test: add test infrastructure

2026-01-27 02:19:27 +00:00 · 2023-03-13 10:39:16 +01:00
parent f33e1f5274
commit 5bad2588a3
9 changed files with 2472 additions and 36 deletions
--- a/README.md
+++ b/README.md
@@ -5,3 +5,49 @@
 ```
 helm repo add jaconi https://charts.jaconi.io
 ```
+
+## Testing
+
+Create a [kind](https://kind.sigs.k8s.io) cluster:
+
+```
+kind create cluster --config kind.yaml
+```
+
+Start [Keycloak](https://www.keycloak.org):
+
+```
+docker compose up
+```
+
+Install the Helm charts for testing:
+
+```
+for f in */Chart.yaml; do
+  chart=$(dirname $f)
+  helm install --create-namespace --namespace $chart $chart $chart
+done
+```
+
+After changing things, update the Helm charts:
+
+```
+for f in */Chart.yaml; do
+  chart=$(dirname $f)
+  helm upgrade --namespace $chart $chart $chart
+done
+```
+
+## NetBird
+
+Forward the NetBird management server to port `8081`:
+
+```
+kubectl port-forward -n netbird-management service/netbird-management 8081:80
+```
+
+Forward the NetBird dashboard to port `8080`:
+
+```
+kubectl port-forward -n netbird-dashboard service/netbird-dashboard 8080:80
+```
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -0,0 +1,29 @@
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:21.0
+    command:
+      - start
+      - --import-realm
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+      - KC_HOSTNAME_STRICT=false
+      - KC_HOSTNAME_STRICT_HTTPS=false
+      - KC_HTTP_PORT=9000
+      - KC_PROXY=edge
+    ports:
+      - "9000:9000"
+    networks:
+      kind:
+        aliases:
+          - keycloak.localtest.me
+    volumes:
+      - type: bind
+        source: ./keycloak-realm.json
+        target: /opt/keycloak/data/import/realm.json
+        read_only: true
+
+networks:
+  kind:
+    name: kind
+    external: true
--- a/keycloak-realm.json
+++ b/keycloak-realm.json
--- a/kind.yaml
+++ b/kind.yaml
@@ -0,0 +1,3 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: jaconi-helm-charts
--- a/netbird-dashboard/templates/deployment.yaml
+++ b/netbird-dashboard/templates/deployment.yaml
@@ -39,10 +39,7 @@ spec:
            - name: AUTH_AUTHORITY
              value: {{ .Values.auth.authority }}
            - name: AUTH_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.auth.clientIDSecret.name }}
-                  key: {{ .Values.auth.clientIDSecret.key }}
+              value: {{ .Values.auth.clientID }}
            - name: AUTH_SUPPORTED_SCOPES
              value: {{ .Values.auth.supportedScopes }}
            - name: USE_AUTH0
--- a/netbird-dashboard/values.yaml
+++ b/netbird-dashboard/values.yaml
@@ -2,17 +2,12 @@

 auth:
  ## @param auth.authority Authority to use for authentication. Must expose a .well-known/oidc-configuration endpoint.
-  authority: https://example.com
+  authority: http://keycloak.localtest.me:9000/realms/helm-charts

  ## @param auth.audience Audience of the authentication tokens.
-  audience: ""
+  audience: "netbird-dashboard"

-  clientIDSecret:
-    ## @param auth.clientIDSecret.name Name of the secret containing the client ID.
-    name: netbird-dashboard-client-id
-
-    ## @param auth.clientIDSecret.key Key of the secret containing the client ID.
-    key: clientID
+  clientID: netbird-dashboard

  ## @param auth.supportedScopes Supported OpenID scopes
  # - Auth0: openid profile email offline_access api email_verified
@@ -26,7 +21,7 @@ auth:

 netbird:
  ## @param netbird.managementApiEndpoint
-  managementApiEndpoint: https://netbird.ipc.wandelbots.io
+  managementApiEndpoint: http://localtest.me:8081

 ## @section Common configuration
 ## @descriptionStart
--- a/netbird-management/management.tmpl.json
+++ b/netbird-management/management.tmpl.json
@@ -11,7 +11,7 @@
        "Turns": [
            {
                "Proto": "udp",
-                "URI": "turn:${NETBIRD_DOMAIN:-}:3478",
+                "URI": "turn:${NETBIRD_DOMAIN}:3478",
                "Username": "${NETBIRD_TURN_USER:-self}",
                "Password": "${NETBIRD_TURN_PASSWORD:-}"
            }
@@ -22,27 +22,30 @@
    },
    "Signal": {
        "Proto": "http",
-        "URI": "${NETBIRD_DOMAIN:-example.com}:10000",
+        "URI": "${NETBIRD_DOMAIN}:10000",
        "Username": "",
        "Password": null
    },
    "Datadir": "",
    "HttpConfig": {
-        "Address": "0.0.0.0:${NETBIRD_MGMT_API_PORT:-33073}",
-        "AuthAudience": "${NETBIRD_AUTH_AUDIENCE:-}",
+        "Address": "0.0.0.0:80",
+        "AuthAudience": "${NETBIRD_AUTH_AUDIENCE}",
        "AuthUserIDClaim": "${NETBIRD_AUTH_USER_ID_CLAIM:-sub}",
-        "CertFile": "${NETBIRD_MGMT_API_CERT_FILE:-/etc/letsencrypt/live/${NETBIRD_DOMAIN:-example.com}/fullchain.pem}",
-        "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE:-/etc/letsencrypt/live/${NETBIRD_DOMAIN:-example.com}/privkey.pem}",
-        "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT:-https://example.com/.well-known/openid-configuration}"
+        "CertFile": "${NETBIRD_MGMT_API_CERT_FILE}",
+        "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE}",
+        "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}"
    },
    "IdpManagerConfig": {
        "Manager": "none"
    },
    "DeviceAuthorizationFlow": {
-        "Provider": "${NETBIRD_AUTH_DEVICE_AUTH_PROVIDER:-none}",
+        "Provider": "${NETBIRD_AUTH_DEVICE_AUTH_PROVIDER}",
        "ProviderConfig": {
-            "Audience": "${NETBIRD_AUTH_AUDIENCE:-}",
-            "ClientID": "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID:-}"
+            "Audience": "${NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE}",
+            "ClientID": "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID}",
+            "DeviceAuthEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT}",
+            "Domain": "${NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY}",
+            "TokenEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT}"
        }
    }
 }
--- a/netbird-management/templates/deployment.yaml
+++ b/netbird-management/templates/deployment.yaml
@@ -13,10 +13,11 @@ spec:
      {{- include "netbird-management.selectorLabels" . | nindent 6 }}
  template:
    metadata:
-      {{- with .Values.podAnnotations }}
      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        checksum/config: {{ include (print .Template.BasePath "/cm.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
      labels:
        {{- include "netbird-management.selectorLabels" . | nindent 8 }}
    spec:
@@ -42,6 +43,26 @@ spec:
              value: {{ .Values.domain }}
            - name: NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT
              value: "{{ .Values.auth.authority }}/.well-known/openid-configuration"
+            - name: NETBIRD_MGMT_API_CERT_FILE
+              value: ""
+            - name: NETBIRD_MGMT_API_CERT_KEY_FILE
+              value: ""
+            - name: NETBIRD_AUTH_AUDIENCE
+              value: {{ .Values.auth.audience }}
+            - name: NETBIRD_AUTH_DEVICE_AUTH_PROVIDER
+              value: {{ .Values.auth.device.provider }}
+            {{- if eq .Values.auth.device.provider "hosted" }}
+            - name: NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
+              value: "{{ .Values.auth.device.audience }}"
+            - name: NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY
+              value: "{{ .Values.auth.device.authority }}"
+            - name: NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID
+              value: "{{ .Values.auth.device.clientID }}"
+            - name: NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT
+              value: "{{ .Values.auth.device.deviceAuthorizationEndpoint }}"
+            - name: NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT
+              value: "{{ .Values.auth.device.tokenEndpoint }}"
+            {{- end }}
          volumeMounts:
            - mountPath: /etc/netbird
              name: config
@@ -53,18 +74,11 @@ spec:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args: ["--log-level", "debug"]
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
--- a/netbird-management/values.yaml
+++ b/netbird-management/values.yaml
@@ -3,9 +3,18 @@
 # Declare variables to be passed into your templates.

 auth:
-  authority: https://example.com
+  audience: account
+  authority: http://keycloak.localtest.me:9000/realms/helm-charts
+  device:
+    provider: none
+    # provider: hosted
+    # audience: account
+    # authority: http://keycloak.localtest.me:9000/realms/helm-charts
+    # clientID: netbird-management
+    # deviceAuthorizationEndpoint: http://keycloak.localtest.me:9000/realms/helm-charts/protocol/openid-connect/auth/device
+    # tokenEndpoint: http://keycloak.localtest.me:9000/realms/helm-charts/protocol/openid-connect/token

-domain: example.com
+domain: localtest.me

 replicaCount: 1