build: cleanup github-action and fix ci

nginx was (no longer?) assigned to the control-plane where kind
port-mappings are configured, which was breaking the pipeline.

Author: clementnuss

.github/actions/check-deployment/action.yml

@@ -1,83 +1,83 @@
+---
 name: Checks deployment of kubenurse
+description: series of health check to validate kubenurse deployment
 
 inputs:
   namespace:
     description: Namespace where the kubenurse is deployed
     required: true
-    type: string
   svc-domain:
     description: Ingress domain on which the kubenurse is running
     required: true
-    type: string
 
 runs:
   using: "composite"
   steps:
-  - shell: bash
-    run: |
-      echo "Check number of kubenurses"
-      test $(kubectl -n ${{ inputs.namespace }} get pods -l app.kubernetes.io/name=kubenurse \
-        | wc -l) -eq 4 # Test for 3 Pods + header
-  - shell: bash
-    run: |
-      echo "Check for unexpected log lines"
-      test $(kubectl -n ${{ inputs.namespace }} logs -l app.kubernetes.io/name=kubenurse \
-        | grep -v "kubenurse just started" \
-        | wc -l) -eq 0 \
-  - shell: bash
-    run: |
-      echo "Check if the kubenurse had any restarts"
-      kubectl -n ${{ inputs.namespace }} get pods -l app.kubernetes.io/name=kubenurse \
-        -o jsonpath='{range .items[*]}{.status.containerStatuses[0].restartCount}{"\n"}{end}' \
-        | (! grep -v 0) # Validate for 0 restarts
-  - shell: bash
-    run: |
-      echo "Check that metrics contain kubenurse specific data"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/metrics \
-        | grep "kubenurse_httpclient_request_" > /dev/null
-  - shell: bash
-    run: |
-      echo "Check that metrics contain neighbours"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/metrics \
-        | grep "kubenurse_httpclient_request_" | grep 'type="path_' > /dev/null
-  - shell: bash
-    run: |
-      echo "Check that metrics contain no errors"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/metrics \
-        | (! grep "kubenurse_errors_total")
-  - shell: bash
-    run: |
-      echo "Check the neighbourhood state"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/alive \
-        | grep '"neighbourhood_state": "ok"' > /dev/null
-  - shell: bash
-    run: |
-      echo "Check that discovery is ok and status page includes neighbours"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/alive \
-        | grep '"neighbourhood": \[' > /dev/null # If no others are discovered, this is null
-  - shell: bash
-    run: |
-      echo "Show kubenurse status"
-      curl -k -s --resolve \
-        ${{ inputs.svc-domain }}:443:127.0.0.1 \
-        https://${{ inputs.svc-domain }}:443/alive
-    if: ${{ always() }}
-  - shell: bash
-    run: |
-      echo "Describe resources on failure"
-      kubectl -n ${{ inputs.namespace }} get pods -o wide
-      kubectl -n ${{ inputs.namespace }} logs -l app.kubernetes.io/name=kubenurse
-      kubectl -n ${{ inputs.namespace }} describe pods -l app.kubernetes.io/name=kubenurse
-      kubectl -n ${{ inputs.namespace }} describe daemonsets -l app.kubernetes.io/name=kubenurse
-      kubectl -n ${{ inputs.namespace }} get events
-    if: ${{ failure() }}
+    - shell: bash
+      run: |
+        echo "Check number of kubenurses"
+        test $(kubectl -n ${{ inputs.namespace }} get pods -l app.kubernetes.io/name=kubenurse \
+          | wc -l) -eq 4 # Test for 3 Pods + header
+    - shell: bash
+      run: |
+        echo "Check for unexpected log lines"
+        test $(kubectl -n ${{ inputs.namespace }} logs -l app.kubernetes.io/name=kubenurse \
+          | grep -v "kubenurse just started" \
+          | wc -l) -eq 0 \
+    - shell: bash
+      run: |
+        echo "Check if the kubenurse had any restarts"
+        kubectl -n ${{ inputs.namespace }} get pods -l app.kubernetes.io/name=kubenurse \
+          -o jsonpath='{range .items[*]}{.status.containerStatuses[0].restartCount}{"\n"}{end}' \
+          | (! grep -v 0) # Validate for 0 restarts
+    - shell: bash
+      run: |
+        echo "Check that metrics contain kubenurse specific data"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/metrics \
+          | grep "kubenurse_httpclient_request_" > /dev/null
+    - shell: bash
+      run: |
+        echo "Check that metrics contain neighbours"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/metrics \
+          | grep "kubenurse_httpclient_request_" | grep 'type="path_' > /dev/null
+    - shell: bash
+      run: |
+        echo "Check that metrics contain no errors"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/metrics \
+          | (! grep "kubenurse_errors_total")
+    - shell: bash
+      run: |
+        echo "Check the neighbourhood state"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/alive \
+          | grep '"neighbourhood_state": "ok"' > /dev/null
+    - shell: bash
+      run: |
+        echo "Check that discovery is ok and status page includes neighbours"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/alive \
+          | grep '"neighbourhood": \[' > /dev/null # If no others are discovered, this is null
+    - shell: bash
+      run: |
+        echo "Show kubenurse status"
+        curl -k -s --resolve \
+          ${{ inputs.svc-domain }}:443:127.0.0.1 \
+          https://${{ inputs.svc-domain }}:443/alive
+      if: ${{ always() }}
+    - shell: bash
+      run: |
+        echo "Describe resources on failure"
+        kubectl get pods -o wide --all-namespaces
+        kubectl -n ${{ inputs.namespace }} logs -l app.kubernetes.io/name=kubenurse
+        kubectl -n ${{ inputs.namespace }} describe pods -l app.kubernetes.io/name=kubenurse
+        kubectl -n ${{ inputs.namespace }} describe daemonsets -l app.kubernetes.io/name=kubenurse
+        kubectl -n ${{ inputs.namespace }} get events
+      if: ${{ failure() }}

.github/workflows/ci-helm-deploy-nginx.yml

@@ -28,18 +28,18 @@ jobs:
         uses: engineerd/setup-kind@v0.6.2
         with:
           config: "ci/kind-config.yaml"
-          version: "v0.24.0"
-      - name: Show cluster info and switch to kube-system
+          version: "v0.30.0"
+      - name: Show cluster info and switch to kube-nurse
         run: |
           kubectl cluster-info
           kubectl get nodes
           echo "current-context:" $(kubectl config current-context)
-          kubectl config set-context --current --namespace kube-system
+          kubectl create ns kube-nurse
+          kubectl config set-context --current --namespace kube-nurse
       - name: Deploy ingress-nginx
         timeout-minutes: 2
         run: |
-          kubectl apply -f \
-            https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
+          kubectl apply -k ci/nginx/
           kubectl wait --namespace ingress-nginx \
             --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
       - name: Import image into kind
@@ -59,13 +59,13 @@ jobs:
         timeout-minutes: 2
         run: |
           sleep 15 # wait for the scheduler to create pods
-          kubectl -n kube-system wait pods -l app.kubernetes.io/name=kubenurse --for=condition=Ready
-          kubectl -n kube-system get pods -l app.kubernetes.io/name=kubenurse
+          kubectl wait pods -l app.kubernetes.io/name=kubenurse --for=condition=Ready
+          kubectl get pods -l app.kubernetes.io/name=kubenurse
           kubectl rollout restart daemonset kubenurse
           kubectl rollout status  daemonset kubenurse --timeout=1m
           sleep 60 # Wait to generate some checks etc.
       - name: Check deployment
         uses: ./.github/actions/check-deployment
         with:
-          namespace: kube-system
+          namespace: kube-nurse
           svc-domain: ingress-nginx-controller.ingress-nginx.svc.cluster.local

.github/workflows/ci-helm-deploy-traefik.yml

@@ -28,18 +28,18 @@ jobs:
         uses: engineerd/setup-kind@v0.6.2
         with:
           config: "ci/kind-config.yaml"
-          version: "v0.24.0"
-      - name: Show cluster info and switch to kube-system
+          version: "v0.30.0"
+      - name: Show cluster info and switch to kube-nurse
         run: |
           kubectl cluster-info
           kubectl get nodes
           echo "current-context:" $(kubectl config current-context)
-          kubectl config set-context --current --namespace kube-system
+          kubectl create ns kube-nurse
+          kubectl config set-context --current --namespace kube-nurse
       - name: Deploy ingress-nginx
         timeout-minutes: 2
         run: |
-          kubectl apply -f \
-            https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
+          kubectl apply -k ci/nginx/
           kubectl wait --namespace ingress-nginx \
             --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
       - name: Import image into kind
@@ -63,5 +63,5 @@ jobs:
       - name: Check deployment
         uses: ./.github/actions/check-deployment
         with:
-          namespace: kube-system
+          namespace: kube-nurse
           svc-domain: ingress-nginx-controller.ingress-nginx.svc.cluster.local

.github/workflows/ci-kustomize-deploy.yml

@@ -1,7 +1,10 @@
-bases:
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
 - ../../examples/
-patchesStrategicMerge:
-- conf.yaml
+patches:
+- path: conf.yaml
 images:
 - name: postfinance/kubenurse
   newTag: latest-ci
+namespace: kube-nurse

ci/deployment/kustomization.yaml

@@ -7,7 +7,7 @@ nodes:
     kind: InitConfiguration
     nodeRegistration:
       kubeletExtraArgs:
-        node-labels: "ingress-ready=true"
+        node-labels: "kind-port-mapping=true"
   extraPortMappings: # required for ingress-nginx
   - containerPort: 80
     hostPort: 80

ci/kind-config.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
+patches:
+  - path: node-selector.yaml
+namespace: ingress-nginx

ci/nginx/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: controller
+      nodeSelector:
+        kubernetes.io/os: linux
+        kind-port-mapping: "true"

ci/nginx/node-selector.yaml

@@ -27,12 +27,12 @@ spec:
         - name: KUBENURSE_INGRESS_URL
           value: https://kubenurse.example.com
         - name: KUBENURSE_SERVICE_URL
-          value: http://kubenurse.kube-system.svc.cluster.local:8080
+          value: http://kubenurse.kube-nurse.svc.cluster.local:8080
         - name: KUBENURSE_NAMESPACE
-          value: kube-system
+          value: kube-nurse
         - name: KUBENURSE_NEIGHBOUR_FILTER
           value: "app.kubernetes.io/name=kubenurse"
-        image: "postfinance/kubenurse:v1.5.1"
+        image: "postfinance/kubenurse:v1.15.0"
         ports:
         - containerPort: 8080
           protocol: TCP