github/podinfo
1
0
Fork 0
mirror of https://github.com/stefanprodan/podinfo.git synced 2026-05-25 02:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #487 from stefanprodan/refactor-release

Browse Source 
Unify docker build and drop support for `linux/arm/v7`
This commit is contained in:
Stefan Prodan
2026-05-20 12:45:35 +03:00
committed by GitHub
parent fc9a372e3d 5751cab6b3
commit ac38ccf245
15 changed files with 138 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.cosign/README.md
View File

@@ -2,14 +2,14 @@
Podinfo release assets (container image, Helm chart, Flux artifact, Timoni module)
are published to GitHub Container Registry and are signed with
[Cosign v2](https://github.com/sigstore/cosign) keyless & GitHub Actions OIDC.
[Cosign v3](https://github.com/sigstore/cosign) keyless & GitHub Actions OIDC.
## Verify podinfo with cosign
Install the [cosign](https://github.com/sigstore/cosign) CLI:
```sh
brew install sigstore/tap/cosign
brew install cosign
```
### Container image
@@ -17,16 +17,16 @@ brew install sigstore/tap/cosign
Verify the podinfo container image hosted on GHCR:
```sh
cosign verify ghcr.io/stefanprodan/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
cosign verify ghcr.io/stefanprodan/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```
Verify the podinfo container image hosted on Docker Hub:
```sh
cosign verify docker.io/stefanprodan/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
cosign verify docker.io/stefanprodan/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```
@@ -35,8 +35,8 @@ cosign verify docker.io/stefanprodan/podinfo:6.5.0 \
Verify the podinfo [Helm](https://helm.sh) chart hosted on GHCR:
```sh
cosign verify ghcr.io/stefanprodan/charts/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
cosign verify ghcr.io/stefanprodan/charts/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```
@@ -45,8 +45,8 @@ cosign verify ghcr.io/stefanprodan/charts/podinfo:6.5.0 \
Verify the podinfo [Flux](https://fluxcd.io) artifact hosted on GHCR:
```sh
cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```
@@ -55,7 +55,7 @@ cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.5.0 \
Verify the podinfo [Timoni](https://timoni.sh) module hosted on GHCR:
```sh
cosign verify ghcr.io/stefanprodan/modules/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
cosign verify ghcr.io/stefanprodan/modules/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
```

18
.github/workflows/e2e.yml vendored
View File

@@ -17,22 +17,16 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Disk Cleanup
uses: ./.github/actions/runner-cleanup
- name: Setup Kubernetes
uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
with:
cluster_name: kind
- name: Build container image
run: |
./test/build.sh
kind load docker-image test/podinfo:latest
- name: Setup Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
with:
version: v4.1.0
- name: Deploy
run: ./test/deploy.sh
- name: Setup Kubernetes
uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
with:
cluster_name: kind
- name: Run integration tests
run: ./test/test.sh
run: ./test/e2e.sh
- name: Debug failure
if: failure()
run: |
@@ -59,7 +53,7 @@ jobs:
cluster_name: kind
- name: Build container
run: |
docker build -t ${PODINFO_IMAGE_URL}:${PODINFO_VERSION} --build-arg "REVISION=${GITHUB_SHA}" -f Dockerfile.xx .
docker build -t ${PODINFO_IMAGE_URL}:${PODINFO_VERSION} --build-arg "REVISION=${GITHUB_SHA}" -f Dockerfile .
kind load docker-image ${PODINFO_IMAGE_URL}:${PODINFO_VERSION}
- name: Vet module
run: |

19
.github/workflows/release.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
- name: Setup Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
with:
version: v4.1.1
version: v4.2.0
- name: Setup QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
with:
@@ -88,10 +88,10 @@ jobs:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile.xx
file: ./Dockerfile
build-args: |
REVISION=${{ steps.prep.outputs.REVISION }}
platforms: linux/amd64,linux/arm/v7,linux/arm64
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Publish Timoni module to GHCR
@@ -113,7 +113,7 @@ jobs:
flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \
--path="./kustomize" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
--revision="${GITHUB_REF_NAME}@sha1:${GITHUB_SHA}"
flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest
- name: Sign artifacts with Cosign
env:
@@ -123,15 +123,6 @@ jobs:
cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes
cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes
- name: Publish base image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
platforms: linux/amd64
file: ./Dockerfile.base
tags: docker.io/stefanprodan/podinfo-base:latest
- name: Publish helm chart
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
@@ -141,7 +132,7 @@ jobs:
flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \
--path="./kustomize" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
--revision="${GITHUB_REF_NAME}@sha1:${GITHUB_SHA}"
flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest
- name: Sign config artifact with cso
run: |

10
Dockerfile.base
View File

@@ -1,10 +0,0 @@
FROM golang:1.26
WORKDIR /workspace
# copy modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# cache modules
RUN go mod download

53
Dockerfile.xx
View File

@@ -1,53 +0,0 @@
ARG GO_VERSION=1.26
ARG XX_VERSION=1.9.0
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine as builder
# Copy the build utilities.
COPY --from=xx / /
ARG TARGETPLATFORM
ARG REVISION
RUN mkdir -p /podinfo/
WORKDIR /podinfo
COPY . .
RUN go mod download
ENV CGO_ENABLED=0
RUN xx-go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podinfo cmd/podinfo/*
RUN xx-go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podcli cmd/podcli/*
FROM alpine:3.23
ARG BUILD_DATE
ARG VERSION
ARG REVISION
LABEL maintainer="stefanprodan"
RUN addgroup -S app \
&& adduser -S -G app app \
&& apk --no-cache add \
ca-certificates curl netcat-openbsd
WORKDIR /home/app
COPY --from=builder /podinfo/bin/podinfo .
COPY --from=builder /podinfo/bin/podcli /usr/local/bin/podcli
COPY ./ui ./ui
RUN chown -R app:app ./
USER app
CMD ["./podinfo"]

22
Makefile
View File

@@ -39,19 +39,6 @@ build-charts:
build-container:
docker build -t $(DOCKER_IMAGE_NAME):$(VERSION) .
build-xx:
docker buildx build \
--platform=linux/amd64 \
-t $(DOCKER_IMAGE_NAME):$(VERSION) \
--load \
-f Dockerfile.xx .
build-base:
docker build -f Dockerfile.base -t $(DOCKER_REPOSITORY)/podinfo-base:latest .
push-base: build-base
docker push $(DOCKER_REPOSITORY)/podinfo-base:latest
test-container:
@docker rm -f podinfo || true
@docker run -dp 9898:9898 --name=podinfo $(DOCKER_IMAGE_NAME):$(VERSION)
@@ -59,15 +46,6 @@ test-container:
@TOKEN=$$(curl -sd 'test' localhost:9898/token | jq -r .token) && \
curl -sH "Authorization: Bearer $${TOKEN}" localhost:9898/token/validate | grep test
push-container:
docker tag $(DOCKER_IMAGE_NAME):$(VERSION) $(DOCKER_IMAGE_NAME):latest
docker push $(DOCKER_IMAGE_NAME):$(VERSION)
docker push $(DOCKER_IMAGE_NAME):latest
docker tag $(DOCKER_IMAGE_NAME):$(VERSION) quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
docker tag $(DOCKER_IMAGE_NAME):$(VERSION) quay.io/$(DOCKER_IMAGE_NAME):latest
docker push quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
docker push quay.io/$(DOCKER_IMAGE_NAME):latest
version-set:
@next="$(TAG)" && \
current="$(VERSION)" && \

1
charts/podinfo/Chart.yaml
View File

@@ -2,7 +2,6 @@ apiVersion: v1
version: 6.11.2
appVersion: 6.11.2
name: podinfo
engine: gotpl
description: Podinfo Helm chart for Kubernetes
home: https://github.com/stefanprodan/podinfo
maintainers:

160
charts/podinfo/README.md
View File

@@ -24,7 +24,7 @@ To verify a chart version with Cosign:
```console
$ cosign verify ghcr.io/stefanprodan/charts/podinfo:<VERSION> \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--certificate-identity-regexp=^https://github\\.com/stefanprodan/podinfo/.*$
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$"
```
Alternatively, you can install the chart from GitHub pages:
@@ -52,85 +52,85 @@ The command removes all the Kubernetes components associated with the chart and
The following tables lists the configurable parameters of the podinfo chart and their default values.
| Parameter | Default | Description |
|--------------------------------------------------|--------------------------------|---------------------------------------------------------------------------------------------------|
| `replicaCount` | `1` | Desired number of pods |
| `logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error` |
| `backend` | `None` | Echo backend URL |
| `backends` | `[]` | Array of echo backend URLs |
| `cache` | `None` | Redis address in the format `tcp://<host>:<port>` |
| `redis.enabled` | `false` | Create Redis deployment for caching purposes |
| `redis.repository` | `docker.io/redis` | Redis image repository |
| `redis.tag` | `<VERSION>` | Redis image tag |
| `redis.imagePullSecrets` | `[]` | Redis image pull secrets |
| `ui.color` | `#34577c` | UI color |
| `ui.message` | `None` | UI greetings message |
| `ui.logo` | `None` | UI logo |
| `faults.delay` | `false` | Random HTTP response delays between 0 and 5 seconds |
| `faults.error` | `false` | 1/3 chances of a random HTTP response error |
| `faults.unhealthy` | `false` | When set, the healthy state is never reached |
| `faults.unready` | `false` | When set, the ready state is never reached |
| `faults.testFail` | `false` | When set, a helm test is included which always fails |
| `faults.testTimeout` | `false` | When set, a helm test is included which always times out |
| `image.repository` | `ghcr.io/stefanprodan/podinfo` | Image repository |
| `image.tag` | `<VERSION>` | Image tag |
| `image.pullPolicy` | `IfNotPresent` | Image pull policy |
| `image.pullSecrets` | `[]` | Image pull secrets |
| `service.enabled` | `true` | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app) |
| `service.type` | `ClusterIP` | Type of the Kubernetes Service |
| `service.metricsPort` | `9797` | Prometheus metrics endpoint port |
| `service.httpPort` | `9898` | Container HTTP port |
| `service.externalPort` | `9898` | ClusterIP HTTP port |
| `service.grpcPort` | `9999` | ClusterIP gPRC port |
| `service.grpcService` | `podinfo` | gPRC service name |
| `service.nodePort` | `31198` | NodePort for the HTTP endpoint |
| `service.trafficDistribution` | `""` | Traffic distribution strategy |
| `service.additionalLabels` | `{}` | Additional labels to add to the service |
| `service.externalTrafficPolicy` | `None` | External traffic policy for LoadBalance service |
| `h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2) |
| `extraArgs` | `[]` | Additional command line arguments to pass to podinfo container |
| `extraEnvs` | `[]` | Extra environment variables for the podinfo container |
| `config.path` | `""` | config file path |
| `config.name` | `""` | config file name |
| `hpa.enabled` | `false` | Enables the Kubernetes HPA |
| `hpa.maxReplicas` | `10` | Maximum amount of pods |
| `hpa.cpu` | `None` | Target CPU usage per pod |
| `hpa.memory` | `None` | Target memory usage per pod |
| `hpa.requests` | `None` | Target HTTP requests per second per pod |
| `serviceAccount.enabled` | `false` | Whether a service account should be created |
| `serviceAccount.name` | `None` | The name of the service account to use, if not set a name is generated using the fullname template|
| `serviceAccount.imagePullSecrets` | `[]` | List of image pull secrets if pulling from private registries |
| `securityContext` | `{}` | The security context to be set on the podinfo container |
| `podSecurityContext` | `{}` | The security context to be set on the pod |
| `podAnnotations` | `{}` | Pod annotations |
| `serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created |
| `serviceMonitor.interval` | `15s` | Prometheus scraping interval |
| `serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
| `ingress.enabled` | `false` | Enables Ingress |
| `ingress.className` | `""` | Use ingressClassName |
| `ingress.additionalLabels` | `{}` | Add additional labels to the ingress |
| `ingress.annotations` | `{}` | Ingress annotations |
| `ingress.hosts` | `[]` | Ingress accepted hosts |
| `ingress.tls` | `[]` | Ingress TLS configuration |
| `httpRoute.enabled` | `false` | Enables Gateway API HTTPRoute |
| `httpRoute.additionalLabels` | `{}` | Add additional labels to the HTTPRoute |
| `httpRoute.annotations` | `{}` | HTTPRoute annotations |
| `httpRoute.parentRefs` | `[]` | Gateways that this route is attached to |
| `httpRoute.hostnames` | `["podinfo.local"]` | Hostnames matching HTTP header |
| `httpRoute.rules` | `[]` | List of rules and filters applied |
| `hooks.<hookType>.job.enabled` | `false` | Create a Helm hook job for testing (hookType: see values.yaml for available hooks) |
| `hooks.<hookType>.job.hookDeletePolicy` | `hook-succeeded,hook-failed` | Helm hook delete policy |
| `hooks.<hookType>.job.ttlSecondsAfterFinished` | `None` | Job TTL after finished |
| `hooks.<hookType>.job.sleepSeconds` | `None` | Sleep duration before job exits |
| `hooks.<hookType>.job.exitCode` | `0` | Job exit code |
| `resources.requests.cpu` | `1m` | Pod CPU request |
| `resources.requests.memory` | `16Mi` | Pod memory request |
| `resources.limits.cpu` | `None` | Pod CPU limit |
| `resources.limits.memory` | `None` | Pod memory limit |
| `nodeSelector` | `{}` | Node labels for pod assignment |
| `tolerations` | `[]` | List of node taints to tolerate |
| `affinity` | `None` | Node/pod affinities |
| `priorityClassName` | `""` | Pod priority class name |
| Parameter | Default | Description |
|------------------------------------------------|--------------------------------|----------------------------------------------------------------------------------------------------|
| `replicaCount` | `1` | Desired number of pods |
| `logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error` |
| `backend` | `None` | Echo backend URL |
| `backends` | `[]` | Array of echo backend URLs |
| `cache` | `None` | Redis address in the format `tcp://<host>:<port>` |
| `redis.enabled` | `false` | Create Redis deployment for caching purposes |
| `redis.repository` | `docker.io/redis` | Redis image repository |
| `redis.tag` | `<VERSION>` | Redis image tag |
| `redis.imagePullSecrets` | `[]` | Redis image pull secrets |
| `ui.color` | `#34577c` | UI color |
| `ui.message` | `None` | UI greetings message |
| `ui.logo` | `None` | UI logo |
| `faults.delay` | `false` | Random HTTP response delays between 0 and 5 seconds |
| `faults.error` | `false` | 1/3 chances of a random HTTP response error |
| `faults.unhealthy` | `false` | When set, the healthy state is never reached |
| `faults.unready` | `false` | When set, the ready state is never reached |
| `faults.testFail` | `false` | When set, a helm test is included which always fails |
| `faults.testTimeout` | `false` | When set, a helm test is included which always times out |
| `image.repository` | `ghcr.io/stefanprodan/podinfo` | Image repository |
| `image.tag` | `<VERSION>` | Image tag |
| `image.pullPolicy` | `IfNotPresent` | Image pull policy |
| `image.pullSecrets` | `[]` | Image pull secrets |
| `service.enabled` | `true` | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app) |
| `service.type` | `ClusterIP` | Type of the Kubernetes Service |
| `service.metricsPort` | `9797` | Prometheus metrics endpoint port |
| `service.httpPort` | `9898` | Container HTTP port |
| `service.externalPort` | `9898` | ClusterIP HTTP port |
| `service.grpcPort` | `9999` | ClusterIP gPRC port |
| `service.grpcService` | `podinfo` | gPRC service name |
| `service.nodePort` | `31198` | NodePort for the HTTP endpoint |
| `service.trafficDistribution` | `""` | Traffic distribution strategy |
| `service.additionalLabels` | `{}` | Additional labels to add to the service |
| `service.externalTrafficPolicy` | `None` | External traffic policy for LoadBalance service |
| `h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2) |
| `extraArgs` | `[]` | Additional command line arguments to pass to podinfo container |
| `extraEnvs` | `[]` | Extra environment variables for the podinfo container |
| `config.path` | `""` | config file path |
| `config.name` | `""` | config file name |
| `hpa.enabled` | `false` | Enables the Kubernetes HPA |
| `hpa.maxReplicas` | `10` | Maximum amount of pods |
| `hpa.cpu` | `None` | Target CPU usage per pod |
| `hpa.memory` | `None` | Target memory usage per pod |
| `hpa.requests` | `None` | Target HTTP requests per second per pod |
| `serviceAccount.enabled` | `false` | Whether a service account should be created |
| `serviceAccount.name` | `None` | The name of the service account to use, if not set a name is generated using the fullname template |
| `serviceAccount.imagePullSecrets` | `[]` | List of image pull secrets if pulling from private registries |
| `securityContext` | `{}` | The security context to be set on the podinfo container |
| `podSecurityContext` | `{}` | The security context to be set on the pod |
| `podAnnotations` | `{}` | Pod annotations |
| `serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created |
| `serviceMonitor.interval` | `15s` | Prometheus scraping interval |
| `serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
| `ingress.enabled` | `false` | Enables Ingress |
| `ingress.className` | `""` | Use ingressClassName |
| `ingress.additionalLabels` | `{}` | Add additional labels to the ingress |
| `ingress.annotations` | `{}` | Ingress annotations |
| `ingress.hosts` | `[]` | Ingress accepted hosts |
| `ingress.tls` | `[]` | Ingress TLS configuration |
| `httpRoute.enabled` | `false` | Enables Gateway API HTTPRoute |
| `httpRoute.additionalLabels` | `{}` | Add additional labels to the HTTPRoute |
| `httpRoute.annotations` | `{}` | HTTPRoute annotations |
| `httpRoute.parentRefs` | `[]` | Gateways that this route is attached to |
| `httpRoute.hostnames` | `["podinfo.local"]` | Hostnames matching HTTP header |
| `httpRoute.rules` | `[]` | List of rules and filters applied |
| `hooks.<hookType>.job.enabled` | `false` | Create a Helm hook job for testing (hookType: see values.yaml for available hooks) |
| `hooks.<hookType>.job.hookDeletePolicy` | `hook-succeeded,hook-failed` | Helm hook delete policy |
| `hooks.<hookType>.job.ttlSecondsAfterFinished` | `None` | Job TTL after finished |
| `hooks.<hookType>.job.sleepSeconds` | `None` | Sleep duration before job exits |
| `hooks.<hookType>.job.exitCode` | `0` | Job exit code |
| `resources.requests.cpu` | `1m` | Pod CPU request |
| `resources.requests.memory` | `16Mi` | Pod memory request |
| `resources.limits.cpu` | `None` | Pod CPU limit |
| `resources.limits.memory` | `None` | Pod memory limit |
| `nodeSelector` | `{}` | Node labels for pod assignment |
| `tolerations` | `[]` | List of node taints to tolerate |
| `affinity` | `None` | Node/pod affinities |
| `priorityClassName` | `""` | Pod priority class name |
Specify each parameter using the `--set key=value[,key=value]` argument:

2
charts/podinfo/values-prod.yaml
View File

@@ -96,7 +96,7 @@ cache: ""
redis:
enabled: true
repository: redis
tag: 8.6.1
tag: 8.6.3
serviceAccount:
# Specifies whether a service account should be created

2
charts/podinfo/values.yaml
View File

@@ -169,7 +169,7 @@ cache: ""
redis:
enabled: false
repository: docker.io/redis
tag: 8.6.1
tag: 8.6.3
imagePullSecrets: []
serviceAccount:

2
deploy/bases/cache/deployment.yaml vendored
View File

@@ -13,7 +13,7 @@ spec:
spec:
containers:
- name: redis
image: docker.io/redis:8.6.1
image: docker.io/redis:8.6.3
imagePullPolicy: IfNotPresent
command:
- redis-server

7
test/build.sh
View File

@@ -1,7 +0,0 @@
#! /usr/bin/env sh
set -e
# build the docker file
GIT_COMMIT=$(git rev-list -1 HEAD) && \
DOCKER_BUILDKIT=1 docker build --tag test/podinfo --build-arg "REVISION=${GIT_COMMIT}" .

30
test/deploy.sh
View File

@@ -1,30 +0,0 @@
#! /usr/bin/env sh
# install cert-manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
# wait for cert manager
kubectl -n cert-manager rollout status deployment/cert-manager --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-webhook --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-cainjector --timeout=2m
# install self-signed certificate
cat << 'EOF' | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed
spec:
selfSigned: {}
EOF
# install podinfo with tls enabled
helm upgrade --install podinfo ./charts/podinfo \
--set image.repository=test/podinfo \
--set image.tag=latest \
--set tls.enabled=true \
--set certificate.create=true \
--set hpa.enabled=true \
--set hpa.cpu=95 \
--set hooks.postInstall.job.enabled=true \
--namespace=default

44
test/e2e.sh
View File

@@ -2,19 +2,39 @@
set -e
SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
# Build container image
docker build --tag test/podinfo --build-arg "REVISION=0.0.0-$(git rev-list -1 HEAD)" .
# run the build
$SCRIPT_DIR/build.sh
# create the kind cluster
kind create cluster || true
# load the docker image
# Load image in cluster
kind load docker-image test/podinfo:latest
# run the deploy
$SCRIPT_DIR/deploy.sh
# Install cert-manager
kubectl apply --server-side -f https://github.com/cert-manager/cert-manager/releases/download/v1.20.2/cert-manager.yaml
kubectl -n cert-manager rollout status deployment/cert-manager --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-webhook --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-cainjector --timeout=2m
# run the tests
$SCRIPT_DIR/test.sh
# Configure self-signed certificate
cat << 'EOF' | kubectl apply --server-side -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed
spec:
selfSigned: {}
EOF
# Install podinfo with TLS enabled
helm upgrade --install --wait podinfo ./charts/podinfo \
--set image.repository=test/podinfo \
--set image.tag=latest \
--set tls.enabled=true \
--set certificate.create=true \
--set hpa.enabled=true \
--set hpa.cpu=95 \
--set replicaCount=2 \
--set hooks.postInstall.job.enabled=true \
--namespace=default
# Run tests
helm test podinfo

9
test/test.sh
View File

@@ -1,9 +0,0 @@
#1 /usr/bin/env sh
set -e
# wait for podinfo
kubectl rollout status deployment/podinfo --timeout=3m
# test podinfo
helm test podinfo