mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-01 15:58:37 +00:00
Inject service-account.json into test container
This commit is contained in:
Erick Fejta
parent
9b74e24fa3
commit
3d30caf80c
@ -29,14 +29,13 @@ mkdir -p "${HOST_ARTIFACTS_DIR}"
|
||||
: ${JENKINS_GCE_SSH_PRIVATE_KEY_FILE:='/var/lib/jenkins/gce_keys/google_compute_engine'}
|
||||
: ${JENKINS_GCE_SSH_PUBLIC_KEY_FILE:='/var/lib/jenkins/gce_keys/google_compute_engine.pub'}
|
||||
|
||||
env -u HOME -u PATH -u PWD -u WORKSPACE >${WORKSPACE}/env.list
|
||||
|
||||
# Add all uncommented lines for metadata.google.internal in /etc/hosts to the
|
||||
# test container.
|
||||
readonly METADATA_SERVER_ADD_HOST_ARGS=($(
|
||||
grep '^[0-9a-fA-F\.:]\+ \+metadata\.google\.internal' /etc/hosts |\
|
||||
cut -f1 -d' ' |\
|
||||
xargs -r printf -- '--add-host="metadata.google.internal:%s"\n'))
|
||||
env \
|
||||
-u HOME \
|
||||
-u KUBEKINS_SERVICE_ACCOUNT_FILE \
|
||||
-u PATH \
|
||||
-u PWD \
|
||||
-u WORKSPACE \
|
||||
>${WORKSPACE}/env.list
|
||||
|
||||
docker_extra_args=()
|
||||
if [[ "${JENKINS_ENABLE_DOCKER_IN_DOCKER:-}" =~ ^[yY]$ ]]; then
|
||||
@ -56,10 +55,11 @@ docker run --rm=true -i \
|
||||
${JENKINS_AWS_SSH_PRIVATE_KEY_FILE:+-v "${JENKINS_AWS_SSH_PRIVATE_KEY_FILE}:/workspace/.ssh/kube_aws_rsa:ro"} \
|
||||
${JENKINS_AWS_SSH_PUBLIC_KEY_FILE:+-v "${JENKINS_AWS_SSH_PUBLIC_KEY_FILE}:/workspace/.ssh/kube_aws_rsa.pub:ro"} \
|
||||
${JENKINS_AWS_CREDENTIALS_FILE:+-v "${JENKINS_AWS_CREDENTIALS_FILE}:/workspace/.aws/credentials:ro"} \
|
||||
${KUBEKINS_SERVICE_ACCOUNT_FILE:+-v "${KUBEKINS_SERVICE_ACCOUNT_FILE}:/service-account.json:ro"} \
|
||||
--env-file "${WORKSPACE}/env.list" \
|
||||
-e "HOME=/workspace" \
|
||||
-e "WORKSPACE=/workspace" \
|
||||
${KUBEKINS_SERVICE_ACCOUNT_FILE:+-e "KUBEKINS_SERVICE_ACCOUNT_FILE=/service-account.json"} \
|
||||
"${docker_extra_args[@]:+${docker_extra_args[@]}}" \
|
||||
"${METADATA_SERVER_ADD_HOST_ARGS[@]:+${METADATA_SERVER_ADD_HOST_ARGS[@]}}" \
|
||||
gcr.io/google_containers/kubekins-test:go1.6.2-docker1.9.1-rev3 \
|
||||
bash -c "bash <(curl -fsS --retry 3 --keepalive-time 2 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/hack/jenkins/e2e-runner.sh')"
|
||||
|
||||
@ -190,13 +190,6 @@ if running_in_docker; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -f "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||
echo 'Activating service account...' # No harm in doing this multiple times.
|
||||
gcloud auth activate-service-account --key-file="${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||
elif [[ -n "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||
echo "ERROR: cannot access service account file at: ${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||
fi
|
||||
|
||||
# Install gcloud from a custom path if provided. Used to test GKE with gcloud
|
||||
# at HEAD, release candidate.
|
||||
# TODO: figure out how to avoid installing the cloud sdk twice if run inside Docker.
|
||||
@ -230,6 +223,16 @@ if [[ -n "${JENKINS_GCI_IMAGE_FAMILY:-}" ]]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -f "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||
echo 'Activating service account...' # No harm in doing this multiple times.
|
||||
gcloud auth activate-service-account --key-file="${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||
export GCE_SERVICE_ACCOUNT=$(gcloud auth list 2> /dev/null | grep active | cut -f3 -d' ')
|
||||
unset KUBEKINS_SERVICE_ACCOUNT_FILE
|
||||
elif [[ -n "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then
|
||||
echo "ERROR: cannot access service account file at: ${KUBEKINS_SERVICE_ACCOUNT_FILE}"
|
||||
fi
|
||||
|
||||
|
||||
function e2e_test() {
|
||||
local -r ginkgo_test_args="${1}"
|
||||
# Check to make sure the cluster is up before running tests, and fail if it's not.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user