From 5cd853b773c5fd24547c862fe0b9211b11cc1abb Mon Sep 17 00:00:00 2001 From: Andrey Tuzhilin Date: Mon, 15 Mar 2021 22:37:32 +0300 Subject: [PATCH] test: add vault and sops for integration secret testing --- .circleci/Makefile | 19 ++++++++++++++++++- .circleci/config.yml | 2 ++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.circleci/Makefile b/.circleci/Makefile index 5712b02e..43d361e7 100644 --- a/.circleci/Makefile +++ b/.circleci/Makefile @@ -3,19 +3,23 @@ HELM2_VERSION ?= v2.17.0 KUSTOMIZE_VERSION ?= v3.8.8 K8S_VERSION ?= v1.13.12 MINIKUBE_VERSION ?= v0.30.0 +SOPS_VERSION ?= v3.6.1 # --- CHANGE_MINIKUBE_NONE_USER ?= true MINIKUBE_WANTUPDATENOTIFICATION ?= false MINIKUBE_WANTREPORTERRORPROMPT ?= false +VAULT_ADDR := http://127.0.0.1:8200 +VAULT_TOKEN := toor + tmp := $(shell mktemp -d) HELM_FILENAME := helm-${HELM_VERSION}-linux-amd64.tar.gz HELM2_FILENAME := helm-${HELM2_VERSION}-linux-amd64.tar.gz KUSTOMIZE_FILENAME := kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz -all: helm kustomize minikube/destroy minikube +all: vault sops helm kustomize minikube/destroy minikube helm: curl -sSLo $(tmp)/${HELM_FILENAME} "https://get.helm.sh/${HELM_FILENAME}" @@ -58,3 +62,16 @@ minikube: kubectl wait node/minikube --for=condition=Ready .PHONY: minikube .EXPORT_ALL_VARIABLES: minikube + +vault: + docker kill $$(docker ps -a --filter "name=vault" -q) + docker run -d -p8200:8200 --rm --name vault vault:1.2.0 server -dev -dev-root-token-id=toor + docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 secrets enable -path=sops transit + docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 write sops/keys/key type=rsa-4096 +.PHONY: vault + +sops: + curl -sSLo $(tmp)/sops "https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux" + chmod +x $(tmp)/sops + sudo mv ${tmp}/sops /usr/local/bin/ +.PHONY: sops diff --git a/.circleci/config.yml b/.circleci/config.yml index f1164397..f946fbc4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -111,6 +111,8 @@ jobs: cp ~/build/helmfile ~/project/helmfile cp ~/build/diff-yamls ~/project/diff-yamls - run: make -C .circleci helm + - run: make -C .circleci vault + - run: make -C .circleci sops - run: make -C .circleci kustomize - run: make -C .circleci minikube - run: