Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-02 10:35:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Allow starting e2e tests based on attestation variant instead of csp

Browse Source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-01-25 15:32:19 +01:00 committed by Malte Poll
parent 597a923a7f
commit 65d28f913f
20 changed files with 377 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/cdbg_deploy/action.yml vendored
View File

@ -14,6 +14,9 @@ inputs:
cloudProvider: cloudProvider:
description: "The cloud provider to use." description: "The cloud provider to use."
required: true required: true
attestationVariant:
description: "Attestation variant of the cluster."
required: false
kubernetesVersion: kubernetesVersion:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
required: true required: true
@ -98,6 +101,7 @@ runs:
--info logcollect.github.ref-stream="${{ inputs.refStream }}" \ --info logcollect.github.ref-stream="${{ inputs.refStream }}" \
--info logcollect.github.kubernetes-version="${{ inputs.kubernetesVersion }}" \ --info logcollect.github.kubernetes-version="${{ inputs.kubernetesVersion }}" \
--info logcollect.github.cluster-creation="${{ inputs.clusterCreation }}" \ --info logcollect.github.cluster-creation="${{ inputs.clusterCreation }}" \
--info logcollect.github.attestation-variant="${{ inputs.attestationVariant }}" \
--info logcollect.deployment-type="debugd" \ --info logcollect.deployment-type="debugd" \
--verbosity=-1 \ --verbosity=-1 \
--force --force

14
.github/actions/constellation_create/action.yml vendored
View File

@ -11,6 +11,9 @@ inputs:
cloudProvider: cloudProvider:
description: "Either 'gcp', 'aws' or 'azure'." description: "Either 'gcp', 'aws' or 'azure'."
required: true required: true
attestationVariant:
description: "Attestation variant to use."
required: true
machineType: machineType:
description: "Machine type of VM to spawn." description: "Machine type of VM to spawn."
required: false required: false
@ -83,7 +86,7 @@ runs:
if: inputs.azureSNPEnforcementPolicy != '' if: inputs.azureSNPEnforcementPolicy != ''
shell: bash shell: bash
run: | run: |
if [[ ${{ inputs.cloudProvider }} != 'azure' ]]; then if [[ ${{ inputs.attestationVariant }} != 'azure-sev-snp' ]]; then
echo "SNP enforcement policy is only supported for Azure" echo "SNP enforcement policy is only supported for Azure"
exit 1 exit 1
fi fi
@ -161,24 +164,21 @@ runs:
if : inputs.clusterCreation != 'self-managed' if : inputs.clusterCreation != 'self-managed'
shell: bash shell: bash
run: | run: |
# TODO(v2.14): Remove workaround for CLIs not supporting apply command constellation apply --skip-phases=init,attestationconfig,certsans,helm,image,k8s -y --debug --tf-log=DEBUG
cmd='apply --skip-phases=init,attestationconfig,certsans,helm,image,k8s'
if constellation --help | grep -q create; then
cmd=create
fi
constellation $cmd -y --debug --tf-log=DEBUG
- name: Constellation create (self-managed) - name: Constellation create (self-managed)
if : inputs.clusterCreation == 'self-managed' if : inputs.clusterCreation == 'self-managed'
uses: ./.github/actions/self_managed_create uses: ./.github/actions/self_managed_create
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
- name: Cdbg deploy - name: Cdbg deploy
if: inputs.isDebugImage == 'true' if: inputs.isDebugImage == 'true'
uses: ./.github/actions/cdbg_deploy uses: ./.github/actions/cdbg_deploy
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
azureClusterCreateCredentials: ${{ inputs.azureClusterCreateCredentials }} azureClusterCreateCredentials: ${{ inputs.azureClusterCreateCredentials }}
azureIAMCreateCredentials: ${{ inputs.azureIAMCreateCredentials }} azureIAMCreateCredentials: ${{ inputs.azureIAMCreateCredentials }}

5
.github/actions/constellation_iam_create/action.yml vendored
View File

@ -5,6 +5,9 @@ inputs:
cloudProvider: cloudProvider:
description: "Either 'aws', 'azure' or 'gcp'." description: "Either 'aws', 'azure' or 'gcp'."
required: true required: true
attestationVariant:
description: "The attestation variant to use."
required: true
kubernetesVersion: kubernetesVersion:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
required: false required: false
@ -46,7 +49,7 @@ runs:
fi fi
echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT" echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT"
constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }}
- name: Constellation iam create aws - name: Constellation iam create aws
shell: bash shell: bash

4
.github/actions/deploy_logcollection/action.yml vendored
View File

@ -20,6 +20,9 @@ inputs:
provider: provider:
description: "The CSP of the cluster." description: "The CSP of the cluster."
required: true required: true
attestationVariant:
description: "Attestation variant of the cluster."
required: false
isDebugImage: isDebugImage:
description: "Whether the cluster is a debug cluster / uses a debug image." description: "Whether the cluster is a debug cluster / uses a debug image."
required: true required: true
@ -58,6 +61,7 @@ runs:
--fields github.ref-stream="${{ inputs.refStream }}" \ --fields github.ref-stream="${{ inputs.refStream }}" \
--fields github.kubernetes-version="${{ inputs.kubernetesVersion }}" \ --fields github.kubernetes-version="${{ inputs.kubernetesVersion }}" \
--fields github.cluster-creation="${{ inputs.clusterCreation }}" \ --fields github.cluster-creation="${{ inputs.clusterCreation }}" \
--fields github.attestation-variant="${{ inputs.attestationVariant }}" \
--fields deployment-type="k8s" --fields deployment-type="k8s"
# Make sure that helm is installed # Make sure that helm is installed

4
.github/actions/e2e_benchmark/action.yml vendored
View File

@ -5,6 +5,10 @@ inputs:
cloudProvider: cloudProvider:
description: "Which cloud provider to use." description: "Which cloud provider to use."
required: true required: true
# TODO: Create different report depending on the attestation variant
attestationVariant:
description: "Which attestation variant to use."
required: true
kubeconfig: kubeconfig:
description: "The kubeconfig of the cluster to test." description: "The kubeconfig of the cluster to test."
required: true required: true

5
.github/actions/e2e_malicious_join/action.yml vendored
View File

@ -5,6 +5,9 @@ inputs:
cloudProvider: cloudProvider:
description: "The cloud provider the test runs on." description: "The cloud provider the test runs on."
required: true required: true
attestationVariant:
description: "The attestation variant used in the cluster."
required: true
kubeconfig: kubeconfig:
description: "The kubeconfig file for the cluster." description: "The kubeconfig file for the cluster."
required: true required: true
@ -34,7 +37,7 @@ runs:
[ \"/malicious-join_bin\", \ [ \"/malicious-join_bin\", \
\"--js-endpoint=join-service.kube-system:9090\", \ \"--js-endpoint=join-service.kube-system:9090\", \
\"--csp=${{ inputs.cloudProvider }}\", \ \"--csp=${{ inputs.cloudProvider }}\", \
\"--variant=default\" ]" stamped_job.yaml \"--variant=${{ inputs.attestationVariant }}\" ]" stamped_job.yaml
kubectl create ns malicious-join kubectl create ns malicious-join
kubectl apply -n malicious-join -f stamped_job.yaml kubectl apply -n malicious-join -f stamped_job.yaml

10
.github/actions/e2e_test/action.yml vendored
View File

@ -11,6 +11,9 @@ inputs:
cloudProvider: cloudProvider:
description: "Which cloud provider to use." description: "Which cloud provider to use."
required: true required: true
attestationVariant:
description: "Which attestation variant to use."
required: true
machineType: machineType:
description: "VM machine type. Make sure it matches selected cloud provider!" description: "VM machine type. Make sure it matches selected cloud provider!"
osImage: osImage:
@ -248,6 +251,7 @@ runs:
uses: ./.github/actions/constellation_iam_create uses: ./.github/actions/constellation_iam_create
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
namePrefix: ${{ steps.create-prefix.outputs.prefix }} namePrefix: ${{ steps.create-prefix.outputs.prefix }}
awsZone: ${{ inputs.regionZone || 'us-east-2c' }} awsZone: ${{ inputs.regionZone || 'us-east-2c' }}
azureRegion: ${{ inputs.regionZone || steps.pick-az-region.outputs.region }} azureRegion: ${{ inputs.regionZone || steps.pick-az-region.outputs.region }}
@ -281,6 +285,7 @@ runs:
uses: ./.github/actions/constellation_create uses: ./.github/actions/constellation_create
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
workerNodesCount: ${{ inputs.workerNodesCount }} workerNodesCount: ${{ inputs.workerNodesCount }}
controlNodesCount: ${{ inputs.controlNodesCount }} controlNodesCount: ${{ inputs.controlNodesCount }}
machineType: ${{ inputs.machineType }} machineType: ${{ inputs.machineType }}
@ -311,6 +316,7 @@ runs:
opensearchPwd: ${{ inputs.awsOpenSearchPwd }} opensearchPwd: ${{ inputs.awsOpenSearchPwd }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
provider: ${{ inputs.cloudProvider }} provider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
isDebugImage: ${{ inputs.isDebugImage }} isDebugImage: ${{ inputs.isDebugImage }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}
refStream: ${{ inputs.refStream }} refStream: ${{ inputs.refStream }}
@ -363,6 +369,7 @@ runs:
uses: ./.github/actions/e2e_benchmark uses: ./.github/actions/e2e_benchmark
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }} awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }}
awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }} awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }}
@ -373,7 +380,7 @@ runs:
if: inputs.test == 'verify' if: inputs.test == 'verify'
uses: ./.github/actions/e2e_verify uses: ./.github/actions/e2e_verify
with: with:
cloudProvider: ${{ inputs.cloudProvider }} attestationVariant: ${{ inputs.attestationVariant }}
osImage: ${{ steps.constellation-create.outputs.osImageUsed }} osImage: ${{ steps.constellation-create.outputs.osImageUsed }}
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
cosignPassword: ${{ inputs.cosignPassword }} cosignPassword: ${{ inputs.cosignPassword }}
@ -391,6 +398,7 @@ runs:
uses: ./.github/actions/e2e_malicious_join uses: ./.github/actions/e2e_malicious_join
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
githubToken: ${{ inputs.githubToken }} githubToken: ${{ inputs.githubToken }}

15
.github/actions/e2e_verify/action.yml vendored
View File

@ -5,8 +5,8 @@ inputs:
osImage: osImage:
description: "The OS image used in the cluster." description: "The OS image used in the cluster."
required: true required: true
cloudProvider: attestationVariant:
description: "The cloud provider used in the cluster." description: "The attestation variant used in the cluster."
required: true required: true
kubeconfig: kubeconfig:
description: "The kubeconfig file for the cluster." description: "The kubeconfig file for the cluster."
@ -67,7 +67,7 @@ runs:
sleep 5 sleep 5
# TODO(v2.15): Remove workaround since we don't need to support v2.13 anymore # TODO(v2.15): Remove workaround since we don't need to support v2.13 anymore
if [[ ${{ inputs.cloudProvider }} == "azure" ]] || { [[ ${{ inputs.cloudProvider }} == "aws" ]] && ! constellation version | grep -q "v2.13."; }; then if [[ ${{ inputs.attestationVariant }} == "azure-sev-snp" ]] || { [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && ! constellation version | grep -q "v2.13."; }; then
echo "Extracting TCB versions for API update" echo "Extracting TCB versions for API update"
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json" constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
else else
@ -85,13 +85,13 @@ runs:
aws-region: eu-central-1 aws-region: eu-central-1
- name: Upload extracted TCBs - name: Upload extracted TCBs
if: github.ref_name == 'main' && (inputs.cloudProvider == 'azure' || inputs.cloudProvider == 'aws') if: github.ref_name == 'main' && (inputs.attestationVariant == 'azure-sev-snp' || inputs.attestationVariant == 'aws-sev-snp')
shell: bash shell: bash
env: env:
COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
run: | run: |
if [[ ${{ inputs.cloudProvider }} == "aws" ]] && constellation version | grep -q "v2.13."; then if [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && constellation version | grep -q "v2.13."; then
echo "Skipping TCB upload for AWS on CLI v2.13" echo "Skipping TCB upload for AWS on CLI v2.13"
exit 0 exit 0
fi fi
@ -101,8 +101,11 @@ runs:
exit 1 exit 1
fi fi
attestationVariant=${{ inputs.attestationVariant }}
cloudProvider=${attestationVariant%%-*}
for file in "${reports[@]}"; do for file in "${reports[@]}"; do
path=$(realpath "${file}") path=$(realpath "${file}")
cat "${path}" cat "${path}"
bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.cloudProvider }} snp-report "${path}" bazel run //internal/api/attestationconfigapi/cli -- upload "${cloudProvider}" snp-report "${path}"
done done

6
.github/actions/notify_e2e_failure/action.yml vendored
View File

@ -11,6 +11,9 @@ inputs:
provider: provider:
description: "CSP" description: "CSP"
required: true required: true
attestationVariant:
description: "Attestation variant"
required: false
refStream: refStream:
description: "RefStream of the run" description: "RefStream of the run"
required: false required: false
@ -63,6 +66,7 @@ runs:
(query:(match_phrase:(metadata.github.run-id:${{ github.run_id }}))), (query:(match_phrase:(metadata.github.run-id:${{ github.run_id }}))),
(query:(match_phrase:(metadata.github.ref-stream:${{ inputs.refStream }}))), (query:(match_phrase:(metadata.github.ref-stream:${{ inputs.refStream }}))),
(query:(match_phrase:(metadata.github.kubernetes-version:${{ inputs.kubernetesVersion }}))), (query:(match_phrase:(metadata.github.kubernetes-version:${{ inputs.kubernetesVersion }}))),
(query:(match_phrase:(metadata.github.attestation-variant:${{ inputs.attestationVariant }}))),
(query:(match_phrase:(metadata.github.e2e-test-payload:'${{ steps.encode-uri-component.outputs.string }}'))) (query:(match_phrase:(metadata.github.e2e-test-payload:'${{ steps.encode-uri-component.outputs.string }}')))
))" | tr -d "\t\n ") ))" | tr -d "\t\n ")
@ -92,7 +96,7 @@ runs:
fields: | fields: |
workflow: ${{ github.workflow }} workflow: ${{ github.workflow }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}
cloudProvider: ${{ inputs.provider }} attestationVariant: ${{ inputs.attestationVariant }}
clusterCreation: ${{ inputs.clusterCreation }} clusterCreation: ${{ inputs.clusterCreation }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
refStream: ${{ inputs.refStream }} refStream: ${{ inputs.refStream }}

5
.github/actions/self_managed_create/action.yml vendored
View File

@ -5,6 +5,9 @@ inputs:
cloudProvider: cloudProvider:
description: "The cloud provider the test runs on." description: "The cloud provider the test runs on."
required: true required: true
attestationVariant:
description: "The attestation variant to use."
required: true
runs: runs:
using: "composite" using: "composite"
@ -81,7 +84,7 @@ runs:
- name: Patch MAA Policy - name: Patch MAA Policy
shell: bash shell: bash
working-directory: ${{ github.workspace }}/e2e-infra working-directory: ${{ github.workspace }}/e2e-infra
if: inputs.cloudProvider == 'azure' if: inputs.attestationVariant == 'azure-sev-snp'
run: | run: |
constellation maa-patch $(terraform output attestation_url | jq -r) constellation maa-patch $(terraform output attestation_url | jq -r)

20
.github/workflows/e2e-test-daily.yml vendored
View File

@ -46,7 +46,7 @@ jobs:
max-parallel: 5 max-parallel: 5
matrix: matrix:
kubernetesVersion: ["1.28"] # should be default kubernetesVersion: ["1.28"] # should be default
provider: ["gcp", "azure", "aws"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
test: ["sonobuoy full"] test: ["sonobuoy full"]
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -63,13 +63,23 @@ jobs:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Split attestationVariant
id: split-attestationVariant
shell: bash
run: |
attestationVariant="${{ matrix.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
- name: Run E2E test - name: Run E2E test
id: e2e_test id: e2e_test
uses: ./.github/actions/e2e_test uses: ./.github/actions/e2e_test
with: with:
workerNodesCount: "2" workerNodesCount: "2"
controlNodesCount: "3" controlNodesCount: "3"
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
attestationVariant: ${{ matrix.attestationVariant }}
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }}
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }}
@ -99,7 +109,7 @@ jobs:
with: with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
clusterCreation: "cli" clusterCreation: "cli"
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -107,7 +117,7 @@ jobs:
if: always() if: always()
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
with: with:
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -123,7 +133,7 @@ jobs:
refStream: ${{ matrix.refStream }} refStream: ${{ matrix.refStream }}
test: ${{ matrix.test }} test: ${{ matrix.test }}
kubernetesVersion: ${{ matrix.kubernetesVersion }} kubernetesVersion: ${{ matrix.kubernetesVersion }}
provider: ${{ matrix.provider }} provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
clusterCreation: "cli" clusterCreation: "cli"
e2e-mini: e2e-mini:

15
.github/workflows/e2e-test-internal-lb.yml vendored
View File

@ -7,14 +7,15 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "gcp" - "gcp-sev-es"
- "azure" - "azure-sev-snp"
- "aws" - "azure-tdx"
default: "azure" - "aws-sev-snp"
default: "azure-sev-snp"
required: true required: true
runner: runner:
description: "Architecture of the runner that executes the CLI" description: "Architecture of the runner that executes the CLI"
@ -76,7 +77,7 @@ jobs:
uses: ./.github/workflows/e2e-test.yml uses: ./.github/workflows/e2e-test.yml
with: with:
nodeCount: ${{ inputs.nodeCount }} nodeCount: ${{ inputs.nodeCount }}
cloudProvider: ${{ inputs.cloudProvider }} attestationVariant: ${{ inputs.attestationVariant }}
runner: ${{ inputs.runner }} runner: ${{ inputs.runner }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}

14
.github/workflows/e2e-test-marketplace-image.yml vendored
View File

@ -7,12 +7,16 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "azure" - "gcp-sev-es"
- "gcp" - "azure-sev-snp"
- "azure-tdx"
# AWS not yet supported
# - "aws-sev-snp"
default: "azure-sev-snp"
required: true required: true
runner: runner:
description: "Architecture of the runner that executes the CLI" description: "Architecture of the runner that executes the CLI"
@ -74,7 +78,7 @@ jobs:
uses: ./.github/workflows/e2e-test.yml uses: ./.github/workflows/e2e-test.yml
with: with:
nodeCount: ${{ inputs.nodeCount }} nodeCount: ${{ inputs.nodeCount }}
cloudProvider: ${{ inputs.cloudProvider }} attestationVariant: ${{ inputs.attestationVariant }}
runner: ${{ inputs.runner }} runner: ${{ inputs.runner }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}

120
.github/workflows/e2e-test-release.yml vendored
View File

@ -46,130 +46,165 @@ jobs:
# sonobuoy full test on all k8s versions # sonobuoy full test on all k8s versions
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.28"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.27"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
# verify test on latest k8s version # verify test on latest k8s version
- test: "verify" - test: "verify"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "verify"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
# recover test on latest k8s version # recover test on latest k8s version
- test: "recover" - test: "recover"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "recover" - test: "recover"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "recover" - test: "recover"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "recover"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
# lb test on latest k8s version # lb test on latest k8s version
- test: "lb" - test: "lb"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "lb" - test: "lb"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "lb" - test: "lb"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "lb"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
# autoscaling test on latest k8s version # autoscaling test on latest k8s version
- test: "autoscaling" - test: "autoscaling"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "autoscaling" - test: "autoscaling"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "autoscaling" - test: "autoscaling"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "cli"
- test: "autoscaling"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
# perf-bench test on latest k8s version, not supported on AWS # perf-bench test on latest k8s version, not supported on AWS
- test: "perf-bench" - test: "perf-bench"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
- test: "perf-bench" - test: "perf-bench"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
@ -177,17 +212,22 @@ jobs:
# self-managed infra test on latest k8s version # self-managed infra test on latest k8s version
# runs Sonobuoy full test # runs Sonobuoy full test
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "self-managed" clusterCreation: "self-managed"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "self-managed" clusterCreation: "self-managed"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
runner: "ubuntu-22.04"
clusterCreation: "self-managed"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "self-managed" clusterCreation: "self-managed"
@ -195,7 +235,7 @@ jobs:
# s3proxy test on latest k8s version # s3proxy test on latest k8s version
- test: "s3proxy" - test: "s3proxy"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "ubuntu-22.04" runner: "ubuntu-22.04"
clusterCreation: "cli" clusterCreation: "cli"
@ -206,11 +246,11 @@ jobs:
# Skipping verify test on MacOS since the runner uses a different version of sed # Skipping verify test on MacOS since the runner uses a different version of sed
# TODO(3u13r): Update verify test to work on MacOS runners # TODO(3u13r): Update verify test to work on MacOS runners
# - test: "verify" # - test: "verify"
# provider: "azure" # attestationVariant: "azure-sev-snp"
# kubernetes-version: "v1.29" # kubernetes-version: "v1.29"
# runner: "macos-12" # runner: "macos-12"
- test: "recover" - test: "recover"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
runner: "macos-12" runner: "macos-12"
clusterCreation: "cli" clusterCreation: "cli"
@ -232,8 +272,17 @@ jobs:
fetch-depth: 0 fetch-depth: 0
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
- name: Split attestationVariant
id: split-attestationVariant
shell: bash
run: |
attestationVariant="${{ matrix.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: matrix.provider == 'gcp' && runner.os == 'macOS' if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
- name: Run E2E test - name: Run E2E test
@ -242,7 +291,8 @@ jobs:
with: with:
workerNodesCount: "2" workerNodesCount: "2"
controlNodesCount: "3" controlNodesCount: "3"
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
attestationVariant: ${{ matrix.attestationVariant }}
cliVersion: "" cliVersion: ""
kubernetesVersion: ${{ matrix.kubernetes-version }} kubernetesVersion: ${{ matrix.kubernetes-version }}
osImage: "" osImage: ""
@ -273,7 +323,7 @@ jobs:
with: with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
clusterCreation: ${{ matrix.clusterCreation }} clusterCreation: ${{ matrix.clusterCreation }}
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -281,7 +331,7 @@ jobs:
if: always() if: always()
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
with: with:
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -291,7 +341,7 @@ jobs:
max-parallel: 1 max-parallel: 1
matrix: matrix:
fromVersion: ["v2.14.0"] fromVersion: ["v2.14.0"]
cloudProvider: ["gcp", "azure", "aws"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "aws-sev-snp"] # TODO(v2.15) Add azure-tdx to test matrix
name: Run upgrade tests name: Run upgrade tests
secrets: inherit secrets: inherit
permissions: permissions:
@ -303,6 +353,6 @@ jobs:
with: with:
fromVersion: ${{ matrix.fromVersion }} fromVersion: ${{ matrix.fromVersion }}
toImage: ${{ inputs.targetVersion }} toImage: ${{ inputs.targetVersion }}
cloudProvider: ${{ matrix.cloudProvider }} attestationVariant: ${{ matrix.attestationVariant }}
nodeCount: '3:2' nodeCount: '3:2'
gitRef: ${{ inputs.ref || github.head_ref }} gitRef: ${{ inputs.ref || github.head_ref }}

15
.github/workflows/e2e-test-self-managed.yml vendored
View File

@ -7,14 +7,15 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "gcp" - "gcp-sev-es"
- "azure" - "azure-sev-snp"
- "aws" - "azure-tdx"
default: "azure" - "aws-sev-snp"
default: "azure-sev-snp"
required: true required: true
runner: runner:
description: "Architecture of the runner that executes the CLI" description: "Architecture of the runner that executes the CLI"
@ -76,7 +77,7 @@ jobs:
uses: ./.github/workflows/e2e-test.yml uses: ./.github/workflows/e2e-test.yml
with: with:
nodeCount: ${{ inputs.nodeCount }} nodeCount: ${{ inputs.nodeCount }}
cloudProvider: ${{ inputs.cloudProvider }} attestationVariant: ${{ inputs.attestationVariant }}
runner: ${{ inputs.runner }} runner: ${{ inputs.runner }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}

15
.github/workflows/e2e-test-terraform-provider.yml vendored
View File

@ -7,14 +7,15 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "gcp" - "gcp-sev-es"
- "azure" - "azure-sev-snp"
- "aws" - "azure-tdx"
default: "azure" - "aws-sev-snp"
default: "azure-sev-snp"
required: true required: true
runner: runner:
description: "Architecture of the runner that executes the CLI" description: "Architecture of the runner that executes the CLI"
@ -76,7 +77,7 @@ jobs:
uses: ./.github/workflows/e2e-test.yml uses: ./.github/workflows/e2e-test.yml
with: with:
nodeCount: ${{ inputs.nodeCount }} nodeCount: ${{ inputs.nodeCount }}
cloudProvider: ${{ inputs.cloudProvider }} attestationVariant: ${{ inputs.attestationVariant }}
runner: ${{ inputs.runner }} runner: ${{ inputs.runner }}
test: ${{ inputs.test }} test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}

155
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -54,66 +54,86 @@ jobs:
# sonobuoy full test on all k8s versions # sonobuoy full test on all k8s versions
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.28"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
clusterCreation: "cli" clusterCreation: "cli"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.27"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.27" kubernetes-version: "v1.27"
clusterCreation: "cli" clusterCreation: "cli"
# verify test on latest k8s version # verify test on latest k8s version
- test: "verify" - test: "verify"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests. azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests.
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
provider: "aws" refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "verify"
attestationVariant: "aws-sev-snp"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
@ -121,80 +141,106 @@ jobs:
# recover test on latest k8s version # recover test on latest k8s version
- test: "recover" - test: "recover"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "recover" - test: "recover"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "recover" - test: "recover"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
# lb test on latest k8s version # lb test on latest k8s version
- test: "lb" - test: "lb"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "lb" - test: "lb"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "lb" - test: "lb"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
# autoscaling test on latest k8s version # autoscaling test on latest k8s version
- test: "autoscaling" - test: "autoscaling"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "autoscaling" - test: "autoscaling"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "autoscaling" - test: "autoscaling"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
# perf-bench test on latest k8s version, not supported on AWS # perf-bench test on latest k8s version, not supported on AWS
- test: "perf-bench" - test: "perf-bench"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "perf-bench" - test: "perf-bench"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
# TODO: check what needs to be done for perf-bench on Azure TDX
#- test: "perf-bench"
# refStream: "ref/main/stream/debug/?"
# attestationVariant: "azure-tdx"
# kubernetes-version: "v1.29"
# clusterCreation: "cli"
# malicious join test on latest k8s version # malicious join test on latest k8s version
- test: "malicious join" - test: "malicious join"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "malicious join" - test: "malicious join"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
- test: "malicious join" - test: "malicious join"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "cli"
- test: "malicious join"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
@ -202,40 +248,50 @@ jobs:
# with Sonobuoy full # with Sonobuoy full
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "self-managed" clusterCreation: "self-managed"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "self-managed" clusterCreation: "self-managed"
- test: "sonobuoy full" - test: "sonobuoy full"
provider: "aws" refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "self-managed"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "self-managed" clusterCreation: "self-managed"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "terraform" clusterCreation: "terraform"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "terraform" clusterCreation: "terraform"
- test: "sonobuoy full" - test: "sonobuoy full"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
clusterCreation: "terraform"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "terraform" clusterCreation: "terraform"
# s3proxy test on latest k8s version # s3proxy test on latest k8s version
- test: "s3proxy" - test: "s3proxy"
refStream: "ref/main/stream/debug/?" refStream: "ref/main/stream/debug/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29" kubernetes-version: "v1.29"
clusterCreation: "cli" clusterCreation: "cli"
@ -246,17 +302,22 @@ jobs:
# verify test on default k8s version # verify test on default k8s version
- test: "verify" - test: "verify"
refStream: "ref/release/stream/stable/?" refStream: "ref/release/stream/stable/?"
provider: "gcp" attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
refStream: "ref/release/stream/stable/?" refStream: "ref/release/stream/stable/?"
provider: "azure" attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
- test: "verify" - test: "verify"
refStream: "ref/release/stream/stable/?" refStream: "ref/release/stream/stable/?"
provider: "aws" attestationVariant: "azure-tdx"
kubernetes-version: "v1.28"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.28" kubernetes-version: "v1.28"
clusterCreation: "cli" clusterCreation: "cli"
@ -274,13 +335,23 @@ jobs:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Split attestationVariant
id: split-attestationVariant
shell: bash
run: |
attestationVariant="${{ matrix.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
- name: Run E2E test - name: Run E2E test
id: e2e_test id: e2e_test
uses: ./.github/actions/e2e_test uses: ./.github/actions/e2e_test
with: with:
workerNodesCount: "2" workerNodesCount: "2"
controlNodesCount: "3" controlNodesCount: "3"
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
attestationVariant: ${{ matrix.attestationVariant }}
osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }}
isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }}
cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }}
@ -313,7 +384,7 @@ jobs:
with: with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
clusterCreation: ${{ matrix.clusterCreation }} clusterCreation: ${{ matrix.clusterCreation }}
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -321,7 +392,7 @@ jobs:
if: always() if: always()
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
with: with:
cloudProvider: ${{ matrix.provider }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -337,7 +408,7 @@ jobs:
refStream: ${{ matrix.refStream }} refStream: ${{ matrix.refStream }}
test: ${{ matrix.test }} test: ${{ matrix.test }}
kubernetesVersion: ${{ matrix.kubernetes-version }} kubernetesVersion: ${{ matrix.kubernetes-version }}
provider: ${{ matrix.provider }} provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
clusterCreation: ${{ matrix.clusterCreation }} clusterCreation: ${{ matrix.clusterCreation }}
e2e-upgrade: e2e-upgrade:
@ -346,7 +417,7 @@ jobs:
max-parallel: 1 max-parallel: 1
matrix: matrix:
fromVersion: ["v2.14.0"] fromVersion: ["v2.14.0"]
cloudProvider: ["gcp", "azure", "aws"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "aws-sev-snp"] # TODO(v2.15) Add azure-tdx to test matrix
name: Run upgrade tests name: Run upgrade tests
secrets: inherit secrets: inherit
permissions: permissions:
@ -357,7 +428,7 @@ jobs:
uses: ./.github/workflows/e2e-upgrade.yml uses: ./.github/workflows/e2e-upgrade.yml
with: with:
fromVersion: ${{ matrix.fromVersion }} fromVersion: ${{ matrix.fromVersion }}
cloudProvider: ${{ matrix.cloudProvider }} attestationVariant: ${{ matrix.attestationVariant }}
nodeCount: '3:2' nodeCount: '3:2'
scheduled: ${{ github.event_name == 'schedule' }} scheduled: ${{ github.event_name == 'schedule' }}

46
.github/workflows/e2e-test.yml vendored
View File

@ -7,14 +7,15 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "gcp" - "gcp-sev-es"
- "azure" - "azure-sev-snp"
- "aws" - "azure-tdx"
default: "azure" - "aws-sev-snp"
default: "azure-sev-snp"
required: true required: true
runner: runner:
description: "Architecture of the runner that executes the CLI" description: "Architecture of the runner that executes the CLI"
@ -71,8 +72,8 @@ on:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
type: string type: string
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: string type: string
required: true required: true
runner: runner:
@ -124,8 +125,8 @@ on:
type: boolean type: boolean
jobs: jobs:
split-nodeCount: generate-input-parameters:
name: Split nodeCount name: Generate input parameters
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions: permissions:
id-token: write id-token: write
@ -133,6 +134,7 @@ jobs:
outputs: outputs:
workerNodes: ${{ steps.split-nodeCount.outputs.workerNodes }} workerNodes: ${{ steps.split-nodeCount.outputs.workerNodes }}
controlPlaneNodes: ${{ steps.split-nodeCount.outputs.controlPlaneNodes }} controlPlaneNodes: ${{ steps.split-nodeCount.outputs.controlPlaneNodes }}
cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
steps: steps:
- name: Split nodeCount - name: Split nodeCount
id: split-nodeCount id: split-nodeCount
@ -150,6 +152,15 @@ jobs:
echo "workerNodes=${workerNodes}" | tee -a "$GITHUB_OUTPUT" echo "workerNodes=${workerNodes}" | tee -a "$GITHUB_OUTPUT"
echo "controlPlaneNodes=${controlPlaneNodes}" | tee -a "$GITHUB_OUTPUT" echo "controlPlaneNodes=${controlPlaneNodes}" | tee -a "$GITHUB_OUTPUT"
- name: Split attestationVariant
id: split-attestationVariant
shell: bash
run: |
attestationVariant="${{ inputs.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
find-latest-image: find-latest-image:
name: Select image name: Select image
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -188,7 +199,7 @@ jobs:
checks: write checks: write
contents: read contents: read
packages: write packages: write
needs: [find-latest-image, split-nodeCount] needs: [find-latest-image, generate-input-parameters]
if: always() && !cancelled() if: always() && !cancelled()
steps: steps:
- name: Install basic tools (macOS) - name: Install basic tools (macOS)
@ -209,16 +220,17 @@ jobs:
ref: ${{ inputs.git-ref }} ref: ${{ inputs.git-ref }}
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: inputs.cloudProvider == 'gcp' && runner.os == 'macOS' if: ${{ needs.generate-input-parameters.outputs.cloudProvider }} == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
- name: Run manual E2E test - name: Run manual E2E test
id: e2e_test id: e2e_test
uses: ./.github/actions/e2e_test uses: ./.github/actions/e2e_test
with: with:
workerNodesCount: ${{ needs.split-nodeCount.outputs.workerNodes }} workerNodesCount: ${{ needs.generate-input-parameters.outputs.workerNodes }}
controlNodesCount: ${{ needs.split-nodeCount.outputs.controlPlaneNodes }} controlNodesCount: ${{ needs.generate-input-parameters.outputs.controlPlaneNodes }}
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
machineType: ${{ inputs.machineType }} machineType: ${{ inputs.machineType }}
regionZone: ${{ inputs.regionZone }} regionZone: ${{ inputs.regionZone }}
gcpProject: constellation-e2e gcpProject: constellation-e2e
@ -254,7 +266,7 @@ jobs:
with: with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
clusterCreation: ${{ inputs.clusterCreation }} clusterCreation: ${{ inputs.clusterCreation }}
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -262,6 +274,6 @@ jobs:
if: always() if: always()
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"

71
.github/workflows/e2e-upgrade.yml vendored
View File

@ -3,14 +3,16 @@ name: e2e test upgrade
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: choice type: choice
options: options:
- "gcp" - "gcp-sev-es"
- "azure" - "azure-sev-snp"
- "aws" - "azure-tdx"
default: "azure" - "aws-sev-snp"
default: "azure-sev-snp"
required: true
nodeCount: nodeCount:
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`." description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
default: "3:2" default: "3:2"
@ -45,8 +47,8 @@ on:
type: string type: string
workflow_call: workflow_call:
inputs: inputs:
cloudProvider: attestationVariant:
description: "Which cloud provider to use." description: "Which attestation variant to use."
type: string type: string
required: true required: true
nodeCount: nodeCount:
@ -85,8 +87,8 @@ on:
required: false required: false
jobs: jobs:
split-nodeCount: generate-input-parameters:
name: Split nodeCount name: Generate input parameters
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions: permissions:
id-token: write id-token: write
@ -94,6 +96,7 @@ jobs:
outputs: outputs:
workerNodes: ${{ steps.split-nodeCount.outputs.workerNodes }} workerNodes: ${{ steps.split-nodeCount.outputs.workerNodes }}
controlPlaneNodes: ${{ steps.split-nodeCount.outputs.controlPlaneNodes }} controlPlaneNodes: ${{ steps.split-nodeCount.outputs.controlPlaneNodes }}
cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
steps: steps:
- name: Split nodeCount - name: Split nodeCount
id: split-nodeCount id: split-nodeCount
@ -111,6 +114,15 @@ jobs:
echo "workerNodes=${workerNodes}" | tee -a "$GITHUB_OUTPUT" echo "workerNodes=${workerNodes}" | tee -a "$GITHUB_OUTPUT"
echo "controlPlaneNodes=${controlPlaneNodes}" | tee -a "$GITHUB_OUTPUT" echo "controlPlaneNodes=${controlPlaneNodes}" | tee -a "$GITHUB_OUTPUT"
- name: Split attestationVariant
id: split-attestationVariant
shell: bash
run: |
attestationVariant="${{ inputs.attestationVariant }}"
cloudProvider="${attestationVariant%%-*}"
echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
build-target-cli: build-target-cli:
name: Build upgrade target version CLI name: Build upgrade target version CLI
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -173,7 +185,7 @@ jobs:
checks: write checks: write
contents: read contents: read
packages: write packages: write
needs: [split-nodeCount] needs: [generate-input-parameters]
outputs: outputs:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
steps: steps:
@ -200,9 +212,10 @@ jobs:
id: e2e_test id: e2e_test
uses: ./.github/actions/e2e_test uses: ./.github/actions/e2e_test
with: with:
workerNodesCount: ${{ needs.split-nodeCount.outputs.workerNodes }} workerNodesCount: ${{ needs.generate-input-parameters.outputs.workerNodes }}
controlNodesCount: ${{ needs.split-nodeCount.outputs.controlPlaneNodes }} controlNodesCount: ${{ needs.generate-input-parameters.outputs.controlPlaneNodes }}
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
attestationVariant: ${{ inputs.attestationVariant }}
osImage: ${{ inputs.fromVersion }} osImage: ${{ inputs.fromVersion }}
isDebugImage: "false" isDebugImage: "false"
cliVersion: ${{ inputs.fromVersion }} cliVersion: ${{ inputs.fromVersion }}
@ -243,7 +256,7 @@ jobs:
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
- name: Upload SA Key - name: Upload SA Key
if: always() && inputs.cloudProvider == 'gcp' if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'gcp'
uses: ./.github/actions/artifact_upload uses: ./.github/actions/artifact_upload
with: with:
name: sa-key name: sa-key
@ -260,7 +273,7 @@ jobs:
contents: read contents: read
packages: write packages: write
needs: needs:
- split-nodeCount - generate-input-parameters
- build-target-cli - build-target-cli
- create-cluster - create-cluster
steps: steps:
@ -300,13 +313,13 @@ jobs:
stream: nightly stream: nightly
- name: Login to GCP (IAM service account) - name: Login to GCP (IAM service account)
if: inputs.cloudProvider == 'gcp' if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp uses: ./.github/actions/login_gcp
with: with:
service_account: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" service_account: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
- name: Login to AWS (IAM role) - name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws' if: needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
@ -315,7 +328,7 @@ jobs:
role-duration-seconds: 21600 role-duration-seconds: 21600
- name: Login to Azure (IAM service principal) - name: Login to Azure (IAM service principal)
if: inputs.cloudProvider == 'azure' if: needs.generate-input-parameters.outputs.cloudProvider == 'azure'
uses: ./.github/actions/login_azure uses: ./.github/actions/login_azure
with: with:
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
@ -333,7 +346,7 @@ jobs:
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
- name: Download SA Key - name: Download SA Key
if: inputs.cloudProvider == 'gcp' if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp'
uses: ./.github/actions/artifact_download uses: ./.github/actions/artifact_download
with: with:
name: sa-key name: sa-key
@ -356,13 +369,13 @@ jobs:
uses: ./.github/actions/constellation_iam_upgrade uses: ./.github/actions/constellation_iam_upgrade
- name: Login to GCP (Cluster service account) - name: Login to GCP (Cluster service account)
if: always() && inputs.cloudProvider == 'gcp' if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp uses: ./.github/actions/login_gcp
with: with:
service_account: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" service_account: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
- name: Login to AWS (Cluster role) - name: Login to AWS (Cluster role)
if: always() && inputs.cloudProvider == 'aws' if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
@ -371,7 +384,7 @@ jobs:
role-duration-seconds: 21600 role-duration-seconds: 21600
- name: Login to Azure (Cluster service principal) - name: Login to Azure (Cluster service principal)
if: always() && inputs.cloudProvider == 'azure' if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'azure'
uses: ./.github/actions/login_azure uses: ./.github/actions/login_azure
with: with:
azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
@ -382,8 +395,8 @@ jobs:
IMAGE: ${{ inputs.toImage && inputs.toImage || steps.find-image.outputs.output }} IMAGE: ${{ inputs.toImage && inputs.toImage || steps.find-image.outputs.output }}
KUBERNETES: ${{ inputs.toKubernetes }} KUBERNETES: ${{ inputs.toKubernetes }}
MICROSERVICES: ${{ inputs.toMicroservices }} MICROSERVICES: ${{ inputs.toMicroservices }}
WORKERNODES: ${{ needs.split-nodeCount.outputs.workerNodes }} WORKERNODES: ${{ needs.generate-input-parameters.outputs.workerNodes }}
CONTROLNODES: ${{ needs.split-nodeCount.outputs.controlPlaneNodes }} CONTROLNODES: ${{ needs.generate-input-parameters.outputs.controlPlaneNodes }}
run: | run: |
echo "Image target: $IMAGE" echo "Image target: $IMAGE"
echo "K8s target: $KUBERNETES" echo "K8s target: $KUBERNETES"
@ -427,7 +440,7 @@ jobs:
contents: read contents: read
packages: write packages: write
if: always() if: always()
needs: [create-cluster, e2e-upgrade] needs: [generate-input-parameters, create-cluster, e2e-upgrade]
steps: steps:
- name: Checkout - name: Checkout
if: inputs.gitRef == 'head' if: inputs.gitRef == 'head'
@ -496,7 +509,7 @@ jobs:
with: with:
clusterCreation: "cli" clusterCreation: "cli"
kubeconfig: ${{ needs.create-cluster.outputs.kubeconfig }} kubeconfig: ${{ needs.create-cluster.outputs.kubeconfig }}
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -504,7 +517,7 @@ jobs:
if: always() if: always()
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
with: with:
cloudProvider: ${{ inputs.cloudProvider }} cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
@ -520,4 +533,4 @@ jobs:
with: with:
projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
test: "upgrade" test: "upgrade"
provider: ${{ inputs.cloudProvider }} provider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}

1
debugd/internal/debugd/logcollector/fields.go
View File

@ -36,6 +36,7 @@ var (
"github.ref-stream": {}, "github.ref-stream": {},
"github.kubernetes-version": {}, "github.kubernetes-version": {},
"github.cluster-creation": {}, "github.cluster-creation": {},
"github.attestation-variant": {},
"deployment-type": {}, // deployment type, e.g. "debugd", "k8s" "deployment-type": {}, // deployment type, e.g. "debugd", "k8s"
} }
) )