kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12029 from rifelpet/keypair-scenario 

Assert the correct number of kubeconfig CAs during keypair rotation
This commit is contained in:
Kubernetes Prow Robot 2021-07-19 21:31:32 -07:00 committed by GitHub
parent 34ce86adf2 0fd1399828
commit 39b91c2ec8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
tests/e2e/scenarios/keypair-rotation/run-test.sh
View File

@ -40,17 +40,8 @@ ${KOPS} promote keypair all
${KOPS} update cluster --yes ${KOPS} update cluster --yes
${KOPS} rolling-update cluster --yes --validate-count=10 ${KOPS} rolling-update cluster --yes --validate-count=10
KUBECFG_PROMOTE=$(mktemp -t kubeconfig.XXXXXXXXX) ${KOPS} validate cluster --wait=10m --count=3
${KOPS} export kubecfg --admin --kubeconfig="${KUBECFG_PROMOTE}"
kubectl --kubeconfig="${KUBECFG_PROMOTE}" config view > "${REPORT_DIR}/promote.kubeconfig"
CA=$(kubectl --kubeconfig="${KUBECFG_PROMOTE}" config view --raw -o jsonpath="{.clusters[0].cluster.certificate-authority-data}" | base64 --decode)
if [ "$(echo "${CA}" | grep -c "BEGIN CERTIFICATE")" != "1" ]; then
>&2 echo unexpected number of CA certificates in kubeconfig
exit 1
fi
export KUBECONFIG="${KUBECFG_PROMOTE}"
${KOPS} distrust keypair all ${KOPS} distrust keypair all
${KOPS} update cluster --yes ${KOPS} update cluster --yes
${KOPS} rolling-update cluster --yes --validate-count=10 ${KOPS} rolling-update cluster --yes --validate-count=10
@ -59,5 +50,11 @@ KUBECFG_DISTRUST=$(mktemp -t kubeconfig.XXXXXXXXX)
${KOPS} export kubecfg --admin --kubeconfig="${KUBECFG_DISTRUST}" ${KOPS} export kubecfg --admin --kubeconfig="${KUBECFG_DISTRUST}"
kubectl --kubeconfig="${KUBECFG_DISTRUST}" config view > "${REPORT_DIR}/distrust.kubeconfig" kubectl --kubeconfig="${KUBECFG_DISTRUST}" config view > "${REPORT_DIR}/distrust.kubeconfig"
CA=$(kubectl --kubeconfig="${KUBECFG_DISTRUST}" config view --raw -o jsonpath="{.clusters[0].cluster.certificate-authority-data}" | base64 --decode)
if [ "$(echo "${CA}" | grep -c "BEGIN CERTIFICATE")" != "1" ]; then
>&2 echo unexpected number of CA certificates in kubeconfig
exit 1
fi
export KUBECONFIG="${KUBECFG_DISTRUST}" export KUBECONFIG="${KUBECFG_DISTRUST}"
${KOPS} validate cluster --wait=10m --count=3 ${KOPS} validate cluster --wait=10m --count=3

8
tests/e2e/scenarios/lib/common.sh
View File

@ -118,8 +118,8 @@ function kops-up() {
create_args="${create_args} --zones=${ZONES}" create_args="${create_args} --zones=${ZONES}"
fi fi
${KUBETEST2} \ ${KUBETEST2} \
--up \ --up \
--kops-binary-path="${KOPS}" \ --kops-binary-path="${KOPS}" \
--kubernetes-version="1.21.0" \ --kubernetes-version="1.21.0" \
--create-args="${create_args}" --create-args="${create_args}"
} }