c45f9b997d
We want Vault to perform token reviews with Kubernetes even if we are using an external Vault. We need to create the ServiceAccount, Secret and ClusterRoleBinding with the system:auth-delegator role to enable delegated authentication and authorization checks [1]. These SA and RBAC objects are created when we deploy the Vault server. In order to enable the creation of these objects when using an external Vault, we remove the condition on external mode. User might want to provide a sensible name (in global.serviceAccount.name) to the service account such as: vault-auth. refs #376 [1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes |
||
|---|---|---|
| .. | ||
| acceptance | ||
| docker | ||
| terraform | ||
| unit | ||
| README.md | ||
Running Vault Helm Acceptance tests
The Makefile at the top level of this repo contains a few target that should help with running acceptance tests in your own GKE instance.
- Set the GOOGLE_CREDENTIALS and CLOUDSDK_CORE_PROJECT variables at the top of the file. GOOGLE_CREDENTIALS should contain the local path to your Google Cloud Platform account credentials in JSON format. CLOUDSDK_CORE_PROJECT should be set to the ID of your GCP project.
- Run
make test-imageto create the docker image (with dependencies installed) that will be re-used in the below steps. - Run
make test-provisionto provision the GKE cluster using terraform. - Run
make test-acceptanceto run the acceptance tests in this already provisioned cluster. - You can choose to only run certain tests by setting the ACCEPTANCE_TESTS variable and re-running the above target.
- Run
make test-destroywhen you have finished testing and want to tear-down and remove the cluster.