-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathsmoke_test.sh
63 lines (55 loc) · 1.49 KB
/
smoke_test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/bash
POD_NAME="kv-test-$(uuidgen | head -c 8)"
VOLUME_NAME="secrets-store-inline"
MOUNT_PATH="/mnt/secrets-store"
SECRET_ALIAS="demo_alias"
az aks get-credentials -g $rg_name -n $aks_cluster_name --overwrite-existing
# Deploy test pod
read -r -d '' KV_POD_YAML << EOM
kind: Pod
apiVersion: v1
metadata:
name: $POD_NAME
labels:
aadpodidbinding: "$aad_pod_id_binding_selector"
spec:
containers:
- name: $POD_NAME
image: nginx
volumeMounts:
- name: $VOLUME_NAME
mountPath: "$MOUNT_PATH"
readOnly: true
volumes:
- name: $VOLUME_NAME
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
providerName: "azure"
usePodIdentity: "true"
tenantId: "$tenant_id"
keyvaultName: "$key_vault_name"
objects: |
array:
- |
objectName: "$SECRET_NAME"
objectAlias: "$SECRET_ALIAS"
objectType: secret
EOM
if ! echo "$KV_POD_YAML" | kubectl apply -f -
then
echo "Unable to deploy test pod into the cluster."
exit 1
fi
kubectl wait --for=condition=Ready --timeout=120s pod/$POD_NAME
kubectl describe pod/$POD_NAME
kubectl exec -i $POD_NAME ls $MOUNT_PATH
ACTUAL_VALUE=$(kubectl exec -i $POD_NAME cat $MOUNT_PATH/$SECRET_ALIAS)
kubectl delete pod $POD_NAME
if [ "$SECRET_VALUE" == "$ACTUAL_VALUE" ]; then
echo "AKS - Key Vault test passed"
else
echo "AKS - Key Vault test failed"
exit 1
fi