diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 754ea1a83f9a87105afea83c29f9cc684e8f3a86..936db8bcc16e7bb6add2a9988071a14708e85f71 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -115,7 +115,6 @@ clean install:
script:
- *deploy_bigbang
- *test_bigbang
-
# Fetch list of all images ran (retry crictl up to 6x)
- echo -e "\e[0Ksection_start:`date +%s`:images_used[collapsed=true]\r\e[0K\e[33;1mImages Used\e[37m"
- cid=$(docker ps -aqf "name=k3d-${CI_JOB_ID}-server-0")
diff --git a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml b/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
index 3c8d18dfa4e5e3727a5c8df16fd792eee4a1d05d..e04629fdb8a0ece65f044d08ce20d67f64891a91 100644
--- a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
+++ b/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
@@ -30,9 +30,10 @@
- echo -e "\e[0Ksection_start:`date +%s`:k3d_up[collapsed=true]\r\e[0K\e[33;1mK3D Cluster Create\e[37m"
# Give docker-in-docker time to come alive
- i=0; while [ "$i" -lt 12 ]; do docker info &>/dev/null && break; sleep 5; i=$(( i + 1 )) ; done
- - docker network create ${CI_JOB_ID} --driver=bridge -o "com.docker.network.driver.mtu"="1450"
- - k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/config.yaml --network ${CI_JOB_ID}
+ - docker network create ${CI_JOB_ID} --driver=bridge -o "com.docker.network.driver.mtu"="1450" --subnet=172.20.0.0/16
+ - chmod +x tests/ci/k3d/deploy_k3d.sh; echo "Executing tests/ci/k3d/deploy_k3d.sh..."; ./tests/ci/k3d/deploy_k3d.sh
- until kubectl get deployment coredns -n kube-system -o go-template='{{.status.availableReplicas}}' | grep -v -e '<no value>'; do sleep 1s; done
+ - chmod +x tests/ci/k3d/metallb/install_metallb.sh; echo "Executing tests/ci/k3d/metallb/install_metallb.sh..."; ./tests/ci/k3d/metallb/install_metallb.sh
- kubectl get all -A
- echo -e "\e[0Ksection_end:`date +%s`:k3d_up\r\e[0K"
after_script:
diff --git a/tests/ci/k3d/deploy_k3d.sh b/tests/ci/k3d/deploy_k3d.sh
new file mode 100644
index 0000000000000000000000000000000000000000..77b3a8e1799d8c70db347934ad5754ecfeaed797
--- /dev/null
+++ b/tests/ci/k3d/deploy_k3d.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -ex
+# if keycloak label or all packages label add deploy k3d without loadbalancer so metallb can be used
+if [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" || $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
+ k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/disable-servicelb-config.yaml --network ${CI_JOB_ID}
+else
+ k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/config.yaml --network ${CI_JOB_ID}
+fi
diff --git a/tests/ci/k3d/disable-servicelb-config.yaml b/tests/ci/k3d/disable-servicelb-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e0bf17a1969555bd446cc95975977879ab2bd1aa
--- /dev/null
+++ b/tests/ci/k3d/disable-servicelb-config.yaml
@@ -0,0 +1,23 @@
+apiVersion: k3d.io/v1alpha2
+kind: Simple
+name: ci
+servers: 1
+options:
+ k3s:
+ extraServerArgs:
+ - --disable=traefik
+ - --disable=servicelb
+ k3d:
+ wait: true
+volumes:
+ - volume: /etc/machine-id:/etc/machine-id
+ nodeFilters:
+ - server[*]
+ - agent[*]
+ports:
+ - port: 80:80
+ nodeFilters:
+ - loadbalancer
+ - port: 443:443
+ nodeFilters:
+ - loadbalancer
\ No newline at end of file
diff --git a/tests/ci/k3d/metallb/install_metallb.sh b/tests/ci/k3d/metallb/install_metallb.sh
new file mode 100644
index 0000000000000000000000000000000000000000..150696b119c5104b4f0b0e3a3955459e3ec197d3
--- /dev/null
+++ b/tests/ci/k3d/metallb/install_metallb.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -ex
+
+if [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" || $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
+ kubectl create -f tests/ci/k3d/metallb/metallb.yaml
+ kubectl create -f tests/ci/k3d/metallb/metallb-config.yaml
+else
+ echo "Keycloak not present, Metallb will not be install"
+fi
diff --git a/tests/ci/k3d/metallb/metallb-config.yaml b/tests/ci/k3d/metallb/metallb-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4b2c1d4c7c50fa23346b968c560e722ddb88dc79
--- /dev/null
+++ b/tests/ci/k3d/metallb/metallb-config.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: metallb-system
+ name: config
+data:
+ config: |
+ address-pools:
+ - name: default
+ protocol: layer2
+ addresses:
+ - 172.20.1.240-172.20.1.243
diff --git a/tests/ci/k3d/metallb/metallb.yaml b/tests/ci/k3d/metallb/metallb.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d84f43a5371e2ee0369dcb467075b4a16a13c157
--- /dev/null
+++ b/tests/ci/k3d/metallb/metallb.yaml
@@ -0,0 +1,450 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: metallb-system
+ labels:
+ app: metallb
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+spec:
+ allowPrivilegeEscalation: false
+ allowedCapabilities: []
+ allowedHostPaths: []
+ defaultAddCapabilities: []
+ defaultAllowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ privileged: false
+ readOnlyRootFilesystem: true
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - secret
+ - emptyDir
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ labels:
+ app: metallb
+ name: speaker
+ namespace: metallb-system
+spec:
+ allowPrivilegeEscalation: false
+ allowedCapabilities:
+ - NET_RAW
+ allowedHostPaths: []
+ defaultAddCapabilities: []
+ defaultAllowPrivilegeEscalation: false
+ fsGroup:
+ rule: RunAsAny
+ hostIPC: false
+ hostNetwork: true
+ hostPID: false
+ hostPorts:
+ - max: 7472
+ min: 7472
+ - max: 7946
+ min: 7946
+ privileged: true
+ readOnlyRootFilesystem: true
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - configMap
+ - secret
+ - emptyDir
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ''
+ resources:
+ - services/status
+ verbs:
+ - update
+- apiGroups:
+ - ''
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - controller
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - services
+ - endpoints
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: ["discovery.k8s.io"]
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ''
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - speaker
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: config-watcher
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - pods
+ verbs:
+ - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - secrets
+ verbs:
+ - create
+- apiGroups:
+ - ''
+ resources:
+ - secrets
+ resourceNames:
+ - memberlist
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ resourceNames:
+ - controller
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:speaker
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: config-watcher
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: config-watcher
+subjects:
+- kind: ServiceAccount
+ name: controller
+- kind: ServiceAccount
+ name: speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: pod-lister
+subjects:
+- kind: ServiceAccount
+ name: speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: metallb
+ component: speaker
+ name: speaker
+ namespace: metallb-system
+spec:
+ selector:
+ matchLabels:
+ app: metallb
+ component: speaker
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '7472'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: metallb
+ component: speaker
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --config=config
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: METALLB_HOST
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: METALLB_ML_BIND_ADDR
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ # needed when another software is also using memberlist / port 7946
+ # when changing this default you also need to update the container ports definition
+ # and the PodSecurityPolicy hostPorts definition
+ #- name: METALLB_ML_BIND_PORT
+ # value: "7946"
+ - name: METALLB_ML_LABELS
+ value: "app=metallb,component=speaker"
+ - name: METALLB_ML_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: memberlist
+ key: secretkey
+ image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-speaker:v0.10.2
+ name: speaker
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ - containerPort: 7946
+ name: memberlist-tcp
+ - containerPort: 7946
+ name: memberlist-udp
+ protocol: UDP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - NET_RAW
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ hostNetwork: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: speaker
+ terminationGracePeriodSeconds: 2
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: metallb
+ component: controller
+ name: controller
+ namespace: metallb-system
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: metallb
+ component: controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '7472'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: metallb
+ component: controller
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --config=config
+ env:
+ - name: METALLB_ML_SECRET_NAME
+ value: memberlist
+ - name: METALLB_DEPLOYMENT
+ value: controller
+ image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-controller:v0.10.2
+ name: controller
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65534
+ serviceAccountName: controller
+ terminationGracePeriodSeconds: 0
\ No newline at end of file
diff --git a/tests/ci/keycloak-certs/admin.bigbang.dev-secret.yaml b/tests/ci/keycloak-certs/admin.bigbang.dev-secret.yaml
deleted file mode 100644
index 025dcf12bf0539e1d43b8d4092200a417f70117b..0000000000000000000000000000000000000000
--- a/tests/ci/keycloak-certs/admin.bigbang.dev-secret.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: public-cert
- namespace: istio-system
-type: kubernetes.io/tls
-stringData:
- # *.admin.bigbang.dev
- tls.crt: |
- -----BEGIN CERTIFICATE-----
- MIIFLDCCBBSgAwIBAgISA87F5ACBGZuzPeSeGr2wqcY8MA0GCSqGSIb3DQEBCwUA
- MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
- EwJSMzAeFw0yMTA0MTQxNDIzMTRaFw0yMTA3MTMxNDIzMTRaMB4xHDAaBgNVBAMM
- EyouYWRtaW4uYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
- AoIBAQC8bJtY3qQC0udgWInp1K81Canpzsd/22mQ9f8GjVNF/7DhCSXRdHNeLtDN
- eJ2JoH96d1vLAm1YmHJ31aBwVULM0cWPRDkRg2Wjl/sMFoLgxR1ZKdtq3xxC2fwi
- DXjwv9JyOQgOrQqFxP7BQab1fv9uDfHP1aIxcDN7CpOxJHrjMoxyiPRynNFvw/ii
- GDJ+Jvomt8opWb4mC2jZMK5WGLvYWj9mkUo9crnQVJBNgU/ebx3j+yWztD6PDnuT
- NptI3x6OySjbkYlBGhjKMpfQ7mTPCr5pBEgcJFVXVROg8Bum15vn3Uv+4LNe1tHc
- DxwCJQQJrzGNNc5YMpn81rvltDOTAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMC
- BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
- HQYDVR0OBBYEFLp8IoeSyLzb/tJ57pxDqGX4t/4nMB8GA1UdIwQYMBaAFBQusxe3
- WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
- cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
- ci5vcmcvMB4GA1UdEQQXMBWCEyouYWRtaW4uYmlnYmFuZy5kZXYwTAYDVR0gBEUw
- QzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDov
- L2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCU
- ILwejtWNbIhzH4KLIiwN0dpNXmxPlD1h204vWE2iwgAAAXjQ+rZ5AAAEAwBHMEUC
- IQCOtTENOPlAwvmnqNxm9LHWo1TkNpLZqdCQWffa3zc2sAIgVpNs+pLLUmJfwq0+
- FRSQJB9FyrH7js53BSZ1WyfY6GwAdgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5q
- l2iZfiLw1wAAAXjQ+razAAAEAwBHMEUCIQDCliAyo7EV92Kmp5zeoVfeqklvPPYi
- p43KG/yc6gbiBwIgHpQYiQ5MCcJHnnol3Ku35ZYJw8jcWy7aW2S9gHR3eeUwDQYJ
- KoZIhvcNAQELBQADggEBACUBLIHwOvyAsXlRGxqDKBGcl8BmbelWgp+XXsf9MZd0
- hYYrPlnQL95C5R78FXmYlG24J4uHLMTvz+gYe/WRv4Cjr8It+EaoGATZ8zGa2OlY
- FTfx6dLk/h2KPF9N45o5rsUtlTlTfJYGz58p30XefLwOdIrez8UtEV2fWevAWwYw
- ZGLvPczwDABye0OUou+M+BoZQOI6hrcQ3IXGlf/VQKzBp1dOOxZB7bx3mOzg1CI6
- 1AebDLxybOev4Ke25jbtst6i4HG1feFXm4yL1utNsn15uBVoQVfKeLVvMO3Y2Hyi
- DZvLATJX4qq0e2wDcETc8fxshOUnYhpzrbUctVBBncA=
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
- MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
- MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
- DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
- MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
- AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
- jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
- Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
- U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
- gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
- /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
- oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
- BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
- ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
- p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
- AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
- Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
- LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
- r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
- AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
- ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
- S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
- qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
- O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
- UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
- -----END CERTIFICATE-----
- tls.key: |
- -----BEGIN PRIVATE KEY-----
- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8bJtY3qQC0udg
- WInp1K81Canpzsd/22mQ9f8GjVNF/7DhCSXRdHNeLtDNeJ2JoH96d1vLAm1YmHJ3
- 1aBwVULM0cWPRDkRg2Wjl/sMFoLgxR1ZKdtq3xxC2fwiDXjwv9JyOQgOrQqFxP7B
- Qab1fv9uDfHP1aIxcDN7CpOxJHrjMoxyiPRynNFvw/iiGDJ+Jvomt8opWb4mC2jZ
- MK5WGLvYWj9mkUo9crnQVJBNgU/ebx3j+yWztD6PDnuTNptI3x6OySjbkYlBGhjK
- MpfQ7mTPCr5pBEgcJFVXVROg8Bum15vn3Uv+4LNe1tHcDxwCJQQJrzGNNc5YMpn8
- 1rvltDOTAgMBAAECggEACINbrXM5s8r1mzvE12S9mcba/25RQyyVo3AJ2rDt7z6z
- Liespr79K2cwFeh6Laqrt8vGwPBWImeY3GMxgYHIp9pec6+gaHMoV3DZbd1igmdF
- gS7L9BMqgra4lo1HRpFUH8cF3yvgStTwsaiWs4bOYZmNsFc1ocgw+0EqFRnR14vw
- Q6pxlNlR0wND4WwEQ+PEFuGyaZpcnDA38vwaNyIVl99pRXXojvfco7dacYyce40o
- O02mtl2yME4ssCgYPcThonPaUDjF594q7J2kqVRp6mJ0J9lvsxPRZ3NC1tOfVgzI
- E/YVeNx7S9r0ONTJFLfRidd+udBKBCUM7NcKygqk8QKBgQDiQc0LPe7NWzfZ5Ks2
- IeZZ1S7CX/Eyv7VW90YhOUTF9g9PmmH1v539vp9xdHlo9YaF2dXuf1GsMgpNQ4IZ
- Nuz5xwvvmma3demqtOawTpHj3vHpZWOYTL0SEb5XwyPaZZIb33wxDidT8/0CpwPt
- Tlq6GQ8HPYupHT6cJQcb7PgAmQKBgQDVMZ+0WucFAKeJSEj1zDZA0EzUqiFfLCpP
- gko9+9yhPvl7Q6c+oOV0brx0ny+racLUsV0m8vzvvLFxHTubPa7CMKf5s7c3EPQv
- 8GqovlsvgzchwxRRs0KQMhQSZw1X2UDSBDci0AwZRXrJQp3odJk+0Pq5MslfCF6s
- fwWxV6C1CwKBgBSvv3ePqg3MkUayyZShdNYxz5yl+P+S15mj8h2HhuoynSPCEcLO
- Sjuw+hL9ezxFdo82Y4Dy0xzTVm3KBlMX2oLb2BOIImwTs9GPyKfGB0C2WZflVT3P
- hlnolWagyN5m+vzhahFyIdZjMHbVnl5ME6+AKweWcPZ9XgQYvpWnDOXBAoGBAL0I
- mTEUAQ+geuzxGTBI+DoT+GwAxkJbKNEDF81KC2E2M4Qmgp63j3zjy1ok4+G7jzOE
- aLJmdfwkdbl0UCvgT5qEBg0UWvoKoFn5dLlWwAeq8zGOhe/DYNv2a3G9ykkAq8cM
- Uc8eZfvqbWsTFGzPJipaplWcQI1xIHEW1/ddWXPtAoGBAInFXBnVDJiZkhq1adt9
- 3S/YVoMigw6ZD4j7E5g/5QBCs2rnZex20YFuJDvf+HAD/3eohJ6n75QRSZc0sn9j
- XO49WKI7Qd2XTEL6dGvxGyFRTqrC5dUd3v/wq4XjUz1bI6VTvvHvf7EPCGh1NJ8v
- PcJzvO/HdugGAG1xWnN7HT4g
- -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml b/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml
index 59d269f1e465e2cbfae85069979e314e0c24cc2b..46e1c8f3bf48cecf2a340a791f3c3100d086cada 100644
--- a/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml
+++ b/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml
@@ -2,89 +2,125 @@ addons:
keycloak:
ingress:
# *.bigbang.dev
+ gateway: "passthrough"
key: |
-----BEGIN PRIVATE KEY-----
- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDl7oIecDHRb8XB
- jG4sEW1qsBlI94oIa50KTHWOet7mhW82BX+scWVgqI3PbIVUI144IgKGPSq3SEki
- gP0zNgSlxNjZZ/UaB99HXlK5kZ87puDvoOYMBiurjq/QzgwygiN9NyyqdUtWdc/V
- 94owxS47HsclhnOEXscVOjSQI/PIGM5G8UXZyeV0yvGVvrUYNbMfz9Mhh3rD2ihw
- 6LQVgX710J7q3IOiC1CDCt0wXur1w18LYs+R1Yu07AM7R5EoEEFB2TZhYgDZ3+v7
- lvv/EINyVc5FfolIhyV1VG+dZxevHFiuZQ5cNLpiLwep3QreKeNk1ijBhAehRnTM
- a8fB+mb9AgMBAAECggEAS7KiE/NL82+g43+gJdH2+9DOAj+8qdkD8ogJi8bX63yy
- iE53IgaTIadcSJWpr3GVa1WHDzrD/WNG8J0Wvu1hylFsMucOwmslDxH2mjFfAvyF
- wV5vXjYJ2ok3SL8NNPOzS14GznefPe+7ZO4CCNxhxAT1+1ywWzv4vvxSocG0WINy
- QwbY53vl7/fyJzmkiDUuqRqtVKR/SCvVFyV/Mzb9XwLVVOzme7zMbK9EwlR7XxwH
- NtjZS2t/DbFUh+O9lj28fuV4qVo83jGWE63P4bEvOXzFC5zu+kpEmQEP5X1UGqqp
- h1NBPG0oeP17hv0jVzc703dbnBzif58Sc4DFraQ94QKBgQD81+IquSpmW1epJdNu
- AGAalvPS0JWWjjBrn+sC0JA+7QWGJrGAN8FtZrx/Eu58ovuD3Yra86ilWALWJKQj
- vaEg/xbrZixbQoap6MI4XYK6hqEY2Og28K4MqQXtvQB5NrjnDdYY7cICStJ8WMGs
- KV0MKzHGsUbvTBRQGXaFXHDSlwKBgQDozWWIHZ+fO0Rd/nG8M+kRY3HmIFLyxZ7C
- YZ5pgEn+X4xNi3lghkBMXAx50BB+as158lPrdHLTpkeYbcWg7xfcn2C4V+mKuUDo
- aAX8TeqbIy/Wc67HxM0+ujRkwNNIqZJhLrE34SGBDzj9jDv+sLAjglAzIbK3vtLR
- nP5DRQ1JiwKBgFd7Djp/9GaTxgG1H7EYmie5AMV4+7iqm6AxJWvE45OSCG5A5vsY
- z2jduewxjag778/RECDvWvNSPzD+XngrPRughrqNkF1G6DbTXJeJ6xhESmrBaZ7Q
- qTeiJ3X5BbfqshDnXaMkaBLI9oilYOUDLrluHHvFjGhxJzoLhVFhCXwjAoGBALmM
- 9C7gRZh5eY1dPzOdQFeepmqgOtzLDDWr7sHyAYfgighIcW6wslDqUPtKDctkvu9C
- aQbS4q606n2giJMz3hX3ZfSoBTmPXB+gwZyOUb5i9j78J0OMJXaonRfs5LoWhdg1
- igSayMR/6JGWEz91fn5e4CNQ6YwwaQGvGq1tPSDvAoGBAMH7yzcNoPlTGF7tIHuf
- xvFGCnnrS+UFWm6JaFCaNmKCr1FqRqa0seQmRl0FrnwXH3Q9/KpepBlcMjxhI1aF
- ZtXMjqYq3Fe6V8QAx0HxbbAlyzeOnK5xmKfzV0YXSHH5GjvK99zKT6s8Gu1jxu4I
- vfkczrrBlKbNp5wxPgjcAZd7
+ MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD1ahjVSH4A+inh
+ YyeVfOMQJhzrtt7OXpcGbSeepDY0lz+opc29BWafqcwZKef12aYMU7CzoyPJCL13
+ gOjn6FbU3h8FNkDZQ0kiZfGWQxHGYoJLB8MdXKyYgcynDCczMFNR/mc7YwF0IMVp
+ iApW/XYg2sv4ouuaBAZI/F7jQVYl1SB18gkk180YxZK9mzetie8V9dCEMkodH1tq
+ +BRzCYbrh3oSX/dL/CXYq/x29nFYTZmMctMc7T9ligS7n/JCBVTsLLGL/BL7E/Ba
+ 8g54qDGR78FEW1kgr0dsWVcOWJQdb8JpwCRUUFXYHL5liFGS1IozD+bpFfUvUxNH
+ 1sjPo18JAgMBAAECggEBAJRaQ5LC1LDAiQqfhvE94oEDmR4AmOWFlqQi3f1vZPkb
+ qTbIq/skxamk2iUoCPm8TT1MZhfheaNwLiCMg76U29CoSXY8Gq17mD08BPOBrcAQ
+ EpVKpu8b85XpeQ5OMXAnOWbqc/sZWWqa2Nt3ilCVvZAU05KE4gljf20lajLUb0BE
+ S+EOHgiPgbL9Upgb2HvsYjaBkgy6dMIJhH9ybyQqRJPaLceEbu53Krrv4iuZjzLD
+ CIdePYRge9DfvIff0UBlAFPVgahrwJNzZoqhEv9KlvSshE51tfaNv7zzMpoEnq7z
+ XqbisXXq/Pn6MaWiyF/6sYxYZDrAIHI5exmoJAYs4tECgYEA/V9eNpdh70Vzv19l
+ TkpjEklaAgDzSda68TSb5hYLtINI3m3+vVN+rlth5gZN7n8hKjxIBuUI8yERMY8B
+ is5g+qgIqK1jDeRHUJTKo7x+fRgM2vCTcYQgxCC4x2czkG86AifsNaGZ6j2P9y2v
+ lpaozs+ONkADpGwnOu0lsCBxbVUCgYEA9/WaPrhOO/ImKlyFbXnXHZsoRXKuWVKm
+ DRcs7z8LZmPH7n3ikiMZW7CUbKHB3mreL6Xv5gQ/nait2tjYRPT2OfBA+WTQi/kO
+ MwHyuq92J1965WCld3hzGYeJHtB12rVjheRQ3TBeBCFFu3pgEVsgqnVV1gqceBL7
+ edXnu85KSuUCgYEAxbhURvmfPR7PknmZDp1R7oU7LfEb6XUd8PiC5+wwOi9w/9KK
+ RagQZXN+VAh7bC/c656a/nZgo4ocZrYYF/+xAil6iFa1w7NuS12xPFDtzCSmc3vl
+ M2JOR37ZcxH/1ShW9jO9SqTO/VIJNHR8X2E2Xhzt9zvBG+AiRQOms2i92vkCgYEA
+ pZ2AiZXWg0mIXlDvuaBgouCoNEKV2wlN6X5qP94PAjNxLYUdWNhirpAxgqFD+QfO
+ IWsm4a5Cw04P2RVu1hf7gdVLwIeql2MhLcaGVlStiTzHu/8iZbqovgt99Xvsy8jN
+ kXde323XzdBfYAorskv4dIHsdAsgWT7sgoLxxcnSa1UCgYEAh0SDR9xTdNnCRTL8
+ Fz+YyN8EWm4XaiYv4fDu7mBEiAYJFQjfez/ZammSASwfv+sFcE4rCEMED2InlLin
+ 73hJO8bDRMI7BEtaYKyEFcCgdNXOyDRfYhLtJllaIiJNbC8m4dW8H7Hq4Av2pTc0
+ dbfd2CfWKgXWqJNl2RCGWIoqDIU=
-----END PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
- MIIFMzCCBBugAwIBAgISA/bfQH5Vgy3KTu3PXxiNHed8MA0GCSqGSIb3DQEBCwUA
+ MIIFITCCBAmgAwIBAgISA4QDnwfowfekJU7pBgWPPB3SMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
- EwJSMzAeFw0yMTA0MTYwMTA1MTNaFw0yMTA3MTUwMTA1MTNaMBgxFjAUBgNVBAMM
- DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl
- 7oIecDHRb8XBjG4sEW1qsBlI94oIa50KTHWOet7mhW82BX+scWVgqI3PbIVUI144
- IgKGPSq3SEkigP0zNgSlxNjZZ/UaB99HXlK5kZ87puDvoOYMBiurjq/QzgwygiN9
- NyyqdUtWdc/V94owxS47HsclhnOEXscVOjSQI/PIGM5G8UXZyeV0yvGVvrUYNbMf
- z9Mhh3rD2ihw6LQVgX710J7q3IOiC1CDCt0wXur1w18LYs+R1Yu07AM7R5EoEEFB
- 2TZhYgDZ3+v7lvv/EINyVc5FfolIhyV1VG+dZxevHFiuZQ5cNLpiLwep3QreKeNk
- 1ijBhAehRnTMa8fB+mb9AgMBAAGjggJbMIICVzAOBgNVHQ8BAf8EBAMCBaAwHQYD
+ EwJSMzAeFw0yMTA2MzAwODQxNDhaFw0yMTA5MjgwODQxNDdaMBgxFjAUBgNVBAMM
+ DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1
+ ahjVSH4A+inhYyeVfOMQJhzrtt7OXpcGbSeepDY0lz+opc29BWafqcwZKef12aYM
+ U7CzoyPJCL13gOjn6FbU3h8FNkDZQ0kiZfGWQxHGYoJLB8MdXKyYgcynDCczMFNR
+ /mc7YwF0IMVpiApW/XYg2sv4ouuaBAZI/F7jQVYl1SB18gkk180YxZK9mzetie8V
+ 9dCEMkodH1tq+BRzCYbrh3oSX/dL/CXYq/x29nFYTZmMctMc7T9ligS7n/JCBVTs
+ LLGL/BL7E/Ba8g54qDGR78FEW1kgr0dsWVcOWJQdb8JpwCRUUFXYHL5liFGS1Ioz
+ D+bpFfUvUxNH1sjPo18JAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
- BBYEFAqYpSC/aq86VGg0Pj+AJL8Jq4opMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+ BBYEFLKxa8BVwd6HZjzGXLkyXZLww/DwMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
- MCsGA1UdEQQkMCKCDSouYmlnYmFuZy5kZXaCESouZGV2LmJpZ2JhbmcuZGV2MEwG
- A1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEW
- Gmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB
- 8gDwAHUAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF42GzRXAAA
- BAMARjBEAiBC9SJzpBUmMfpTTflKasVUMCOVEH/yQHLez9OijeyLEQIgJ29qt+mt
- Cwhds52p8Fn8d4DQ05X1YGe83w//nJG76hwAdwD2XJQv0XcwIhRUGAgwlFaO400T
- GTO/3wwvIAvMTvFk4wAAAXjYbNHPAAAEAwBIMEYCIQDBtSlv2u3Sz3bTOKQAzsmS
- +u79PjtpvTnHfp7SwqGTAAIhAOJL7dr9pJt9JRKBl4E7Vu79xU7xOux1LIUVE+kA
- dR1qMA0GCSqGSIb3DQEBCwUAA4IBAQBQK76kZJwa1zNv2k2h/u5isvcQiDL8eoUd
- idIdXy7ydIbhzYl9Vh+zDGkUwxvIP4jVjD4FBC4QqQTjqutw8sLWjbzSPJLVfYLV
- TmwtkbCvhTiE3PAdT+SmoOFIUsd2LEmjFJ622DyUaNH0OsdrHKClC/KIO0NvhTQs
- ZnN89eH1wreIL9DolXko3RgkGB1LbG9MH4/dvzTnKHoBo4EUFXoJcnSiK7rdHEXI
- u7wKFjw9OJnqjCLx7SGOIyhLo4c5UtJXU8uxKmxsO63WGZG+ZB38uzuRZaEEt+zs
- SolSteEEHHXbe/BjYfufW2BXdJwqi3gaw04j+8Q4hcntH2cM28TW
+ MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
+ NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
+ cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCUILwejtWNbIhzH4KL
+ IiwN0dpNXmxPlD1h204vWE2iwgAAAXpcS8iTAAAEAwBIMEYCIQCcXRHwJqXD4XZJ
+ 69yt9vwm/5d3fV5iEncCsg4XoV8APAIhALuWdIvzfv1qLlS3Yv+DrVf5t2lMGdrL
+ RilySJivVC0QAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF6
+ XEvIqAAABAMARzBFAiEA7mPS3NK7XQQo+GxdVRq0kJX4uV3ELIKbVzPIdpXCmxYC
+ IHfgadCRBTml5nnTd7xpjwRuvRNr/gsyyyIV0Xjao4DIMA0GCSqGSIb3DQEBCwUA
+ A4IBAQBbccxKHBf4FOqHSP3U3+pCrU3Z3zhfTjYVaPP/gI7+rus4m6Jnq/pP21ak
+ RWFJx9Yfp0zYPG33H4b65vvmG2jYzb/sLorHIodSn8O7HD11peWwFzgRLflVQ2Kx
+ yPYdn/yY1BFIZ5cyz1iQNIUghMZVLc1JfqQbuRuodf2si0x7d2CTMV3k0qUvpll9
+ 6KstE/OEjLA0jgRmZAq0JBHZjDeYi65LoQWF1XM6Al1p0GvhGC+x//UyYZr/sBOl
+ 3FvnSe9NXeAMqeJ6QIrkFFsogPMUoTpJYs47gjMdEl6eOT2uwgchZsHpqrdHVHG6
+ 9xxT5njjSqfC0xOqknR0hhhn5Pbu
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
- MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+ MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+ TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+ cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+ WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+ RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+ AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+ R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+ sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+ NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+ Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+ /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+ AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+ Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+ FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+ AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+ Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+ gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+ PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+ CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+ lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+ avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+ yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+ yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+ hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+ MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+ nLRbwHOoq7hHwg==
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
- DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
- MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
- AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
- jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
- Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
- U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
- gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
- /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
- oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
- BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
- ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
- p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
- AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
- Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
- LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
- r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
- AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
- ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
- S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
- qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
- O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
- UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+ DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+ TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+ cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+ AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+ wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+ LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+ 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+ bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+ sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+ FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+ SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+ PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+ TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+ SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+ c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+ +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+ b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+ U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+ MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+ 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+ 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+ WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+ he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+ Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
diff --git a/tests/ci/keycloak-certs/kustomization.yaml b/tests/ci/keycloak-certs/kustomization.yaml
deleted file mode 100644
index 0704c9fe95623b825e2170deb30289d03ccdc7fd..0000000000000000000000000000000000000000
--- a/tests/ci/keycloak-certs/kustomization.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-resources:
-- admin.bigbang.dev-secret.yaml
-
diff --git a/tests/ci/keycloak.yaml b/tests/ci/keycloak.yaml
deleted file mode 100644
index c206d5144d4f5babd77f3bbddcfa45fb0fcd87bb..0000000000000000000000000000000000000000
--- a/tests/ci/keycloak.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
-metadata:
- name: secrets
- namespace: bigbang
-spec:
- interval: 1m0s
- # NOTE: We could use the same "bigbang" repository, but secrets are usually committed to a consumer owned repo,
- # so we are demonstrating that here with a new `GitRepository` resource pointed to the same repo
- url: https://repo1.dso.mil/platform-one/big-bang/bigbang.git
- ref:
- branch: master
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
-kind: Kustomization
-metadata:
- name: secrets
- namespace: bigbang
-spec:
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: secrets
- namespace: bigbang
- path: "./tests/ci/keycloak-certs"
- prune: true
diff --git a/tests/ci/passthrough-gateway.yaml b/tests/ci/passthrough-gateway.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bb9b63a62c82e09160f7bd9700a9fbca484110d3
--- /dev/null
+++ b/tests/ci/passthrough-gateway.yaml
@@ -0,0 +1,16 @@
+istio:
+ ingressGateways:
+ passthrough-ingressgateway:
+ type: "LoadBalancer" # or "NodePort"
+ kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
+ # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports.
+ # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
+ # Node port base should be in the range from 30000 to 32764
+ # nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters
+ gateways:
+ passthrough:
+ ingressGateway: "passthrough-ingressgateway"
+ hosts:
+ - "*.{{ .Values.domain }}"
+ tls:
+ mode: "PASSTHROUGH"
\ No newline at end of file
diff --git a/tests/deploy/01_deploy_bigbang.sh b/tests/deploy/01_deploy_bigbang.sh
index 5c24a9a7c2b4407ce26a93e936d76e502a2f1a0c..ccb79ca3b7a7c4ab52fca92f017c338db94caf9a 100755
--- a/tests/deploy/01_deploy_bigbang.sh
+++ b/tests/deploy/01_deploy_bigbang.sh
@@ -7,7 +7,6 @@ CI_VALUES_FILE="tests/ci/k3d/values.yaml"
if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
echo "all-packages label enabled, or on default branch or tag, enabling all addons"
yq e ".addons.*.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
- yq e ".addons.keycloak.enabled = "false"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
else
IFS=","
for package in $CI_MERGE_REQUEST_LABELS; do
@@ -21,6 +20,8 @@ fi
# if keycloak enabled add ingress passthrough cert to addons.keycloak.ingress
if [ "$(yq e ".addons.keycloak.enabled" "tests/ci/k3d/values.yaml")" == "true" ]; then
yq eval-all 'select(fileIndex == 0) * select(filename == "tests/ci/keycloak-certs/keycloak-passthrough-values.yaml")' $CI_VALUES_FILE tests/ci/keycloak-certs/keycloak-passthrough-values.yaml > tmpfile && mv tmpfile $CI_VALUES_FILE
+#if keycloak is enabled add passthrough ingress gateway and gateway to istio.
+ yq eval-all 'select(filename == "tests/ci/k3d/values.yaml") * select(filename == "tests/ci/passthrough-gateway.yaml")' $CI_VALUES_FILE tests/ci/passthrough-gateway.yaml > tmpfile && mv tmpfile $CI_VALUES_FILE
fi
# Set controlPlaneCidr for ci-infra jobs which are RKE2
@@ -39,32 +40,16 @@ helm upgrade -i bigbang chart -n bigbang --create-namespace \
--set registryCredentials[0].registry=registry1.dso.mil \
-f ${CI_VALUES_FILE}
-# if keycloak is enabled use *.admin.bigbang.dev cert
-# otherwise use *.bigbang.dev
-if [ "$(yq e ".addons.keycloak.enabled" "tests/ci/k3d/values.yaml")" == "true" ]; then
- # apply secrets kustomization pointing to current branch
- if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
- echo "Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
- kubectl apply -f tests/ci/keycloak.yaml
- elif [ -z "$CI_COMMIT_TAG" ]; then
- echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
- cat tests/ci/keycloak.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
- else
- echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
- # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
- cat tests/ci/keycloak.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
- fi
+# apply secrets kustomization pointing to current branch or master if an upgrade job
+if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
+ echo "Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
+ kubectl apply -f tests/ci/shared-secrets.yaml
+elif [ -z "$CI_COMMIT_TAG" ]; then
+ echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
+ cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
else
- # apply secrets kustomization pointing to current branch or master if an upgrade job
- if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
- echo "Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
- kubectl apply -f tests/ci/shared-secrets.yaml
- elif [ -z "$CI_COMMIT_TAG" ]; then
- echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
- cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
- else
- echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
- # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
- cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
- fi
+ echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
+ # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
+ cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
fi
+
diff --git a/tests/tests/01_virtualservices.sh b/tests/tests/01_virtualservices.sh
index 9189a6dc042b5945c68761d7a61c7b1e4a5540ed..5da18892c322c26f76c68b48b842dcb30401595d 100755
--- a/tests/tests/01_virtualservices.sh
+++ b/tests/tests/01_virtualservices.sh
@@ -5,11 +5,15 @@ set -e
# Populate /etc/hosts
ip=$(kubectl -n istio-system get service public-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-
+ip_passthrough=$(kubectl -n istio-system get service passthrough-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "Checking "
hosts=`kubectl get virtualservices -A -o jsonpath="{ .items[*].spec.hosts[*] }"`
for host in $hosts; do
+ if [ $host == "keycloak.bigbang.dev" ]; then
+ echo "$ip_passthrough $host" >> /etc/hosts
+ else
echo "$ip $host" >> /etc/hosts
- curl -svv https://$host/ > /dev/null
+ fi
+ curl -svv https://$host/ > /dev/null
done