ci(rbac): add OwnerReferencesPermissionEnforcement in kind cluster, t…

…o simulate openshift cluster (#822) Signed-off-by: cndoit18 <cndoit18@outlook.com>
goharbor · Dec 7, 2021 · b088d17 · b088d17
1 parent 008767f
commit b088d17
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 9 deletions.
diff --git a/.github/kind_permission.yaml b/.github/kind_permission.yaml
@@ -0,0 +1,27 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  - |
+    kind: ClusterConfiguration
+    apiServer:
+      extraArgs:
+        enable-admission-plugins: "OwnerReferencesPermissionEnforcement"
+  extraMounts:
+  - containerPath: /var/lib/etcd
+    hostPath: /tmp/lib/etcd
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 443
+    protocol: TCP
+- role: worker
+- role: worker
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -139,13 +139,12 @@ jobs:
 
         # https://github.com/kubernetes-sigs/kind/releases
         k8sVersion:
-        - "1.19.11"
         - "1.20.7"
         - "1.21.2"
         - "1.22.0"
 
         ingress:
-        - "1.0.1"
+        - "1.0.5"
 
         samples:
         - "full_stack.yaml"
@@ -182,7 +181,7 @@ jobs:
         version: v0.11.0
         node_image: kindest/node:v${{ matrix.k8sVersion }}
         cluster_name: harbor
-        config: .github/kind.yaml
+        config: .github/kind_permission.yaml
 
     - name: Install CertManager v${{ matrix.certManager }}
       run: |
@@ -197,7 +196,7 @@ jobs:
 
     - name: build harbor-operator
       run: |
-        make manifests docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }}
+        make generate docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }}
         kind load docker-image ${dockerImage} --name harbor
 
     - name: install harbor-operator
@@ -344,11 +343,11 @@ jobs:
       matrix:
         # https://github.com/jetstack/cert-manager/tags
         certManager:
-          - "1.2.0"
+          - "1.4.4"
 
         # https://snapcraft.io/microk8s
         k8sVersion:
-          - "1.20.7"
+          - "1.22.0"
 
         samples:
           - "full_stack.yaml"
@@ -394,7 +393,7 @@ jobs:
 
       - name: Install Contour
         run: |
-          kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.18/examples/render/contour.yaml
+          kubectl apply -f https://github.com/projectcontour/contour/raw/v1.19.1/examples/render/contour.yaml
           sleep 5
           kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'
           sleep 5
@@ -554,10 +553,10 @@ jobs:
 
         # https://snapcraft.io/microk8s
         k8sVersion:
-          - "1.21.2"
+          - "1.22.0"
 
         ingress:
-          - "0.48.1"
+          - "1.0.5"
 
     steps:
       - uses: actions/checkout@v2

diff --git a/Makefile b/Makefile
@@ -468,6 +468,8 @@ certmanager: helm jetstack
 		--namespace $(CERTMANAGER_NAMESPACE) \
 		--version v1.4.3 \
 		--set installCRDs=true
+	kubectl wait --namespace $(CERTMANAGER_NAMESPACE) --for=condition=ready pod --timeout="60s" --all
+
 
 .PHONY: jetstack
 jetstack:

diff --git a/pkg/cluster/controllers/cache/resource_manager.go b/pkg/cluster/controllers/cache/resource_manager.go
@@ -96,6 +96,7 @@ func (rm *redisResourceManager) GetCacheCR(ctx context.Context, harborcluster *g
 				Replicas:  int32(rm.GetServerReplica()),
 				Resources: resources,
 				Storage: redisOp.RedisStorage{
+					KeepAfterDeletion:     true,
 					PersistentVolumeClaim: pvc,
 				},
 				Image:            image,