diff --git a/.github/workflows/e2e-openshift.yaml b/.github/workflows/e2e-openshift.yaml new file mode 100644 index 00000000..f40739c2 --- /dev/null +++ b/.github/workflows/e2e-openshift.yaml @@ -0,0 +1,55 @@ +name: e2e-openshift + +on: + workflow_dispatch: + push: + branches: [ 'main', 'update-components', 'openshift-*', 'release/**' ] + +permissions: + contents: read + +jobs: + e2e-openshift: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - name: Setup Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: 'go.mod' + cache-dependency-path: | + **/go.sum + **/go.mod + - name: Prepare + id: prep + run: | + ID=${GITHUB_SHA:0:7}-$(date +%s) + echo "cluster=fluxcd-openshift-${ID}" >> $GITHUB_OUTPUT + - name: Setup Kustomize + uses: fluxcd/pkg/actions/kustomize@main + - name: Build + run: make build-dev + - name: Create cluster + id: create-cluster + uses: replicatedhq/compatibility-actions/create-cluster@v1 + with: + api-token: ${{ secrets.REPLICATED_API_TOKEN }} + kubernetes-distribution: "openshift" + kubernetes-version: "4.15.0-okd" + ttl: 20m + cluster-name: "${{ steps.prep.outputs.cluster }}" + - name: Run flux check + run: | + echo "${{ steps.create-cluster.outputs.cluster-kubeconfig }}" > kubeconfig.yaml + ./bin/flux check --kubeconfig=kubeconfig.yaml + - name: Apply openshift prerequisites + run: | + kubectl apply -k ./manifests/openshift --kubeconfig=kubeconfig.yaml + - name: Remove cluster + if: ${{ always() }} + uses: replicatedhq/replicated-actions/remove-cluster@v1 + continue-on-error: true + with: + api-token: ${{ secrets.REPLICATED_API_TOKEN }} + cluster-id: ${{ steps.create-cluster.outputs.cluster-id }} diff --git a/manifests/openshift/kustomization.yaml b/manifests/openshift/kustomization.yaml new file mode 100644 index 00000000..b5633ece --- /dev/null +++ b/manifests/openshift/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml diff --git a/manifests/openshift/rbac.yaml b/manifests/openshift/rbac.yaml new file mode 100644 index 00000000..fefb26fe --- /dev/null +++ b/manifests/openshift/rbac.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: List +items: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: flux-scc + rules: + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - nonroot + verbs: + - use + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: flux-scc-source-controller + namespace: flux-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flux-scc + subjects: + - kind: ServiceAccount + name: source-controller + namespace: flux-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: flux-scc-kustomize-controller + namespace: flux-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flux-scc + subjects: + - kind: ServiceAccount + name: kustomize-controller + namespace: flux-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: flux-scc-helm-controller + namespace: flux-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flux-scc + subjects: + - kind: ServiceAccount + name: helm-controller + namespace: flux-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: flux-scc-notification-controller + namespace: flux-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flux-scc + subjects: + - kind: ServiceAccount + name: notification-controller + namespace: flux-system