diff --git a/.env b/.env index 9d59fde8e..407f32245 100644 --- a/.env +++ b/.env @@ -6,4 +6,9 @@ KUBECTL_VERSION=v1.28.0 AZ_CLI_VERSION=2.30.0 EKSCTL_VERSION=v0.143.0 EKS_CLUSTER_K8_VERSION=1.26 -SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:9.1.1 +SPLUNK_ENTERPRISE_RELEASE_IMAGE=docker.io/splunk/splunk:9.1.2 +SPLUNK_CURRENT_IMAGE=splunk/splunk:9.1.2 +SPLUNK_PREVIOUS_IMAGE=splunk/splunk:9.0.6 +ECR_REPOSITORY=docker.io +AWS_DEFAULT_REGION=us-west-2 +SPLUNK_OPERATOR_IMAGE_NAME=splunk/splunk-operator diff --git a/.github/workflows/build-test-push-workflow.yml b/.github/workflows/build-test-push-workflow.yml index f87fc8635..bd1abb358 100644 --- a/.github/workflows/build-test-push-workflow.yml +++ b/.github/workflows/build-test-push-workflow.yml @@ -49,10 +49,10 @@ jobs: runs-on: ubuntu-latest needs: unit-tests env: - SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} - SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} - S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # SPLUNK_ENTERPRISE_IMAGE: ${{ env.SPLUNK_ENTERPRISE_IMAGE }} + # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator + # S3_REGION: ${{ env.AWS_DEFAULT_REGION }} steps: - uses: actions/checkout@v2 - name: Dotenv Action @@ -80,25 +80,25 @@ jobs: with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + aws-region: ${{ steps.dotenv.outputs.AWS_DEFAULT_REGION }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - name: Make Splunk Operator Image run: | - make docker-build IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + make docker-build IMG=${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA - name: Push Splunk Operator Image to ECR run: | - echo "Uploading Image to ECR:: ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" - make docker-push IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + echo "Uploading Image to ECR:: ${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" + make docker-push IMG=${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA vulnerability-scan: runs-on: ubuntu-latest needs: build-operator-image - env: - SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} - SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator - ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} - S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + #env: + # SPLUNK_ENTERPRISE_IMAGE: ${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_IMAGE }} + # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator + # ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} + # S3_REGION: ${{ steps.dotenv.outputs.AWS_DEFAULT_REGION }} steps: - uses: actions/checkout@v2 - name: Dotenv Action @@ -111,16 +111,16 @@ jobs: with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + aws-region: ${{ steps.dotenv.outputs.AWS_DEFAULT_REGION }} - name: Login to Amazon ECR uses: aws-actions/amazon-ecr-login@v1 - name: Pull Splunk Operator Image Locally run: | - docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + docker pull ${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA - name: Setup clair scanner run: make setup_clair_scanner - name: Scan container image - run: make run_clair_scan IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + run: make run_clair_scan IMG=${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA - name: Stop clair scanner run: make stop_clair_scanner - name: Save scan results as artifacts @@ -133,6 +133,7 @@ jobs: strategy: fail-fast: false matrix: + splunk_version: [ "splunk/splunk:9.0.6", "splunk/splunk:9.1.2" ] test: [ basic, appframeworks1, @@ -141,12 +142,17 @@ jobs: managersecret, managermc, ] + include: + - splunk_version: "splunk/splunk:9.0.6" + row: "9-0-6" + - splunk_version: "splunk/splunk:9.1.2" + row: "9-1-2" runs-on: ubuntu-latest env: CLUSTER_NODES: 1 CLUSTER_WORKERS: 3 - SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} - SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_RELEASE_IMAGE }} + SPLUNK_ENTERPRISE_IMAGE: ${{ matrix.splunk_version }} + #SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }} SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator TEST_FOCUS: "${{ matrix.test }}" @@ -159,7 +165,7 @@ jobs: TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }} ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }} - S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + #S3_REGION: ${{ steps.dotenv.outputs.AWS_DEFAULT_REGION }} ENTERPRISE_LICENSE_LOCATION: ${{ secrets.ENTERPRISE_LICENSE_LOCATION }} EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }} CLUSTER_WIDE: "true" @@ -167,16 +173,16 @@ jobs: steps: - name: Set Test Cluster Name run: | - echo "TEST_CLUSTER_NAME=eks-integration-test-cluster-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV + echo "TEST_CLUSTER_NAME=eks-integration-test-${{ matrix.row }}-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV - name: Chekcout code uses: actions/checkout@v2 - name: Dotenv Action id: dotenv uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 - - name: Change splunk enterprise to release image on main branches - if: github.ref == 'refs/heads/main' - run: | - echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV + #- name: Change splunk enterprise to release image on main branches + # if: github.ref == 'refs/heads/main' + # run: | + # echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV - name: Install Kubectl uses: Azure/setup-kubectl@v3 with: @@ -219,7 +225,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN}} - name: Pull Splunk Enterprise Image - run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }} + run: docker pull ${{ matrix.splunk_version }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: @@ -231,14 +237,14 @@ jobs: uses: aws-actions/amazon-ecr-login@v1 - name: Tag and Push Splunk Enterprise Image to ECR run: | - docker tag ${{ env.SPLUNK_ENTERPRISE_IMAGE }} ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} - docker push ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} + docker tag ${{ matrix.splunk_version }} ${{ secrets.ECR_REPOSITORY }}/${{ matrix.splunk_version }} + docker push ${{ secrets.ECR_REPOSITORY }}/${{ matrix.splunk_version }} - name: Pull Splunk Operator Image Locally run: | - docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + docker pull ${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA - name: Change Operator Image Tag to latest run: | - docker tag ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:latest + docker tag ${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:latest - name: Create EKS cluster run: | export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }} @@ -315,9 +321,9 @@ jobs: uses: aws-actions/amazon-ecr-login@v1 - name: Pull Splunk Operator Image Locally run: | - docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA + docker pull ${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA - name: Change Operator Image Tag to latest run: | - docker tag ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} + docker tag ${{ secrets.ECR_REPOSITORY }}/${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ steps.dotenv.outputs.TAG }} - name: Push Splunk Operator Image to Docker Hub - run: docker push ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} \ No newline at end of file + run: docker push ${{ steps.dotenv.outputs.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ steps.dotenv.outputs.TAG }} \ No newline at end of file diff --git a/.github/workflows/int-test-workflow.yml b/.github/workflows/int-test-workflow.yml index 17b34ff19..fe1960784 100644 --- a/.github/workflows/int-test-workflow.yml +++ b/.github/workflows/int-test-workflow.yml @@ -5,6 +5,7 @@ on: - develop - main - feature** + - multi-version-support jobs: build-operator-image: runs-on: ubuntu-latest diff --git a/test/deploy-eks-cluster.sh b/test/deploy-eks-cluster.sh index a4e7d47f0..55bffe56e 100755 --- a/test/deploy-eks-cluster.sh +++ b/test/deploy-eks-cluster.sh @@ -35,7 +35,7 @@ function deleteCluster() { echo "Unable to delete cluster - ${TEST_CLUSTER_NAME}" return 1 fi - rolename=$(echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF)}') + rolename=$(echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF-4) "_" $(NF-3) "_" $(NF-2) "_" $(NF)}') role_attached_policies=$(aws iam list-attached-role-policies --role-name $rolename --query 'AttachedPolicies[*].PolicyArn' --output text) for policy_arn in ${role_attached_policies}; do @@ -87,7 +87,7 @@ function createCluster() { } ] }" >aws-ebs-csi-driver-trust-policy.json - rolename=$(echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF)}') + rolename=$(echo ${TEST_CLUSTER_NAME} | awk -F- '{print "EBS_" $(NF-1) "_" $(NF-4) "_" $(NF-3) "_" $(NF-2) "_" $(NF)}') aws iam create-role --role-name ${rolename} --assume-role-policy-document file://aws-ebs-csi-driver-trust-policy.json --description "irsa role for ${TEST_CLUSTER_NAME}" aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --role-name ${rolename} kubectl annotate serviceaccount -n $namespace $service_account eks.amazonaws.com/role-arn=arn:aws:iam::$account_id:role/${rolename} diff --git a/test/run-tests.sh b/test/run-tests.sh index 27e01ac29..89863fe47 100755 --- a/test/run-tests.sh +++ b/test/run-tests.sh @@ -22,7 +22,7 @@ if [ -n "${PRIVATE_REGISTRY}" ]; then PRIVATE_SPLUNK_ENTERPRISE_IMAGE=${PRIVATE_REGISTRY}/${SPLUNK_ENTERPRISE_IMAGE} echo "docker images -q ${SPLUNK_OPERATOR_IMAGE}" # Don't pull splunk operator if exists locally since we maybe building it locally - if [ -z $(docker images -q ${SPLUNK_OPERATOR_IMAGE}) ]; then + if [ -z $(docker images -q ${SPLUNK_OPERATOR_IMAGE}) ]; then docker pull ${SPLUNK_OPERATOR_IMAGE} if [ $? -ne 0 ]; then echo "Unable to pull ${SPLUNK_OPERATOR_IMAGE}. Exiting..." @@ -55,7 +55,7 @@ if [ -n "${PRIVATE_REGISTRY}" ]; then docker images fi -if [ "${DEPLOYMENT_TYPE}" == "helm" ]; then +if [ "${DEPLOYMENT_TYPE}" == "helm" ]; then echo "Installing Splunk Operator using Helm charts" helm uninstall splunk-operator -n splunk-operator if [ "${CLUSTER_WIDE}" != "true" ]; then @@ -63,14 +63,15 @@ if [ "${DEPLOYMENT_TYPE}" == "helm" ]; then else helm install splunk-operator --create-namespace --namespace splunk-operator --set splunkOperator.image.repository=${PRIVATE_SPLUNK_OPERATOR_IMAGE} --set image.repository=${PRIVATE_SPLUNK_ENTERPRISE_IMAGE} helm-chart/splunk-operator fi -elif [ "${CLUSTER_WIDE}" != "true" ]; then +elif [ "${CLUSTER_WIDE}" != "true" ]; then # Install the CRDs echo "Installing enterprise CRDs..." - make kustomize + make kustomize make uninstall bin/kustomize build config/crd | kubectl create -f - else echo "Installing enterprise operator from ${PRIVATE_SPLUNK_OPERATOR_IMAGE}..." + echo 'make deploy IMG=${PRIVATE_SPLUNK_OPERATOR_IMAGE} SPLUNK_ENTERPRISE_IMAGE=${PRIVATE_SPLUNK_ENTERPRISE_IMAGE} WATCH_NAMESPACE=""' make deploy IMG=${PRIVATE_SPLUNK_OPERATOR_IMAGE} SPLUNK_ENTERPRISE_IMAGE=${PRIVATE_SPLUNK_ENTERPRISE_IMAGE} WATCH_NAMESPACE="" fi @@ -79,13 +80,15 @@ if [ $? -ne 0 ]; then exit 1 fi -if [ "${CLUSTER_WIDE}" == "true" ]; then +if [ "${CLUSTER_WIDE}" == "true" ]; then echo "wait for operator pod to be ready..." # sleep before checking for deployment, in slow clusters deployment call may not even started # in those cases, kubectl will fail with error: no matching resources found sleep 2 kubectl wait --for=condition=ready pod -l control-plane=controller-manager --timeout=600s -n splunk-operator if [ $? -ne 0 ]; then + kubectl get pods -n splunk-operator + kubectl describe pvc -n splunk-operator echo "Operator installation not ready..." exit 1 fi @@ -98,14 +101,14 @@ if [ -z "$rc" ]; then go get github.com/onsi/gomega/... go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@latest -fi +fi echo "Running test using number of nodes: ${NUM_NODES}" echo "Running test using these images: ${PRIVATE_SPLUNK_OPERATOR_IMAGE} and ${PRIVATE_SPLUNK_ENTERPRISE_IMAGE}..." -# Check if test focus is set +# Check if test focus is set if [[ -z "${TEST_FOCUS}" ]]; then TEST_TO_RUN="${TEST_REGEX}" echo "Test focus not set running smoke test by default :: ${TEST_TO_RUN}"