rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-09-16 23:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
174 Commits 9 Branches 18 Tags
eedbe6f76b8d2f116cf920e40d0a13a75846b75f
Commit Graph

174 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dimitris Karakasilis
6ff6262459 Configure earthly to use the docker mirror in CI 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 17:11:26 +02:00
Dimitris Karakasilis
816013d33d Don't use the earthly script 
in order to avoid nested docker and use the deployed docker mirror

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 16:06:51 +02:00
Dimitris Karakasilis
8d0fb0148d export KUBECONFIG so that it's set when running commands in go tests 
Error:

```
  [FAILED] Error from server (NotFound): namespaces "actions-runner-system" not found
```
coming from: /runner/_work/kcrypt-challenger/kcrypt-challenger/tests/encryption_test.go:157

is suspicious. That namespace shouldn't exist in the test k3d cluster,
no idea why it was looked up. I suspect the env for the following
command somehow pointed to the "outer" cluster:

```
cmd := exec.Command("kubectl", "get", "secrets", ...)
```

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 15:53:02 +02:00
Dimitris Karakasilis
ffd5f18bcf Fix error interface conversion: interface {} is []uint8, not string 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 15:20:18 +02:00
Dimitris Karakasilis
3b89def5b4 Make sure we run command in bash to avoid error in Ubuntu 
```
set: Illegal option -o pipefail
```

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 12:38:22 +02:00
Dimitris Karakasilis
887d67907b Avoid the host cluster CIDR to let DNS work in k3d 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-17 11:52:14 +02:00
Dimitris Karakasilis
b0a7aa5fdf Revert "Try to fix the MTU problem in a hackish way (tmp)" 
This reverts commit 40875bbae1.
 2023-02-16 11:14:30 +02:00
Dimitris Karakasilis
40875bbae1 Try to fix the MTU problem in a hackish way (tmp) 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-16 10:36:45 +02:00
Dimitris Karakasilis
7166b14c7e Revert "Bump earthly" 
This reverts commit 9eb5d9b086.
 2023-02-16 09:57:25 +02:00
Dimitris Karakasilis
9eb5d9b086 Bump earthly 
hoping to get this fix:
https://github.com/earthly/earthly/issues/1934#issuecomment-1160819298

and see if it makes any difference

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-16 09:53:30 +02:00
Dimitris Karakasilis
4da6a4f3b0 "Modernize" the +iso target 
according to this example:
4e2dd37e70/Earthfile (L114)

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-16 09:08:15 +02:00
Dimitris Karakasilis
74fc9c62b4 Switch to ubuntu because opensuse repos time out 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-15 18:41:15 +02:00
Dimitris Karakasilis
f3f10b4919 Don't prompt 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-15 18:10:01 +02:00
Dimitris Karakasilis
3d4829859b Run e2e tests on self-hosted runners 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-15 17:52:14 +02:00
Dimitris Karakasilis
8a17ff714c Merge pull request #12 from kairos-io/346-tls-support 
346 tls support
 2023-02-15 12:28:20 +02:00
Dimitris Karakasilis
27114b8db8 Run e2e tests without earthly 
getting closer to running them with KVM enabled. This will require self
hosted runners with KVM enabled but we will get there eventually.

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-15 11:00:24 +02:00
Dimitris Karakasilis
1e3efb57cc Split scenarios in different GA jobs 
to parallelise better and allow re-running just the failed tests

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-15 09:58:16 +02:00
Dimitris Karakasilis
0c236b6145 Let OnFailure handle abnormal VM termination 
now that peg gracefully terminates the VM when `Destroy` is called.

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-14 16:15:11 +02:00
Dimitris Karakasilis
d390f77688 Bump peg (after merging PR#9) 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-14 10:48:08 +02:00
Dimitris Karakasilis
266c4f20e9 Handle unexpected VM exit better and use a core image with working DNS 
Also print serial output when something goes wrong

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-14 10:09:46 +02:00
Dimitris Karakasilis
4c0b40d3a0 Add gettext-runtime in Earthly image 
which provides the `envsubst` command needed in the e2e test script

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 12:10:38 +02:00
Dimitris Karakasilis
08bb62f94e Remove TODO 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 12:03:24 +02:00
Dimitris Karakasilis
0d3406fa7b Fallback to system CAs 
No automated test for this case because it's complicated to get a
properly signed certificate in tests:

- the domain we use is sslip.io (not sure if letsencrypt would sign it)
- we need to use the letsencrypt production and that has quotas not
  suitable for CI

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
1cd4d9a7af Implement test that checks invalid cert case 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
d875e54171 Implement pinned certs 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
2967fb0a6c [WIP] Implement failing test for pinned cert 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
e9433d2ba7 Move challenger server inside the cluster and serve with TLS 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Ettore Di Giacinto
7abdc7b092 📖 Update README 2023-02-07 12:29:13 +01:00
Dimitris Karakasilis
9448ecdd54 Ignore README changes in e2e workflow 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 12:06:19 +02:00
Dimitris Karakasilis
d8cd48b411 Fix link in README to send users directly to "main" runs 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 12:03:55 +02:00
Dimitris Karakasilis
43d629c974 Show "main" status in badge 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 12:02:02 +02:00
Dimitris Karakasilis
b00d3af43b Rename "master" to "main" so that e2e tests run correctly 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 11:58:12 +02:00
Dimitris Karakasilis
7d83e07b05 Fix typo in badge url 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 11:56:38 +02:00
Dimitris Karakasilis
2fe3f3bc00 Add badges to the README 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 11:54:45 +02:00
Dimitris Karakasilis
791d9dbb8b Merge pull request #11 from kairos-io/e2e-tests 
E2e tests
 2023-02-02 11:49:35 +02:00
Dimitris Karakasilis
7dc1e39ac7 Implement an e2e test suite for kcrypt encryption 
Scenarios based on docs: https://kairos.io/docs/advanced/partition_encryption/

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-02 11:48:44 +02:00
mudler
076a50b2e9 Drop unnecessary condition 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-24 17:53:38 +01:00
mudler
f8e7a0df87 Revert "Change function return style" 
This reverts commit 968ff53267.
v0.2.3 		2023-01-24 17:40:00 +01:00
mudler
968ff53267 Change function return style 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-24 16:19:33 +01:00
mudler
a95436bf16 Clean up default secret names v0.2.2 2023-01-24 12:16:09 +01:00
mudler
dfe29aa24f Return a payload 
Signed-off-by: mudler <mudler@c3os.io>
v0.2.1 		2023-01-24 12:03:08 +01:00
mudler
db2b6758de 🌱 Handle case when secret doesn't exist 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-23 23:00:16 +01:00
Dimitris Karakasilis
317c6d87b4 Merge pull request #10 from kairos-io/local_encryption 
🌱 Enable local encryption, remote now partially uses TPM
v0.2.0 		2023-01-19 16:27:52 +02:00
Dimitris Karakasilis
8898eb8ae9 Small refactorings (renaming vars, create constants etc) 
Signed-off-by: Ettore Di Giacinto <ettore@spectrocloud.com>
 2023-01-19 16:24:39 +02:00
Ettore Di Giacinto
91c24586ea Improve naming of functions and add comments 
Signed-off-by: Dimitris Karakasilis <dimitris@spectrocloud.com>
 2023-01-19 16:06:53 +02:00
Dimitris Karakasilis
eefd5f2c2c Extract method and simplify "if" logic 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-01-19 15:46:35 +02:00
mudler
83f529b53d 🌱 Small fixups 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-19 14:24:33 +01:00
mudler
2c8a589906 Enable local encryption, remote now partially uses TPM 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-18 23:32:27 +01:00
Dimitris Karakasilis
9f7abe321a Merge pull request #9 from kairos-io/use_tpm_helpers 
Use tpm helpers
 2023-01-18 17:26:15 +02:00
mudler
2603757f2c Simplify challenge 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-18 16:09:52 +01:00