tests now use the aggregator cluster

Author: maartyman

.github/workflows/integration-tests.yml

@@ -123,6 +123,8 @@ jobs:
             fi
           done
         shell: bash
+        shell: bash
+        shell: bash
         timeout-minutes: 20
 
       - name: Load images into Kind (Windows)
@@ -132,21 +134,57 @@ jobs:
             $name = $_.Name
             Write-Host "Loading $name into kind..."
             kind load docker-image "${name}:latest" --name aggregator-test
-          }
+            kind load docker-image "${name}:latest" --name aggregator
         shell: powershell
         timeout-minutes: 20
 
       - name: Wait for cluster to be ready
-        run: |
+      - name: Generate key pair for UMA proxy
           kubectl config use-context kind-aggregator-test
-          kubectl wait --for=condition=Ready nodes --all --timeout=120s
+          kubectl config use-context kind-aggregator
         shell: bash
-
+          openssl genrsa -out uma-proxy.key 4096
+          openssl req -x509 -new -nodes -key uma-proxy.key -sha256 -days 3650 -out uma-proxy.crt -subj "/CN=Aggregator MITM CA"
+          kubectl delete secret uma-proxy-key-pair -n default --ignore-not-found
+          kubectl create secret generic uma-proxy-key-pair --from-file=uma-proxy.crt=uma-proxy.crt --from-file=uma-proxy.key=uma-proxy.key -n default
+          rm uma-proxy.crt uma-proxy.key
+
+      - name: Deploy aggregator-cleaner
+        run: |
+          kubectl apply -f k8s/ops/ns.yaml
+          kubectl apply -f k8s/ops/cleaner.yaml
+          kubectl wait --namespace aggregator-ops --for=condition=available deployment/aggregator-cleaner --timeout=60s || true
+
+      - name: Deploy Traefik
+        run: |
+          helm repo add traefik https://traefik.github.io/charts
+          helm repo update
+          kind export logs ./kind-logs --name aggregator || true
+            --namespace aggregator-traefik \
+            --create-namespace \
+            --set ingressClass.enabled=true \
+            --set ingressClass.name=aggregator-traefik \
+            --set ports.web.hostPort=80 \
+            --set ports.websecure.hostPort=443 \
+            --set service.type=ClusterIP \
+            --set providers.kubernetesCRD.allowCrossNamespace=true \
+          kind export logs ./kind-logs --name aggregator
+          kubectl rollout status deployment aggregator-traefik -n aggregator-traefik --timeout=180s
+
+      - name: Deploy aggregator
+        run: |
+          kubectl apply -f k8s/app/ns.yaml
+          kubectl apply -f k8s/app/config.yaml
+          kubectl apply -f k8s/app/aggregator.yaml
+          kubectl rollout status deployment aggregator-server -n aggregator-app --timeout=120s
+
+      - name: Add /etc/hosts entry
+        run: |
+          echo "127.0.0.1 aggregator.local" | sudo tee -a /etc/hosts
       - name: Run integration tests
         run: |
           cd integration-test
-          go test -v -timeout 30m ./...
-        shell: bash
+          kind delete cluster --name aggregator || true
         timeout-minutes: 35
 
       - name: Collect logs on failure (Linux)

README.md

@@ -160,11 +160,31 @@ Automated tests run on GitHub Actions for Linux and Windows on every push and pu
 
 ### Run Locally
 
+Integration tests use the existing Kind cluster and deployment created by `make kind-init` and `make deploy`.
+
 ```bash
+# First-time setup
+make kind-init
+make deploy
+
+# Run tests (uses existing cluster)
 make integration-test
 ```
 
-Tests use port forwarding to `localhost:8080` to avoid requiring root privileges.
+The tests will:
+- Verify the existing `aggregator` cluster is running
+- Check that the aggregator is deployed
+- Run all integration tests against `http://aggregator.local`
+- Leave the cluster running after tests complete
+
+### CI/CD
+
+The GitHub Actions workflow automatically:
+1. Creates a test cluster
+2. Builds and loads containers
+3. Deploys Traefik and the aggregator
+4. Runs the full test suite
+5. Cleans up the test cluster
 
 ## Troubleshooting
 

integration-test/kind-test-config.yaml

@@ -12,7 +12,7 @@ import (
 var testEnv *utils.TestEnvironment
 
 func TestMain(m *testing.M) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 	defer cancel()
 
 	var err error
@@ -21,14 +21,6 @@ func TestMain(m *testing.M) {
 		panic("Failed to setup test environment: " + err.Error())
 	}
 
-	if err := testEnv.WaitForAggregatorReady(ctx); err != nil {
-		panic("Aggregator not ready: " + err.Error())
-	}
-
-	if err := testEnv.SetupPortForward(ctx); err != nil {
-		panic("Failed to setup port forward: " + err.Error())
-	}
-
 	code := m.Run()
 
 	if err := testEnv.Cleanup(); err != nil {

integration-test/main_test.go

@@ -80,7 +80,6 @@ func TestClientIdentifierDocument(t *testing.T) {
 		t.Fatal("client_identifier field missing or not a string")
 	}
 
-	// 2. GET the client identifier document
 	clientResp, err := http.Get(clientIdentifierURL)
 	if err != nil {
 		t.Fatalf("Failed to get client identifier document: %v", err)