chore: enable ssl to default ci tests

kubeovn · Sep 27, 2020 · 6635f93 · 6635f93
1 parent 3f50928
commit 6635f93
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 15 deletions.
diff --git a/Makefile b/Makefile
@@ -10,7 +10,7 @@ ARCH=amd64
 # RPM_ARCH could be x86_64,aarch64
 RPM_ARCH=x86_64
 
-.PHONY: build-dev-images build-dpdk build-go build-bin lint kind-init kind-init-ha kind-install kind-reload push-dev push-release e2e ut
+.PHONY: build-dev-images build-dpdk build-go build-bin lint kind-init kind-init-ha kind-install kind-install-ipv6 kind-reload push-dev push-release e2e ut
 
 build-dev-images: build-bin
 	docker build -t ${REGISTRY}/kube-ovn:${DEV_TAG} -f dist/images/Dockerfile dist/images/
@@ -75,7 +75,7 @@ kind-init:
 kind-install:
 	kind load docker-image --name kube-ovn ${REGISTRY}/kube-ovn:${RELEASE_TAG}
 	kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/master:NoSchedule-
-	dist/images/install.sh
+	ENABLE_SSL=true dist/images/install.sh
 	kubectl get no -o wide
 
 kind-init-ha:
@@ -93,7 +93,7 @@ kind-init-ipv6:
 kind-install-ipv6:
 	kind load docker-image --name kube-ovn ${REGISTRY}/kube-ovn:${RELEASE_TAG}
 	kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/master:NoSchedule-
-	IPv6=true dist/images/install.sh
+	ENABLE_SSL=true IPv6=true dist/images/install.sh
 
 kind-reload:
 	kind load docker-image --name kube-ovn ${REGISTRY}/kube-ovn:${RELEASE_TAG}
@@ -116,4 +116,4 @@ ut:
 	ginkgo -p --slowSpecThreshold=60 test/unittest
 
 scan:
-	trivy image --exit-code=1 --severity=HIGH --ignore-unfixed kubeovn/kube-ovn:${RELEASE_TAG}
+	trivy image --light --exit-code=1 --severity=HIGH --ignore-unfixed kubeovn/kube-ovn:${RELEASE_TAG}
diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh
@@ -6,7 +6,8 @@ for subnet in $(kubectl get subnet -o name); do
 done
 
 # Delete Kube-OVN components
-kubectl delete cm ovn-config -n kube-system --ignore-not-found=true
+kubectl delete cm ovn-config ovn-ic-config ovn-external-gw-config -n kube-system --ignore-not-found=true
+kubectl delete secret kube-ovn-tls -n kube-system --ignore-not-found=ture
 kubectl delete sa ovn -n kube-system --ignore-not-found=true
 kubectl delete clusterrole system:ovn --ignore-not-found=true
 kubectl delete clusterrolebinding ovn --ignore-not-found=true

diff --git a/dist/images/generate-ssl-docker.sh b/dist/images/generate-ssl-docker.sh
@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 set -euo pipefail
-
-docker run --rm -v $PWD:/etc/ovn kubeovn/kube-ovn:v1.5.0 bash generate-ssl.sh
-kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
-rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
+exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found)
+if [[ $exist == "" ]];then
+  docker run --rm -v $PWD:/etc/ovn kubeovn/kube-ovn:v1.5.0 bash generate-ssl.sh
+  kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
+  rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
+fi
diff --git a/dist/images/install-pre-1.16.sh b/dist/images/install-pre-1.16.sh
@@ -8,6 +8,8 @@ HW_OFFLOAD=${HW_OFFLOAD:-false}
 IFACE=""                               # The nic to support container network, if empty will use the nic that the default route use
 
 REGISTRY="kubeovn"
+VERSION="v1.5.0"
+IMAGE_PULL_POLICY="IfNotPresent"
 NAMESPACE="kube-system"                # The ns to deploy kube-ovn
 POD_CIDR="10.16.0.0/16"                # Do NOT overlap with NODE/SVC/JOIN CIDR
 SVC_CIDR="10.96.0.0/12"                # Do NOT overlap with NODE/POD/JOIN CIDR
@@ -25,8 +27,6 @@ fi
 EXCLUDE_IPS=""                         # EXCLUDE_IPS for default subnet
 LABEL="node-role.kubernetes.io/master" # The node label to deploy OVN DB
 NETWORK_TYPE="geneve"                  # geneve or vlan
-VERSION="v1.5.0"
-IMAGE_PULL_POLICY="IfNotPresent"
 
 # VLAN Config only take effect when NETWORK_TYPE is vlan
 PROVIDER_NAME="provider"
@@ -79,7 +79,12 @@ fi
 
 if [[ $ENABLE_SSL = "true" ]];then
   echo "[Step 0] Generate SSL key and cert"
-  bash dist/images/generate-ssl-docker.sh
+  exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found)
+  if [[ $exist == "" ]];then
+    docker run --rm -v $PWD:/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh
+    kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
+    rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
+  fi
   echo "-------------------------------"
   echo ""
 fi

diff --git a/dist/images/install.sh b/dist/images/install.sh
@@ -8,6 +8,8 @@ HW_OFFLOAD=${HW_OFFLOAD:-false}
 IFACE=""                               # The nic to support container network, if empty will use the nic that the default route use
 
 REGISTRY="kubeovn"
+VERSION="v1.5.0"
+IMAGE_PULL_POLICY="IfNotPresent"
 NAMESPACE="kube-system"                # The ns to deploy kube-ovn
 POD_CIDR="10.16.0.0/16"                # Do NOT overlap with NODE/SVC/JOIN CIDR
 SVC_CIDR="10.96.0.0/12"                # Do NOT overlap with NODE/POD/JOIN CIDR
@@ -25,8 +27,6 @@ fi
 EXCLUDE_IPS=""                         # EXCLUDE_IPS for default subnet
 LABEL="node-role.kubernetes.io/master" # The node label to deploy OVN DB
 NETWORK_TYPE="geneve"                  # geneve or vlan
-VERSION="v1.5.0"
-IMAGE_PULL_POLICY="IfNotPresent"
 
 # VLAN Config only take effect when NETWORK_TYPE is vlan
 PROVIDER_NAME="provider"
@@ -79,7 +79,12 @@ fi
 
 if [[ $ENABLE_SSL = "true" ]];then
   echo "[Step 0] Generate SSL key and cert"
-  bash dist/images/generate-ssl-docker.sh
+  exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found)
+  if [[ $exist == "" ]];then
+    docker run --rm -v $PWD:/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh
+    kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
+    rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
+  fi
   echo "-------------------------------"
   echo ""
 fi

diff --git a/docs/install.md b/docs/install.md
@@ -52,6 +52,8 @@ If you want to know the detail steps to install Kube-OVN, please follow the step
 
 For Kubernetes version before 1.17 please use the following command to add the node label
 
+    `kubectl label no -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite`
+
 1. Add the following label to the Node which will host the OVN DB and the OVN Control Plane:
 
     `kubectl label node <Node on which to deploy OVN DB> kube-ovn/role=master`