-
Notifications
You must be signed in to change notification settings - Fork 12
164 lines (146 loc) · 6.44 KB
/
miniziti.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Test charts in minikube
on:
workflow_dispatch:
pull_request:
paths:
- .github/workflows/miniziti.yml
- charts/ziti-controller/**
- charts/ziti-router/**
- charts/httpbin/**
- charts/zrok/**
# cancel older, redundant runs of same workflow on same branch
concurrency:
group: ${{ github.workflow }}-${{github.event_name}}-${{ github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
miniziti:
runs-on: ubuntu-latest
name: deploy to minikube
env:
ZITI_NAMESPACE: miniziti
steps:
- name: Checkout workspace
uses: actions/checkout@v4
- name: Start minikube
uses: medyagh/[email protected]
with:
start-args: --profile ${{ env.ZITI_NAMESPACE }}
- name: Find minikube IP address
id: minikube_ip
run: echo "minikube_ip=$(minikube --profile ${ZITI_NAMESPACE} ip)" >> $GITHUB_OUTPUT
- name: install ziti cli
uses: supplypike/setup-bin@v4
with:
uri: https://github.com/openziti/ziti/releases/download/v1.2.0/ziti-linux-amd64-1.2.0.tar.gz
name: ziti
version: 1.2.0
# this is the kubernetes quickstart script from
# https://openziti.io/docs/learn/quickstarts/network/local-kubernetes
- name: install miniziti
uses: supplypike/setup-bin@v4
with:
uri: https://get.openziti.io/miniziti.bash
name: miniziti
version: quickstartrelease
- name: Run miniziti with latest release charts
if: vars.SKIP_MINIKUBE_LATEST_CHARTS != 'true'
run: miniziti start --no-hosts --verbose
- name: Upgrade miniziti with charts from this branch
run: miniziti start --no-hosts --verbose --charts ./charts
- name: Verify the Console is Available
shell: bash
run: |
set -euo pipefail
curl -skSfw '%{http_code}\t%{url}\n' -o/dev/null \
https://miniziti-controller.${{ steps.minikube_ip.outputs.minikube_ip }}.sslip.io/zac/
- name: Find the ziti admin password
id: get_ziti_pwd
run: |
miniziti kubectl get secrets "ziti-controller-admin-secret" \
--output go-template='{{index .data "admin-password" | base64decode }}' \
| xargs -Iadmin_password echo "ZITI_PWD=admin_password" >> $GITHUB_OUTPUT
- name: Enroll client identity
run: >
ziti edge enroll
--jwt ~/.local/state/miniziti/profiles/${ZITI_NAMESPACE}/identities/${ZITI_NAMESPACE}-client.jwt
--out ~/.local/state/miniziti/profiles/${ZITI_NAMESPACE}/identities/${ZITI_NAMESPACE}-client.json
- name: Run client proxy
run: >
nohup ziti tunnel proxy "httpbin-service:4321"
--identity ~/.local/state/miniziti/profiles/${ZITI_NAMESPACE}/identities/${ZITI_NAMESPACE}-client.json
--verbose </dev/null &>/tmp/miniziti-client.log &
- name: Wait for proxy to serve the httpbin service
uses: iFaxity/wait-on-action@v1
with:
resource: http://127.0.0.1:4321/get
delay: 1000
interval: 1000
timeout: 10000
- name: Send a POST request to the httpbin service and verify the response data
shell: bash
run: |
set -euo pipefail
curl -sSf -XPOST -F ziti=awesome http://127.0.0.1:4321/post > /tmp/httpbin-response.json
AWESOME=$(jq -r '.form.ziti[0]' /tmp/httpbin-response.json)
if [[ "$AWESOME" == "awesome" ]]; then
echo "Ziti is awesome!"
else
echo "Got '$AWESOME' instead of 'awesome'" >&2
exit 1
fi
- name: Install the zrok chart from the latest release
shell: bash
env:
ZITI_MGMT_API_HOST: ziti-controller-client.${{ env.ZITI_NAMESPACE }}.svc.cluster.local
ZITI_PWD: ${{ steps.get_ziti_pwd.outputs.ZITI_PWD }}
ZROK_DNS_ZONE: ${{ steps.minikube_ip.outputs.minikube_ip }}.sslip.io
run: |
helm upgrade \
--install \
--namespace zrok --create-namespace \
--values ./charts/zrok/values-ingress-nginx.yaml \
--set "ziti.advertisedHost=${ZITI_MGMT_API_HOST}" \
--set "ziti.password=${ZITI_PWD}" \
--set "dnsZone=${ZROK_DNS_ZONE}" \
--set "controller.ingress.hosts[0]=zrok.${ZROK_DNS_ZONE}" \
--set "test.enabled=false" \
zrok openziti/zrok
- name: Upgrade the zrok chart from the current branch and run the test job
shell: bash
env:
ZITI_MGMT_API_HOST: ziti-controller-client.${{ env.ZITI_NAMESPACE }}.svc.cluster.local
ZITI_PWD: ${{ steps.get_ziti_pwd.outputs.ZITI_PWD }}
ZROK_DNS_ZONE: ${{ steps.minikube_ip.outputs.minikube_ip }}.sslip.io
run: |
helm upgrade \
--install \
--namespace zrok --create-namespace \
--values ./charts/zrok/values-ingress-nginx.yaml \
--set "ziti.advertisedHost=${ZITI_MGMT_API_HOST}" \
--set "ziti.password=${ZITI_PWD}" \
--set "dnsZone=${ZROK_DNS_ZONE}" \
--set "controller.ingress.hosts[0]=zrok.${ZROK_DNS_ZONE}" \
--set "test.enabled=true" \
zrok ./charts/zrok
- name: Check zrok test job result
shell: bash
run: |
miniziti kubectl -n zrok wait --for=condition=complete --timeout=120s job/zrok-test-job
- name: Print debug info
if: always()
shell: bash
run: |
set +e
set -x
miniziti kubectl get pods -A
miniziti kubectl get services -A
miniziti kubectl get ingresses -A
miniziti kubectl logs --selector app.kubernetes.io/component=ziti-controller --tail=-1
miniziti kubectl logs --selector app.kubernetes.io/component=ziti-router --tail=-1
cat /tmp/miniziti-client.log ~/.local/state/miniziti/profiles/miniziti/identities/*.jwt
miniziti kubectl logs --selector app.kubernetes.io/name=zrok-controller -n zrok -c zrok-bootstrap --tail=-1
miniziti kubectl logs --selector app.kubernetes.io/name=zrok-controller -n zrok -c zrok --tail=-1
miniziti kubectl logs --selector app.kubernetes.io/name=zrok-frontend -n zrok -c zrok-bootstrap-frontend --tail=-1
miniziti kubectl logs --selector app.kubernetes.io/name=zrok-frontend -n zrok -c zrok-frontend --tail=-1
miniziti kubectl -n zrok logs job/zrok-test-job
exit 0