fix: use replacements for poddefaults Certificate #202

Workflow file for this run

.github/workflows/end_to_end_integration_test.yaml at b8f0714

	name: End-to-End Dashboard Integration Test
	on:
	workflow_dispatch:
	pull_request:
	paths:
	- components/**
	- releasing/version/VERSION
	- .github/workflows/end_to_end_integration_test.yaml
	branches:
	- main
	- v*-branch
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.number }}
	cancel-in-progress: true

	env:
	CENTRALDASHBOARD_IMG: ghcr.io/kubeflow/dashboard/dashboard
	CENTRALDASHBOARD_ANGULAR_IMG: ghcr.io/kubeflow/dashboard/dashboard-angular
	PROFILE_CONTROLLER_IMG: ghcr.io/kubeflow/dashboard/profile-controller
	ACCESS_MANAGEMENT_IMG: ghcr.io/kubeflow/dashboard/access-management
	ADMISSION_WEBHOOK_IMG: ghcr.io/kubeflow/dashboard/poddefaults-webhook
	TAG: e2e-test

	jobs:
	end-to-end-test:
	runs-on: ubuntu-22.04
	timeout-minutes: 60
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Install KinD
	run: ./testing/gh-actions/install_kind.sh

	- name: Create KinD Cluster
	run: kind create cluster --config testing/gh-actions/kind-1-33.yaml

	- name: Install kustomize
	run: ./testing/gh-actions/install_kustomize.sh

	- name: Install cert-manager
	run: ./testing/gh-actions/install_cert_manager.sh

	- name: Install Istio
	run: ./testing/gh-actions/install_istio.sh

	- name: Create Kubeflow Namespace
	run: kubectl create namespace kubeflow

	- name: Build KFAM Image
	run: \|
	cd components/access-management
	make docker-build-multi-arch IMG="${ACCESS_MANAGEMENT_IMG}" TAG="${TAG}"
	kind load docker-image "${ACCESS_MANAGEMENT_IMG}:${TAG}"
	cd ../..

	- name: Deploy Profile Controller with KFAM
	run: \|
	cd components/profile-controller
	make docker-build-multi-arch IMG="${PROFILE_CONTROLLER_IMG}" TAG="${TAG}"
	kind load docker-image "${PROFILE_CONTROLLER_IMG}:${TAG}"
	cd config
	kustomize build overlays/kubeflow \
	\| sed "s\|ghcr.io/kubeflow/dashboard/profile-controller:[a-zA-Z0-9_.-]*\|${PROFILE_CONTROLLER_IMG}:${TAG}\|g" \
	\| sed "s\|ghcr.io/kubeflow/dashboard/access-management:[a-zA-Z0-9_.-]*\|${ACCESS_MANAGEMENT_IMG}:${TAG}\|g" \
	\| kubectl apply -f -
	kubectl wait --for=condition=Ready pods -n kubeflow -l kustomize.component=profiles --timeout=300s
	kubectl wait --for=condition=Available deployment -n kubeflow profiles-deployment --timeout=300s

	- name: Wait for Profile CRD to be Available
	run: \|
	timeout=300
	interval=5
	elapsed=0
	while ! kubectl get crd profiles.kubeflow.org >/dev/null 2>&1; do
	if [ $elapsed -ge $timeout ]; then
	exit 1
	fi
	sleep $interval
	elapsed=$((elapsed + interval))
	done
	kubectl wait --for condition=established --timeout=60s crd/profiles.kubeflow.org

	- name: Wait for KFAM to be Ready
	run: \|
	# Verify KFAM container is running in the profiles deployment
	POD_NAME=$(kubectl get pods -n kubeflow -l kustomize.component=profiles -o jsonpath="{.items[0].metadata.name}")
	if [ -n "$POD_NAME" ]; then
	kubectl wait --for=condition=Ready pod/$POD_NAME -n kubeflow --timeout=300s
	kubectl describe pod/$POD_NAME -n kubeflow
	echo "KFAM/access-management container is part of profiles deployment"
	fi

	- name: Deploy Admission Webhook Component
	run: \|
	./testing/gh-actions/deploy_component.sh \
	"components/poddefaults-webhooks" \
	"${ADMISSION_WEBHOOK_IMG}" \
	"${TAG}" \
	"manifests" \
	"overlays/cert-manager"

	- name: Wait for Admission Webhook to be Ready
	run: \|
	kubectl wait --for=condition=Available deployment -n kubeflow poddefaults-webhook-deployment --timeout=300s

	- name: Deploy CentralDashboard Angular Component
	run: \|
	# Set required environment variables for domain name substitution
	export CD_NAMESPACE=kubeflow
	export CD_CLUSTER_DOMAIN=cluster.local

	./testing/gh-actions/deploy_component.sh \
	"components/centraldashboard-angular" \
	"${CENTRALDASHBOARD_ANGULAR_IMG}" \
	"${TAG}" \
	"manifests" \
	"overlays/kserve"

	- name: Wait for CentralDashboard Angular to be Ready
	run: \|
	kubectl wait --for=condition=Available deployment -n kubeflow dashboard-angular --timeout=300s

	- name: Deploy CentralDashboard Component
	run: \|
	export CD_NAMESPACE=kubeflow
	export CD_CLUSTER_DOMAIN=cluster.local
	export CD_NAMESPACE_PLACEHOLDER=kubeflow
	export CD_CLUSTER_DOMAIN_PLACEHOLDER=cluster.local

	./testing/gh-actions/deploy_component.sh \
	"components/centraldashboard" \
	"${CENTRALDASHBOARD_IMG}" \
	"${TAG}" \
	"manifests" \
	"overlays/kserve"

	- name: Wait for CentralDashboard to be Ready
	run: \|
	kubectl wait --for=condition=Available deployment -n kubeflow dashboard --timeout=300s

	- name: Create Test Profiles
	run: \|
	./testing/gh-actions/test_profile.sh create e2e-admin [email protected]
	./testing/gh-actions/test_profile.sh create-simple e2e-user [email protected]

	- name: Validate Profile Integration
	run: \|
	./testing/gh-actions/test_profile.sh validate e2e-admin
	./testing/gh-actions/test_profile.sh validate e2e-user

	- name: Test PodDefault Integration
	run: \|
	./testing/gh-actions/test_poddefault.sh create-namespace e2e-test
	./testing/gh-actions/test_poddefault.sh create-poddefault e2e-test e2e-poddefault
	./testing/gh-actions/test_poddefault.sh test-mutation e2e-test e2e-poddefault e2e-test-pod

	- name: Test KFAM Service Integration
	run: \|
	kubectl get services -n kubeflow \| grep kfam
	kubectl get services -n kubeflow -l kustomize.component=profiles

	POD_NAME=$(kubectl get pods -n kubeflow -l kustomize.component=profiles -o jsonpath="{.items[0].metadata.name}")
	if [ -z "$POD_NAME" ]; then exit 1; fi

	kubectl port-forward -n kubeflow pod/$POD_NAME 8081:8081 &
	PF_PID=$!
	echo $PF_PID > /tmp/kfam_pf.pid
	sleep 5

	curl -v --max-time 10 http://localhost:8081/kfam/ \|\| \
	curl -v --max-time 10 http://localhost:8081/metrics \|\| \
	curl -v --max-time 10 http://localhost:8081/kfam/v1/bindings

	curl -v --max-time 10 -H "kubeflow-userid: [email protected]" \
	http://localhost:8081/kfam/v1/bindings?namespace=e2e-admin

	if [ -f "/tmp/kfam_pf.pid" ]; then
	kill $(cat /tmp/kfam_pf.pid)
	rm -f /tmp/kfam_pf.pid
	fi

	- name: Test CentralDashboard Angular Integration
	run: \|
	POD_NAME=$(kubectl get pods -n kubeflow -l app=dashboard-angular -o jsonpath="{.items[0].metadata.name}")
	if [ -z "$POD_NAME" ]; then exit 1; fi

	kubectl port-forward -n kubeflow pod/$POD_NAME 8082:8082 &
	PF_PID=$!
	echo $PF_PID > /tmp/angular_pf.pid
	sleep 5

	curl -v --max-time 10 http://localhost:8082/

	if [ -f "/tmp/angular_pf.pid" ]; then
	kill $(cat /tmp/angular_pf.pid)
	rm -f /tmp/angular_pf.pid
	fi

	- name: Test CentralDashboard Integration
	run: \|
	POD_NAME=$(kubectl get pods -n kubeflow -l app=dashboard -o jsonpath="{.items[0].metadata.name}")
	if [ -z "$POD_NAME" ]; then exit 1; fi

	kubectl port-forward -n kubeflow pod/$POD_NAME 8083:8082 &
	PF_PID=$!
	echo $PF_PID > /tmp/dashboard_pf.pid
	sleep 5

	curl -v --max-time 10 http://localhost:8083/

	for i in $(seq 1 5); do
	curl -s --max-time 5 http://localhost:8083/ >/dev/null
	done

	if [ -f "/tmp/dashboard_pf.pid" ]; then
	kill $(cat /tmp/dashboard_pf.pid)
	rm -f /tmp/dashboard_pf.pid
	fi

	- name: Test Profile Update with Dashboard Access
	run: \|
	./testing/gh-actions/test_profile.sh update e2e-admin

	kubectl wait --for=condition=available deployment -n kubeflow dashboard --timeout=300s

	POD_NAME=$(kubectl get pods -n kubeflow -l app=dashboard -o jsonpath="{.items[0].metadata.name}")
	if [ -z "$POD_NAME" ]; then exit 1; fi

	kubectl port-forward -n kubeflow pod/$POD_NAME 8085:8082 &
	PF_PID=$!
	echo $PF_PID > /tmp/dashboard_update_pf.pid
	sleep 5

	curl -v -H "kubeflow-userid: e2e-admin" --max-time 10 http://localhost:8085/

	if [ -f "/tmp/dashboard_update_pf.pid" ]; then
	kill $(cat /tmp/dashboard_update_pf.pid)
	rm -f /tmp/dashboard_update_pf.pid
	fi

	- name: Check Component Health and Logs
	run: \|
	./testing/gh-actions/test_service.sh check-logs profiles-deployment kubeflow 30

	kubectl logs -n kubeflow -l kustomize.component=profiles -c access-management --tail=30 \|\| kubectl logs -n kubeflow -l app=profiles-kfam --tail=30

	./testing/gh-actions/test_service.sh check-logs poddefaults-webhook-deployment kubeflow 30

	./testing/gh-actions/test_service.sh check-logs dashboard-angular kubeflow 30

	./testing/gh-actions/test_service.sh check-logs dashboard kubeflow 30

	- name: Check for Component Errors
	run: \|
	./testing/gh-actions/test_service.sh check-errors profiles-deployment kubeflow
	kubectl logs -n kubeflow -l kustomize.component=profiles -c access-management --tail=100 \| grep -i error \|\| true
	./testing/gh-actions/test_service.sh check-errors poddefaults-webhook-deployment kubeflow
	./testing/gh-actions/test_service.sh check-errors dashboard-angular kubeflow
	./testing/gh-actions/test_service.sh check-errors dashboard kubeflow

	- name: Final Integration Validation
	run: \|
	./testing/gh-actions/test_profile.sh list

	kubectl get services -n kubeflow

	kubectl get deployments -n kubeflow

	kubectl get nodes
	kubectl get pods -A

	- name: Cleanup Test Resources
	run: \|
	./testing/gh-actions/test_poddefault.sh cleanup e2e-test
	./testing/gh-actions/test_profile.sh delete e2e-admin
	./testing/gh-actions/test_profile.sh delete e2e-user

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: use replacements for poddefaults Certificate #202

Workflow file

fix: use replacements for poddefaults Certificate #202

Uh oh!

Jobs

Run details

Workflow file for this run