Commit 2c50f4aa authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Fix embedded mirror blocked by SAR RBAC and re-enable test

parent 8262c02c
...@@ -36,8 +36,7 @@ jobs: ...@@ -36,8 +36,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
# TODO fix embeddedmirror and add it to the matrix etest: [startup, s3, btrfs, externalip, privateregistry, embeddedmirror, wasm]
etest: [startup, s3, btrfs, externalip, privateregistry, wasm]
max-parallel: 3 max-parallel: 3
steps: steps:
- name: "Checkout" - name: "Checkout"
...@@ -116,4 +115,4 @@ jobs: ...@@ -116,4 +115,4 @@ jobs:
chmod +x ./dist/artifacts/k3s chmod +x ./dist/artifacts/k3s
. ./tests/docker/test-helpers . ./tests/docker/test-helpers
. ./tests/docker/test-run-${{ matrix.dtest }} . ./tests/docker/test-run-${{ matrix.dtest }}
echo "Did test-run-${{ matrix.dtest }} pass $?" echo "Did test-run-${{ matrix.dtest }} pass $?"
\ No newline at end of file
...@@ -75,7 +75,11 @@ func Start(ctx context.Context, nodeConfig *config.Node, runtime *config.Control ...@@ -75,7 +75,11 @@ func Start(ctx context.Context, nodeConfig *config.Node, runtime *config.Control
} }
authz := options.NewDelegatingAuthorizationOptions() authz := options.NewDelegatingAuthorizationOptions()
authz.AlwaysAllowPaths = []string{"/v2", "/debug/pprof", "/v1-" + version.Program + "/p2p"} authz.AlwaysAllowPaths = []string{ // skip authz for paths that should not use SubjectAccessReview; basically everything that will use this router other than metrics
"/v1-" + version.Program + "/p2p", // spegel libp2p peer discovery
"/v2/*", // spegel registry mirror
"/debug/pprof/*", // profiling
}
authz.RemoteKubeConfigFile = nodeConfig.AgentConfig.KubeConfigKubelet authz.RemoteKubeConfigFile = nodeConfig.AgentConfig.KubeConfigKubelet
if applyErr := authz.ApplyTo(&config.Authorization); applyErr != nil { if applyErr := authz.ApplyTo(&config.Authorization); applyErr != nil {
err = applyErr err = applyErr
......
...@@ -38,6 +38,9 @@ def provision(vm, role, role_num, node_num) ...@@ -38,6 +38,9 @@ def provision(vm, role, role_num, node_num)
if role.include?("server") && role_num == 0 if role.include?("server") && role_num == 0
vm.provision "private-registry", type: "shell", inline: writePrivateRegistry vm.provision "private-registry", type: "shell", inline: writePrivateRegistry
vm.provision "create-images-dir", type: "shell", inline: "mkdir -p -m 777 /tmp/images /var/lib/rancher/k3s/agent/images"
vm.provision "copy-images-file", type: "file", source: "../../../scripts/airgap/image-list.txt", destination: "/tmp/images/image-list.txt"
vm.provision "move-images-file", type: "shell", inline: "mv /tmp/images/image-list.txt /var/lib/rancher/k3s/agent/images/image-list.txt"
vm.provision 'k3s-primary-server', type: 'k3s', run: 'once' do |k3s| vm.provision 'k3s-primary-server', type: 'k3s', run: 'once' do |k3s|
k3s.args = "server " k3s.args = "server "
...@@ -54,6 +57,9 @@ def provision(vm, role, role_num, node_num) ...@@ -54,6 +57,9 @@ def provision(vm, role, role_num, node_num)
elsif role.include?("server") && role_num != 0 elsif role.include?("server") && role_num != 0
vm.provision "shell", inline: writePrivateRegistry vm.provision "shell", inline: writePrivateRegistry
vm.provision "create-images-dir", type: "shell", inline: "mkdir -p -m 777 /tmp/images /var/lib/rancher/k3s/agent/images"
vm.provision "copy-images-file", type: "file", source: "../../../scripts/airgap/image-list.txt", destination: "/tmp/images/image-list.txt"
vm.provision "move-images-file", type: "shell", inline: "mv /tmp/images/image-list.txt /var/lib/rancher/k3s/agent/images/image-list.txt"
vm.provision 'k3s-secondary-server', type: 'k3s', run: 'once' do |k3s| vm.provision 'k3s-secondary-server', type: 'k3s', run: 'once' do |k3s|
k3s.args = "server" k3s.args = "server"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment