Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There are end-to-end tests for Kubernetes sidecars with Conjur Enterprise and follower(s) in Kubernetes #243

Closed
2 tasks done
izgeri opened this issue Mar 15, 2021 · 1 comment · Fixed by #349
Closed
2 tasks done

There are end-to-end tests for Kubernetes sidecars with Conjur Enterprise and follower(s) in Kubernetes #243

izgeri opened this issue Mar 15, 2021 · 1 comment · Fixed by #349
Assignees
@john-odonnell
Labels
component/k8s kind/quality

Comments

@izgeri
Copy link
Contributor

izgeri commented Mar 15, 2021
edited by john-odonnell
Loading

Overview

CI automation is required to perform E2E testing of the deployment of Kubernetes authenticator sidecars
using Conjur Enterprise with followers in the same Kubernetes cluster as the authenticator sidecars.

This task will use the E2E scripting that is created in Issue #239 to do the "backend" work of deploying the authenticators and a sample sidecar application.

However, scripts will need to be added to add a "front-end" installation of Conjur Enterprise with followers in the Kubernetes cluster (to be done before calling the scripts developed for Issue #239). This can probably be based on dap-intro scripts to deploy a Conjur enterprise instance in Jenkins with followers in the Kubernetes cluster.

TBD

  • Which clusters does this need to run in?
    The Conjur followers, authenticator containers, and applications need to run in a "Kubernetes cluster".
    This can probably be either:
    • Jenkins+GKE, or...
    • Github Actions + KinD
      although this may depend upon easily those types of clusters integrate
      with the dap-intro scripts specifically considering how followers can be created in that cluster.
  • Which sidecar flows will run?
    Since E2E flows for all of the authenticator sidecar/init container types is already covered in
    Issue There are end-to-end tests for Kubernetes sidecars with Conjur OSS in Kubernetes #242 (E2E using Conjur OSS), it may be sufficient to test one type of authenticator
    sidecar/init container here. (The assumption here is that if one authenticator sidecar/init
    container type can authenticate with a given configuration, the others "should" work in
    that they should be fairly agnostic of the endpoints they're using for authentication???)
  • Is there prep work that needs to happen in dap-intro to get this working?
    e.g. install/configure k8s follower from dap-intro? Make leader cluster available on a high port
    in dap-intro so that it will be accessible from the cluster?)

Dependencies

DoD

  • CI is able to spin up a Conjur cluster with follower(s) inside the Kubernetes cluster
  • CI is able to successfully run the E2E authenticator / application test script
This was referenced Mar 16, 2021
Closed
Open
@izgeri
Copy link
Contributor Author

izgeri commented Apr 16, 2021

As in #242 - is #247 really required for this? the e2e tests could run with authn-k8s sidecar to start

@john-odonnell john-odonnell self-assigned this Jun 28, 2021
@john-odonnell john-odonnell mentioned this issue Jul 2, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@john-odonnell john-odonnell

Labels
component/k8s kind/quality
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

E2E Workflow scripts test against Enterprise follower in K8s cyberark/conjur-authn-k8s-client
2 participants
@izgeri @john-odonnell