mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-14 02:14:21 -05:00
d5e4435e3d
* .github: add e2e test to pr checklist * ci: use sonobuoy quick where possible * ci: run malicious join test on release * ci: remove self managed infra test * ci: remove non-example terraform test from weekly * ci: run Sonobuoy full on the latest k8s version weekly * ci: run weekly sonobuoy quick on all k8s versions * ci: don't run double sonobuoy tests on latest k8s version
79 lines
2.7 KiB
YAML
79 lines
2.7 KiB
YAML
name: Constellation destroy
|
|
description: "Destroy a running Constellation cluster."
|
|
|
|
inputs:
|
|
kubeconfig:
|
|
description: "The kubeconfig for the cluster."
|
|
required: true
|
|
clusterCreation:
|
|
description: "How the infrastructure for the e2e test was created. One of [cli, terraform]."
|
|
default: "cli"
|
|
gcpClusterDeleteServiceAccount:
|
|
description: "Service account with permissions to delete a Constellation cluster on GCP."
|
|
required: true
|
|
azureClusterDeleteCredentials:
|
|
description: "Azure credentials authorized to delete a Constellation cluster."
|
|
required: true
|
|
cloudProvider:
|
|
description: "Either 'aws', 'azure' or 'gcp'."
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Delete persistent volumes
|
|
if: inputs.kubeconfig != ''
|
|
shell: bash
|
|
env:
|
|
KUBECONFIG: ${{ inputs.kubeconfig }}
|
|
PV_DELETION_TIMEOUT: "120" # 2 minutes timeout for pv deletion
|
|
run: |
|
|
ELAPSED=0
|
|
echo "::group::Wait for PV deletion"
|
|
|
|
# Scrap namespaces that contain PVCs
|
|
for namespace in `kubectl get namespace --no-headers=true -o custom-columns=":metadata.name"`; do
|
|
if [[ `kubectl get pvc -n $namespace --no-headers=true -o custom-columns=":metadata.name" | wc -l` -gt 0 ]]; then
|
|
kubectl delete namespace $namespace --wait
|
|
fi
|
|
done
|
|
|
|
until [[ "$(kubectl get pv -o json | jq '.items | length')" == "0" ]] || [[ $ELAPSED -gt $PV_DELETION_TIMEOUT ]];
|
|
do
|
|
echo $(kubectl get pv -o json | jq '.items | length') PV remaining..
|
|
sleep 1
|
|
ELAPSED=$((ELAPSED+1))
|
|
done
|
|
if [[ $ELAPSED -gt $PV_DELETION_TIMEOUT ]]; then
|
|
echo "Timed out waiting for PV deletion.."
|
|
exit 1
|
|
fi
|
|
echo "::endgroup::"
|
|
|
|
- name: Login to GCP (Cluster service account)
|
|
if: inputs.cloudProvider == 'gcp'
|
|
uses: ./.github/actions/login_gcp
|
|
with:
|
|
service_account: ${{ inputs.gcpClusterDeleteServiceAccount }}
|
|
|
|
- name: Login to AWS (Cluster role)
|
|
if: inputs.cloudProvider == 'aws'
|
|
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
|
|
with:
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
|
|
aws-region: eu-central-1
|
|
# extend token expiry to 6 hours to ensure constellation can terminate
|
|
role-duration-seconds: 21600
|
|
|
|
- name: Login to Azure (Cluster service principal)
|
|
if: inputs.cloudProvider == 'azure'
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ inputs.azureClusterDeleteCredentials }}
|
|
|
|
- name: Constellation terminate
|
|
shell: bash
|
|
run: |
|
|
constellation terminate --yes --tf-log=DEBUG
|
|
|