feat: implement RFC 16 to allow emergency node access (#3557)

2026-01-03 08:45:30 -05:00 · 2025-03-25 11:28:48 +00:00 · 2025-03-25 11:28:48 +00:00 · 3cc930fa97
commit 3cc930fa97
parent c7369fa2a7
27 changed files with 256 additions and 69 deletions
--- a/.github/workflows/e2e-test-weekly.yml
+++ b/.github/workflows/e2e-test-weekly.yml
@ -10,7 +10,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"]
+        refStream: ["ref/main/stream/nightly/?", "ref/main/stream/debug/?", "ref/release/stream/stable/?"]
    name: Find latest image
    runs-on: ubuntu-24.04
    permissions:
@ -51,6 +51,33 @@ jobs:
          # Tests on main-debug refStream
          #

+          # Emergency SSH test on latest k8s version
+          - test: "emergency ssh"
+            refStream: "ref/main/stream/debug/?"
+            attestationVariant: "gcp-sev-es"
+            kubernetes-version: "v1.30"
+            clusterCreation: "cli"
+          - test: "emergency ssh"
+            refStream: "ref/main/stream/debug/?"
+            attestationVariant: "gcp-sev-snp"
+            kubernetes-version: "v1.30"
+            clusterCreation: "cli"
+          - test: "emergency ssh"
+            refStream: "ref/main/stream/debug/?"
+            attestationVariant: "azure-sev-snp"
+            kubernetes-version: "v1.30"
+            clusterCreation: "cli"
+          - test: "emergency ssh"
+            refStream: "ref/main/stream/debug/?"
+            attestationVariant: "azure-tdx"
+            kubernetes-version: "v1.30"
+            clusterCreation: "cli"
+          - test: "emergency ssh"
+            refStream: "ref/main/stream/debug/?"
+            attestationVariant: "aws-sev-snp"
+            kubernetes-version: "v1.30"
+            clusterCreation: "cli"
+
          # Sonobuoy full test on latest k8s version
          - test: "sonobuoy full"
            refStream: "ref/main/stream/debug/?"
@ -138,7 +165,6 @@ jobs:
            kubernetes-version: "v1.29"
            clusterCreation: "cli"

-
          # verify test on latest k8s version
          - test: "verify"
            refStream: "ref/main/stream/debug/?"
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@ -40,6 +40,7 @@ on:
          - "recover"
          - "malicious join"
          - "s3proxy"
+          - "emergency ssh"
          - "nop"
        required: true
      kubernetesVersion: