-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding integration testing to the repo #2
Conversation
The setup is similar to our other k8s projects (make setup-integration-test, etc.), and the test itself is using terratest to configure vault and test the operator.
Use code instead of yaml to create the VaultSecret in the test. Wait for the k8s secret to be updated instead of sleeping.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking great. A few minor nits/suggestions to address then 👍
# kind-k8s-version: [1.22.15, 1.23.13, 1.24.7] | ||
# vault-version: [1.10.9, 1.11.6] | ||
exclude: | ||
- kind-k8s-version: 1.24.7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this setup seems a bit onerous to maintain, but I guess it does the job.
@@ -0,0 +1,16 @@ | |||
# Copyright (c) HashiCorp, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if just doing a kubectl port-forward ...
might be simpler than setting up the hostport stuff? Not sure which is the best approach.
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
fail test if KIND_CLUSTER_NAME not set use unique ids for vault and k8s namespaces
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
Runs the operator integration tests with the last four version of Kubernetes, and the last three versions of Vault.
The setup is similar to our other k8s projects (make setup-integration-test, etc.), and the test itself is using a bit of terratest to configure vault and test the operator.
Makefile target
setup-integration
calls helm to install vault and applies the hostPort patch (setup-integration-test-common
), builds the docker image (ci-docker-build
) and copies it to kind (ci-deploy-kind
).Makefile target(s)
integration-test
/integration-test-ent
runs the tests underintegrationtest/
, which applies the terraform underintegrationtest/vaultsecret-kv/terraform/
to configure the vault kv2 secrets engine, sets a secret in Vault, creates a VaultSecret CR, checks the resulting k8s Secret, updates the Vault secret, and checks that the update is reflected in the k8s Secret.Still TODO: