From 834d7dc52a4378f6c7e2983c82f91a87f82bb17c Mon Sep 17 00:00:00 2001 From: IWAMOTO Toshihiro Date: Thu, 31 Jan 2019 16:49:04 +0900 Subject: [PATCH] Properly initialize CI cluster credential It has been using the cluster where argo ran --- test/scripts/run-tests.sh | 36 +++++++++++++++++++++--------------- test/scripts/unit-test.sh | 18 +++--------------- 2 files changed, 24 insertions(+), 30 deletions(-) diff --git a/test/scripts/run-tests.sh b/test/scripts/run-tests.sh index e1720ef8194..72f8faf50c2 100755 --- a/test/scripts/run-tests.sh +++ b/test/scripts/run-tests.sh @@ -39,21 +39,27 @@ echo "CLUSTER_NAME: ${CLUSTER_NAME}" echo "ZONE: ${GCP_ZONE}" echo "PROJECT: ${GCP_PROJECT}" -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clusterCaCertificate)'| base64 -d > ca.pem - -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clientCertificate)' | base64 -d > client.pem - -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clientKey)' | base64 -d > key.rsa - -kubectl config set-credentials temp-admin --username=admin --client-certificate=./client.pem --client-key=./key.rsa -kubectl config set-context temp-context --cluster=$(kubectl config get-clusters | grep ${CLUSTER_NAME}) --user=temp-admin -kubectl config use-context temp-context +gcloud --project ${PROJECT} container clusters get-credentials ${CLUSTER_NAME} \ + --zone ${ZONE} +kubectl config set-context $(kubectl config current-context) --namespace=default +# XXX debugging +kubectl config view +CONTEXT=`kubectl config current-context` +USER=`kubectl config get-contexts $CONTEXT -o name|sed 's/@.*//'` + +kubectl apply -f - << EOF +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cluster-admins +subjects: +- kind: User + name: $USER +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: "" +EOF #This is required. But I don't know why. VERSION=${VERSION/%?/} diff --git a/test/scripts/unit-test.sh b/test/scripts/unit-test.sh index 5e6397d0f73..a169d09a9ae 100755 --- a/test/scripts/unit-test.sh +++ b/test/scripts/unit-test.sh @@ -34,21 +34,9 @@ gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS echo "Configuring kubectl" -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clusterCaCertificate)'| base64 -d > ca.pem - -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clientCertificate)' | base64 -d > client.pem - -gcloud container clusters describe ${CLUSTER_NAME} \ - --zone ${ZONE} \ - --format 'value(masterAuth.clientKey)' | base64 -d > key.rsa - -kubectl config set-credentials temp-admin --username=admin --client-certificate=./client.pem --client-key=./key.rsa -kubectl config set-context temp-context --cluster=$(kubectl config get-clusters | grep ${CLUSTER_NAME}) --user=temp-admin -kubectl config use-context temp-context +gcloud --project ${PROJECT} container clusters get-credentials ${CLUSTER_NAME} \ + --zone ${ZONE} +kubectl config set-context $(kubectl config current-context) --namespace=default kubectl apply -f - <