${SCRIPTPATH}/values.yaml" \
+ --values "${COMMON_TEST_YOUR_VALUES}" \
  --values "${SCRIPTPATH}/values-expose-spiffe-oidc-discovery-provider-ingress-nginx.yaml" \
  --values "${SCRIPTPATH}/values-expose-spire-server-ingress-nginx.yaml" \
  --values "${SCRIPTPATH}/values-expose-federation-https-web-ingress-nginx.yaml" \
  --values /tmp/dummydns \
  --set spiffe-oidc-discovery-provider.tests.tls.customCA=tls-cert,spire-server.tests.tls.customCA=tls-cert \
  --set spire-agent.server.address=spire-server.production.other,spire-agent.server.port=443 \
  --set spire-server.federation.ingress.tlsSecret=tls-cert,spiffe-oidc-discovery-provider.ingress.tlsSecret=tls-cert \
- --values "${SCRIPTPATH}/example-your-values.yaml" \
- $2 \
  --wait
 
  helm test --namespace "${ns}" spire

diff --git a/...ederation-https-spiffe-ingress-nginx.yaml → ...ederation-https-spiffe-ingress-nginx.yaml b/...ederation-https-spiffe-ingress-nginx.yaml → ...ederation-https-spiffe-ingress-nginx.yaml
diff --git a/...e-federation-https-web-ingress-nginx.yaml → ...e-federation-https-web-ingress-nginx.yaml b/...e-federation-https-web-ingress-nginx.yaml → ...e-federation-https-web-ingress-nginx.yaml
diff --git a/...idc-discovery-provider-ingress-nginx.yaml → ...idc-discovery-provider-ingress-nginx.yaml b/...idc-discovery-provider-ingress-nginx.yaml → ...idc-discovery-provider-ingress-nginx.yaml
diff --git a/...es-expose-spire-server-ingress-nginx.yaml → ...es-expose-spire-server-ingress-nginx.yaml b/...es-expose-spire-server-ingress-nginx.yaml → ...es-expose-spire-server-ingress-nginx.yaml