Skip to content

oauth2-proxy with istio mesh config and m2m bearer tokens #11

oauth2-proxy with istio mesh config and m2m bearer tokens

oauth2-proxy with istio mesh config and m2m bearer tokens #11

name: Deploy and test KServe with m2m auth in KinD
- contrib/kserve/**
- common/knative/**
- common/oidc-client/oauth2-proxy/**
- common/istio*/**
runs-on: ubuntu-latest
- name: Checkout
uses: actions/checkout@v3
- name: Install KinD
run: ./tests/gh-actions/
- name: Create KinD Cluster
run: kind create cluster --config tests/gh-actions/kind-cluster.yaml
- name: Install kubectl
run: ./tests/gh-actions/
- name: Install kustomize
run: ./tests/gh-actions/
- name: Create kubeflow namespace
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
- name: Install Istio with ext auth
run: ./tests/gh-actions/*
- name: Install cert-manager
run: ./tests/gh-actions/
- name: Install knative
run: ./tests/gh-actions/
- name: Build & Apply manifests
run: ./tests/gh-actions/
- name: Create test namespace
run: kubectl create ns kserve-test
- name: Setup python 3.9
uses: actions/setup-python@v4
python-version: 3.9
- name: Install test dependencies
run: pip install -r ./contrib/kserve/tests/requirements.txt
- name: Port forward
run: |
INGRESS_GATEWAY_SERVICE=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0]}')
nohup kubectl port-forward --namespace istio-system svc/${INGRESS_GATEWAY_SERVICE} 8080:80 &
while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready
- name: Run kserve tests with m2m token from SA default/default
run: |
export KSERVE_INGRESS_HOST_PORT=localhost:8080
export KSERVE_M2M_TOKEN="$(kubectl -n default create token default)"
cd ./contrib/kserve/tests && pytest . -vs --log-level info
- name: Run and fail kserve tests without kserve m2m token
run: |
export KSERVE_INGRESS_HOST_PORT=localhost:8080
cd ./contrib/kserve/tests
if pytest . -vs --log-level info; then
echo "This test should fail with an HTTP redirect to oauth2-proxy/dex auth."; exit 1
echo "Task failed successfully!"
echo "This is a provisional way of testing that m2m is enabled for kserve."