From 1bb67d1d9a6d91398c3fc3be467a15cdaee74fdc Mon Sep 17 00:00:00 2001 From: Thomas Gosteli Date: Tue, 5 Jan 2021 10:54:03 +0100 Subject: [PATCH 1/3] fix(helm): run keel with created serviceaccount and not as cluster-admin ci: test with helm 3 --- .circleci/config.yml | 4 ++-- chart/keel/Chart.yaml | 2 +- chart/keel/templates/clusterrolebinding.yaml | 4 +--- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 462fa11a..1fc45032 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -34,7 +34,7 @@ jobs: shellcheck -x .test/e2e-kind.sh lint-charts: docker: - - image: quay.io/helmpack/chart-testing:v2.0.1 + - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - run: @@ -47,7 +47,7 @@ jobs: machine: true environment: CHART_TESTING_IMAGE: quay.io/helmpack/chart-testing - CHART_TESTING_TAG: v2.0.1 + CHART_TESTING_TAG: v3.3.1 CHARTS_REPO: https://github.com/keel-hq/keel K8S_VERSION: v1.11.3 steps: diff --git a/chart/keel/Chart.yaml b/chart/keel/Chart.yaml index 48c90ba5..164381e2 100644 --- a/chart/keel/Chart.yaml +++ b/chart/keel/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: keel description: Open source, tool for automating Kubernetes deployment updates. Keel is stateless, robust and lightweight. -version: 0.9.5 +version: 0.9.6 # Note that we use appVersion to get images tag, so make sure this is correct. appVersion: 0.16.1 keywords: diff --git a/chart/keel/templates/clusterrolebinding.yaml b/chart/keel/templates/clusterrolebinding.yaml index 91fe9b51..54e1a849 100644 --- a/chart/keel/templates/clusterrolebinding.yaml +++ b/chart/keel/templates/clusterrolebinding.yaml @@ -1,14 +1,12 @@ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 -# apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: {{ template "keel.name" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - # name: {{ template "keel.name" . }} - name: cluster-admin + name: {{ template "keel.name" . }} subjects: - kind: ServiceAccount name: {{ template "serviceAccount.name" . }} From 903265cc351520a82747c1af2a1c962c08434cd3 Mon Sep 17 00:00:00 2001 From: Thomas Gosteli Date: Tue, 5 Jan 2021 12:54:17 +0100 Subject: [PATCH 2/3] ci: test with helm 3 --- .test/e2e-kind.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.test/e2e-kind.sh b/.test/e2e-kind.sh index 2eb455da..10b0301b 100755 --- a/.test/e2e-kind.sh +++ b/.test/e2e-kind.sh @@ -53,19 +53,11 @@ main() { docker cp "$KUBECONFIG" "$config_container_id:/root/.kube/config" # Update in kubeconfig localhost to kind container IP docker exec "$config_container_id" sed -i "s/localhost/$kind_container_ip/g" /root/.kube/config - + echo "Add git remote k8s ${CHARTS_REPO}" git remote add k8s "${CHARTS_REPO}" &> /dev/null || true git fetch k8s master echo - - # Install Tiller with RABC - kubectl -n kube-system create sa tiller - kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller - docker exec "$config_container_id" helm init --service-account tiller - echo "Wait for Tiller to be up and ready..." - until kubectl -n kube-system get pods 2>&1 | grep -w "tiller-deploy" | grep -w "1/1"; do sleep 1; done - echo # Run chart install test docker exec "$config_container_id" ct install --config /workdir/.test/ct.yaml From bf11af686edd375d04e1a2242d965c851fa11a42 Mon Sep 17 00:00:00 2001 From: Thomas Gosteli Date: Tue, 5 Jan 2021 13:33:11 +0100 Subject: [PATCH 3/3] ci: fix ct timeout --- .test/ct.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.test/ct.yaml b/.test/ct.yaml index f3b401c3..6d572330 100644 --- a/.test/ct.yaml +++ b/.test/ct.yaml @@ -4,4 +4,4 @@ chart-dirs: - chart excluded-charts: - common -helm-extra-args: --timeout 800 +helm-extra-args: --timeout 800s