feat: support kubernetes service-accounts (#538)

lakekeeper · Nov 24, 2024 · 2982210 · 2982210
1 parent caa1ebe
commit 2982210
Show file tree

Hide file tree

Showing 27 changed files with 1,529 additions and 490 deletions.
diff --git a/.github/workflows/kube-auth.yml b/.github/workflows/kube-auth.yml
@@ -0,0 +1,73 @@
+name: Kubernetes auth integration test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
+  cancel-in-progress: true
+
+jobs:
+  docker:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Docker info
+        run: docker info
+
+      - name: Build Docker image (amd64)
+        run: |
+          DOCKER_BUILDKIT=1 docker build -t localhost/iceberg-catalog-local:amd64 \
+          -f docker/full.Dockerfile .
+          docker save -o /tmp/iceberg-catalog-amd64.tar localhost/iceberg-catalog-local:amd64
+
+      - name: Save Docker
+        uses: actions/upload-artifact@v4
+        with:
+          name: iceberg-catalog-image
+          path: /tmp/*.tar
+  kube_auth:
+    needs: docker
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: engineerd/setup-kind@v0.6.2
+        with:
+          version: "v0.24.0"
+      - name: Restore binary
+        uses: actions/download-artifact@v4
+        with:
+          name: iceberg-catalog-image
+          path: artifacts
+
+      - name: Display structure of downloaded files
+        run: ls -Rlh artifacts
+
+      - name: Restore Docker image
+        run:  docker load -i artifacts/iceberg-catalog-amd64.tar &&  kind load docker-image localhost/iceberg-catalog-local:amd64
+      - uses: azure/setup-helm@v4.2.0
+        id: install
+      - run: helm repo add lakekeeper https://lakekeeper.github.io/lakekeeper-charts/
+        name: Add lakekeeper helm repo
+      - name: Install lakekeeper (wait 300s)
+        run: helm install -f tests/kube-auth/values.yaml my-lakekeeper lakekeeper/lakekeeper --version 0.1.5 && sleep 300
+      - name: Apply auth role
+        run: kubectl describe pods && kubectl apply -f tests/kube-auth/auth_role.yaml
+      - name: Run tests
+        run: kubectl run bootstrap-test --image=curlimages/curl -it --command=true --restart=Never -- /bin/sh -c "$(cat tests/kube-auth/bootstrap.sh)"
+      - name: bootstrap-logs
+        if: failure()
+        run: kubectl logs bootstrap-test
+      - name: server-logs
+        if: failure()
+        run : kubectl logs deployments/my-lakekeeper
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -83,6 +83,8 @@ http-body-util = "^0.1"
 jwks_client_rs = { version = "0.5.1", default-features = false, features = [
     "rustls-tls",
 ] }
+kube = { version = "0.96", default-features = false, features = ["rustls-tls", "client"] }
+k8s-openapi = { version = "0.23.0", features = ["v1_26"] }
 lazy-regex = { version = "3.2.0", features = ["lite"] }
 lru = "0.12.4"
 percent-encoding = "2.3.1"