diff --git a/.github/ct-install-config/chart_schema.yaml b/.github/ct-install-config/chart_schema.yaml new file mode 100644 index 00000000..ce663d5b --- /dev/null +++ b/.github/ct-install-config/chart_schema.yaml @@ -0,0 +1,38 @@ +name: str() +kubeVersion: str() +apiVersion: str() +appVersion: any(str(), num()) +version: str(required=True) +upstream_version: any(str(), num(), required=False) +description: str() +type: str(required=False) +home: str() +icon: str() +sources: list(str(), required=False) +dependencies: list(include('dependency'), required=False) +deprecated: bool(required=False) +engine: str(required=False) +condition: str(required=False) +keywords: list(str(), required=False) +tags: str(required=False) +maintainers: list(include('maintainer')) +annotations: map(str(), str(), required=False) +--- +maintainer: + name: str() + email: str(required=False) + url: str(required=True) +--- +dependency: + name: str() + repository: str() + version: str() + condition: str(required=False) + tags: list(str(), required=False) + import-values: any(list(str()), list(include('import-value')), required=False) + enabled: bool(required=False) + alias: str(required=False) +--- +import-value: + child: str() + parent: str() diff --git a/.github/ct-install-config/ct-install.yaml b/.github/ct-install-config/ct-install.yaml new file mode 100644 index 00000000..64ea6695 --- /dev/null +++ b/.github/ct-install-config/ct-install.yaml @@ -0,0 +1,7 @@ +remote: origin +target-branch: master +chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +chart-dirs: + - library + - charts +excluded-charts: [] diff --git a/.github/ct-install-config/ct-lint.yaml b/.github/ct-install-config/ct-lint.yaml new file mode 100644 index 00000000..6dc691ff --- /dev/null +++ b/.github/ct-install-config/ct-lint.yaml @@ -0,0 +1,7 @@ +remote: origin +target-branch: master +helm-extra-args: --timeout 600s --debug +chart-yaml-schema: .github/ct-install-config/chart_schema.yaml +chart-dirs: + - library +excluded-charts: [] diff --git a/.github/ct-install-config/lint-conf.yaml b/.github/ct-install-config/lint-conf.yaml new file mode 100644 index 00000000..90f48c88 --- /dev/null +++ b/.github/ct-install-config/lint-conf.yaml @@ -0,0 +1,42 @@ +--- +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + require-starting-space: true + min-spaces-from-content: 2 + document-end: disable + document-start: disable # No --- to start a file + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: whatever # - list indentation will handle both indentation and without + check-multi-line-strings: false + key-duplicates: enable + line-length: disable # Lines can be any length + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + level: warning diff --git a/.github/ct-install.yaml b/.github/ct-install.yaml deleted file mode 100644 index 6982e101..00000000 --- a/.github/ct-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -remote: origin -target-branch: main -helm-extra-args: --timeout 600s --debug -chart-dirs: -- helper-charts -chart-repos: -- k8s-at-home-libraries=https://library-charts.truecharts.org diff --git a/.github/ct-lint.yaml b/.github/ct-lint.yaml deleted file mode 100644 index 2bb8903f..00000000 --- a/.github/ct-lint.yaml +++ /dev/null @@ -1,7 +0,0 @@ -remote: origin -target-branch: main -helm-extra-args: --timeout 600s -chart-dirs: -- charts -chart-repos: -- truecharts-libraries=https://library-charts.truecharts.org diff --git a/.github/workflows/charts-lint-test.yaml b/.github/workflows/charts-lint-test.yaml deleted file mode 100644 index 09e3f8fe..00000000 --- a/.github/workflows/charts-lint-test.yaml +++ /dev/null @@ -1,99 +0,0 @@ -name: "Charts: Lint and test" - -on: - pull_request: - paths: - - '.github/workflows/charts-lint-test.yaml' - - 'charts/**' - - 'helper-charts/**' - -jobs: - lint: - name: Lint charts - runs-on: ubuntu-20.04 - outputs: - changed: ${{ steps.list-changed.outputs.changed }} - steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3 - with: - fetch-depth: 0 - - - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 - with: - version: v3.5.4 - - - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 - with: - python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config .github/ct-lint.yaml) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi - - name: Run chart-testing (lint) - id: lint - if: steps.list-changed.outputs.changed == 'true' - run: ct lint --config .github/ct-lint.yaml - - unittest: - needs: - - lint - name: Run unit tests - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3 - with: - fetch-depth: 0 - - - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 - with: - version: v3.5.4 - - - name: Run tests - run: | - helm plugin install https://github.com/vbehar/helm3-unittest --version v1.0.16 - cd helper-charts/common-test/ - helm dependency update - helm unittest -f "tests/**/*_test.yaml" . - install: - needs: - - lint - name: Install charts - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3 - with: - fetch-depth: 0 - - - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 - with: - version: v3.5.4 - - - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 - with: - python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 - - - name: Create k3d cluster - uses: nolar/setup-k3d-k3s@v1 - with: - version: v1.22.4+k3s1 - if: needs.lint.outputs.changed == 'true' - - - name: Run chart-testing (install) - if: needs.lint.outputs.changed == 'true' - run: ct install --all --config .github/ct-install.yaml --debug diff --git a/.github/workflows/common.release.yaml b/.github/workflows/common.release.yaml index 44ff03d2..17efe9b2 100644 --- a/.github/workflows/common.release.yaml +++ b/.github/workflows/common.release.yaml @@ -8,7 +8,7 @@ on: branches: - main paths: - - 'charts/**' + - 'charts/*' jobs: release-charts: diff --git a/.github/workflows/common_library_tests.yaml b/.github/workflows/common_library_tests.yaml new file mode 100644 index 00000000..cc99ab5f --- /dev/null +++ b/.github/workflows/common_library_tests.yaml @@ -0,0 +1,191 @@ +name: Common Library Tests + +on: + pull_request: + paths: + - library/** + - .github/workflows/common_library_tests.yaml + +jobs: + lint: + name: Lint Common + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + # We run tests on Helm version of latest SCALE release, SCALE nightly and manually defined "latest" + helm-version: + - v3.9.4 + - v3.10.3 + - v3.11.0-rc.1 + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + with: + fetch-depth: 1 + + - name: Install Helm + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 + with: + version: ${{ matrix.helm-version }} + + - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 + with: + python-version: "3.10" + + - name: Set up chart-testing + uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 + + + - name: Run chart-testing (lint) + run: | + ct lint --config .github/ct-install-config/ct-lint.yaml \ + --lint-conf .github/ct-install-config/lint-conf.yaml \ + --charts library/common-test \ + --debug + + + + + unittest: + name: Unit Tests + runs-on: ubuntu-22.04 + env: + helmunitversion: 0.2.11 + strategy: + fail-fast: false + matrix: + # We run tests on Helm version of latest SCALE release, SCALE nightly and manually defined "latest" + helm-version: + - v3.9.4 + - v3.10.3 + - v3.11.0-rc.1 + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + with: + fetch-depth: 1 + + - name: Cache helm plugins + uses: actions/cache@v3 + with: + path: | + /home/runner/.local/share/helm/plugins/helm-unittest + key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmunitversion }}-${{ hashFiles('/home/runner/.local/share/helm/plugins/helm-unittest') }} + restore-keys: | + helm-${{ matrix.helm-version }}-unittest-v${{ env.helmunitversion }}-${{ hashFiles('/home/runner/.local/share/helm/plugins/helm-unittest') }} + helm-${{ matrix.helm-version }}-unittest-v${{ env.helmunitversion }} + + - name: Install Helm + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 + with: + version: ${{ matrix.helm-version }} + + - name: Run tests + run: | + helm unittest -h || helm plugin install https://github.com/quintush/helm-unittest --version "v${helmunitversion}" + cd library/common-test/ + helm dependency update + helm unittest --helm3 -f "tests/*/*.yaml" . + + install: + needs: + - lint + name: Install Charts + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + # We run tests on k3s version of latest SCALE release, SCALE nightly and manually defined "latest" + k3s-version: + - v1.25.3+k3s1 + - v1.26.0+k3s1 + # We run tests on Helm version of latest SCALE release, SCALE nightly and manually defined "latest" + helm-version: + - v3.9.4 + - v3.10.3 + - v3.11.0-rc.1 + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + with: + fetch-depth: 1 + + - name: Install Helm + uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 + with: + version: ${{ matrix.helm-version }} + + - uses: actions/setup-python@2c3dd9e7e29afd70cc0950079bde6c979d1f69f9 # tag=v4 + with: + python-version: "3.10" + + - name: Set up chart-testing + uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 + + - name: Create k3d cluster - Attempt 1/3 + continue-on-error: true + id: createc1 + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Wait 10 second to retry + if: steps.createc1.outcome=='failure' + run: | + sleep 10 + + - name: Create k3d cluster - Attempt 2/3 + continue-on-error: true + if: steps.createc1.outcome=='failure' + id: createc2 + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Wait 10 second to retry + if: steps.createc2.outcome=='failure' + run: | + sleep 10 + + + - name: Create k3d cluster - Attempt 3/3 + id: createc3 + if: steps.createc2.outcome=='failure' + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ matrix.k3s-version }} + # Flags found here https://github.com/k3d-io/k3d + k3d-args: --k3s-arg --disable=metrics-server@server:* + + - name: Move CI values + run: | + mv library/common-test/ci library/common-test/runtests + + - name: Run chart-testing (install) - Basic Values + run: | + mv -f library/common-test/runtests/basic-values.yaml library/common-test/values.yaml + ct install --config .github/ct-install-config/ct-install.yaml \ + --charts library/common-test \ + --debug + + - name: Run chart-testing (install) - persistence Values + run: | + mv -f library/common-test/runtests/persistence-values.yaml library/common-test/values.yaml + ct install --config .github/ct-install-config/ct-install.yaml \ + --charts library/common-test \ + --debug + + - name: Run chart-testing (install) - rbac Values + run: | + mv -f library/common-test/runtests/rbac-values.yaml library/common-test/values.yaml + ct install --config .github/ct-install-config/ct-install.yaml \ + --charts library/common-test \ + --debug diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 00000000..78bb9d33 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,27 @@ +name: flake8 + +on: [push] + +jobs: + lint: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.9 + uses: actions/setup-python@v1 + with: + python-version: 3.9 + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install flake8 + - name: Setup flake8 config + run: | + echo '[flake8]' > setup.cfg + echo 'max-line-length = 120' >> setup.cfg + - name: Analysing the code with flake8 + run: | + find -name upgrade_strategy -exec sh -c "flake8 {} && exit 0 || echo $? > .exit_status" \; + test -f .exit_status && rm .exit_status && exit 1; exit 0; diff --git a/charts/common/CHANGELOG.md b/charts/common/CHANGELOG.md deleted file mode 100644 index 1be441ae..00000000 --- a/charts/common/CHANGELOG.md +++ /dev/null @@ -1,1322 +0,0 @@ -# Changelog
- - - -### [common-9.1.14](https://github.com/truecharts/apps/compare/common-9.1.13...common-9.1.14) (2022-03-26) - -#### Chore - -* update docker general non-major - -#### Fix - -* try to fix "did not find expected "-" indicator ([#2275](https://github.com/truecharts/apps/issues/2275)) - - - - -### [common-9.1.13](https://github.com/truecharts/apps/compare/common-9.1.12...common-9.1.13) (2022-03-24) - -#### Chore - -* update docker general non-major - - - - -### [common-9.1.12](https://github.com/truecharts/apps/compare/common-9.1.11...common-9.1.12) (2022-03-24) - -#### Fix - -* Add mariadbImage to values.yaml ([#2272](https://github.com/truecharts/apps/issues/2272)) - - - - -### [common-9.1.11](https://github.com/truecharts/apps/compare/common-9.1.10...common-9.1.11) (2022-03-24) - -#### Fix - -* typo in mariadb repo ([#2271](https://github.com/truecharts/apps/issues/2271)) - - - - -### [common-9.1.10](https://github.com/truecharts/apps/compare/common-9.1.9...common-9.1.10) (2022-03-24) - -#### Chore - -* update docker general non-major ([#2259](https://github.com/truecharts/apps/issues/2259)) -* update docker general non-major - - - - -### [common-9.1.9](https://github.com/truecharts/apps/compare/common-9.1.8...common-9.1.9) (2022-03-20) - -#### Fix - -* Wait for init ([#2226](https://github.com/truecharts/apps/issues/2226)) - - - - -### [common-9.1.8](https://github.com/truecharts/apps/compare/common-9.1.6...common-9.1.8) (2022-03-20) - -#### Chore - -* update docker general non-major - -#### Fix - -* add url without ql as some app does not like it ([#2231](https://github.com/truecharts/apps/issues/2231)) - - - - -### [common-9.1.6](https://github.com/truecharts/apps/compare/common-9.1.5...common-9.1.6) (2022-03-17) - -#### Chore - -* force common chart rerelease - - - - -### [common-9.1.5](https://github.com/truecharts/apps/compare/common-9.1.4...common-9.1.5) (2022-03-17) - -#### Chore - -* update docker general non-major ([#2198](https://github.com/truecharts/apps/issues/2198)) -* update docker general non-major ([#2196](https://github.com/truecharts/apps/issues/2196)) - - - - -### [common-9.1.4](https://github.com/truecharts/apps/compare/common-9.1.3...common-9.1.4) (2022-03-15) - -#### Chore - -* update docker general non-major ([#2175](https://github.com/truecharts/apps/issues/2175)) - - - - -### [common-9.1.3](https://github.com/truecharts/apps/compare/common-test-3.3.8...common-9.1.3) (2022-03-15) - -#### Chore - -* update docker general non-major ([#2108](https://github.com/truecharts/apps/issues/2108)) - -#### Docs - -* add BirdBare as a contributor for bug ([#2080](https://github.com/truecharts/apps/issues/2080)) - -#### Fix - -* remove `or` when only one argument ([#2166](https://github.com/truecharts/apps/issues/2166)) - - - - -### [common-9.1.2](https://github.com/truecharts/apps/compare/common-9.1.1...common-9.1.2) (2022-03-07) - -#### Chore - -* update docker general non-major ([#2046](https://github.com/truecharts/apps/issues/2046)) - - - - -### [common-9.1.1](https://github.com/truecharts/apps/compare/common-9.1.0...common-9.1.1) (2022-03-06) - -#### Feat - -* allow more PUID/UID types to sync with GUID/GID ([#2039](https://github.com/truecharts/apps/issues/2039)) - - - - -### [common-9.1.0](https://github.com/truecharts/apps/compare/common-9.0.1...common-9.1.0) (2022-03-06) - -#### Feat - -* bump and patch docker-compose disable -* allow shared ip ([#2033](https://github.com/truecharts/apps/issues/2033)) - - - - -### [common-9.0.0](https://github.com/truecharts/apps/compare/common-8.17.3...common-9.0.0) (2022-03-03) - -#### Fix - -* BREAKING CHANGE Move some env-vars outside of env section ([#2010](https://github.com/truecharts/apps/issues/2010)) - - - - -### [common-8.17.3](https://github.com/truecharts/apps/compare/common-8.17.2...common-8.17.3) (2022-03-03) - -#### Fix - -* fix TZ being wrongly defined in common and remove its references from some remaining Apps ([#2005](https://github.com/truecharts/apps/issues/2005)) - - - - -### [common-8.17.2](https://github.com/truecharts/apps/compare/common-8.17.1...common-8.17.2) (2022-02-28) - -#### Chore - -* update docker general non-major ([#1980](https://github.com/truecharts/apps/issues/1980)) - - - - -### [common-8.17.1](https://github.com/truecharts/apps/compare/common-8.17.0...common-8.17.1) (2022-02-25) - -#### Fix - -* correctly disable host docker-compose ([#1964](https://github.com/truecharts/apps/issues/1964)) - - - - -### [common-8.17.0](https://github.com/truecharts/apps/compare/common-8.16.1...common-8.17.0) (2022-02-24) - -#### Feat - -* block host docker-compose and create hostpatch initcontainer ([#1961](https://github.com/truecharts/apps/issues/1961)) - - - - -### [common-8.16.1](https://github.com/truecharts/apps/compare/common-8.16.0...common-8.16.1) (2022-02-22) - -#### Feat - -* Assing TZ a default value ([#1934](https://github.com/truecharts/apps/issues/1934)) - - - - -### [common-8.16.0](https://github.com/truecharts/apps/compare/common-8.15.4...common-8.16.0) (2022-02-21) - -#### Feat - -* add autolinking opion to ingress ([#1922](https://github.com/truecharts/apps/issues/1922)) - - - - -### [common-8.15.4](https://github.com/truecharts/apps/compare/common-8.15.3...common-8.15.4) (2022-02-14) - -#### Chore - -* update docker general non-major ([#1895](https://github.com/truecharts/apps/issues/1895)) - - - - -### [common-8.15.3](https://github.com/truecharts/apps/compare/common-8.15.2...common-8.15.3) (2022-02-10) - -#### Chore - -* update docker general non-major ([#1876](https://github.com/truecharts/apps/issues/1876)) - - - - -### [common-8.15.2](https://github.com/truecharts/apps/compare/common-8.15.1...common-8.15.2) (2022-02-08) - -#### Chore - -* update docker general non-major ([#1869](https://github.com/truecharts/apps/issues/1869)) - - - - -### [common-8.15.1](https://github.com/truecharts/apps/compare/common-8.15.0...common-8.15.1) (2022-02-07) - -#### Chore - -* update docker general non-major ([#1863](https://github.com/truecharts/apps/issues/1863)) -* update docker general non-major ([#1855](https://github.com/truecharts/apps/issues/1855)) - - - - -### [common-8.15.0](https://github.com/truecharts/apps/compare/common-8.14.5...common-8.15.0) (2022-02-06) - -#### Chore - -* update docker general non-major ([#1849](https://github.com/truecharts/apps/issues/1849)) - -#### Feat - -* add an initial inotify patch ([#1854](https://github.com/truecharts/apps/issues/1854)) - - - - -### [common-8.14.5](https://github.com/truecharts/apps/compare/common-8.14.4...common-8.14.5) (2022-02-03) - -#### Chore - -* update docker general non-major ([#1836](https://github.com/truecharts/apps/issues/1836)) - - - - -### [common-8.14.4](https://github.com/truecharts/apps/compare/common-8.14.3...common-8.14.4) (2022-01-31) - -#### Chore - -* update docker general non-major docker tags ([#1823](https://github.com/truecharts/apps/issues/1823)) - - - - -### [common-8.14.3](https://github.com/truecharts/apps/compare/common-8.14.2...common-8.14.3) (2022-01-31) - -#### Feat - -* force `NVIDIA_VISIBLE_DEVICES: "void"` when no GPU is assigned ([#1819](https://github.com/truecharts/apps/issues/1819)) - - - - -### [common-8.14.2](https://github.com/truecharts/apps/compare/common-8.14.1...common-8.14.2) (2022-01-24) - -#### Chore - -* update docker general non-major ([#1786](https://github.com/truecharts/apps/issues/1786)) - - - - -### [common-8.14.1](https://github.com/truecharts/apps/compare/common-8.14.0...common-8.14.1) (2022-01-23) - -#### Fix - -* correct mistakes in install and upgrade init containers - - - - -### [common-8.14.0](https://github.com/truecharts/apps/compare/common-8.13.5...common-8.14.0) (2022-01-23) - -#### Feat - -* add upgrade and install specific initContainers - - - - -### [common-8.13.5](https://github.com/truecharts/apps/compare/common-8.13.4...common-8.13.5) (2022-01-22) - -#### Chore - -* update docker general non-major ([#1764](https://github.com/truecharts/apps/issues/1764)) - - - - -### [common-8.13.4](https://github.com/truecharts/apps/compare/common-8.13.3...common-8.13.4) (2022-01-21) - -#### Chore - -* update docker general non-major ([#1751](https://github.com/truecharts/apps/issues/1751)) - - - - -### [common-8.13.3](https://github.com/truecharts/apps/compare/common-8.13.2...common-8.13.3) (2022-01-19) - -#### Chore - -* update docker general non-major ([#1741](https://github.com/truecharts/apps/issues/1741)) - - - - -### [common-8.13.2](https://github.com/truecharts/apps/compare/common-8.13.1...common-8.13.2) (2022-01-19) - -#### Chore - -* update docker general non-major ([#1729](https://github.com/truecharts/apps/issues/1729)) - -#### Fix - -* add a few more settings required for setting up USB devices - - - - -### [common-8.13.1](https://github.com/truecharts/apps/compare/common-8.13.0...common-8.13.1) (2022-01-17) - -#### Chore - -* update docker general non-major ([#1728](https://github.com/truecharts/apps/issues/1728)) - - - - -### [common-8.13.0](https://github.com/truecharts/apps/compare/common-8.12.2...common-8.13.0) (2022-01-13) - -#### Feat - -* add GUI for networkPolicy ([#1710](https://github.com/truecharts/apps/issues/1710)) -* expose capabilities in GUI ([#1709](https://github.com/truecharts/apps/issues/1709)) - - - - -### [common-8.12.2](https://github.com/truecharts/apps/compare/common-8.12.1...common-8.12.2) (2022-01-13) - -#### Feat - -* properly setup extra-args support ([#1708](https://github.com/truecharts/apps/issues/1708)) - - - - -### [common-8.12.1](https://github.com/truecharts/apps/compare/common-8.12.0...common-8.12.1) (2022-01-12) - -#### Fix - -* document the portal configmap and have it parse tpl for config ([#1612](https://github.com/truecharts/apps/issues/1612)) - - - - -### [common-8.12.0](https://github.com/truecharts/apps/compare/common-8.11.0...common-8.12.0) (2022-01-12) - -#### Feat - -* add TTY, STDIN and IPFamily support ([#1700](https://github.com/truecharts/apps/issues/1700)) - - - - -### [common-8.11.0](https://github.com/truecharts/apps/compare/common-8.10.6...common-8.11.0) (2022-01-12) - - - - -### [common-8.10.6](https://github.com/truecharts/apps/compare/common-8.10.5...common-8.10.6) (2022-01-10) - -#### Chore - -* update docker general non-major ([#1685](https://github.com/truecharts/apps/issues/1685)) - - - - -### [common-8.10.5](https://github.com/truecharts/apps/compare/common-8.10.4...common-8.10.5) (2022-01-10) - -#### Chore - -* update docker general non-major ([#1677](https://github.com/truecharts/apps/issues/1677)) - - - - -### [common-8.10.4](https://github.com/truecharts/apps/compare/common-8.10.3...common-8.10.4) (2022-01-10) - -#### Chore - -* update docker general major docker tags (major) ([#1678](https://github.com/truecharts/apps/issues/1678)) - - - - -### [common-8.10.3](https://github.com/truecharts/apps/compare/common-8.10.2...common-8.10.3) (2022-01-09) - -#### Fix - -* fix logic in tpl ([#1668](https://github.com/truecharts/apps/issues/1668)) - - - - -### [common-8.10.2](https://github.com/truecharts/apps/compare/common-8.10.1...common-8.10.2) (2022-01-04) - -#### Chore - -* update docker general non-major ([#1648](https://github.com/truecharts/apps/issues/1648)) - - - - -### [common-8.10.1](https://github.com/truecharts/apps/compare/common-8.10.0...common-8.10.1) (2022-01-03) - -#### Chore - -* update docker general non-major ([#1646](https://github.com/truecharts/apps/issues/1646)) - - - - -### [common-8.10.0](https://github.com/truecharts/apps/compare/common-8.9.27...common-8.10.0) (2021-12-29) - -#### Feat - -* add support for a, renovate compatible, image selector ([#1627](https://github.com/truecharts/apps/issues/1627)) - - - - -### [common-8.9.27](https://github.com/truecharts/apps/compare/common-8.9.26...common-8.9.27) (2021-12-27) - -#### Chore - -* update docker general non-major ([#1615](https://github.com/truecharts/apps/issues/1615)) - - - - -### [common-8.9.26](https://github.com/truecharts/apps/compare/common-8.9.25...common-8.9.26) (2021-12-24) - -#### Chore - -* update docker general non-major ([#1607](https://github.com/truecharts/apps/issues/1607)) -* update docker general non-major ([#1595](https://github.com/truecharts/apps/issues/1595)) - - - - -### [common-8.9.25](https://github.com/truecharts/apps/compare/common-8.9.24...common-8.9.25) (2021-12-20) - -#### Chore - -* update docker general non-major ([#1585](https://github.com/truecharts/apps/issues/1585)) - - - - -### [common-8.9.24](https://github.com/truecharts/apps/compare/common-8.9.23...common-8.9.24) (2021-12-19) - -#### Chore - -* update docker general non-major ([#1567](https://github.com/truecharts/apps/issues/1567)) - - - - -### [common-8.9.23](https://github.com/truecharts/apps/compare/common-8.9.22...common-8.9.23) (2021-12-18) - -#### Fix - -* add default dbindex for redis ([#1563](https://github.com/truecharts/apps/issues/1563)) - - - - -### [common-8.9.22](https://github.com/truecharts/apps/compare/common-8.9.21...common-8.9.22) (2021-12-18) - -#### Chore - -* update docker general non-major - -#### Fix - -* fix redis port ([#1561](https://github.com/truecharts/apps/issues/1561)) - - - - -### [common-8.9.21](https://github.com/truecharts/apps/compare/common-8.9.20...common-8.9.21) (2021-12-13) - -#### Chore - -* update docker general non-major ([#1531](https://github.com/truecharts/apps/issues/1531)) - - - - -### [common-8.9.20](https://github.com/truecharts/apps/compare/common-8.9.19...common-8.9.20) (2021-12-12) - -#### Chore - -* update docker general non-major ([#1518](https://github.com/truecharts/apps/issues/1518)) - - - - -### [common-8.9.19](https://github.com/truecharts/apps/compare/common-8.9.18...common-8.9.19) (2021-12-12) - -#### Fix - -* support some different jdbc url's for mariadb injector - - - - -### [common-8.9.18](https://github.com/truecharts/apps/compare/common-test-3.3.7...common-8.9.18) (2021-12-11) - -#### Chore - -* update non-major docker ([#1507](https://github.com/truecharts/apps/issues/1507)) - - - - -### [common-8.9.17](https://github.com/truecharts/apps/compare/common-8.9.16...common-8.9.17) (2021-12-08) - -#### Fix - -* try using a seperate renovate group for dependency train - - - - -### [common-8.9.16](https://github.com/truecharts/apps/compare/common-8.9.15...common-8.9.16) (2021-12-08) - -#### Chore - -* update non-major ([#1488](https://github.com/truecharts/apps/issues/1488)) - - - - -### [common-8.9.15](https://github.com/truecharts/apps/compare/common-8.9.14...common-8.9.15) (2021-12-07) - -#### Chore - -* update non-major ([#1479](https://github.com/truecharts/apps/issues/1479)) - - - - -### [common-8.9.14](https://github.com/truecharts/apps/compare/common-test-3.3.6...common-8.9.14) (2021-12-07) - -#### Chore - -* update non-major ([#1475](https://github.com/truecharts/apps/issues/1475)) - - - - -### common-8.9.13 (2021-12-05) - -#### Chore - -* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448)) -* ensure container references are prefixed with v -* cleanup the ci for the security page a bit -* bump common -* retrigger common release -* update non-major ([#1466](https://github.com/truecharts/apps/issues/1466)) -* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449)) -* update non-major ([#1443](https://github.com/truecharts/apps/issues/1443)) -* update non-major ([#1427](https://github.com/truecharts/apps/issues/1427)) -* update non-major ([#1423](https://github.com/truecharts/apps/issues/1423)) -* update common - -#### Fix - -* move deps back to ghcr for now. - - - - -### [common-8.9.11](https://github.com/truecharts/apps/compare/common-test-3.3.2...common-8.9.11) (2021-12-05) - -#### Chore - -* update non-major ([#1466](https://github.com/truecharts/apps/issues/1466)) - -#### Fix - -* move deps back to ghcr for now. - - - - -### [common-8.9.10](https://github.com/truecharts/apps/compare/common-test-3.3.1...common-8.9.10) (2021-12-03) - - - - -### [common-8.9.9](https://github.com/truecharts/apps/compare/common-8.9.8...common-8.9.9) (2021-12-03) - -#### Chore - -* ensure container references are prefixed with v -* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448)) -* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449)) - - - - -### [common-8.9.8](https://github.com/truecharts/apps/compare/common-8.9.7...common-8.9.8) (2021-12-01) - -#### Chore - -* update non-major ([#1443](https://github.com/truecharts/apps/issues/1443)) - - - - -### [common-8.9.7](https://github.com/truecharts/apps/compare/common-8.9.6...common-8.9.7) (2021-11-30) - -#### Chore - -* update non-major ([#1427](https://github.com/truecharts/apps/issues/1427)) - - - - -### [common-8.9.5](https://github.com/truecharts/apps/compare/common-8.9.4...common-8.9.5) (2021-11-29) - -#### Fix - -* always force a rename and recreate of cert-secrets on update ([#1422](https://github.com/truecharts/apps/issues/1422)) - - - - -### [common-8.9.4](https://github.com/truecharts/apps/compare/common-8.9.3...common-8.9.4) (2021-11-28) - -#### Fix - -* patch common mariadb linker - - - - -### [common-8.9.3](https://github.com/truecharts/apps/compare/common-8.9.2...common-8.9.3) (2021-11-23) - -#### Chore - -* update non-major ([#1384](https://github.com/truecharts/apps/issues/1384)) - - - - -### [common-8.9.2](https://github.com/truecharts/apps/compare/common-8.9.1...common-8.9.2) (2021-11-23) - -#### Fix - -* ensure storageClassName gets rendered correctly ([#1385](https://github.com/truecharts/apps/issues/1385)) - - - - -### [common-8.9.1](https://github.com/truecharts/apps/compare/common-8.9.0...common-8.9.1) (2021-11-22) - -#### Chore - -* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380)) - - - - -### [common-8.9.0](https://github.com/truecharts/apps/compare/common-8.8.1...common-8.9.0) (2021-11-22) - -#### Feat - -* Implement some simplifications from Bitnami ([#1378](https://github.com/truecharts/apps/issues/1378)) - - - - -### [common-8.8.1](https://github.com/truecharts/apps/compare/common-8.8.0...common-8.8.1) (2021-11-21) - -#### Fix - -* also allow for templating in service selector - - - - -### [common-8.8.0](https://github.com/truecharts/apps/compare/common-8.7.1...common-8.8.0) (2021-11-21) - -#### Feat - -* allow for custom selector labels on services. ([#1374](https://github.com/truecharts/apps/issues/1374)) - - - - -### [common-8.7.1](https://github.com/truecharts/apps/compare/common-8.7.0...common-8.7.1) (2021-11-21) - -#### Fix - -* correct some mistakes in configMap handling in common ([#1369](https://github.com/truecharts/apps/issues/1369)) - - - - -### [common-8.7.0](https://github.com/truecharts/apps/compare/common-8.6.5...common-8.7.0) (2021-11-21) - -#### Chore - -* bump common - -#### Feat - -* add configmap and secret persistence objects ([#1368](https://github.com/truecharts/apps/issues/1368)) - - - - -### [common-8.6.5](https://github.com/truecharts/apps/compare/common-8.6.4...common-8.6.5) (2021-11-21) - -#### Fix - -* increate probe delay and timeout for weaker systems - - - - -### [common-8.6.4](https://github.com/truecharts/apps/compare/common-8.6.3...common-8.6.4) (2021-11-18) - -#### Chore - -* update non-major ([#1350](https://github.com/truecharts/apps/issues/1350)) - - - - -### [common-8.6.3](https://github.com/truecharts/apps/compare/common-8.6.2...common-8.6.3) (2021-11-16) - -#### Chore - -* update non-major ([#1342](https://github.com/truecharts/apps/issues/1342)) - - - - -### [common-8.6.2](https://github.com/truecharts/apps/compare/common-8.6.1...common-8.6.2) (2021-11-15) - -#### Chore - -* update non-major ([#1336](https://github.com/truecharts/apps/issues/1336)) - - - - -### [common-8.6.1](https://github.com/truecharts/apps/compare/common-8.6.0...common-8.6.1) (2021-11-15) - -#### Fix - -* correctly set defaults for volumeclaimtemplates and pvc's ([#1334](https://github.com/truecharts/apps/issues/1334)) - - - - -### [common-8.6.0](https://github.com/truecharts/apps/compare/common-8.5.7...common-8.6.0) (2021-11-15) - -#### Feat - -* add mariadb support layer - - - - -### [common-8.5.7](https://github.com/truecharts/apps/compare/common-8.5.6...common-8.5.7) (2021-11-14) - -#### Chore - -* clean up Chart.yaml ([#1322](https://github.com/truecharts/apps/issues/1322)) -* update non-major ([#1327](https://github.com/truecharts/apps/issues/1327)) - -#### Chort - -* bump common - - - - -### [common-8.5.6](https://github.com/truecharts/apps/compare/common-8.5.5...common-8.5.6) (2021-11-12) - -#### Feat - -* add redis App ([#1309](https://github.com/truecharts/apps/issues/1309)) - - - - -### [common-8.5.5](https://github.com/truecharts/apps/compare/common-8.5.4...common-8.5.5) (2021-11-10) - -#### Chore - -* update non-major ([#1302](https://github.com/truecharts/apps/issues/1302)) -* update non-major ([#1296](https://github.com/truecharts/apps/issues/1296)) - -#### Fix - -* fix release.name issues when installing - - - - -### [common-8.5.4](https://github.com/truecharts/apps/compare/common-8.5.3...common-8.5.4) (2021-11-08) - -#### Feat - -* also set and remember postgresql root password - - - - -### [common-8.5.3](https://github.com/truecharts/apps/compare/common-8.5.2...common-8.5.3) (2021-11-07) - -#### Chore - -* update non-major ([#1270](https://github.com/truecharts/apps/issues/1270)) - - - - -### [common-8.5.2](https://github.com/truecharts/apps/compare/common-8.5.1...common-8.5.2) (2021-11-06) - -#### Chore - -* Simplify GUI for deployment, persistence and securityContext ([#1289](https://github.com/truecharts/apps/issues/1289)) - - - - -### [common-8.5.1](https://github.com/truecharts/apps/compare/common-8.5.0...common-8.5.1) (2021-11-06) - -#### Chore - -* add additional aliasses for simple hostpath persistence ([#1287](https://github.com/truecharts/apps/issues/1287)) - - - - -### [common-8.5.0](https://github.com/truecharts/apps/compare/common-8.4.0...common-8.5.0) (2021-11-06) - -#### Feat - -* introduce simplePVC and simplyHP aliasses for persistence types ([#1286](https://github.com/truecharts/apps/issues/1286)) - - - - -### [common-8.4.0](https://github.com/truecharts/apps/compare/common-8.3.19...common-8.4.0) (2021-11-06) - -#### Feat - -* Add simple servicetype as a LoadBalancer Alias ([#1284](https://github.com/truecharts/apps/issues/1284)) - - - - -### [common-8.3.19](https://github.com/truecharts/apps/compare/common-8.3.18...common-8.3.19) (2021-11-02) - -#### Chore - -* update non-major ([#1265](https://github.com/truecharts/apps/issues/1265)) - - - - -### [common-8.3.18](https://github.com/truecharts/apps/compare/common-8.3.17...common-8.3.18) (2021-11-01) - -#### Chore - -* update non-major ([#1263](https://github.com/truecharts/apps/issues/1263)) - - - - -### [common-8.3.17](https://github.com/truecharts/apps/compare/common-8.3.16...common-8.3.17) (2021-11-01) - -#### Fix - -* set default ndots to 1 and fix dnsoptions in GUI ([#1262](https://github.com/truecharts/apps/issues/1262)) - - - - -### [common-8.3.16](https://github.com/truecharts/apps/compare/common-8.3.15...common-8.3.16) (2021-10-26) - -#### Chore - -* update bitnami/postgresql:14.0.0 docker digest to 6737f46 ([#1243](https://github.com/truecharts/apps/issues/1243)) -* update major docker tags (major) ([#1235](https://github.com/truecharts/apps/issues/1235)) - - - - -### [common-8.3.15](https://github.com/truecharts/apps/compare/common-8.3.14...common-8.3.15) (2021-10-26) - -#### Chore - -* update non-major ([#1232](https://github.com/truecharts/apps/issues/1232)) - - - - -### [common-8.3.14](https://github.com/truecharts/apps/compare/common-test-3.3.0...common-8.3.14) (2021-10-20) - -#### Fix - -* use correct PVC storageClass when using postgresql as a dependency on SCALE ([#1212](https://github.com/truecharts/apps/issues/1212)) - - - - -### [common-8.3.13](https://github.com/truecharts/apps/compare/common-8.3.12...common-8.3.13) (2021-10-19) - -#### Chore - -* Project-Eclipse part 2, adapting and cleaning changelog ([#1173](https://github.com/truecharts/apps/issues/1173)) -* update non-major ([#1174](https://github.com/truecharts/apps/issues/1174)) - -#### Fix - -* correct SCALE detection on statefullset - - - - -### [common-8.3.12](https://github.com/truecharts/apps/compare/common-8.3.11...common-8.3.12) (2021-10-18) - -#### Fix - -* Copy ixChartContext.storageClassName to child charts - - - - -### [common-8.3.11](https://github.com/truecharts/apps/compare/common-8.3.10...common-8.3.11) (2021-10-18) - -#### Feat - -* set SCALE-ZFS as a default storageClassName for SCALE when nothing is given. ([#1169](https://github.com/truecharts/apps/issues/1169)) - - - - -### [common-8.3.10](https://github.com/truecharts/apps/compare/common-8.3.9...common-8.3.10) (2021-10-17) - -#### Fix - -* Just provide warning when chmod fails on autopermissions ([#1157](https://github.com/truecharts/apps/issues/1157)) - - - - -### [common-8.3.9](https://github.com/truecharts/apps/compare/common-8.3.8...common-8.3.9) (2021-10-15) - -#### Chore - -* add varlog storage and streamline db urls again - - - - -### [common-8.3.8](https://github.com/truecharts/apps/compare/common-8.3.7...common-8.3.8) (2021-10-15) - - - - -### [common-8.3.7](https://github.com/truecharts/apps/compare/common-8.3.6...common-8.3.7) (2021-10-15) - -#### Feat - -* simplify postgresql url generator ([#1146](https://github.com/truecharts/apps/issues/1146)) - - - - -### [common-8.3.6](https://github.com/truecharts/apps/compare/common-8.3.5...common-8.3.6) (2021-10-13) - -#### Chore - -* update non-major docker tags ([#1134](https://github.com/truecharts/apps/issues/1134)) - - - - -### [common-8.3.5](https://github.com/truecharts/apps/compare/common-8.3.4...common-8.3.5) (2021-10-12) - -#### Chore - -* update non-major ([#1122](https://github.com/truecharts/apps/issues/1122)) - - - - -### [common-8.3.4](https://github.com/truecharts/apps/compare/common-8.3.3...common-8.3.4) (2021-10-09) - - - - -### [common-8.3.3](https://github.com/truecharts/apps/compare/common-8.3.2...common-8.3.3) (2021-10-09) - - - - -### [common-8.3.2](https://github.com/truecharts/apps/compare/common-8.3.1...common-8.3.2) (2021-10-09) - - - - -### [common-8.3.1](https://github.com/truecharts/apps/compare/common-8.3.0...common-8.3.1) (2021-10-09) - - - - -### [common-8.3.0](https://github.com/truecharts/apps/compare/common-8.2.2...common-8.3.0) (2021-10-09) - - - - -### [common-8.2.2](https://github.com/truecharts/apps/compare/common-8.2.1...common-8.2.2) (2021-10-04) - - - - -### [common-8.2.1](https://github.com/truecharts/apps/compare/common-8.2.0...common-8.2.1) (2021-10-04) - - - - -### [common-8.2.0](https://github.com/truecharts/apps/compare/common-8.1.1...common-8.2.0) (2021-10-04) - - - - -### [common-8.1.1](https://github.com/truecharts/apps/compare/common-8.1.0...common-8.1.1) (2021-10-03) - - - - -### [common-8.1.0](https://github.com/truecharts/apps/compare/common-8.0.13...common-8.1.0) (2021-10-03) - - - - -### [common-8.0.13](https://github.com/truecharts/apps/compare/common-8.0.12...common-8.0.13) (2021-09-29) - - - - -### [common-8.0.12](https://github.com/truecharts/apps/compare/common-8.0.11...common-8.0.12) (2021-09-29) - - - - -### [common-8.0.10](https://github.com/truecharts/apps/compare/common-8.0.9...common-8.0.10) (2021-09-29) - - - - -### [common-8.0.9](https://github.com/truecharts/apps/compare/common-test-3.1.5...common-8.0.9) (2021-09-28) - - - - -### [common-8.0.8](https://github.com/truecharts/apps/compare/common-8.0.7...common-8.0.8) (2021-09-26) - - - - -### [common-8.0.7](https://github.com/truecharts/apps/compare/common-8.0.6...common-8.0.7) (2021-09-26) - - - - -### [common-8.0.6](https://github.com/truecharts/apps/compare/common-8.0.5...common-8.0.6) (2021-09-26) - - - - -### [common-8.0.4](https://github.com/truecharts/apps/compare/common-8.0.3...common-8.0.4) (2021-09-25) - - - - -### [common-8.0.3](https://github.com/truecharts/apps/compare/common-test-3.1.4...common-8.0.3) (2021-09-25) - - - - -### [common-8.0.2](https://github.com/truecharts/apps/compare/common-8.0.1...common-8.0.2) (2021-09-25) - - - - -### [common-8.0.1](https://github.com/truecharts/apps/compare/common-8.0.0...common-8.0.1) (2021-09-25) - - - - -### [common-8.0.0](https://github.com/truecharts/apps/compare/common-test-3.1.3...common-8.0.0) (2021-09-25) - - - - -### [common-7.0.14](https://github.com/truecharts/apps/compare/common-7.0.13...common-7.0.14) (2021-09-14) - -#### Fix - -* make sure autopermissions sets the group owner correctly ([#994](https://github.com/truecharts/apps/issues/994)) - - - - -### [common-7.0.13](https://github.com/truecharts/apps/compare/common-7.0.12...common-7.0.13) (2021-09-14) - -#### Chore - -* update non-major ([#987](https://github.com/truecharts/apps/issues/987)) - - - - -### [common-7.0.12](https://github.com/truecharts/apps/compare/common-7.0.11...common-7.0.12) (2021-09-13) - -#### Fix - -* ensure wireguard env vars get created - - - - -### [common-7.0.11](https://github.com/truecharts/apps/compare/common-7.0.10...common-7.0.11) (2021-09-12) - -#### Fix - -* nuke all VPN volumes that we don't use (yet) out of Common - - - - -### [common-7.0.10](https://github.com/truecharts/apps/compare/common-7.0.9...common-7.0.10) (2021-09-12) - -#### Fix - -* completely remove unused volumes and correctly enable used volumes for VPN - - - - -### [common-7.0.9](https://github.com/truecharts/apps/compare/common-7.0.7...common-7.0.9) (2021-09-12) - -#### Fix - -* remove old configmap and secret references for VPN config/scripts - - - - -### [common-7.0.7](https://github.com/truecharts/apps/compare/common-7.0.6...common-7.0.7) (2021-09-12) - -#### Fix - -* correct vpn securityContext - - - - -### [common-7.0.6](https://github.com/truecharts/apps/compare/common-7.0.5...common-7.0.6) (2021-09-12) - - - - -### [common-7.0.5](https://github.com/truecharts/apps/compare/common-7.0.4...common-7.0.5) (2021-09-12) - -#### Fix - -* ensure annotationLists and labelLists don't get processed for disabled objects ([#971](https://github.com/truecharts/apps/issues/971)) - - - - -### [common-7.0.4](https://github.com/truecharts/apps/compare/common-7.0.3...common-7.0.4) (2021-09-12) - -#### Chore - -* update non-major ([#962](https://github.com/truecharts/apps/issues/962)) - -#### Feat - -* pin all container references to digests ([#963](https://github.com/truecharts/apps/issues/963)) - -#### Improv - -* improve dns and vpn values.yaml syntaxis ([#970](https://github.com/truecharts/apps/issues/970)) - - - - -### [common-7.0.3](https://github.com/truecharts/apps/compare/common-7.0.2...common-7.0.3) (2021-09-11) - -#### Chore - -* move more dockerhub containers to GHCR mirror ([#958](https://github.com/truecharts/apps/issues/958)) - -#### Fix - -* remove duplicate securitycontext from autopermissions - - - - -### [common-7.0.2](https://github.com/truecharts/apps/compare/common-7.0.1...common-7.0.2) (2021-09-10) - -#### Feat - -* Move some common containers to our own containers - -#### Refactor - -* change image layout to enable renovate updates of sidecarts ([#955](https://github.com/truecharts/apps/issues/955)) - - - - -### [common-7.0.1](https://github.com/truecharts/apps/compare/common-7.0.0...common-7.0.1) (2021-09-10) - -#### Feat - -* have VPN use a hostPath for the configfile instead of configmap ([#953](https://github.com/truecharts/apps/issues/953)) - -#### Fix - -* move runAsNonRoot to container securityContext to allow root sidecarts ([#954](https://github.com/truecharts/apps/issues/954)) - - - - -### [common-7.0.0](https://github.com/truecharts/apps/compare/common-6.14.0...common-7.0.0) (2021-09-09) - -#### Refactor - -* Restructure common init and additional container layout to dicts ([#950](https://github.com/truecharts/apps/issues/950)) - - - - -### [common-6.14.0](https://github.com/truecharts/apps/compare/common-6.13.11...common-6.14.0) (2021-09-09) - -#### Feat - -* port addons from k8s-at-home to common ([#948](https://github.com/truecharts/apps/issues/948)) - - - - -### [common-6.13.11](https://github.com/truecharts/apps/compare/common-6.13.10...common-6.13.11) (2021-09-09) - -#### Chore - -* update common test dependencies ([#949](https://github.com/truecharts/apps/issues/949)) - - - - -### [common-6.13.10](https://github.com/truecharts/apps/compare/common-6.13.9...common-6.13.10) (2021-09-09) - -#### Fix - -* ensure supplementalgroups when using devices are actually added ([#942](https://github.com/truecharts/apps/issues/942)) diff --git a/charts/common/helm-values.md b/charts/common/helm-values.md deleted file mode 100644 index 36ca0c8d..00000000 --- a/charts/common/helm-values.md +++ /dev/null @@ -1,287 +0,0 @@ -# Default Helm-Values - -TrueCharts is primarily build to supply TrueNAS SCALE Apps. -However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our Common Chart. -This chart is used by a lot of our Apps to provide sane defaults and logic. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| TZ | string | `"UTC"` | Set Container Timezone | -| additionalContainers | object | `{}` | Specify any additional containers here as dictionary items. Each additional container should have its own key. Helm templates can be used. | -| addons | object | See below | The common chart supports several add-ons. These can be configured under this key. | -| addons.codeserver | object | See values.yaml | The common library supports adding a code-server add-on to access files. It can be configured under this key. For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server) | -| addons.codeserver.args | list | `["--auth","none"]` | Set codeserver command line arguments. Consider setting --user-data-dir to a persistent location to preserve code-server setting changes | -| addons.codeserver.enabled | bool | `false` | Enable running a code-server container in the pod | -| addons.codeserver.env | object | `{}` | Set any environment variables for code-server here | -| addons.codeserver.envList | list | `[]` | All variables specified here will be added to the codeserver sidecar container See the documentation of the codeserver image for all config values | -| addons.codeserver.git | object | See below | Optionally allow access a Git repository by passing in a private SSH key | -| addons.codeserver.git.deployKey | string | `""` | Raw SSH private key | -| addons.codeserver.git.deployKeyBase64 | string | `""` | Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. | -| addons.codeserver.git.deployKeySecret | string | `""` | Existing secret containing SSH private key The chart expects it to be present under the `id_rsa` key. | -| addons.codeserver.ingress.enabled | bool | `false` | Enable an ingress for the code-server add-on. | -| addons.codeserver.service.enabled | bool | `true` | Enable a service for the code-server add-on. | -| addons.codeserver.workingDir | string | `"/"` | Specify the working dir that will be opened when code-server starts If not given, the app will default to the mountpah of the first specified volumeMount | -| addons.netshoot | object | See values.yaml | The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key. | -| addons.netshoot.enabled | bool | `false` | Enable running a netshoot container in the pod | -| addons.netshoot.env | object | `{}` | Set any environment variables for netshoot here | -| addons.netshoot.envList | list | `[]` | All variables specified here will be added to the netshoot sidecar container See the documentation of the netshoot image for all config values | -| addons.promtail | object | See values.yaml | The common library supports adding a promtail add-on to to access logs and ship them to loki. It can be configured under this key. | -| addons.promtail.args | list | `[]` | Set promtail command line arguments | -| addons.promtail.enabled | bool | `false` | Enable running a promtail container in the pod | -| addons.promtail.env | object | `{}` | Set any environment variables for promtail here | -| addons.promtail.envList | list | `[]` | All variables specified here will be added to the promtail sidecar container See the documentation of the promtail image for all config values | -| addons.promtail.logs | list | `[]` | The paths to logs on the volume | -| addons.promtail.loki | string | `""` | The URL to Loki | -| addons.vpn | object | See values.yaml | The common chart supports adding a VPN add-on. It can be configured under this key. For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn) | -| addons.vpn.configFile | object | `{"enabled":true,"hostPath":"/vpn/vpn.conf","hostPathType":"File","noMount":true,"type":"hostPath"}` | Provide a customized vpn configuration file to be used by the VPN. | -| addons.vpn.configFile.hostPath | string | `"/vpn/vpn.conf"` | Which path on the host should be mounted. | -| addons.vpn.configFile.hostPathType | string | `"File"` | Specifying a hostPathType adds a check before trying to mount the path. See Kubernetes documentation for options. | -| addons.vpn.env | object | `{}` | All variables specified here will be added to the vpn sidecar container See the documentation of the VPN image for all config values | -| addons.vpn.envList | list | `[]` | All variables specified here will be added to the vpn sidecar container See the documentation of the VPN image for all config values | -| addons.vpn.openvpn | object | See below | OpenVPN specific configuration | -| addons.vpn.openvpn.username | string | `""` | Credentials to connect to the VPN Service (used with -a) Only using password is enough | -| addons.vpn.securityContext | object | See values.yaml | Set the VPN container specific securityContext | -| addons.vpn.type | string | `"disabled"` | Specify the VPN type. Valid options are disabled, openvpn or wireguard | -| affinity | object | `{}` | Defines affinity constraint rules. [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | -| alpineImage | object | See below | alpine specific configuration | -| alpineImage.pullPolicy | string | `"IfNotPresent"` | Specify the Alpine image pull policy | -| alpineImage.repository | string | `"ghcr.io/truecharts/alpine"` | Specify the Alpine image | -| alpineImage.tag | string | `"v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583"` | Specify the Alpine image tag | -| args | list | `[]` | Override the args for the default container | -| autoscaling | object | | Add a Horizontal Pod Autoscaler | -| codeserverImage | object | See below | codeserver specific configuration | -| codeserverImage.pullPolicy | string | `"IfNotPresent"` | Specify the code-server image pull policy | -| codeserverImage.repository | string | `"ghcr.io/truecharts/code-server"` | Specify the code-server image | -| codeserverImage.tag | string | `"v4.2.0@sha256:82e2d802e59b26954096529aa08e83bebd2004da664fee9ab6c911e4f5ab6c48"` | Specify the code-server image tag | -| command | list | `[]` | Override the command(s) for the default container | -| configmap | object | See below | Configure configMaps for the chart here. Additional configMaps can be added by adding a dictionary key similar to the 'config' object. | -| configmap.config.annotations | object | `{}` | Annotations to add to the configMap | -| configmap.config.data | object | `{}` | configMap data content. Helm template enabled. | -| configmap.config.enabled | bool | `false` | Enables or disables the configMap | -| configmap.config.labels | object | `{}` | Labels to add to the configMap | -| controller.annotations | object | `{}` | Set annotations on the deployment/statefulset/daemonset | -| controller.annotationsList | list | `[]` | Set additional annotations on the deployment/statefulset/daemonset | -| controller.enabled | bool | `true` | enable the controller. | -| controller.labels | object | `{}` | Set labels on the deployment/statefulset/daemonset | -| controller.labelsList | list | `[]` | Set additional labels on the deployment/statefulset/daemonset | -| controller.replicas | int | `1` | Number of desired pods | -| controller.revisionHistoryLimit | int | `3` | ReplicaSet revision history limit | -| controller.rollingUpdate.partition | string | `nil` | Set statefulset RollingUpdate partition | -| controller.rollingUpdate.surge | string | `nil` | Set deployment RollingUpdate max surge | -| controller.rollingUpdate.unavailable | string | `nil` | Set deployment RollingUpdate max unavailable | -| controller.strategy | string | `nil` | Set the controller upgrade strategy For Deployments, valid values are Recreate (default) and RollingUpdate. For StatefulSets, valid values are OnDelete and RollingUpdate (default). DaemonSets ignore this. | -| controller.type | string | `"deployment"` | Set the controller type. Valid options are deployment, daemonset or statefulset | -| customCapabilities | object | `{"add":[],"drop":[]}` | Can be used to set securityContext.capabilities outside of the GUI on TrueNAS SCALE | -| deviceList | list | [] | Configure persistenceList for the chart here. Used to create an additional GUI element in SCALE for mounting USB devices Additional items can be added by adding a items similar to persistence | -| dnsConfig | object | `{"nameservers":[],"options":[{"name":"ndots","value":"1"}],"searches":[]}` | Optional DNS settings, configuring the ndots option may resolve nslookup issues on some Kubernetes setups. | -| dnsPolicy | string | `nil` | Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true. | -| enableServiceLinks | bool | `false` | Enable/disable the generation of environment variables for services. [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service) | -| env | object | `{}` | Main environment variables. Template enabled. Syntax options: A) TZ: UTC B) PASSWD: '{{ .Release.Name }}' C) PASSWD: envFrom: ... | -| envFrom | list | `[]` | | -| envTpl | object | `{}` | | -| envValueFrom | object | `{}` | | -| externalInterfaces | list | `[]` | Use this directly attach a pod to a SCALE interface. Please be aware: This bypasses k8s services | -| extraArgs | list | `[]` | Add args in addition to the arguments set by default. Primarily for the SCALE GUI | -| global.fullnameOverride | string | `nil` | Set the entire name definition | -| global.isSCALE | bool | `false` | | -| global.nameOverride | string | `nil` | Set an override for the prefix of the fullname | -| hostAliases | list | `[]` | Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/) | -| hostNetwork | bool | `false` | When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet` | -| hostname | string | `nil` | Allows specifying explicit hostname setting | -| image.pullPolicy | string | `nil` | image pull policy | -| image.repository | string | `nil` | image repository | -| image.tag | string | `nil` | image tag | -| imageSelector | string | `"image"` | Image Selector allows for easy picking a different image dict, important for the SCALE GUI | -| ingress | object | See below | Configure the ingresses for the chart here. Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. | -| ingress.main.annotations | object | `{}` | Provide additional annotations which may be required. | -| ingress.main.autoLink | bool | `false` | Autolink the ingress to a service and port, both with the same name as the ingress. | -| ingress.main.enableFixedMiddlewares | bool | `true` | disable to ignore any default middlwares | -| ingress.main.enabled | bool | `false` | Enables or disables the ingress | -| ingress.main.fixedMiddlewares | list | `["chain-basic"]` | List of middlewares in the traefikmiddlewares k8s namespace to add automatically Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user | -| ingress.main.hosts[0].host | string | `"chart-example.local"` | Host address. Helm template can be passed. | -| ingress.main.hosts[0].paths[0].path | string | `"/"` | Path. Helm template can be passed. | -| ingress.main.hosts[0].paths[0].pathType | string | `"Prefix"` | Ignored if not kubeVersion >= 1.14-0 | -| ingress.main.hosts[0].paths[0].service.name | string | `nil` | Overrides the service name reference for this path | -| ingress.main.hosts[0].paths[0].service.port | string | `nil` | Overrides the service port reference for this path | -| ingress.main.ingressClassName | string | `nil` | Set the ingressClass that is used for this ingress. Requires Kubernetes >=1.19 | -| ingress.main.labels | object | `{}` | Provide additional labels which may be required. | -| ingress.main.middlewares | list | `[]` | Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names | -| ingress.main.nameOverride | string | `nil` | Override the name suffix that is used for this ingress. | -| ingress.main.primary | bool | `true` | Make this the primary ingress (used in probes, notes, etc...). If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. | -| ingress.main.tls | list | `[]` | Configure TLS for the ingress. Both secretName and hosts can process a Helm template. | -| ingressList | list | [] | Configure ingressList for the chart here. Additional items can be added by adding a items similar to ingress | -| initContainers | object | `{}` | Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used. | -| installContainers | object | `{}` | These containers will be run, as an initcontainer, a single time at install only. | -| lifecycle | object | `{}` | Configure the lifecycle for the main container | -| mariadb | object | See below | mariadb dependency configuration | -| mariadb.url | object | `{}` | can be used to make an easy accessable note which URLS to use to access the DB. | -| mariadbImage | object | See below | mariadb specific configuration | -| mariadbImage.pullPolicy | string | `"IfNotPresent"` | Specify the mariadb image pull policy | -| mariadbImage.repository | string | `"ghcr.io/truecharts/mariadb"` | Specify the mariadb image | -| mariadbImage.tag | string | `"v10.7.3@sha256:63743b10ac562b8f63abd3dfa246298c6678cfeb9e7559c65265f5066385fcf6"` | Specify the mariadb image tag | -| netshootImage | object | See below | netshoot specific configuration | -| netshootImage.pullPolicy | string | `"Always"` | Specify the netshoot image pull policy | -| netshootImage.repository | string | `"ghcr.io/truecharts/netshoot"` | Specify the netshoot image | -| netshootImage.tag | string | `"latest@sha256:505d3430ed7c1d43fed18dbd1177b76ecb6fc376113bc41d34da230c402a4855"` | Specify the netshoot image tag | -| networkPolicy | object | See below | Configure networkPolicy for the chart here. | -| networkPolicy.egress | list | `[]` | add or remove egress policies | -| networkPolicy.enabled | bool | `false` | Enables or disables the networkPolicy | -| networkPolicy.ingress | list | `[]` | add or remove egress policies | -| networkPolicy.policyType | string | `""` | add or remove Policy types. Options: ingress, egress, ingress-egress | -| nodeSelector | object | `{}` | Node selection constraint [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | -| openvpnImage | object | See below | OpenVPN specific configuration | -| openvpnImage.pullPolicy | string | `"IfNotPresent"` | Specify the openvpn client image pull policy | -| openvpnImage.repository | string | `"ghcr.io/truecharts/openvpn-client"` | Specify the openvpn client image | -| openvpnImage.tag | string | `"latest@sha256:bc3a56b2c195a4b4ce5c67fb0c209f38036521ebd316df2a7d68b425b9c48b30"` | Specify the openvpn client image tag | -| persistence | object | See below | Configure persistence for the chart here. Additional items can be added by adding a dictionary key similar to the 'config' key. | -| persistence.config | object | See below | Default persistence for configuration files. | -| persistence.config.accessMode | string | `"ReadWriteOnce"` | AccessMode for the persistent volume. Make sure to select an access mode that is supported by your storage provider! [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | -| persistence.config.annotations | object | `{}` | Add annotations to PVC object | -| persistence.config.enabled | bool | `false` | Enables or disables the persistence item | -| persistence.config.existingClaim | string | `nil` | If you want to reuse an existing claim, the name of the existing PVC can be passed here. | -| persistence.config.forceName | string | `""` | force the complete PVC name Will not add any prefix or suffix | -| persistence.config.labels | object | `{}` | Add labels to PVC object | -| persistence.config.mountPath | string | `nil` | Where to mount the volume in the main container. Defaults to `/`, setting to '-' creates the volume but disables the volumeMount. | -| persistence.config.nameOverride | string | `nil` | Override the name suffix that is used for this volume. | -| persistence.config.readOnly | bool | `false` | Specify if the volume should be mounted read-only. | -| persistence.config.size | string | `"999Gi"` | The amount of storage that is requested for the persistent volume. | -| persistence.config.storageClass | string | `nil` | Storage Class for the config volume. If set to `-`, dynamic provisioning is disabled. If set to `SCALE-ZFS`, the default provisioner for TrueNAS SCALE is used. If set to something else, the given storageClass is used. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. | -| persistence.config.subPath | string | `nil` | Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root | -| persistence.config.type | string | `"pvc"` | Sets the persistence type Valid options are: simplePVC, simpleHP, pvc, emptyDir, secret, configMap, hostPath or custom | -| persistence.configmap-example | object | See below | Example of a configmap mount | -| persistence.configmap-example.mountPath | string | `nil` | Where to mount the volume in the main container. Defaults to `/`, setting to '-' creates the volume but disables the volumeMount. | -| persistence.configmap-example.objectName | string | `"myconfig-map"` | Specify the name of the configmap object to be mounted | -| persistence.configmap-example.readOnly | bool | `false` | Specify if the volume should be mounted read-only. | -| persistence.custom-mount | object | See below | Example of a custom mount | -| persistence.custom-mount.mountPath | string | `nil` | Where to mount the volume in the main container. Defaults to `/`, setting to '-' creates the volume but disables the volumeMount. | -| persistence.custom-mount.readOnly | bool | `false` | Specify if the volume should be mounted read-only. | -| persistence.custom-mount.volumeSpec | object | `{}` | Define the custom Volume spec here [[ref]](https://kubernetes.io/docs/concepts/storage/volumes/) | -| persistence.host-bin | object | See below | Hostpath mountpoint to allow mounting the /bin folder to disable docker-compose [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) TODO Delete this once iX has blocked docker-compose | -| persistence.host-bin.hostPath | string | `"/bin"` | Which path on the host should be mounted. | -| persistence.host-bin.mountPath | string | `"/host/bin"` | Where to mount the path in the main container. Defaults to the value of `hostPath` | -| persistence.host-dev | object | See below | Example of a hostPath mount [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) | -| persistence.host-dev.hostPath | string | `"/dev"` | Which path on the host should be mounted. | -| persistence.host-dev.hostPathType | string | `""` | Specifying a hostPathType adds a check before trying to mount the path. See Kubernetes documentation for options. | -| persistence.host-dev.mountPath | string | `""` | Where to mount the path in the main container. Defaults to the value of `hostPath` | -| persistence.host-dev.readOnly | bool | `true` | Specify if the path should be mounted read-only. | -| persistence.host-dev.setPermissions | bool | `false` | Automatic set permissions using chown and chmod | -| persistence.host-simple-dev | object | See below | Example of a Simple hostPath mount [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) | -| persistence.host-simple-dev.hostPathSimple | string | `"/dev"` | Which path on the host should be mounted. | -| persistence.host-simple-dev.hostPathType | string | `""` | Specifying a hostPathType adds a check before trying to mount the path. See Kubernetes documentation for options. | -| persistence.host-simple-dev.mountPath | string | `""` | Where to mount the path in the main container. Defaults to the value of `hostPath` | -| persistence.host-simple-dev.readOnly | bool | `true` | Specify if the path should be mounted read-only. | -| persistence.host-simple-dev.setPermissionsSimple | bool | `false` | Automatic set permissions using chown and chmod | -| persistence.host-usr-bin | object | See below | Hostpath mountpoint to allow mounting the /usr/bin folder to disable docker-compose [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) TODO Delete this once iX has blocked docker-compose | -| persistence.host-usr-bin.hostPath | string | `"/usr/bin"` | Which path on the host should be mounted. | -| persistence.host-usr-bin.mountPath | string | `"/host/usr/bin"` | Where to mount the path in the main container. Defaults to the value of `hostPath` | -| persistence.secret-example | object | See below | Example of a secret mount | -| persistence.secret-example.defaultMode | int | `777` | define the default mount mode for the secret | -| persistence.secret-example.items | list | `[{"key":"username","path":"my-group/my-username"}]` | Define the secret items to be mounted | -| persistence.secret-example.mountPath | string | `nil` | Where to mount the volume in the main container. Defaults to `/`, setting to '-' creates the volume but disables the volumeMount. | -| persistence.secret-example.objectName | string | `"mysecret"` | Specify the name of the secret object to be mounted | -| persistence.secret-example.readOnly | bool | `false` | Specify if the volume should be mounted read-only. | -| persistence.shared | object | See below | Create an emptyDir volume to share between all containers [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) | -| persistence.shared.medium | string | `nil` | Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. | -| persistence.shared.sizeLimit | string | `nil` | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. | -| persistence.temp | object | See below | Create an emptyDir volume to share between all containers for temporary storage | -| persistence.temp.medium | string | `"Memory"` | Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. | -| persistence.temp.sizeLimit | string | `nil` | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. | -| persistence.varlogs | object | See below | Create an emptyDir volume to share between all containers [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) | -| persistence.varlogs.medium | string | `nil` | Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. | -| persistence.varlogs.sizeLimit | string | `nil` | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. | -| persistence.varrun | object | See below | Create an emptyDir volume to share between all containers [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) | -| persistence.varrun.medium | string | `"Memory"` | Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. | -| persistence.varrun.sizeLimit | string | `nil` | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. | -| persistenceList | list | [] | Configure persistenceList for the chart here. Additional items can be added by adding a items similar to persistence | -| podAnnotations | object | `{}` | Set annotations on the pod | -| podAnnotationsList | list | `[]` | Set additional annotations on the pod | -| podLabels | object | `{}` | Set labels on the pod | -| podLabelsList | list | `[]` | Set additional labels on the pod | -| podSecurityContext | object | `{"fsGroup":568,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":568,"runAsUser":568,"supplementalGroups":[]}` | Configure the Security Context for the Pod | -| portal | object | `{"enabled":false}` | Set the primary portal for TrueNAS SCALE | -| portal.enabled | bool | `false` | enable generation of the portal configmap | -| postgresql | object | See below | Postgresql dependency configuration | -| postgresql.url | object | `{}` | can be used to make an easy accessable note which URLS to use to access the DB. | -| postgresqlImage | object | See below | postgresql specific configuration | -| postgresqlImage.pullPolicy | string | `"IfNotPresent"` | Specify the postgresql image pull policy | -| postgresqlImage.repository | string | `"ghcr.io/truecharts/postgresql"` | Specify the postgresql image | -| postgresqlImage.tag | string | `"v14.2.0@sha256:1461d3ab670fcc41923c92f330c932082f6653e031eefd1cc12123adb120f0c3"` | Specify the postgresql image tag | -| priorityClassName | string | `nil` | Custom priority class for different treatment by the scheduler | -| probes | object | See below | [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| probes.liveness | object | See below | Liveness probe configuration | -| probes.liveness.custom | bool | `false` | Set this to `true` if you wish to specify your own livenessProbe | -| probes.liveness.enabled | bool | `true` | Enable the liveness probe | -| probes.liveness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used | -| probes.liveness.spec | object | See below | The spec field contains the values for the default livenessProbe. If you selected `custom: true`, this field holds the definition of the livenessProbe. | -| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe | -| probes.readiness | object | See below | Redainess probe configuration | -| probes.readiness.custom | bool | `false` | Set this to `true` if you wish to specify your own readinessProbe | -| probes.readiness.enabled | bool | `true` | Enable the readiness probe | -| probes.readiness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used | -| probes.readiness.spec | object | See below | The spec field contains the values for the default readinessProbe. If you selected `custom: true`, this field holds the definition of the readinessProbe. | -| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe | -| probes.startup | object | See below | Startup probe configuration | -| probes.startup.custom | bool | `false` | Set this to `true` if you wish to specify your own startupProbe | -| probes.startup.enabled | bool | `true` | Enable the startup probe | -| probes.startup.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used | -| probes.startup.spec | object | See below | The spec field contains the values for the default startupProbe. If you selected `custom: true`, this field holds the definition of the startupProbe. | -| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe | -| promtailImage | object | See below | promtail specific configuration | -| promtailImage.pullPolicy | string | `"IfNotPresent"` | Specify the promtail image pull policy | -| promtailImage.repository | string | `"ghcr.io/truecharts/promtail"` | Specify the promtail image | -| promtailImage.tag | string | `"v2.4.2@sha256:171e08dcdd1d6c09bff949c37ce4f4756b9ee0132f8d84631986faa223562a30"` | Specify the promtail image tag | -| rbac | object | See below | Create a ClusterRole and ClusterRoleBinding | -| rbac.clusterRoleAnnotations | object | `{}` | Set labels on the ClusterRole | -| rbac.clusterRoleBindingAnnotations | object | `{}` | Set labels on the ClusterRoleBinding | -| rbac.clusterRoleBindingLabels | object | `{}` | Set Annotations on the ClusterRoleBinding | -| rbac.clusterRoleLabels | object | `{}` | Set Annotations on the ClusterRole | -| rbac.enabled | bool | `false` | Enables or disables the ClusterRole and ClusterRoleBinding | -| rbac.rules | object | `{}` | Set Rules on the ClusterRole | -| rbac.subjects | object | `{}` | Add subjects to the ClusterRoleBinding. includes the above created serviceaccount | -| redis | object | See below | Redis dependency configuration | -| redis.url | object | `{}` | can be used to make an easy accessable note which URLS to use to access the DB. | -| resources | object | `{"limits":{"cpu":"4000m","memory":"8Gi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Set the resource requests / limits for the main container. | -| schedulerName | string | `nil` | Allows specifying a custom scheduler name | -| secret | object | `{}` | Use this to populate a secret with the values you specify. Be aware that these values are not encrypted by default, and could therefore visible to anybody with access to the values.yaml file. | -| security | object | `{"PUID":568,"UMASK":2}` | Set the Process User ID (PUID) env-var seperately | -| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":[]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Configure the Security Context for the main container | -| service | object | See below | Configure the services for the chart here. Additional services can be added by adding a dictionary key similar to the 'main' service. | -| service.main.annotations | object | `{}` | Provide additional annotations which may be required. | -| service.main.enabled | bool | `true` | Enables or disables the service | -| service.main.ipFamilies | list | `[]` | The ip families that should be used. Options: IPv4, IPv6 | -| service.main.ipFamilyPolicy | string | `"SingleStack"` | Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack | -| service.main.labels | object | `{}` | Provide additional labels which may be required. | -| service.main.nameOverride | string | `nil` | Override the name suffix that is used for this service | -| service.main.ports | object | See below | Configure the Service port information here. Additional ports can be added by adding a dictionary key similar to the 'http' service. | -| service.main.ports.main.enabled | bool | `true` | Enables or disables the port | -| service.main.ports.main.nodePort | string | `nil` | Specify the nodePort value for the LoadBalancer and NodePort service types. [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) | -| service.main.ports.main.port | string | `nil` | The port number | -| service.main.ports.main.primary | bool | `true` | Make this the primary port (used in probes, notes, etc...) If there is more than 1 service, make sure that only 1 port is marked as primary. | -| service.main.ports.main.protocol | string | `"HTTP"` | Port protocol. Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation | -| service.main.ports.main.targetPort | string | `nil` | Specify a service targetPort if you wish to differ the service port from the application port. If `targetPort` is specified, this port number is used in the container definition instead of the `port` value. Therefore named ports are not supported for this field. | -| service.main.portsList | list | See below | Configure additional Service port information here. | -| service.main.primary | bool | `true` | Make this the primary service (used in probes, notes, etc...). If there is more than 1 service, make sure that only 1 service is marked as primary. | -| service.main.selector | object | `{}` | Override default selector | -| service.main.type | string | `"ClusterIP"` | Set the service type Options: Simple(Loadbalancer), LoadBalancer, ClusterIP, NodePort | -| serviceAccount | object | See below | Create serviceaccount | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `false` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| serviceList | list | See below | Configure additional services for the chart here. | -| stdin | bool | `false` | Determines whether containers in a pod runs with stdin enabled. | -| termination.gracePeriodSeconds | int | `10` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)] | -| termination.messagePath | string | `nil` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] | -| termination.messagePolicy | string | `nil` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] | -| tolerations | list | `[]` | Specify taint tolerations [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | -| topologySpreadConstraints | list | `[]` | Defines topologySpreadConstraint rules. [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | -| tty | bool | `false` | Determines whether containers in a pod runs with TTY enabled. | -| upgradeContainers | object | `{}` | These containers will be run, as an initcontainer, a single time at each edit or update of the chart. | -| volumeClaimTemplates | list | `[]` | Used in conjunction with `controller.type: statefulset` to create individual disks for each instance. | -| wireguardImage | object | See below | WireGuard specific configuration | -| wireguardImage.pullPolicy | string | `"IfNotPresent"` | Specify the WireGuard image pull policy | -| wireguardImage.repository | string | `"ghcr.io/truecharts/wireguard"` | Specify the WireGuard image | -| wireguardImage.tag | string | `"v1.0.20210914@sha256:b7ae4f80183858ed6379b6f8f76f8ef4f1b474b222b8057e091ba0b4e5f62999"` | Specify the WireGuard image tag | - -All Rights Reserved - The TrueCharts Project diff --git a/charts/common/security.md b/charts/common/security.md deleted file mode 100644 index 85ba5314..00000000 --- a/charts/common/security.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -hide: - - toc ---- - -# Security Overview - - - -## Helm-Chart - -##### Scan Results - - - -| No Misconfigurations found | -|:---------------------------------| - -## Containers - -##### Detected Containers - - -##### Scan Results diff --git a/charts/common/templates/SCALE/_externalInterfaces.tpl b/charts/common/templates/SCALE/_externalInterfaces.tpl deleted file mode 100644 index db1224ca..00000000 --- a/charts/common/templates/SCALE/_externalInterfaces.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -This template serves as a blueprint for External Interface objects that are created -using the SCALE GUI. -*/}} -{{- define "tc.common.scale.externalInterfaces" -}} -{{- if .Values.global.ixChartContext }} -{{- range $index, $iface := .Values.ixExternalInterfacesConfiguration }} ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: ix-{{ $.Release.Name }}-{{ $index }} -spec: - config: '{{ $iface }}' -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/SCALE/_portal.tpl b/charts/common/templates/SCALE/_portal.tpl deleted file mode 100644 index 7c2a1c36..00000000 --- a/charts/common/templates/SCALE/_portal.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{- define "tc.common.scale.portal" -}} -{{- if .Values.ixChartContext }} -{{- if .Values.portal }} -{{- if .Values.portal.enabled }} -{{- $primaryService := get .Values.service (include "tc.common.lib.util.service.primary" .) }} -{{- $primaryPort := get $primaryService.ports (include "tc.common.lib.util.service.ports.primary" (dict "values" $primaryService)) -}} -{{- $ingr := index .Values.ingress (keys .Values.ingress | first) -}} -{{- $host := "$node_ip" }} -{{- $port := 443 }} -{{- $protocol := "https" }} -{{- $path := "/" }} -{{- $ingressport := 443 }} - -{{- if $ingr }} - {{- if $ingr.enabled }} - {{- range $ingr.hosts }} - {{- if .hostTpl }} - {{ $host = ( tpl .hostTpl $ ) }} - {{- else if .host }} - {{ $host = .host }} - {{- else }} - {{ $host = "$node_ip" }} - {{- end }} - {{- if .paths }} - {{- $path = (first .paths).path }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} - -{{- $namespace := "default" }} -{{- if $ingr.ingressClassName }} -{{- $namespace := ( printf "ix-%s" $ingr.ingressClassName ) }} -{{- end }} -{{- $traefikportalhook := lookup "v1" "ConfigMap" $namespace "portalhook" }} - -{{- $entrypoint := "websecure" }} -{{- if $ingr.entrypoint }} - {{- $entrypoint = $ingr.entrypoint }} -{{- end }} - -{{- if .Values.portal.ingressPort }} - {{- $ingressport = .Values.portal.ingressPort }} -{{- else if $traefikportalhook }} - {{- if ( index $traefikportalhook.data $entrypoint ) }} - {{- $ingressport = ( index $traefikportalhook.data $entrypoint ) }} - {{- end }} -{{- end }} - -{{- if eq $host "$node_ip" }} - {{- if eq $primaryService.type "NodePort" }} - {{- $port = $primaryPort.nodePort }} - {{- end }} - {{- if eq $primaryService.type "LoadBalancer" }} - {{- $port = $primaryPort.port }} - {{- end }} - {{- if eq $primaryPort.protocol "HTTP" }} - {{- $protocol = "http" }} - {{- end }} -{{- else }} - {{- $port = $ingressport }} - {{- if $ingr.tls }} - {{- $protocol = "https" }} - {{- end }} -{{- end }} - - -{{- if and ( .Values.portal.host ) ( eq $host "$node_ip" ) }} - {{- $host = ( tpl .Values.portal.host $ ) }} -{{- end }} - -{{- if .Values.portal.path }} - {{- $path = ( tpl .Values.portal.path $ ) }} -{{- end }} - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: portal - labels: - {{ include "tc.common.labels" . | nindent 4 }} -data: - protocol: {{ $protocol }} - host: {{ $host | quote }} - port: {{ $port | quote }} - path: {{ $path | quote }} - url: {{ ( printf "%v://%v:%v%v" $protocol $host $port $path ) | quote }} -{{- end }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/SCALE/cert/_certSecret.tpl b/charts/common/templates/SCALE/cert/_certSecret.tpl deleted file mode 100644 index fb2ff609..00000000 --- a/charts/common/templates/SCALE/cert/_certSecret.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{- define "tc.common.scale.cert.secret" -}} - -{{- $secretName := include "tc.common.names.fullname" . -}} - -{{- if .ObjectValues.certHolder -}} - {{- if hasKey .ObjectValues.certHolder "nameOverride" -}} - {{- $secretName = ( printf "%v-%v-%v-%v" $secretName .ObjectValues.certHolder.nameOverride "ixcert" .ObjectValues.certHolder.scaleCert ) -}} - {{- else }} - {{- $secretName = ( printf "%v-%v-%v" $secretName "ixcert" .ObjectValues.certHolder.scaleCert ) -}} - {{ end -}} -{{ else }} - {{- $_ := set $ "ObjectValues" (dict "certHolder" .Values) -}} - {{- $secretName = ( printf "%v-%v-%v-%v" $secretName "scalecert" "ixcert" .Values.scaleCert ) -}} -{{ end -}} - -{{- if eq (include "tc.common.scale.cert.available" $ ) "true" -}} - - -{{- printf "\n%s\n" "---" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }}-{{ .Release.Revision }} - labels: {{ include "tc.common.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ (include "tc.common.scale.cert.publicKey" $ ) | toString | b64enc | quote }} - tls.key: {{ (include "tc.common.scale.cert.privateKey" $ ) | toString | b64enc | quote }} -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/SCALE/cert/_certs.tpl b/charts/common/templates/SCALE/cert/_certs.tpl deleted file mode 100644 index a86958b2..00000000 --- a/charts/common/templates/SCALE/cert/_certs.tpl +++ /dev/null @@ -1,57 +0,0 @@ -{{/* -Retrieve true/false if certificate is configured -*/}} -{{- define "tc.common.scale.cert.available" -}} -{{- if .ObjectValues.certHolder.scaleCert -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.scaleCert) -}} -{{- template "tc.common.scale.cert_present" $values -}} -{{- else -}} -{{- false -}} -{{- end -}} -{{- end -}} - - -{{/* -Retrieve public key of certificate -*/}} -{{- define "tc.common.scale.cert.publicKey" -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.scaleCert "publicKey" true) -}} -{{ include "tc.common.scale.cert" $values }} -{{- end -}} - - -{{/* -Retrieve private key of certificate -*/}} -{{- define "tc.common.scale.cert.privateKey" -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.ObjectValues.certHolder.scaleCert) -}} -{{ include "tc.common.scale.cert" $values }} -{{- end -}} - -{{/* -Retrieve true/false if certificate is available in ixCertificates -*/}} -{{- define "tc.common.scale.cert_present" -}} -{{- $values := . -}} -{{- hasKey $values.Values.ixCertificates ($values.commonCertOptions.certKeyName | toString) -}} -{{- end -}} - - -{{/* -Retrieve certificate from variable name -*/}} -{{- define "tc.common.scale.cert" -}} -{{- $values := . -}} -{{- $certKey := ($values.commonCertOptions.certKeyName | toString) -}} -{{- if hasKey $values.Values.ixCertificates $certKey -}} -{{- $cert := get $values.Values.ixCertificates $certKey -}} -{{- if $values.commonCertOptions.publicKey -}} -{{ $cert.certificate }} -{{- else -}} -{{ $cert.privatekey }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/code-server/_codeserver.tpl b/charts/common/templates/addons/code-server/_codeserver.tpl deleted file mode 100644 index 88058777..00000000 --- a/charts/common/templates/addons/code-server/_codeserver.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Template to render code-server addon -It will include / inject the required templates based on the given values. -*/}} -{{- define "tc.common.addon.codeserver" -}} -{{- if .Values.addons.codeserver.enabled -}} - {{/* Append the code-server container to the additionalContainers */}} - {{- $container := include "tc.common.addon.codeserver.container" . | fromYaml -}} - {{- if $container -}} - {{- $_ := set .Values.additionalContainers "addon-codeserver" $container -}} - {{- end -}} - - {{/* Include the deployKeySecret if not empty */}} - {{- $secret := include "tc.common.addon.codeserver.deployKeySecret" . -}} - {{- if $secret -}} - {{- $secret | nindent 0 -}} - {{- end -}} - - {{/* Append the secret volume to the volumes */}} - {{- $volume := include "tc.common.addon.codeserver.deployKeyVolumeSpec" . | fromYaml -}} - {{- if $volume -}} - {{- $_ := set .Values.persistence "deploykey" (dict "enabled" "true" "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}} - {{- end -}} - - {{/* Add the code-server service */}} - {{- if .Values.addons.codeserver.service.enabled -}} - {{- $serviceValues := .Values.addons.codeserver.service -}} - {{- $_ := set $serviceValues "nameOverride" "codeserver" -}} - {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} - {{- include "tc.common.class.service" $ -}} - {{- $_ := unset $ "ObjectValues" -}} - {{- end -}} - - {{/* Add the code-server ingress */}} - {{- if .Values.addons.codeserver.ingress.enabled -}} - {{- $ingressValues := .Values.addons.codeserver.ingress -}} - {{- $_ := set $ingressValues "nameOverride" "codeserver" -}} - - {{/* Determine the target service name & port */}} - {{- $svcName := printf "%v-codeserver" (include "tc.common.names.fullname" .) -}} - {{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}} - {{- range $_, $host := $ingressValues.hosts -}} - {{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}} - {{- end -}} - {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} - {{- include "tc.common.class.ingress" $ -}} - {{- $_ := unset $ "ObjectValues" -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/code-server/_container.tpl b/charts/common/templates/addons/code-server/_container.tpl deleted file mode 100644 index 19c4bd9a..00000000 --- a/charts/common/templates/addons/code-server/_container.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -The code-server sidecar container to be inserted. -*/}} -{{- define "tc.common.addon.codeserver.container" -}} -name: codeserver -image: "{{ .Values.codeserverImage.repository }}:{{ .Values.codeserverImage.tag }}" -imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }} -securityContext: - runAsUser: 0 - runAsGroup: 0 -env: -{{- range $envList := .Values.addons.codeserver.envList }} - {{- if and $envList.name $envList.value }} - - name: {{ $envList.name }} - value: {{ $envList.value | quote }} - {{- else }} - {{- fail "Please specify name/value for codeserver environment variable" }} - {{- end }} -{{- end}} -{{- with .Values.addons.codeserver.env }} -{{- range $k, $v := . }} - - name: {{ $k }} - value: {{ $v | quote }} -{{- end }} -{{- end }} -ports: -- name: codeserver - containerPort: {{ .Values.addons.codeserver.service.ports.codeserver.port }} - protocol: TCP -args: -{{- range .Values.addons.codeserver.args }} -- {{ . | quote }} -{{- end }} -- "--port" -- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}" -- {{ .Values.addons.codeserver.workingDir | default "/" }} -{{- with (include "tc.common.controller.volumeMounts" . | trim) }} -volumeMounts: - {{ nindent 2 . }} -{{- end }} -{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }} - - name: deploykey - mountPath: /root/.ssh/id_rsa - subPath: id_rsa -{{- end }} -{{- with .Values.addons.codeserver.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/addons/code-server/_secret.tpl b/charts/common/templates/addons/code-server/_secret.tpl deleted file mode 100644 index cfb53700..00000000 --- a/charts/common/templates/addons/code-server/_secret.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -The OpenVPN credentials secrets to be included. -*/}} -{{- define "tc.common.addon.codeserver.deployKeySecret" -}} -{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "tc.common.names.fullname" . }}-deploykey - labels: - {{- include "tc.common.labels" . | nindent 4 }} -type: Opaque -{{- if .Values.addons.codeserver.git.deployKey }} -stringData: - id_rsa: {{ .Values.addons.codeserver.git.deployKey | quote }} -{{- else }} -data: - id_rsa: {{ .Values.addons.codeserver.git.deployKeyBase64 | quote }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/addons/code-server/_volume.tpl b/charts/common/templates/addons/code-server/_volume.tpl deleted file mode 100644 index 42fbf155..00000000 --- a/charts/common/templates/addons/code-server/_volume.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -The volume (referencing git deploykey) to be inserted into additionalVolumes. -*/}} -{{- define "tc.common.addon.codeserver.deployKeyVolumeSpec" -}} -{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }} -secret: - {{- if .Values.addons.codeserver.git.deployKeySecret }} - secretName: {{ .Values.addons.codeserver.git.deployKeySecret }} - {{- else }} - secretName: {{ include "tc.common.names.fullname" . }}-deploykey - {{- end }} - defaultMode: 256 - items: - - key: id_rsa - path: id_rsa -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/_vpn.tpl b/charts/common/templates/addons/vpn/_vpn.tpl deleted file mode 100644 index 1ceeedac..00000000 --- a/charts/common/templates/addons/vpn/_vpn.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Template to render VPN addon -It will include / inject the required templates based on the given values. -*/}} -{{- define "tc.common.addon.vpn" -}} -{{- if ne "disabled" .Values.addons.vpn.type -}} - {{- if eq "openvpn" .Values.addons.vpn.type -}} - {{- include "tc.common.addon.openvpn" . }} - {{- end -}} - - {{- if eq "wireguard" .Values.addons.vpn.type -}} - {{- include "tc.common.addon.wireguard" . }} - {{- end -}} - - {{- if eq "tailscale" .Values.addons.vpn.type -}} - {{- include "tc.common.addon.tailscale" . }} - {{- end -}} - - {{- if ne "tailscale" .Values.addons.vpn.type -}} - {{- $_ := set .Values.persistence "vpnconfig" .Values.addons.vpn.configFile -}} - {{- end -}} - -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_addon.tpl b/charts/common/templates/addons/vpn/openvpn/_addon.tpl deleted file mode 100644 index fea0dd1f..00000000 --- a/charts/common/templates/addons/vpn/openvpn/_addon.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Template to render OpenVPN addon. It will add the container to the list of additionalContainers -and add a credentials secret if speciffied. -*/}} -{{- define "tc.common.addon.openvpn" -}} - {{/* Append the openVPN container to the additionalContainers */}} - {{- $container := include "tc.common.addon.openvpn.container" . | fromYaml -}} - {{- if $container -}} - {{- $_ := set .Values.additionalContainers "addon-openvpn" $container -}} - {{- end -}} - - {{/* Include the secret if not empty */}} - {{- $secret := include "tc.common.addon.openvpn.secret" . -}} - {{- if $secret -}} - {{- $secret | nindent 0 -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_container.tpl b/charts/common/templates/addons/vpn/openvpn/_container.tpl deleted file mode 100644 index fa9507c0..00000000 --- a/charts/common/templates/addons/vpn/openvpn/_container.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* -The OpenVPN sidecar container to be inserted. -*/}} -{{- define "tc.common.addon.openvpn.container" -}} -name: openvpn -image: "{{ .Values.openvpnImage.repository }}:{{ .Values.openvpnImage.tag }}" -imagePullPolicy: {{ .Values.openvpnImage.pullPolicy }} -securityContext: - runAsUser: 0 - runAsGroup: 0 - capabilities: - add: - - NET_ADMIN - - SYS_MODULE -env: -{{- range $envList := .Values.addons.vpn.envList }} - {{- if and $envList.name $envList.value }} - - name: {{ $envList.name }} - value: {{ $envList.value | quote }} - {{- else }} - {{- fail "Please specify name/value for VPN environment variable" }} - {{- end }} -{{- end}} -{{- with .Values.addons.vpn.env }} -{{- range $k, $v := . }} - - name: {{ $k }} - value: {{ $v | quote }} -{{- end }} -{{- end }} - -{{- if .Values.addons.vpn.killSwitch }} - - name: FIREWALL - value: "ON" - - name: ROUTE_1 - value: "172.16.0.0/12" - {{- range $index, $value := .Values.addons.vpn.excludedNetworks_IPv4 }} - - name: ROUTE_{{ add $index 2 }} - value: {{ $value | quote }} - {{- end}} -{{- if .Values.addons.vpn.excludedNetworks_IPv6 }} - {{- $excludednetworksv6 := ""}} - {{- range .Values.addons.vpn.excludedNetworks_IPv4 }} - {{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) }} - {{- end}} - {{- range $index, $value := .Values.addons.vpn.excludedNetworks_IPv6 }} - - name: ROUTE6_{{ add $index 1 }} - value: {{ $value | quote }} - {{- end}} -{{- end }} -{{- end }} - -{{- if or ( .Values.addons.vpn.openvpn.username ) ( .Values.addons.vpn.openvpn.password ) }} -envFrom: - - secretRef: - name: {{ include "tc.common.names.fullname" . }}-openvpn -{{- end }} -volumeMounts: - - mountPath: {{ .Values.persistence.shared.mountPath }} - name: shared -{{- if .Values.addons.vpn.configFile }} - - name: vpnconfig - mountPath: /vpn/vpn.conf -{{- end }} -{{- with .Values.addons.vpn.livenessProbe }} -livenessProbe: - {{- toYaml . | nindent 2 }} -{{- end -}} -{{- with .Values.addons.vpn.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/openvpn/_secret.tpl b/charts/common/templates/addons/vpn/openvpn/_secret.tpl deleted file mode 100644 index 60fe27d8..00000000 --- a/charts/common/templates/addons/vpn/openvpn/_secret.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* -The OpenVPN credentials secrets to be included. -*/}} -{{- define "tc.common.addon.openvpn.secret" -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "tc.common.names.fullname" $ }}-openvpn - labels: - {{- include "tc.common.labels" $ | nindent 4 }} -data: - VPN_AUTH: {{ ( printf "%v;%v" .Values.addons.vpn.openvpn.username .Values.addons.vpn.openvpn.password ) | b64enc }} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/tailscale/_addon.tpl b/charts/common/templates/addons/vpn/tailscale/_addon.tpl deleted file mode 100644 index 0abafd36..00000000 --- a/charts/common/templates/addons/vpn/tailscale/_addon.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* -Template to render Tailscale addon. It will add the container to the list of additionalContainers. -*/}} - -{{- define "tc.common.addon.tailscale" -}} - {{/* Append the Tailscale container to the additionalContainers */}} - {{- $container := fromYaml (include "tc.common.addon.tailscale.container" .) -}} - {{- if $container -}} - {{- $_ := set .Values.additionalContainers "addon-tailscale" $container -}} - {{- include "tailscale.secret" . -}} - {{- $_ := set .Values.persistence (printf "%v-%v" .Release.Name "tailscale" ) (include "tailscale.addon.persistence" . | fromYaml) -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/tailscale/_container.tpl b/charts/common/templates/addons/vpn/tailscale/_container.tpl deleted file mode 100644 index 070044aa..00000000 --- a/charts/common/templates/addons/vpn/tailscale/_container.tpl +++ /dev/null @@ -1,98 +0,0 @@ -{{/* -The Tailscale sidecar container to be inserted. -*/}} -{{- define "tc.common.addon.tailscale.container" -}} -{{- $secretName := printf "%s-tailscale-secret" (include "tc.common.names.fullname" .) }} -name: tailscale -image: "{{ .Values.tailscaleImage.repository }}:{{ .Values.tailscaleImage.tag }}" -imagePullPolicy: {{ .Values.tailscaleImage.pullPolicy }} - -command: - - /usr/local/bin/containerboot - -securityContext: -{{- if .Values.addons.vpn.tailscale.userspace }} - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - readOnlyRootFilesystem: true -{{- else }} - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - readOnlyRootFilesystem: false -{{- end }} - capabilities: - add: - - NET_ADMIN - -envFrom: - - secretRef: - name: {{ $secretName }} - -env: - - name: TS_SOCKET - value: /var/run/tailscale/tailscaled.sock - - name: TS_STATE_DIR - value: /var/lib/tailscale - - name: TS_AUTH_ONCE - value: {{ .Values.addons.vpn.tailscale.auth_once | quote }} - - name: TS_USERSPACE - value: {{ .Values.addons.vpn.tailscale.userspace | quote }} - - name: TS_ACCEPT_DNS - value: {{ .Values.addons.vpn.tailscale.accept_dns | quote }} - {{- with .Values.addons.vpn.tailscale.outbound_http_proxy_listen }} - - name: TS_OUTBOUND_HTTP_PROXY_LISTEN - value: {{ . }} - {{- end }} - {{- with .Values.addons.vpn.tailscale.routes }} - - name: TS_ROUTES - value: {{ . }} - {{- end }} - {{- with .Values.addons.vpn.tailscale.dest_ip }} - - name: TS_DEST_IP - value: {{ . }} - {{- end }} - {{- with .Values.addons.vpn.tailscale.sock5_server }} - - name: TS_SOCKS5_SERVER - value: {{ . }} - {{- end }} - {{- with .Values.addons.vpn.tailscale.extra_args }} - - name: TS_EXTRA_ARGS - value: {{ . | quote }} - {{- end }} - {{- with .Values.addons.vpn.tailscale.daemon_extra_args }} - - name: TS_TAILSCALED_EXTRA_ARGS - value: {{ . | quote }} - {{- end }} - -{{- range $envList := .Values.addons.vpn.envList }} - {{- if and $envList.name $envList.value }} - - name: {{ $envList.name }} - value: {{ $envList.value | quote }} - {{- else }} - {{- fail "Please specify name/value for VPN environment variable" }} - {{- end }} -{{- end}} - -{{- with .Values.addons.vpn.env }} -{{- range $k, $v := . }} - - name: {{ $k }} - value: {{ $v | quote }} -{{- end }} -{{- end }} - -volumeMounts: - - mountPath: {{ .Values.persistence.shared.mountPath }} - name: shared - - mountPath: /var/lib/tailscale - name: {{ printf "%v-%v" .Release.Name "tailscale" }} -{{- with .Values.addons.vpn.livenessProbe }} -livenessProbe: - {{- toYaml . | nindent 2 }} -{{- end -}} -{{- with .Values.addons.vpn.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/tailscale/_persistence.tpl b/charts/common/templates/addons/vpn/tailscale/_persistence.tpl deleted file mode 100644 index d8d09b11..00000000 --- a/charts/common/templates/addons/vpn/tailscale/_persistence.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{- define "tailscale.addon.persistence" -}} -enabled: true -mountPath: /var/lib/tailscale -size: 1Gi -noMount: true -{{- end -}} diff --git a/charts/common/templates/addons/vpn/tailscale/_secret.tpl b/charts/common/templates/addons/vpn/tailscale/_secret.tpl deleted file mode 100644 index eedd6829..00000000 --- a/charts/common/templates/addons/vpn/tailscale/_secret.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* Define the secret */}} -{{- define "tailscale.secret" -}} - -{{- $secretName := printf "%s-tailscale-secret" (include "tc.common.names.fullname" .) }} - ---- -{{/* This secrets are loaded on tailscale */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $secretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{- with .Values.addons.vpn.tailscale.authkey }} - TS_AUTH_KEY: {{ . | b64enc }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/addons/vpn/wireguard/_addon.tpl b/charts/common/templates/addons/vpn/wireguard/_addon.tpl deleted file mode 100644 index 2d593fc3..00000000 --- a/charts/common/templates/addons/vpn/wireguard/_addon.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* -Template to render Wireguard addon. It will add the container to the list of additionalContainers. -*/}} -*/}} -{{- define "tc.common.addon.wireguard" -}} - {{/* Append the Wireguard container to the additionalContainers */}} - {{- $container := fromYaml (include "tc.common.addon.wireguard.container" .) -}} - {{- if $container -}} - {{- $_ := set .Values.additionalContainers "addon-wireguard" $container -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/addons/vpn/wireguard/_container.tpl b/charts/common/templates/addons/vpn/wireguard/_container.tpl deleted file mode 100644 index 18cfa192..00000000 --- a/charts/common/templates/addons/vpn/wireguard/_container.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -The Wireguard sidecar container to be inserted. -*/}} -{{- define "tc.common.addon.wireguard.container" -}} -name: wireguard -image: "{{ .Values.wireguardImage.repository }}:{{ .Values.wireguardImage.tag }}" -imagePullPolicy: {{ .Values.wireguardImage.pullPolicy }} -securityContext: - runAsUser: 568 - runAsGroup: 568 - capabilities: - add: - - NET_ADMIN - - SYS_MODULE -env: - - name: SEPARATOR - value: ";" - - name: IPTABLES_BACKEND - value: "nft" -{{- range $envList := .Values.addons.vpn.envList }} - {{- if and $envList.name $envList.value }} - - name: {{ $envList.name }} - value: {{ $envList.value | quote }} - {{- else }} - {{- fail "Please specify name/value for VPN environment variable" }} - {{- end }} -{{- end}} - -{{- with .Values.addons.vpn.env }} -{{- range $k, $v := . }} - - name: {{ $k }} - value: {{ $v | quote }} -{{- end }} -{{- end }} - -{{- if .Values.addons.vpn.killSwitch }} - - name: KILLSWITCH - value: "true" - {{- $excludednetworksv4 := "172.16.0.0/12"}} - {{- range .Values.addons.vpn.excludedNetworks_IPv4 }} - {{- $excludednetworksv4 = ( printf "%v;%v" $excludednetworksv4 . ) }} - {{- end}} - - name: KILLSWITCH_EXCLUDEDNETWORKS_IPV4 - value: {{ $excludednetworksv4 | quote }} -{{- if .Values.addons.vpn.excludedNetworks_IPv6 }} - {{- $excludednetworksv6 := ""}} - {{- range .Values.addons.vpn.excludedNetworks_IPv4 }} - {{- $excludednetworksv6 = ( printf "%v;%v" $excludednetworksv6 . ) }} - {{- end}} - - name: KILLSWITCH_EXCLUDEDNETWORKS_IPV6 - value: {{ .Values.addons.vpn.excludedNetworks_IPv6 | quote }} -{{- end }} -{{- end }} - -volumeMounts: - - mountPath: {{ .Values.persistence.shared.mountPath }} - name: shared -{{- if .Values.addons.vpn.configFile }} - - name: vpnconfig - mountPath: /etc/wireguard/wg0.conf -{{- end }} -{{- with .Values.addons.vpn.livenessProbe }} -livenessProbe: - {{- toYaml . | nindent 2 }} -{{- end -}} -{{- with .Values.addons.vpn.resources }} -resources: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/common/templates/class/_HorizontalPodAutoscaler.tpl b/charts/common/templates/class/_HorizontalPodAutoscaler.tpl deleted file mode 100644 index 9958de11..00000000 --- a/charts/common/templates/class/_HorizontalPodAutoscaler.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* -This template serves as a blueprint for horizontal pod autoscaler objects that are created -using the common library. -*/}} -{{- define "tc.common.class.hpa" -}} - {{- $targetName := include "tc.common.names.fullname" . }} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $hpaName := $fullName -}} - {{- $values := .Values.hpa -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.hpa -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $hpaName = printf "%v-%v" $hpaName $values.nameOverride -}} - {{- end }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ $hpaName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ $values.targetKind | default ( include "tc.common.names.controllerType" . ) }} - name: {{ $values.target | default $targetName }} - minReplicas: {{ $values.minReplicas | default 1 }} - maxReplicas: {{ $values.maxReplicas | default 3 }} - metrics: - {{- if $values.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $values.targetCPUUtilizationPercentage }} - {{- end }} - {{- if $values.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ $values.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/class/_configmap.tpl b/charts/common/templates/class/_configmap.tpl deleted file mode 100644 index 3efdb1e1..00000000 --- a/charts/common/templates/class/_configmap.tpl +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -This template serves as a blueprint for all configMap objects that are created -within the common library. -*/}} -{{- define "tc.common.class.configmap" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $configMapName := $fullName -}} - {{- $values := .Values.configmap -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.configmap -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $configMapName = printf "%v-%v" $configMapName $values.nameOverride -}} - {{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $configMapName }} - {{- with (merge ($values.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - annotations: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -data: -{{- with $values.data }} - {{- tpl (toYaml .) $ | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/common/templates/class/_ingress.tpl b/charts/common/templates/class/_ingress.tpl deleted file mode 100644 index 3cd05400..00000000 --- a/charts/common/templates/class/_ingress.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -This template serves as a blueprint for all Ingress objects that are created -within the common library. -*/}} -{{- define "tc.common.class.ingress" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $ingressName := $fullName -}} - {{- $values := .Values.ingress -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.ingress -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $ingressName = printf "%v-%v" $ingressName $values.nameOverride -}} - {{- end -}} - - {{- $primaryService := get .Values.service (include "tc.common.lib.util.service.primary" .) -}} - {{- $autoLinkService := get .Values.service (include "tc.common.lib.util.service.primary" .) -}} - {{- $defaultServiceName := $fullName -}} - {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} - {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} - {{- end -}} - {{- $defaultServicePort := get $primaryService.ports (include "tc.common.lib.util.service.ports.primary" (dict "values" $primaryService)) -}} - - {{- if and (hasKey $values "nameOverride") ( $values.nameOverride ) ( $values.autoLink ) -}} - {{- $autoLinkService = get .Values.service $values.nameOverride -}} - {{- $defaultServiceName = $ingressName -}} - {{- $defaultServicePort = get $autoLinkService.ports $values.nameOverride -}} - {{- end -}} - - - {{- $isStable := include "tc.common.capabilities.ingress.isStable" . }} - - {{- $mddwrNamespace := "default" }} - {{- if $values.ingressClassName }} - {{- $mddwrNamespace = ( printf "ix-%s" $values.ingressClassName ) }} - {{- end }} - - {{- $fixedMiddlewares := "" }} - {{- if $values.enableFixedMiddlewares }} - {{ range $index, $fixedMiddleware := $values.fixedMiddlewares }} - {{- if $index }} - {{ $fixedMiddlewares = ( printf "%v, %v-%v@%v" $fixedMiddlewares $mddwrNamespace $fixedMiddleware "kubernetescrd" ) }} - {{- else }} - {{ $fixedMiddlewares = ( printf "%v-%v@%v" $mddwrNamespace $fixedMiddleware "kubernetescrd" ) }} - {{- end }} - {{ end }} - {{- end }} - - {{- $middlewares := "" }} - {{ range $index, $middleware := $values.middlewares }} - {{- if $index }} - {{ $middlewares = ( printf "%v, %v-%v@%v" $middlewares $mddwrNamespace $middleware "kubernetescrd" ) }} - {{- else }} - {{ $middlewares = ( printf "%v-%v@%v" $mddwrNamespace $middleware "kubernetescrd" ) }} - {{- end }} - {{ end }} - - {{- if and ( $fixedMiddlewares ) ( $middlewares ) }} - {{ $middlewares = ( printf "%v, %v" $fixedMiddlewares $middlewares ) }} - {{- else if $fixedMiddlewares }} - {{ $middlewares = ( printf "%s" $fixedMiddlewares ) }} - {{ end }} - ---- -apiVersion: {{ include "tc.common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $ingressName }} - {{- with (merge ($values.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - "traefik.ingress.kubernetes.io/router.entrypoints": {{ $values.entrypoint | default "websecure" }} - "traefik.ingress.kubernetes.io/router.middlewares": {{ $middlewares | quote }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - {{- if and $isStable $values.ingressClassName }} - ingressClassName: {{ $values.ingressClassName }} - {{- end }} - {{- if $values.tls }} - tls: - {{- range $index, $tlsValues := $values.tls }} - - hosts: - {{- range $tlsValues.hosts }} - - {{ tpl . $ | quote }} - {{- end }} - {{- if $tlsValues.scaleCert }} - secretName: {{ ( printf "%v-%v-%v-%v-%v-%v" $ingressName "tls" $index "ixcert" $tlsValues.scaleCert $.Release.Revision ) }} - {{- else if .secretName }} - secretName: {{ tpl .secretName $ | quote}} - {{- end }} - {{- end }} - {{- end }} - rules: - {{- range $values.hosts }} - - host: {{ tpl .host $ | quote }} - http: - paths: - {{- range .paths }} - {{- $service := $defaultServiceName -}} - {{- $port := $defaultServicePort.port -}} - {{- if .service -}} - {{- $service = default $service .service.name -}} - {{- $port = default $port .service.port -}} - {{- end }} - - path: {{ tpl .path $ | quote }} - {{- if $isStable }} - pathType: {{ default "Prefix" .pathType }} - {{- end }} - backend: - {{- if $isStable }} - service: - name: {{ $service }} - port: - number: {{ $port }} - {{- else }} - serviceName: {{ $service }} - servicePort: {{ $port }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/class/_networkPolicy.tpl b/charts/common/templates/class/_networkPolicy.tpl deleted file mode 100644 index 82587ecb..00000000 --- a/charts/common/templates/class/_networkPolicy.tpl +++ /dev/null @@ -1,176 +0,0 @@ -{{/* -Blueprint for the NetworkPolicy object that can be included in the addon. -*/}} -{{- define "tc.common.class.networkpolicy" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $networkPolicyName := $fullName -}} - {{- $values := .Values.networkPolicy -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.networkPolicy -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $networkPolicyName = printf "%v-%v" $networkPolicyName $values.nameOverride -}} - {{- end }} ---- -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ $networkPolicyName }} - {{- with (merge ($values.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- toYaml . | nindent 4 }} - {{- end }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - annotations: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - podSelector: - {{- if $values.podSelector }} - {{- with $values.podSelector }} - {{- . | toYaml | nindent 4 }} - {{- end -}} - {{- else }} - matchLabels: - {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} - {{- end }} - - {{- if $values.policyType }} - {{- if eq $values.policyType "ingress" }} - policyTypes: ["Ingress"] - {{- else if eq $values.policyType "egress" }} - policyTypes: ["Egress"] - - {{- else if eq $values.policyType "ingress-egress" }} - policyTypes: ["Ingress", "Egress"] - {{- end -}} - {{- end -}} - - {{- if $values.egress }} - egress: - {{- range $values.egress }} - - to: - {{- range .to }} - {{- $nss := false }} - {{- $ipb := false }} - {{- if .ipBlock }} - {{- if .ipBlock.cidr }} - {{- $ipb = true }} - - ipBlock: - cidr: {{ .ipBlock.cidr }} - {{- if .ipBlock.except }} - except: - {{- range .ipBlock.except }} - - {{ . }} - {{- end }} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if and ( .namespaceSelector ) ( not $ipb ) }} - {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}} - {{- $nss = true }} - - namespaceSelector: - {{- if .namespaceSelector.matchLabels }} - matchLabels: - {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }} - {{- end -}} - {{- if .namespaceSelector.matchExpressions }} - matchExpressions: - {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if and ( .podSelector ) ( not $ipb ) }} - {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) }} - {{- if $nss }} - podSelector: - {{- else }} - - podSelector: - {{- end }} - {{- if .podSelector.matchLabels }} - matchLabels: - {{- .podSelector.matchLabels | toYaml | nindent 12 }} - {{- end -}} - {{- if .podSelector.matchExpressions }} - matchExpressions: - {{- .podSelector.matchExpressions | toYaml | nindent 12 }} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end -}} - - - {{- with .ports }} - ports: - {{- . | toYaml | nindent 6 }} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if $values.ingress }} - ingress: - {{- range $values.ingress }} - - from: - {{- range .from }} - {{- $nss := false }} - {{- $ipb := false }} - {{- if .ipBlock }} - {{- if .ipBlock.cidr }} - {{- $ipb = true }} - - ipBlock: - cidr: {{ .ipBlock.cidr }} - {{- if .ipBlock.except }} - except: - {{- range .ipBlock.except }} - - {{ . }} - {{- end }} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if and ( .namespaceSelector ) ( not $ipb ) }} - {{- if or ( .namespaceSelector.matchLabels ) ( .namespaceSelector.matchExpressions ) -}} - {{- $nss = true }} - - namespaceSelector: - {{- if .namespaceSelector.matchLabels }} - matchLabels: - {{- .namespaceSelector.matchLabels | toYaml | nindent 12 }} - {{- end -}} - {{- if .namespaceSelector.matchExpressions }} - matchExpressions: - {{- .namespaceSelector.matchExpressions | toYaml | nindent 12 }} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if and ( .podSelector ) ( not $ipb ) }} - {{- if or ( .podSelector.matchLabels ) ( .podSelector.matchExpressions ) }} - {{- if $nss }} - podSelector: - {{- else }} - - podSelector: - {{- end }} - {{- if .podSelector.matchLabels }} - matchLabels: - {{- .podSelector.matchLabels | toYaml | nindent 12 }} - {{- end -}} - {{- if .podSelector.matchExpressions }} - matchExpressions: - {{- .podSelector.matchExpressions | toYaml | nindent 12 }} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- with .ports }} - ports: - {{- . | toYaml | nindent 6 }} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/class/_pvc.tpl b/charts/common/templates/class/_pvc.tpl deleted file mode 100644 index 18f893d3..00000000 --- a/charts/common/templates/class/_pvc.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -This template serves as a blueprint for all PersistentVolumeClaim objects that are created -within the common library. -*/}} -{{- define "tc.common.class.pvc" -}} -{{- $values := .Values.persistence -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.persistence -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $pvcName := include "tc.common.names.fullname" . -}} -{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- if not (eq $values.nameOverride "-") -}} - {{- $pvcName = printf "%v-%v" $pvcName $values.nameOverride -}} - {{ end -}} -{{ end }} -{{- if $values.forceName -}} - {{- $pvcName = $values.forceName -}} -{{ end }} ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ $pvcName }} - {{- if or $values.retain $values.annotations }} - annotations: - {{- if $values.retain }} - "helm.sh/resource-policy": keep - {{- end }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- end }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with $values.labels }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ ( $values.accessMode | default "ReadWriteOnce" ) | quote }} - resources: - requests: - storage: {{ $values.size | default "999Gi" | quote }} - {{- with $values.spec }} - {{ tpl ( toYaml . ) $ | indent 2 }} - {{- end }} - {{ include "tc.common.storage.storageClassName" ( dict "persistence" $values "global" $ ) }} - {{- if $values.volumeName }} - volumeName: {{ $values.volumeName | quote }} - {{- end }} - -{{- end -}} diff --git a/charts/common/templates/class/_rbac.tpl b/charts/common/templates/class/_rbac.tpl deleted file mode 100644 index f09a27b9..00000000 --- a/charts/common/templates/class/_rbac.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -This template serves as a blueprint for rbac objects that are created -using the common library. -*/}} -{{- define "tc.common.class.rbac" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $saName := $fullName -}} - {{- $rbacName := $fullName -}} - {{- $values := .Values.rbac -}} - {{- $saValues := .Values.serviceAccount -}} - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.rbac -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $saName = printf "%v-%v" $saName $values.nameOverride -}} - {{- if not (hasKey $saValues $values.nameOverride) -}} - {{- $saName = "default" -}} - {{- end }} - {{- end }} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $rbacName = printf "%v-%v" $rbacName $values.nameOverride -}} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $rbacName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with $values.labels }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - annotations: - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -{{- with $values.rules }} -rules: - {{- tpl ( toYaml . ) $ | nindent 4 }} -{{- end}} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $rbacName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with $values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ $rbacName }} -subjects: - - kind: ServiceAccount - name: {{ $saName }} - namespace: {{ .Release.Namespace }} - {{- with $values.subjects }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/class/_secret.tpl b/charts/common/templates/class/_secret.tpl deleted file mode 100644 index acdbc61a..00000000 --- a/charts/common/templates/class/_secret.tpl +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -This template serves as a blueprint for all secret objects that are created -within the common library. -*/}} -{{- define "tc.common.class.secret" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $secretName := $fullName -}} - {{- $values := .Values.secret -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.secret -}} - {{- $values = . -}} - {{- end -}} - {{ end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $secretName = printf "%v-%v" $secretName $values.nameOverride -}} - {{- end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - {{- with (merge ($values.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- toYaml . | nindent 4 }} - {{- end }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - annotations: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -stringData: -{{- with $values.data }} - {{- tpl (toYaml .) $ | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/common/templates/class/_service.tpl b/charts/common/templates/class/_service.tpl deleted file mode 100644 index f932ec19..00000000 --- a/charts/common/templates/class/_service.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -This template serves as a blueprint for all Service objects that are created -within the common library. -*/}} -{{- define "tc.common.class.service" -}} -{{- $values := .Values.service -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.service -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} - -{{- $serviceName := include "tc.common.names.fullname" . -}} -{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $serviceName = printf "%v-%v" $serviceName $values.nameOverride -}} -{{ end -}} -{{- $svcType := $values.type | default "" -}} -{{- $primaryPort := get $values.ports (include "tc.common.lib.util.service.ports.primary" (dict "values" $values)) }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $serviceName }} - {{- with (merge ($values.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - annotations: - {{- if eq ( $primaryPort.protocol | default "" ) "HTTPS" }} - traefik.ingress.kubernetes.io/service.serversscheme: https - {{- end }} - {{- if eq ( $svcType | default "" ) "LoadBalancer" }} - metallb.universe.tf/allow-shared-ip: {{ include "tc.common.names.fullname" . }} - {{- end }} - {{- with (merge ($values.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - {{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }} - type: ClusterIP - {{- if $values.clusterIP }} - clusterIP: {{ $values.clusterIP }} - {{end}} - {{- else if eq $svcType "ExternalName" }} - type: {{ $svcType }} - externalName: {{ $values.externalName }} - {{- else if eq $svcType "ExternalIP" }} - {{- else if eq $svcType "LoadBalancer" }} - type: {{ $svcType }} - {{- if $values.loadBalancerIP }} - loadBalancerIP: {{ $values.loadBalancerIP }} - {{- end }} - {{- if $values.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{ toYaml $values.loadBalancerSourceRanges | nindent 4 }} - {{- end -}} - {{- else }} - type: {{ $svcType }} - {{- end }} - {{- if $values.externalTrafficPolicy }} - externalTrafficPolicy: {{ $values.externalTrafficPolicy }} - {{- end }} - {{- if $values.sessionAffinity }} - sessionAffinity: {{ $values.sessionAffinity }} - {{- if $values.sessionAffinityConfig }} - sessionAffinityConfig: - {{ toYaml $values.sessionAffinityConfig | nindent 4 }} - {{- end -}} - {{- end }} - {{- with $values.externalIPs }} - externalIPs: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if $values.publishNotReadyAddresses }} - publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }} - {{- end }} - {{- if (and ($values.ipFamilyPolicy) (ne $svcType "ExternalName")) }} - ipFamilyPolicy: {{ $values.ipFamilyPolicy }} - {{- end }} - {{ if ne $svcType "ExternalName" }} - {{- with $values.ipFamilies }} - ipFamilies: - {{ toYaml . | nindent 4 }} - {{- end }} - {{- end }} - ports: - {{- range $name, $port := $values.ports }} - {{- if $port.enabled }} - - port: {{ $port.port }} - targetPort: {{ $port.targetPort | default $name }} - {{- if $port.protocol }} - {{- if or ( eq $port.protocol "HTTP" ) ( eq $port.protocol "HTTPS" ) ( eq $port.protocol "TCP" ) }} - protocol: TCP - {{- else }} - protocol: {{ $port.protocol }} - {{- end }} - {{- else }} - protocol: TCP - {{- end }} - name: {{ $name }} - {{- if (and (eq $svcType "NodePort") (not (empty $port.nodePort))) }} - nodePort: {{ $port.nodePort }} - {{ end }} - {{- end }} - {{- end }} - {{- if and ( ne $svcType "ExternalName" ) ( ne $svcType "ExternalIP" )}} - selector: - {{- if $values.selector }} - {{- with $values.selector }} - {{- tpl (toYaml .) $ | nindent 4 }} - {{- end }} - {{- else }} - {{- include "tc.common.labels.selectorLabels" . | nindent 4 }} - {{- end }} - {{- end }} -{{- if eq $svcType "ExternalIP" }} ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ $serviceName }} - labels: - {{- include "tc.common.labels" $ | nindent 4 }} -subsets: - - addresses: - - ip: {{ $values.externalIP }} - ports: - {{- range $name, $port := $values.ports }} - {{- if $port.enabled }} - - port: {{ $port.port | default 80 }} - name: {{ $name }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/common/templates/class/_serviceaccount.tpl b/charts/common/templates/class/_serviceaccount.tpl deleted file mode 100644 index 2634ff48..00000000 --- a/charts/common/templates/class/_serviceaccount.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -This template serves as a blueprint for ServiceAccount objects that are created -using the common library. -*/}} -{{- define "tc.common.class.serviceAccount" -}} - {{- $fullName := include "tc.common.names.fullname" . -}} - {{- $saName := $fullName -}} - {{- $values := .Values.serviceAccount -}} - - {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.serviceAccount -}} - {{- $values = . -}} - {{- end -}} - {{- end -}} - - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $saName = printf "%v-%v" $saName $values.nameOverride -}} - {{- end }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $saName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with $values.annotations }} - annotations: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/lib/chart/_annotations.tpl b/charts/common/templates/lib/chart/_annotations.tpl deleted file mode 100644 index f4e40418..00000000 --- a/charts/common/templates/lib/chart/_annotations.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* Common annotations shared across objects */}} -{{- define "tc.common.annotations" -}} - {{- with .Values.global.annotations }} - {{- range $k, $v := . }} - {{- $name := $k }} - {{- $value := tpl $v $ }} -{{ $name }}: {{ quote $value }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* Annotations on all workload spec objects */}} -{{- define "tc.common.annotations.workload.spec" -}} -{{- if .Values.ixExternalInterfacesConfigurationNames }} -k8s.v1.cni.cncf.io/networks: {{ join ", " .Values.ixExternalInterfacesConfigurationNames }} -{{- end }} -{{- end -}} - -{{/* Annotations on all workload objects */}} -{{- define "tc.common.annotations.workload" -}} -rollme: {{ randAlphaNum 5 | quote }} -{{- end -}} diff --git a/charts/common/templates/lib/chart/_capabilities.tpl b/charts/common/templates/lib/chart/_capabilities.tpl deleted file mode 100644 index 075f288b..00000000 --- a/charts/common/templates/lib/chart/_capabilities.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* Allow KubeVersion to be overridden. */}} -{{- define "tc.common.capabilities.ingress.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}} -{{- end -}} - -{{/* Return the appropriate apiVersion for Ingress objects */}} -{{- define "tc.common.capabilities.ingress.apiVersion" -}} - {{- print "networking.k8s.io/v1" -}} - {{- if semverCompare "<1.19" (include "tc.common.capabilities.ingress.kubeVersion" .) -}} - {{- print "beta1" -}} - {{- end -}} -{{- end -}} - -{{/* Check Ingress stability */}} -{{- define "tc.common.capabilities.ingress.isStable" -}} - {{- if eq (include "tc.common.capabilities.ingress.apiVersion" .) "networking.k8s.io/v1" -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/lib/chart/_labels.tpl b/charts/common/templates/lib/chart/_labels.tpl deleted file mode 100644 index 81db6850..00000000 --- a/charts/common/templates/lib/chart/_labels.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Common labels shared across objects */}} -{{- define "tc.common.labels" -}} -helm.sh/chart: {{ include "tc.common.names.chart" . }} -{{ include "tc.common.labels.selectorLabels" . }} -{{- if .Chart.AppVersion }} -helm-revision: "{{ .Release.Revision }}" -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.global.labels }} - {{- range $k, $v := . }} - {{- $name := $k }} - {{- $value := tpl $v $ }} -{{ $name }}: {{ quote $value }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* Selector labels shared across objects */}} -{{- define "tc.common.labels.selectorLabels" -}} -app.kubernetes.io/name: {{ include "tc.common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/common/templates/lib/chart/_names.tpl b/charts/common/templates/lib/chart/_names.tpl deleted file mode 100644 index ebfdf589..00000000 --- a/charts/common/templates/lib/chart/_names.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* Expand the name of the chart */}} -{{- define "tc.common.names.name" -}} - {{- $globalNameOverride := "" -}} - {{- if hasKey .Values "global" -}} - {{- $globalNameOverride = (default $globalNameOverride .Values.global.nameOverride) -}} - {{- end -}} - {{- default .Chart.Name (default .Values.nameOverride $globalNameOverride) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tc.common.names.fullname" -}} - {{- $name := include "tc.common.names.name" . -}} - {{- $globalFullNameOverride := "" -}} - {{- if hasKey .Values "global" -}} - {{- $globalFullNameOverride = (default $globalFullNameOverride .Values.global.fullnameOverride) -}} - {{- end -}} - {{- if or .Values.fullnameOverride $globalFullNameOverride -}} - {{- $name = default .Values.fullnameOverride $globalFullNameOverride -}} - {{- else -}} - {{- if contains $name .Release.Name -}} - {{- $name = .Release.Name -}} - {{- else -}} - {{- $name = printf "%s-%s" .Release.Name $name -}} - {{- end -}} - {{- end -}} - {{- trunc 63 $name | trimSuffix "-" -}} -{{- end -}} - -{{/* Create chart name and version as used by the chart label */}} -{{- define "tc.common.names.chart" -}} - {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* Return the properly cased version of the controller type */}} -{{- define "tc.common.names.controllerType" -}} - {{- if eq .Values.controller.type "deployment" -}} - {{- print "Deployment" -}} - {{- else if eq .Values.controller.type "daemonset" -}} - {{- print "DaemonSet" -}} - {{- else if eq .Values.controller.type "statefulset" -}} - {{- print "StatefulSet" -}} - {{- else -}} - {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) -}} - {{- end -}} -{{- end -}} - -{{/* -Create the "name" + "." + "namespace" fqdn -*/}} -{{- define "tc.common.names.fqdn" -}} -{{- printf "%s.%s" (include "tc.common.names.fullname" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_container.tpl b/charts/common/templates/lib/controller/_container.tpl deleted file mode 100644 index d79f9ceb..00000000 --- a/charts/common/templates/lib/controller/_container.tpl +++ /dev/null @@ -1,150 +0,0 @@ -{{/* The main container included in the controller */}} -{{- define "tc.common.controller.mainContainer" -}} -- name: {{ include "tc.common.names.fullname" . }} - image: {{ include "tc.common.images.selector" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- with .Values.command }} - command: - {{- if kindIs "string" . }} - - {{ tpl . $ }} - {{- else }} - {{ tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- end }} - {{- if or ( .Values.extraArgs ) ( .Values.args ) }} - args: - {{- with .Values.args }} - {{- if kindIs "string" . }} - - {{ tpl . $ }} - {{- else }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- end }} - {{- with .Values.extraArgs }} - {{- if kindIs "string" . }} - - {{ tpl . $ }} - {{- else }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.tty }} - tty: {{ . }} - {{- end }} - {{- with .Values.stdin }} - stdin: {{ . }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with .Values.lifecycle }} - lifecycle: - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with .Values.termination.messagePath }} - terminationMessagePath: {{ tpl . $ }} - {{- end }} - {{- with .Values.termination.messagePolicy }} - terminationMessagePolicy: {{ tpl . $ }} - {{- end }} - - env: - {{- if and ( not .Values.podSecurityContext.runAsUser) ( .Values.security.PUID ) }} - - name: PUID - value: {{ tpl ( toYaml .Values.security.PUID ) $ | quote }} - - name: USER_ID - value: {{ tpl ( toYaml .Values.security.PUID ) $ | quote }} - - name: UID - value: {{ tpl ( toYaml .Values.security.PUID ) $ | quote }} - {{- end }} - - name: UMASK - value: {{ tpl ( toYaml .Values.security.UMASK ) $ | quote }} - - name: UMASK_SET - value: {{ tpl ( toYaml .Values.security.UMASK ) $ | quote }} - {{- if and ( not .Values.podSecurityContext.runAsUser) ( .Values.security.PUID ) }} - - name: PGID - value: {{ tpl ( toYaml .Values.podSecurityContext.fsGroup ) $ | quote }} - - name: GROUP_ID - value: {{ tpl ( toYaml .Values.podSecurityContext.fsGroup ) $ | quote }} - - name: GID - value: {{ tpl ( toYaml .Values.podSecurityContext.fsGroup ) $ | quote }} - {{- end }} - {{- if or ( .Values.securityContext.readOnlyRootFilesystem ) ( .Values.securityContext.runAsNonRoot ) }} - - name: S6_READ_ONLY_ROOT - value: "1" - {{- end }} - {{- if not ( .Values.scaleGPU ) }} - - name: NVIDIA_VISIBLE_DEVICES - value: "void" - {{- else }} - - name: NVIDIA_DRIVER_CAPABILITIES - value: "all" - {{- end }} - - name: TZ - value: {{ tpl ( toYaml .Values.TZ ) $ | quote }} - {{- with .Values.env }} - {{- range $k, $v := . }} - {{- $name := $k }} - {{- $value := $v }} - {{- if kindIs "int" $name }} - {{- $name = required "environment variables as a list of maps require a name field" $value.name }} - {{- end }} - - name: {{ quote $name }} - {{- if kindIs "map" $value -}} - {{- if hasKey $value "value" }} - {{- $value = $value.value -}} - {{- else if hasKey $value "valueFrom" }} - valueFrom: {{- tpl ( toYaml $value.valueFrom ) $ | nindent 8 }} - {{- else }} - valueFrom: {{- tpl ( toYaml $value ) $ | nindent 8 }} - {{- end }} - {{- end }} - {{- if not (kindIs "map" $value) }} - {{- if kindIs "string" $value }} - {{- $value = tpl $value $ }} - {{- end }} - value: {{ quote $value }} - {{- end }} - {{- end }} - {{- end }} - {{- range $envList := .Values.envList }} - {{- if and $envList.name $envList.value }} - - name: {{ $envList.name }} - value: {{ $envList.value | quote }} - {{- else }} - {{- fail "Please specify name/value for environment variable" }} - {{- end }} - {{- end}} - envFrom: - {{- if .Values.secretEnv }} - - secretRef: - name: {{ include "tc.common.names.fullname" . }} - {{- end }} - {{- range .Values.envFrom }} - {{- if .secretRef }} - - secretRef: - name: {{ tpl .secretRef.name $ | quote }} - {{- else if .configMapRef }} - - configMapRef: - name: {{ tpl .configMapRef.name $ | quote }} - {{- else }} - {{- end }} - {{- end }} - ports: - {{- include "tc.common.controller.ports" . | trim | nindent 4 }} - {{- with (include "tc.common.controller.volumeMounts" . | trim) }} - volumeMounts: - {{ nindent 4 . }} - {{- end }} - {{- include "tc.common.controller.probes" . | trim | nindent 2 }} - {{/* - Merges the TrueNAS SCALE generated GPU info with the .Values.resources dict - */}} - {{- $resources := dict "limits" ( .Values.scaleGPU | default dict ) }} - {{- $resources = merge $resources .Values.resources }} - resources: - {{- with $resources }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_pod.tpl b/charts/common/templates/lib/controller/_pod.tpl deleted file mode 100644 index 88cf6bd6..00000000 --- a/charts/common/templates/lib/controller/_pod.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -The pod definition included in the controller. -*/}} -{{- define "tc.common.controller.pod" -}} - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - -{{- $saName := include "tc.common.names.fullname" . -}} -{{- if not .Values.serviceAccount.main.enabled }} - {{ $saName = "default" }} -{{- end }} -serviceAccountName: {{ $saName }} - {{- with .Values.podSecurityContext }} -securityContext: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - {{- with .Values.priorityClassName }} -priorityClassName: {{ tpl . $ }} - {{- end }} - {{- with .Values.schedulerName }} -schedulerName: {{ tpl . $ }} - {{- end }} - {{- with .Values.hostNetwork }} -hostNetwork: {{ . }} - {{- end }} - {{- with .Values.hostname }} -hostname: {{ tpl . $ }} - {{- end }} - {{- if .Values.dnsPolicy }} -dnsPolicy: {{ .Values.dnsPolicy }} - {{- else if .Values.hostNetwork }} -dnsPolicy: ClusterFirstWithHostNet - {{- else }} -dnsPolicy: ClusterFirst - {{- end }} -{{- if or .Values.dnsConfig.options .Values.dnsConfig.nameservers .Values.dnsConfig.searches }} -dnsConfig: - {{- with .Values.dnsConfig.options }} - options: - {{ tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with .Values.dnsConfig.nameservers }} - nameservers: - {{ tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with .Values.dnsConfig.searches }} - searches: - {{ tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -{{- end }} -enableServiceLinks: {{ .Values.enableServiceLinks }} - {{- with .Values.termination.gracePeriodSeconds }} -terminationGracePeriodSeconds: {{ . }} - {{- end }} -initContainers: - {{- include "tc.common.controller.prepare" . | nindent 2 }} - {{- if and ( or ( .Release.IsInstall ) ( .Values.test.install ) ) ( .Values.installContainers )}} - {{- $installContainers := list }} - {{- range $index, $key := (keys .Values.installContainers | uniq | sortAlpha) }} - {{- $container := get $.Values.installContainers $key }} - {{- if not $container.name -}} - {{- $_ := set $container "name" $key }} - {{- end }} - {{- $installContainers = append $installContainers $container }} - {{- end }} - {{- tpl (toYaml $installContainers) $ | nindent 2 }} - {{- end }} - {{- if and ( or ( .Release.IsUpgrade ) ( .Values.test.upgrade ) ) ( .Values.upgradeContainers )}} - {{- $upgradeContainers := list }} - {{- range $index, $key := (keys .Values.upgradeContainers | uniq | sortAlpha) }} - {{- $container := get $.Values.upgradeContainers $key }} - {{- if not $container.name -}} - {{- $_ := set $container "name" $key }} - {{- end }} - {{- $upgradeContainers = append $upgradeContainers $container }} - {{- end }} - {{- tpl (toYaml $upgradeContainers) $ | nindent 2 }} - {{- end }} - {{- if .Values.initContainers }} - {{- $initContainers := list }} - {{- range $index, $key := (keys .Values.initContainers | uniq | sortAlpha) }} - {{- $container := get $.Values.initContainers $key }} - {{- if not $container.name -}} - {{- $_ := set $container "name" $key }} - {{- end }} - {{- $initContainers = append $initContainers $container }} - {{- end }} - {{- tpl (toYaml $initContainers) $ | nindent 2 }} - {{- end }} -containers: - {{- include "tc.common.controller.mainContainer" . | nindent 2 }} - {{- with .Values.additionalContainers }} - {{- $additionalContainers := list }} - {{- range $name, $container := . }} - {{- if not $container.name -}} - {{- $_ := set $container "name" $name }} - {{- end }} - {{- $additionalContainers = append $additionalContainers $container }} - {{- end }} - {{- tpl (toYaml $additionalContainers) $ | nindent 2 }} - {{- end }} - {{- with (include "tc.common.controller.volumes" . | trim) }} -volumes: - {{- nindent 2 . }} - {{- end }} - {{- with .Values.hostAliases }} -hostAliases: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - {{- with .Values.nodeSelector }} -nodeSelector: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - {{- with .Values.affinity }} -affinity: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} -topologySpreadConstraints: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} - {{- with .Values.tolerations }} -tolerations: - {{ tpl ( toYaml . ) $ | nindent 2 }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_ports.tpl b/charts/common/templates/lib/controller/_ports.tpl deleted file mode 100644 index 9181d0d6..00000000 --- a/charts/common/templates/lib/controller/_ports.tpl +++ /dev/null @@ -1,36 +0,0 @@ -{{/* -Ports included by the controller. -*/}} -{{- define "tc.common.controller.ports" -}} - {{- $ports := list -}} - {{- range .Values.service -}} - {{- if .enabled -}} - {{- range $name, $port := .ports -}} - {{- $_ := set $port "name" $name -}} - {{- $ports = mustAppend $ports $port -}} - {{- end }} - {{- end }} - {{- end }} - -{{/* export/render the list of ports */}} -{{- if $ports -}} -{{- range $_ := $ports }} -{{- if .enabled }} -- name: {{ tpl .name $ }} - {{- if and .targetPort (kindIs "string" .targetPort) }} - {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }} - {{- end }} - containerPort: {{ .targetPort | default .port }} - {{- if .protocol }} - {{- if or ( eq .protocol "HTTP" ) ( eq .protocol "HTTPS" ) ( eq .protocol "TCP" ) }} - protocol: TCP - {{- else }} - protocol: {{ tpl .protocol $ }} - {{- end }} - {{- else }} - protocol: TCP - {{- end }} -{{- end}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_prepare.tpl b/charts/common/templates/lib/controller/_prepare.tpl deleted file mode 100644 index 23bddf96..00000000 --- a/charts/common/templates/lib/controller/_prepare.tpl +++ /dev/null @@ -1,213 +0,0 @@ -{{/* -This template serves as the blueprint for the mountPermissions job that is run -before chart installation. -*/}} -{{- define "tc.common.controller.prepare" -}} -{{- $group := .Values.podSecurityContext.fsGroup -}} -{{- $hostPathMounts := dict -}} -{{- $autoperms := false -}} -{{- range $name, $mount := .Values.persistence -}} - {{- if and $mount.enabled $mount.setPermissions -}} - {{- $name = default ( $name| toString ) $mount.name -}} - {{- $_ := set $hostPathMounts $name $mount -}} - {{- $autoperms = true -}} - {{- end -}} -{{- end }} -{{- if or $autoperms ( and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) ) }} -- name: auto-permissions - image: {{ .Values.alpineImage.repository }}:{{ .Values.alpineImage.tag }} - securityContext: - runAsUser: 0 - runAsNonRoot: false - resources: - {{- with .Values.resources }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - command: - - "/bin/sh" - - "-c" - - | - /bin/sh <<'EOF' - echo "Automatically correcting permissions..." - {{- if and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) }} - echo "Automatically correcting permissions for vpn config file..." - /usr/bin/nfs4xdr_winacl -a chown -O 568 -G 568 -c /vpn/vpn.conf -p /vpn/vpn.conf || echo "Failed setting permissions..." - {{- end }} - {{- range $_, $hpm := $hostPathMounts }} - echo "Automatically correcting permissions for {{ $hpm.mountPath }}..." - /usr/bin/nfs4xdr_winacl -a chown -G {{ $group }} -r -c {{ tpl $hpm.mountPath $ | squote }} -p {{ tpl $hpm.mountPath $ | squote }} || echo "Failed setting permissions..." - {{- end }} - EOF - volumeMounts: - {{- range $name, $hpm := $hostPathMounts }} - - name: {{ $name }} - mountPath: {{ $hpm.mountPath }} - {{- if $hpm.subPath }} - subPath: {{ $hpm.subPath }} - {{- end }} - {{- end }} - {{- if and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) }} - - name: vpnconfig - mountPath: /vpn/vpn.conf - {{- end }} -{{- end }} -{{- if or .Values.mariadb.enabled .Values.redis.enabled .Values.mongodb.enabled .Values.clickhouse.enabled .Values.solr.enabled .Values.postgresql.enabled .Values.cnpg.enabled }} -- name: db-wait - image: {{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }} - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - resources: - {{- with .Values.resources }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - env: - {{- if .Values.mariadb.enabled }} - - name: MARIADB_HOST - valueFrom: - secretKeyRef: - name: mariadbcreds - key: plainhost - - name: MARIADB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mariadbcreds - key: mariadb-root-password - {{- end }} - {{- if .Values.redis.enabled }} - - name: REDIS_HOST - valueFrom: - secretKeyRef: - name: rediscreds - key: plainhost - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: rediscreds - key: redis-password - - name: REDIS_PORT - value: "6379" - {{- end }} - {{- if .Values.mongodb.enabled }} - - name: MONGODB_HOST - valueFrom: - secretKeyRef: - name: mongodbcreds - key: plainhost - - name: MONGODB_DATABASE - value: "{{ .Values.mongodb.mongodbDatabase }}" - {{- end }} - {{- if .Values.clickhouse.enabled }} - - name: CLICKHOUSE_PING - valueFrom: - secretKeyRef: - name: clickhousecreds - key: ping - {{- end }} - {{- if .Values.solr.enabled }} - - name: SOLR_HOST - valueFrom: - secretKeyRef: - name: solrcreds - key: plainhost - - name: SOLR_CORES - value: "{{ .Values.solr.solrCores }}" - - name: SOLR_ENABLE_AUTHENTICATION - value: "{{ .Values.solr.solrEnableAuthentication }}" - {{- if eq .Values.solr.solrEnableAuthentication "yes" }} - - name: SOLR_ADMIN_USERNAME - value: "{{ .Values.solr.solrUsername }}" - - name: SOLR_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: solrcreds - key: solr-password - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - {{- if .Values.postgresql.enabled }} - {{- $pghost := printf "%v-%v" .Release.Name "postgresql" }} - until - pg_isready -U {{ .Values.postgresql.postgresqlUsername }} -h {{ $pghost }} - do sleep 2 - done - {{- end }} - {{- if .Values.mongodb.enabled }} - until - HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet; - do sleep 2; - done - {{- end }} - {{- if .Values.cnpg.enabled }} - {{- $cnpgName := include "tc.common.names.fullname" . -}} - {{- $cnpgName = printf "%v-%v" $cnpgName "cnpg" -}} - {{- $pghost := printf "%s-rw" $cnpgName }} - until - pg_isready -U {{ .Values.cnpg.user }} -h {{ $pghost }} - do sleep 2 - done - until - pg_isready -U {{ .Values.cnpg.user }} -h pooler-{{ $pghost }} - do sleep 2 - done - {{- end }} - {{- if .Values.mariadb.enabled }} - until - mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \ - && mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status; - do sleep 2; - done - {{- end }} - {{- if .Values.redis.enabled }} - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"; - export LIVE=false; - until "$LIVE"; - do - response=$( - timeout -s 3 2 \ - redis-cli \ - -h "$REDIS_HOST" \ - -p "$REDIS_PORT" \ - ping - ) - if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then - LIVE=true - echo "$response" - echo "Redis Responded, ending initcontainer and starting main container(s)..." - else - echo "$response" - echo "Redis not responding... Sleeping for 10 sec..." - sleep 10 - fi; - done - {{- end }} - {{- if .Values.clickhouse.enabled }} - until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do - echo "ClickHouse - no response. Sleeping 2 seconds..." - sleep 2 - done - echo "ClickHouse - accepting connections" - {{- end }} - {{- if .Values.solr.enabled }} - if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then - until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do - echo "Solr is not responding... Sleeping 2 seconds..." - sleep 2 - done - else - until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do - echo "Solr is not responding... Sleeping 2 seconds..." - sleep 2 - done - fi; - {{- end }} - EOF -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_probes.tpl b/charts/common/templates/lib/controller/_probes.tpl deleted file mode 100644 index d59483b6..00000000 --- a/charts/common/templates/lib/controller/_probes.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Probes selection logic. -*/}} -{{- define "tc.common.controller.probes" -}} -{{- $primaryService := get .Values.service (include "tc.common.lib.util.service.primary" .) -}} -{{- $primaryPort := "" -}} -{{- if $primaryService -}} - {{- $primaryPort = get $primaryService.ports (include "tc.common.lib.util.service.ports.primary" (dict "serviceName" (include "tc.common.lib.util.service.primary" .) "values" $primaryService)) -}} -{{- end -}} -{{- $probeType := "TCP" -}} - -{{- range $probeName, $probe := .Values.probes }} - {{- if $probe.enabled -}} - {{- "" | nindent 0 }} - {{- $probeName }}Probe: - {{- if $probe.custom -}} - {{- $probe.spec | toYaml | nindent 2 }} - {{- else }} - {{- if and $primaryService $primaryPort -}} - {{- if $probe.type -}} - {{- if eq $probe.type "AUTO" -}} - {{- $probeType = $primaryPort.protocol -}} - {{- else -}} - {{- $probeType = $probe.type -}} - {{- end }} - {{- end }} - - {{- if or ( eq $probeType "HTTPS" ) ( eq $probeType "HTTP" ) -}} - {{- "httpGet:" | nindent 2 }} - {{- printf "path: %v" $probe.path | nindent 4 }} - {{- printf "scheme: %v" $probeType | nindent 4 }} - {{- else -}} - {{- "tcpSocket:" | nindent 2 }} - {{- end }} - - {{- if $probe.port }} - {{- printf "port: %v" ( tpl ( $probe.port | toString ) $ ) | nindent 4 }} - {{- else if $primaryPort.targetPort }} - {{- printf "port: %v" $primaryPort.targetPort | nindent 4 }} - {{- else}} - {{- printf "port: %v" $primaryPort.port | nindent 4 }} - {{- end }} - {{- printf "initialDelaySeconds: %v" $probe.spec.initialDelaySeconds | nindent 2 }} - {{- printf "failureThreshold: %v" $probe.spec.failureThreshold | nindent 2 }} - {{- printf "timeoutSeconds: %v" $probe.spec.timeoutSeconds | nindent 2 }} - {{- printf "periodSeconds: %v" $probe.spec.periodSeconds | nindent 2 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/common/templates/lib/controller/_volumeMounts.tpl b/charts/common/templates/lib/controller/_volumeMounts.tpl deleted file mode 100644 index ab07aa09..00000000 --- a/charts/common/templates/lib/controller/_volumeMounts.tpl +++ /dev/null @@ -1,37 +0,0 @@ -{{/* Volumes included by the controller */}} -{{- define "tc.common.controller.volumeMounts" -}} - {{- range $index, $item := .Values.persistence }} - {{- if not $item.noMount }} - {{- $mountPath := (printf "/%v" $index) -}} - {{- if eq "hostPath" (default "pvc" $item.type) -}} - {{- $mountPath = $item.hostPath -}} - {{- end -}} - {{- with $item.mountPath -}} - {{- $mountPath = . -}} - {{- end }} - {{- if and $item.enabled (ne $mountPath "-") }} -- mountPath: {{ tpl $mountPath $ }} - name: {{ tpl $index $ }} - {{- with $item.subPath }} - subPath: {{ tpl . $ }} - {{- end }} - {{- with $item.readOnly }} - readOnly: {{ . }} - {{- end }} - {{- with $item.mountPropagation }} - mountPropagation: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- if eq .Values.controller.type "statefulset" }} - {{- range $index, $vct := .Values.volumeClaimTemplates }} -- mountPath: {{ $vct.mountPath }} - name: {{ tpl ( toString $index ) $ }} - {{- if $vct.subPath }} - subPath: {{ $vct.subPath }} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/controller/_volumes.tpl b/charts/common/templates/lib/controller/_volumes.tpl deleted file mode 100644 index ed5df760..00000000 --- a/charts/common/templates/lib/controller/_volumes.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Volumes included by the controller. -*/}} -{{- define "tc.common.controller.volumes" -}} -{{- range $index, $persistence := .Values.persistence }} -{{- if $persistence.enabled }} -- name: {{ tpl ( toString $index ) $ }} - {{- if eq (default "pvc" $persistence.type) "pvc" }} - {{- $pvcName := (include "tc.common.names.fullname" $) -}} - {{- if $persistence.existingClaim }} - {{/* Always prefer an existingClaim if that is set */}} - {{- $pvcName = $persistence.existingClaim -}} - {{- else -}} - {{/* Otherwise refer to the PVC name */}} - {{- if $persistence.nameOverride -}} - {{- if not (eq $persistence.nameOverride "-") -}} - {{- $pvcName = (printf "%s-%s" (include "tc.common.names.fullname" $) $persistence.nameOverride) -}} - {{- end -}} - {{- else -}} - {{- $pvcName = (printf "%s-%s" (include "tc.common.names.fullname" $) $index) -}} - {{- end -}} - {{- if $persistence.forceName -}} - {{- $pvcName = $persistence.forceName -}} - {{- end -}} - {{- end }} - persistentVolumeClaim: - claimName: {{ tpl $pvcName $ }} - {{- else if eq $persistence.type "emptyDir" }} - {{- $emptyDir := dict -}} - {{- with $persistence.medium -}} - {{- $_ := set $emptyDir "medium" . -}} - {{- end -}} - {{- with $persistence.sizeLimit -}} - {{- $_ := set $emptyDir "sizeLimit" . -}} - {{- end }} - emptyDir: {{- tpl ( toYaml $emptyDir ) $ | nindent 4 }} - {{- else if or (eq $persistence.type "configMap") (eq $persistence.type "secret") }} - {{- $objectName := (required (printf "objectName not set for persistence item %s" $index) $persistence.objectName) }} - {{- $objectName = tpl $objectName $ }} - {{- if eq $persistence.type "configMap" }} - configMap: - name: {{ $objectName }} - {{- else }} - secret: - secretName: {{ $objectName }} - {{- end }} - {{- with $persistence.defaultMode }} - defaultMode: {{ tpl . $ }} - {{- end }} - {{- with $persistence.items }} - items: - {{- tpl ( toYaml . ) $ | nindent 6 }} - {{- end }} - {{- else if eq $persistence.type "hostPath" }} - hostPath: - path: {{ required "hostPath not set" $persistence.hostPath }} - {{- with $persistence.hostPathType }} - type: {{ tpl . $ }} - {{- end }} - {{- else if eq $persistence.type "nfs" }} - nfs: - server: {{ required "server not set" $persistence.server }} - path: {{ required "path not set" $persistence.path }} - {{- else if eq $persistence.type "custom" }} - {{- tpl ( toYaml $persistence.volumeSpec ) $ | nindent 2 }} - {{- else }} - {{- fail (printf "Not a valid persistence.type (%s)" $persistence.type) }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl b/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl deleted file mode 100644 index 345b5220..00000000 --- a/charts/common/templates/lib/dependencies/_clickhouseInjector.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* - This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.clickhouse.injector" -}} -{{- if .Values.clickhouse.enabled }} - -{{- $secretName := "clickhousecreds" }} - -{{- $dbPass := "" }} -{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }} - {{- $dbPass = (index .data "clickhouse-password") | b64dec }} -{{- else }} - {{- $dbPass = randAlphaNum 50 }} -{{- end }} - -{{- $host := printf "%v-clickhouse" .Release.Name }} -{{- $portHost := printf "%v-clickhouse:8123" .Release.Name }} -{{- $ping := printf "http://%v-clickhouse:8123/ping" .Release.Name }} -{{- $url := printf "http://%v:%v@%v-clickhouse:8123/%v" .Values.clickhouse.clickhouseUsername $dbPass .Release.Name .Values.clickhouse.clickhouseDatabase }} -{{- $jdbc := printf "jdbc:ch://%v-clickhouse:8123/%v" .Release.Name }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: {{ $secretName }} -data: - clickhouse-password: {{ $dbPass | b64enc | quote }} - plainhost: {{ $host | b64enc | quote }} - plainporthost: {{ $portHost | b64enc | quote }} - ping: {{ $ping | b64enc | quote }} - url: {{ $url | b64enc | quote }} - jdbc: {{ $jdbc | b64enc | quote }} - -{{- $_ := set .Values.clickhouse "clickhousePassword" ($dbPass | quote) }} -{{- $_ := set .Values.clickhouse.url "plain" ($host | quote) }} -{{- $_ := set .Values.clickhouse.url "plainhost" ($host | quote) }} -{{- $_ := set .Values.clickhouse.url "plainport" ($portHost | quote) }} -{{- $_ := set .Values.clickhouse.url "plainporthost" ($portHost | quote) }} -{{- $_ := set .Values.clickhouse.url "ping" ($ping | quote) }} -{{- $_ := set .Values.clickhouse.url "complete" ($url | quote) }} -{{- $_ := set .Values.clickhouse.url "jdbc" ($jdbc | quote) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_cnpgInjector.tpl b/charts/common/templates/lib/dependencies/_cnpgInjector.tpl deleted file mode 100644 index 45c49475..00000000 --- a/charts/common/templates/lib/dependencies/_cnpgInjector.tpl +++ /dev/null @@ -1,183 +0,0 @@ -{{/* -This template serves as a blueprint for all cnpg objects that are created -within the common library. -*/}} -{{- define "tc.common.dependencies.cnpg.main" -}} -{{- if .Values.cnpg.enabled }} -{{- $cnpgName := include "tc.common.names.fullname" . }} -{{- $cnpgName = printf "%v-%v" $cnpgName "cnpg" }} ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: {{ $cnpgName }} - {{- with (merge (.Values.cnpg.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - annotations: - {{- with (merge (.Values.cnpg.annotations | default dict) (include "tc.common.annotations" $ | fromYaml)) }} - {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - instances: {{ .Values.cnpg.instances | default 2 }} - - bootstrap: - initdb: - database: {{ .Values.cnpg.database | default "app" }} - owner: {{ .Values.cnpg.user | default "app" }} - secret: - name: cnpg-user - - superuserSecret: - name: cnpg-superuser - - primaryUpdateStrategy: {{ .Values.cnpg.primaryUpdateStrategy | default "unsupervised" }} - - storage: - pvcTemplate: - {{ include "tc.common.storage.storageClassName" ( dict "persistence" .Values.cnpg.storage "global" $) }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.cnpg.storage.size | default "256Gi" | quote }} - - walStorage: - pvcTemplate: - {{ include "tc.common.storage.storageClassName" ( dict "persistence" .Values.cnpg.storage "global" $) }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.cnpg.storage.walsize | default "256Gi" | quote }} - - monitoring: - enablePodMonitor: {{ .Values.cnpg.monitoring.enablePodMonitor | default true }} - - nodeMaintenanceWindow: - inProgress: false - reusePVC: on ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Pooler -metadata: - {{ $poolerrwname := printf "pooler-%s-rw" $cnpgName }} - name: {{ $poolerrwname }} -spec: - cluster: - name: {{ $cnpgName }} - - instances: {{ .Values.cnpg.instances | default 2 }} - type: rw - pgbouncer: - poolMode: session - parameters: - max_client_conn: "1000" - default_pool_size: "10" -{{ if ( .Values.cnpg.monitoring.enablePodMonitor | default true ) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ $cnpgName }}-rw -spec: - selector: - matchLabels: - cnpg.io/poolerName: {{ $poolerrwname }} - podMetricsEndpoints: - - port: metrics -{{ end }} -{{ if ( .Values.cnpg.acceptRO | default true ) }} ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Pooler -metadata: - {{ $poolerroname := printf "pooler-%s-ro" $cnpgName }} - name: {{ $poolerroname }} -spec: - cluster: - name: {{ $cnpgName }} - - instances: {{ .Values.cnpg.instances | default 2 }} - type: ro - pgbouncer: - poolMode: session - parameters: - max_client_conn: "1000" - default_pool_size: "10" -{{ if ( .Values.cnpg.monitoring.enablePodMonitor | default true ) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ $cnpgName }}-ro -spec: - selector: - matchLabels: - cnpg.io/poolerName: {{ $poolerroname }} - podMetricsEndpoints: - - port: metrics -{{ end }} -{{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: cnpgcreds -{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "cnpgcreds" }} -{{- $dbPass := "" }} -{{- $pgPass := "" }} -data: -{{- if $dbprevious }} - {{- $dbPass = ( index $dbprevious.data "user-password" ) | b64dec }} - {{- $pgPass = ( index $dbprevious.data "superuser-password" ) | b64dec }} - user-password: {{ ( index $dbprevious.data "user-password" ) }} - superuser-password: {{ ( index $dbprevious.data "superuser-password" ) }} -{{- else }} - {{- $dbPass = .Values.cnpg.password | default ( randAlphaNum 62 ) }} - {{- $pgPass = .Values.cnpg.superUserPassword | default ( randAlphaNum 62 ) }} - user-password: {{ $dbPass | b64enc | quote }} - superuser-password: {{ $pgPass | b64enc | quote }} -{{- end }} - {{- $std := ( ( printf "postgresql://%v:%v@%v:5432/%v" .Values.cnpg.user $dbPass $poolerrwname .Values.cnpg.database ) | b64enc | quote ) }} - {{- $nossl := ( ( printf "postgresql://%v:%v@%v:5432/%v?sslmode=disable" .Values.cnpg.user $dbPass $poolerrwname .Values.cnpg.database ) | b64enc | quote ) }} - {{- $porthost := ( ( printf "%s:5432" $poolerrwname ) | b64enc | quote ) }} - {{- $host := ( ( printf "%s" $poolerrwname ) | b64enc | quote ) }} - {{- $jdbc := ( ( printf "jdbc:postgresql://%v:5432/%v" $poolerrwname .Values.cnpg.database ) | b64enc | quote ) }} - - std: {{ $std }} - nossl: {{ $nossl }} - porthost: {{ $porthost }} - host: {{ $host }} - jdbc: {{ $jdbc }} -type: Opaque -{{- $_ := set .Values.cnpg.creds "password" ( $dbPass | quote ) }} -{{- $_ := set .Values.cnpg.creds "superUserPassword" ( $pgPass | quote ) }} -{{- $_ := set .Values.cnpg.creds "std" $std }} -{{- $_ := set .Values.cnpg.creds "nossl" $nossl }} -{{- $_ := set .Values.cnpg.creds "porthost" $porthost }} -{{- $_ := set .Values.cnpg.creds "host" $host }} -{{- $_ := set .Values.cnpg.creds "jdbc" $jdbc }} ---- -apiVersion: v1 -data: - username: {{ "postgres" | b64enc | quote }} - password: {{ $pgPass | b64enc | quote }} -kind: Secret -metadata: - name: cnpg-superuser -type: kubernetes.io/basic-auth ---- -apiVersion: v1 -data: - username: {{ .Values.cnpg.user | b64enc | quote }} - password: {{ $dbPass | b64enc | quote }} -kind: Secret -metadata: - name: cnpg-user -type: kubernetes.io/basic-auth - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_mariadbInjector.tpl b/charts/common/templates/lib/dependencies/_mariadbInjector.tpl deleted file mode 100644 index f4e5cc4d..00000000 --- a/charts/common/templates/lib/dependencies/_mariadbInjector.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.mariadb.injector" -}} -{{- $pghost := printf "%v-%v" .Release.Name "mariadb" }} - -{{- if .Values.mariadb.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: mariadbcreds -{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "mariadbcreds" }} -{{- $dbPass := "" }} -{{- $rootPass := "" }} -data: -{{- if $dbprevious }} - {{- $dbPass = ( index $dbprevious.data "mariadb-password" ) | b64dec }} - {{- $rootPass = ( index $dbprevious.data "mariadb-root-password" ) | b64dec }} - mariadb-password: {{ ( index $dbprevious.data "mariadb-password" ) }} - mariadb-root-password: {{ ( index $dbprevious.data "mariadb-root-password" ) }} -{{- else }} - {{- $dbPass = randAlphaNum 50 }} - {{- $rootPass = randAlphaNum 50 }} - mariadb-password: {{ $dbPass | b64enc | quote }} - mariadb-root-password: {{ $rootPass | b64enc | quote }} -{{- end }} - url: {{ ( printf "sql://%v:%v@%v-mariadb:3306/%v" .Values.mariadb.mariadbUsername $dbPass .Release.Name .Values.mariadb.mariadbDatabase ) | b64enc | quote }} - urlnossl: {{ ( printf "sql://%v:%v@%v-mariadb:3306/%v?sslmode=disable" .Values.mariadb.mariadbUsername $dbPass .Release.Name .Values.mariadb.mariadbDatabase ) | b64enc | quote }} - plainporthost: {{ ( printf "%v-%v:3306" .Release.Name "mariadb" ) | b64enc | quote }} - plainhost: {{ ( printf "%v-%v" .Release.Name "mariadb" ) | b64enc | quote }} - jdbc: {{ ( printf "jdbc:sqlserver://%v-mariadb:3306/%v" .Release.Name .Values.mariadb.mariadbDatabase ) | b64enc | quote }} - jdbc-mysql: {{ ( printf "jdbc:mysql://%v-mariadb:3306/%v" .Release.Name .Values.mariadb.mariadbDatabase ) | b64enc | quote }} - jdbc-mariadb: {{ ( printf "jdbc:mariadb://%v-mariadb:3306/%v" .Release.Name .Values.mariadb.mariadbDatabase ) | b64enc | quote }} -type: Opaque -{{- $_ := set .Values.mariadb "mariadbPassword" ( $dbPass | quote ) }} -{{- $_ := set .Values.mariadb "mariadbRootPassword" ( $rootPass | quote ) }} -{{- $_ := set .Values.mariadb.url "plain" ( ( printf "%v-%v" .Release.Name "mariadb" ) | quote ) }} -{{- $_ := set .Values.mariadb.url "plainhost" ( ( printf "%v-%v" .Release.Name "mariadb" ) | quote ) }} -{{- $_ := set .Values.mariadb.url "plainport" ( ( printf "%v-%v:3306" .Release.Name "mariadb" ) | quote ) }} -{{- $_ := set .Values.mariadb.url "plainporthost" ( ( printf "%v-%v:3306" .Release.Name "mariadb" ) | quote ) }} -{{- $_ := set .Values.mariadb.url "complete" ( ( printf "sql://%v:%v@%v-mariadb:3306/%v" .Values.mariadb.mariadbUsername $dbPass .Release.Name .Values.mariadb.mariadbDatabase ) | quote ) }} -{{- $_ := set .Values.mariadb.url "jdbc" ( ( printf "jdbc:sqlserver://%v-mariadb:3306/%v" .Release.Name .Values.mariadb.mariadbDatabase ) | quote ) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_mongodbInjector.tpl b/charts/common/templates/lib/dependencies/_mongodbInjector.tpl deleted file mode 100644 index f43e43da..00000000 --- a/charts/common/templates/lib/dependencies/_mongodbInjector.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* -This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.mongodb.injector" -}} -{{- $pghost := printf "%v-%v" .Release.Name "mongodb" }} - -{{- if .Values.mongodb.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: mongodbcreds -{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "mongodbcreds" }} -{{- $dbPass := "" }} -{{- $rootPass := "" }} -data: -{{- if $dbprevious }} - {{- $dbPass = ( index $dbprevious.data "mongodb-password" ) | b64dec }} - {{- $rootPass = ( index $dbprevious.data "mongodb-root-password" ) | b64dec }} - mongodb-password: {{ ( index $dbprevious.data "mongodb-password" ) }} - mongodb-root-password: {{ ( index $dbprevious.data "mongodb-root-password" ) }} -{{- else }} - {{- $dbPass = randAlphaNum 50 }} - {{- $rootPass = randAlphaNum 50 }} - mongodb-password: {{ $dbPass | b64enc | quote }} - mongodb-root-password: {{ $rootPass | b64enc | quote }} -{{- end }} - url: {{ ( printf "mongodb://%v:%v@%v-mongodb:27017/%v" .Values.mongodb.mongodbUsername $dbPass .Release.Name .Values.mongodb.mongodbDatabase ) | b64enc | quote }} - urlssl: {{ ( printf "mongodb://%v:%v@%v-mongodb:27017/%v?ssl=true" .Values.mongodb.mongodbUsername $dbPass .Release.Name .Values.mongodb.mongodbDatabase ) | b64enc | quote }} - urltls: {{ ( printf "mongodb://%v:%v@%v-mongodb:27017/%v?tls=true" .Values.mongodb.mongodbUsername $dbPass .Release.Name .Values.mongodb.mongodbDatabase ) | b64enc | quote }} - jdbc: {{ ( printf "jdbc:mongodb://%v-mongodb:27017/%v" .Release.Name .Values.mongodb.mongodbDatabase ) | b64enc | quote }} - plainhost: {{ ( printf "%v-%v" .Release.Name "mongodb" ) | b64enc | quote }} - plainporthost: {{ ( printf "%v-%v:27017" .Release.Name "mongodb" ) | b64enc | quote }} -type: Opaque -{{- $_ := set .Values.mongodb "mongodbPassword" ( $dbPass | quote ) }} -{{- $_ := set .Values.mongodb "mongodbRootPassword" ( $rootPass | quote ) }} -{{- $_ := set .Values.mongodb.url "plain" ( ( printf "%v-%v" .Release.Name "mongodb" ) | quote ) }} -{{- $_ := set .Values.mongodb.url "plainhost" ( ( printf "%v-%v" .Release.Name "mongodb" ) | quote ) }} -{{- $_ := set .Values.mongodb.url "plainport" ( ( printf "%v-%v:27017" .Release.Name "mongodb" ) | quote ) }} -{{- $_ := set .Values.mongodb.url "plainporthost" ( ( printf "%v-%v:27017" .Release.Name "mongodb" ) | quote ) }} -{{- $_ := set .Values.mongodb.url "complete" ( ( printf "mongodb://%v:%v@%v-mongodb:27017/%v" .Values.mongodb.mongodbUsername $dbPass .Release.Name .Values.mongodb.mongodbDatabase ) | quote ) }} -{{- $_ := set .Values.mongodb.url "jdbc" ( ( printf "jdbc:mongodb://%v-mongodb:27017/%v" .Release.Name .Values.mongodb.mongodbDatabase ) | quote ) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_postgresInjector.tpl b/charts/common/templates/lib/dependencies/_postgresInjector.tpl deleted file mode 100644 index ff37bbae..00000000 --- a/charts/common/templates/lib/dependencies/_postgresInjector.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.postgresql.injector" -}} -{{- $pghost := printf "%v-%v" .Release.Name "postgresql" }} - -{{- if .Values.postgresql.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: dbcreds -{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "dbcreds" }} -{{- $dbPass := "" }} -{{- $pgPass := "" }} -data: -{{- if $dbprevious }} - {{- $dbPass = ( index $dbprevious.data "postgresql-password" ) | b64dec }} - {{- $pgPass = ( index $dbprevious.data "postgresql-postgres-password" ) | b64dec }} - postgresql-password: {{ ( index $dbprevious.data "postgresql-password" ) }} - postgresql-postgres-password: {{ ( index $dbprevious.data "postgresql-postgres-password" ) }} -{{- else }} - {{- $dbPass = randAlphaNum 50 }} - {{- $pgPass = randAlphaNum 50 }} - postgresql-password: {{ $dbPass | b64enc | quote }} - postgresql-postgres-password: {{ $pgPass | b64enc | quote }} -{{- end }} - url: {{ ( printf "postgresql://%v:%v@%v-postgresql:5432/%v" .Values.postgresql.postgresqlUsername $dbPass .Release.Name .Values.postgresql.postgresqlDatabase ) | b64enc | quote }} - url-noql: {{ ( printf "postgres://%v:%v@%v-postgresql:5432/%v" .Values.postgresql.postgresqlUsername $dbPass .Release.Name .Values.postgresql.postgresqlDatabase ) | b64enc | quote }} - urlnossl: {{ ( printf "postgresql://%v:%v@%v-postgresql:5432/%v?sslmode=disable" .Values.postgresql.postgresqlUsername $dbPass .Release.Name .Values.postgresql.postgresqlDatabase ) | b64enc | quote }} - plainporthost: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }} - plainhost: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }} - jdbc: {{ ( printf "jdbc:postgresql://%v-postgresql:5432/%v" .Release.Name .Values.postgresql.postgresqlDatabase ) | b64enc | quote }} -type: Opaque -{{- $_ := set .Values.postgresql "postgresqlPassword" ( $dbPass | quote ) }} -{{- $_ := set .Values.postgresql "postgrespassword" ( $pgPass | quote ) }} -{{- $_ := set .Values.postgresql.url "plain" ( ( printf "%v-%v" .Release.Name "postgresql" ) | quote ) }} -{{- $_ := set .Values.postgresql.url "plainhost" ( ( printf "%v-%v" .Release.Name "postgresql" ) | quote ) }} -{{- $_ := set .Values.postgresql.url "plainport" ( ( printf "%v-%v:5432" .Release.Name "postgresql" ) | quote ) }} -{{- $_ := set .Values.postgresql.url "plainporthost" ( ( printf "%v-%v:5432" .Release.Name "postgresql" ) | quote ) }} -{{- $_ := set .Values.postgresql.url "complete" ( ( printf "postgresql://%v:%v@%v-postgresql:5432/%v" .Values.postgresql.postgresqlUsername $dbPass .Release.Name .Values.postgresql.postgresqlDatabase ) | quote ) }} -{{- $_ := set .Values.postgresql.url "complete-noql" ( ( printf "postgres://%v:%v@%v-postgresql:5432/%v" .Values.postgresql.postgresqlUsername $dbPass .Release.Name .Values.postgresql.postgresqlDatabase ) | quote ) }} -{{- $_ := set .Values.postgresql.url "jdbc" ( ( printf "jdbc:postgresql://%v-postgresql:5432/%v" .Release.Name .Values.postgresql.postgresqlDatabase ) | quote ) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_redisInjector.tpl b/charts/common/templates/lib/dependencies/_redisInjector.tpl deleted file mode 100644 index 8b598cd4..00000000 --- a/charts/common/templates/lib/dependencies/_redisInjector.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.redis.injector" -}} -{{- $pghost := printf "%v-%v" .Release.Name "redis" }} - -{{- if .Values.redis.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: rediscreds -{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "rediscreds" }} -{{- $dbPass := "" }} -{{- $dbIndex := default "0" .Values.redis.redisDatabase }} -data: -{{- if $dbprevious }} - {{- $dbPass = ( index $dbprevious.data "redis-password" ) | b64dec }} - redis-password: {{ ( index $dbprevious.data "redis-password" ) }} -{{- else }} - {{- $dbPass = randAlphaNum 50 }} - redis-password: {{ $dbPass | b64enc | quote }} -{{- end }} - url: {{ ( printf "redis://%v:%v@%v-redis:6379/%v" .Values.redis.redisUsername $dbPass .Release.Name $dbIndex ) | b64enc | quote }} - plainhostpass: {{ ( printf "%v:%v@%v-redis" .Values.redis.redisUsername $dbPass .Release.Name ) | b64enc | quote }} - plainporthost: {{ ( printf "%v-%v:6379" .Release.Name "redis" ) | b64enc | quote }} - plainhost: {{ ( printf "%v-%v" .Release.Name "redis" ) | b64enc | quote }} -type: Opaque -{{- $_ := set .Values.redis "redisPassword" ( $dbPass | quote ) }} -{{- $_ := set .Values.redis.url "plain" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }} -{{- $_ := set .Values.redis.url "plainhost" ( ( printf "%v-%v" .Release.Name "redis" ) | quote ) }} -{{- $_ := set .Values.redis.url "plainport" ( ( printf "%v-%v:6379" .Release.Name "redis" ) | quote ) }} -{{- $_ := set .Values.redis.url "plainporthost" ( ( printf "%v-%v:6379" .Release.Name "redis" ) | quote ) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/dependencies/_solrInjector.tpl b/charts/common/templates/lib/dependencies/_solrInjector.tpl deleted file mode 100644 index eb4af597..00000000 --- a/charts/common/templates/lib/dependencies/_solrInjector.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -This template generates a random password and ensures it persists across updates/edits to the chart -*/}} -{{- define "tc.common.dependencies.solr.injector" -}} -{{- $host := printf "%v-%v" .Release.Name "solr" }} - -{{- if .Values.solr.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "tc.common.labels" . | nindent 4 }} - name: solrcreds -{{- $solrprevious := lookup "v1" "Secret" .Release.Namespace "solrcreds" }} -{{- $solrPass := "" }} -data: -{{- if $solrprevious }} - {{- $solrPass = ( index $solrprevious.data "solr-password" ) | b64dec }} - solr-password: {{ ( index $solrprevious.data "solr-password" ) }} -{{- else }} - {{- $solrPass = randAlphaNum 50 }} - solr-password: {{ $solrPass | b64enc | quote }} -{{- end }} - url: {{ ( printf "http://%v:%v@%v-solr:8983/url/%v" .Values.solr.solrUsername $solrPass .Release.Name .Values.solr.solrCores ) | b64enc | quote }} - plainhost: {{ ( ( printf "%v-%v" .Release.Name "solr" ) ) | b64enc | quote }} -type: Opaque -{{- $_ := set .Values.solr "solrPassword" ( $solrPass | quote ) }} -{{- $_ := set .Values.solr.url "plain" ( ( printf "%v-%v" .Release.Name "solr" ) | quote ) }} -{{- $_ := set .Values.solr.url "plainhost" ( ( printf "%v-%v" .Release.Name "solr" ) | quote ) }} - -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/util/_affinities.tpl b/charts/common/templates/lib/util/_affinities.tpl deleted file mode 100644 index 8ac0a6e3..00000000 --- a/charts/common/templates/lib/util/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "tc.common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "tc.common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "tc.common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "tc.common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "tc.common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "tc.common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "tc.common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "tc.common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "tc.common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "tc.common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "tc.common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "tc.common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "tc.common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "tc.common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "tc.common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "tc.common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "tc.common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "tc.common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_images.tpl b/charts/common/templates/lib/util/_images.tpl deleted file mode 100644 index 45e35621..00000000 --- a/charts/common/templates/lib/util/_images.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "tc.common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "tc.common.images.image" -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the image name using the selector -{{ include "tc.common.images.selector" . }} -*/}} -{{- define "tc.common.images.selector" -}} -{{- $imageDict := get .Values "image" }} -{{- $selected := .Values.imageSelector }} -{{- if hasKey .Values $selected }} -{{- $imageDict = get .Values $selected }} -{{- end }} -{{- $repositoryName := $imageDict.repository -}} -{{- $tag :=$imageDict.tag | toString -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use tc.common.images.renderPullSecrets instead) -{{ include "tc.common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "tc.common.images.pullSecrets" -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "tc.common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "tc.common.images.renderPullSecrets" -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_labels.tpl b/charts/common/templates/lib/util/_labels.tpl deleted file mode 100644 index 4e44bed9..00000000 --- a/charts/common/templates/lib/util/_labels.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "tc.common.labels.standard" -}} -{{- include "tc.common.labels" . }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "tc.common.labels.matchLabels" -}} -{{- include "tc.common.labels.selectorLabels" . }} -{{- end -}} diff --git a/charts/common/templates/lib/util/_manifest-updater.tpl b/charts/common/templates/lib/util/_manifest-updater.tpl deleted file mode 100644 index d5fc9d70..00000000 --- a/charts/common/templates/lib/util/_manifest-updater.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "tc.common.lib.util.manifest.update" -}} -{{- if .Values.manifests.enabled }} -{{- $fullName := include "tc.common.names.fullname" . }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: {{ $fullName }}-manifests - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-6" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - spec: - serviceAccountName: {{ $fullName }}-manifests - containers: - - name: {{ $fullName }}-manifests - image: {{ .Values.kubectlImage.repository }}:{{ .Values.kubectlImage.tag }} - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - command: - - "/bin/sh" - - "-c" - - | - /bin/sh <<'EOF' - echo "installing manifests..." - kubectl apply --server-side --force-conflicts -k https://github.com/truecharts/manifests/{{ if .Values.manifests.staging }}staging{{ else }}manifests{{ end }} {{ if .Values.manifests.nonBlocking }} || echo "Manifest application failed..."{{ end }} - EOF - volumeMounts: - - name: {{ $fullName }}-manifests-temp - mountPath: /tmp - restartPolicy: Never - volumes: - - name: {{ $fullName }}-manifests-temp - emptyDir: {} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $fullName }}-manifests - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-7" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $fullName }}-manifests - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-7" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ $fullName }}-manifests -subjects: - - kind: ServiceAccount - name: {{ $fullName }}-manifests - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $fullName }}-manifests - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-7" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/util/_primary-ingress.tpl b/charts/common/templates/lib/util/_primary-ingress.tpl deleted file mode 100644 index b3470cfb..00000000 --- a/charts/common/templates/lib/util/_primary-ingress.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* Return the name of the primary ingress object */}} -{{- define "tc.common.lib.util.ingress.primary" -}} - {{- $enabledIngresses := dict -}} - {{- range $name, $ingress := .Values.ingress -}} - {{- if $ingress.enabled -}} - {{- $_ := set $enabledIngresses $name . -}} - {{- end -}} - {{- end -}} - - {{- $result := "" -}} - {{- range $name, $ingress := $enabledIngresses -}} - {{- if and (hasKey $ingress "primary") $ingress.primary -}} - {{- $result = $name -}} - {{- end -}} - {{- end -}} - - {{- if not $result -}} - {{- $result = keys $enabledIngresses | first -}} - {{- end -}} - {{- $result -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_primary-rbac.tpl b/charts/common/templates/lib/util/_primary-rbac.tpl deleted file mode 100644 index 7d1708cc..00000000 --- a/charts/common/templates/lib/util/_primary-rbac.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Return the primary rbac object -*/}} -{{- define "tc.common.lib.util.rbac.primary" -}} - {{- $enabledrbacs := dict -}} - {{- range $name, $rbac := .Values.rbac -}} - {{- if $rbac.enabled -}} - {{- $_ := set $enabledrbacs $name . -}} - {{- end -}} - {{- end -}} - - {{- $result := "" -}} - {{- range $name, $rbac := $enabledrbacs -}} - {{- if and (hasKey $rbac "primary") $rbac.primary -}} - {{- $result = $name -}} - {{- end -}} - {{- end -}} - - {{- if not $result -}} - {{- $result = keys $enabledrbacs | first -}} - {{- end -}} - {{- $result -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_primary-service.tpl b/charts/common/templates/lib/util/_primary-service.tpl deleted file mode 100644 index d2a26d6a..00000000 --- a/charts/common/templates/lib/util/_primary-service.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Return the primary service object -*/}} -{{- define "tc.common.lib.util.service.primary" -}} - {{- $enabledServices := dict -}} - {{- range $name, $service := .Values.service -}} - {{- if $service.enabled -}} - {{- $_ := set $enabledServices $name . -}} - {{- end -}} - {{- end -}} - - {{- $result := "" -}} - {{- range $name, $service := $enabledServices -}} - {{- if and (hasKey $service "primary") $service.primary -}} - {{- $result = $name -}} - {{- end -}} - {{- end -}} - - {{- if not $result -}} - {{- $result = keys $enabledServices | first -}} - {{- end -}} - {{- $result -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_primary-serviceAccount.tpl b/charts/common/templates/lib/util/_primary-serviceAccount.tpl deleted file mode 100644 index e09fc4a7..00000000 --- a/charts/common/templates/lib/util/_primary-serviceAccount.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Return the primary serviceAccount object -*/}} -{{- define "tc.common.lib.util.serviceaccount.primary" -}} - {{- $enabledServiceaccounts := dict -}} - {{- range $name, $serviceAccount := .Values.serviceAccount -}} - {{- if $serviceAccount.enabled -}} - {{- $_ := set $enabledServiceaccounts $name . -}} - {{- end -}} - {{- end -}} - - {{- $result := "" -}} - {{- range $name, $serviceAccount := $enabledServiceaccounts -}} - {{- if and (hasKey $serviceAccount "primary") $serviceAccount.primary -}} - {{- $result = $name -}} - {{- end -}} - {{- end -}} - - {{- if not $result -}} - {{- $result = keys $enabledServiceaccounts | first -}} - {{- end -}} - {{- $result -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_service_ports.tpl b/charts/common/templates/lib/util/_service_ports.tpl deleted file mode 100644 index 2c602963..00000000 --- a/charts/common/templates/lib/util/_service_ports.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Return the primary port for a given Service object. -*/}} -{{- define "tc.common.lib.util.service.ports.primary" -}} - {{- $enabledPorts := dict -}} - {{- range $name, $port := .values.ports -}} - {{- if $port.enabled -}} - {{- $_ := set $enabledPorts $name . -}} - {{- end -}} - {{- end -}} - - {{- if eq 0 (len $enabledPorts) }} - {{- fail (printf "No ports are enabled for service \"%s\"!" .serviceName) }} - {{- end }} - - {{- $result := "" -}} - {{- range $name, $port := $enabledPorts -}} - {{- if and (hasKey $port "primary") $port.primary -}} - {{- $result = $name -}} - {{- end -}} - {{- end -}} - - {{- if not $result -}} - {{- $result = keys $enabledPorts | first -}} - {{- end -}} - {{- $result -}} -{{- end -}} diff --git a/charts/common/templates/lib/util/_storage.tpl b/charts/common/templates/lib/util/_storage.tpl deleted file mode 100644 index ed2dce1b..00000000 --- a/charts/common/templates/lib/util/_storage.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "tc.common.storage.classname" ( dict "persistence" .Values.path.to.the.persistence "global" $ ) }} -*/}} -{{- define "tc.common.storage.storageClassName" -}} - -{{- if .persistence.storageClass -}} - {{- if (eq "-" .persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else if and (eq "SCALE-ZFS" .persistence.storageClass ) -}} - {{- printf "storageClassName: %s" .global.Values.global.ixChartContext.storageClassName -}} - {{- else -}} - {{- printf "storageClassName: %s" .persistence.storageClass -}} - {{- end -}} -{{- else if .global.Values.global.ixChartContext -}} - {{- printf "storageClassName: %s" .global.Values.global.ixChartContext.storageClassName -}} -{{- end -}} - -{{- end -}} - -{{- define "tc.common.storage.storageClass" -}} - -{{- if .persistence.storageClass -}} - {{- if (eq "-" .persistence.storageClass) -}} - {{- printf "storageClass: \"\"" -}} - {{- else if and (eq "SCALE-ZFS" .persistence.storageClass ) -}} - {{- printf "storageClass: %s" .global.Values.global.ixChartContext.storageClassName -}} - {{- else -}} - {{- printf "storageClass: %s" .persistence.storageClass -}} - {{- end -}} -{{- else if .global.Values.global.ixChartContext -}} - {{- printf "storageClass: %s" .global.Values.global.ixChartContext.storageClassName -}} -{{- end -}} - -{{- end -}} - -{{- define "tc.common.storage.class" -}} - -{{- if .persistence.storageClass -}} - {{- if (eq "-" .persistence.storageClass) -}} - {{- printf "\"\"" -}} - {{- else if and (eq "SCALE-ZFS" .persistence.storageClass ) -}} - {{- printf "%s" .global.Values.global.ixChartContext.storageClassName -}} - {{- else -}} - {{- printf "%s" .persistence.storageClass -}} - {{- end -}} -{{- else if .global.Values.global.ixChartContext -}} - {{- printf "%s" .global.Values.global.ixChartContext.storageClassName -}} -{{- end -}} - -{{- end -}} diff --git a/charts/common/templates/lib/util/_tplvalues.tpl b/charts/common/templates/lib/util/_tplvalues.tpl deleted file mode 100644 index fab7f604..00000000 --- a/charts/common/templates/lib/util/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "tc.common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "tc.common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/util/_warnings.tpl b/charts/common/templates/lib/util/_warnings.tpl deleted file mode 100644 index d2290ebe..00000000 --- a/charts/common/templates/lib/util/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "tc.common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "tc.common.warnings.rollingTag" -}} - -{{- if not (.tag | toString | regexFind "-r\\d+$|sha256:") }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/common/templates/lib/values/_capabilities.tpl b/charts/common/templates/lib/values/_capabilities.tpl deleted file mode 100644 index 1ebec48a..00000000 --- a/charts/common/templates/lib/values/_capabilities.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* automatically set CAP_NET_BIND_SERVICE */}} -{{- define "tc.common.lib.values.capabilities" -}} - {{- $fixedCapAdd := list }} - {{- $customCapAdd := list }} - {{- $valueCapAdd := list }} - {{- $dynamicCapAdd := list }} - {{- $fixedCapDrop := list }} - {{- $customCapDrop := list }} - {{- $valueCapDrop := list }} - {{- $dynamicCapDrop := list }} - {{- if .Values.securityContext.capabilities.add }} - {{- $valueCapAdd = .Values.securityContext.capabilities.add }} - {{- end }} - {{- if .Values.securityContext.capabilities.drop }} - {{- $valueCapDrop = .Values.securityContext.capabilities.drop }} - {{- end }} - {{- if .Values.customCapabilities.add }} - {{- $customCapAdd = .Values.customCapabilities.add }} - {{- end }} - {{- if .Values.customCapabilities.drop }} - {{- $customCapDrop = .Values.customCapabilities.drop }} - {{- end }} - - {{- $privPort := false }} - {{- range .Values.service }} - {{- range $name, $values := .ports }} - {{- if and ( $values.targetPort ) ( kindIs "int" $values.targetPort ) }} - {{- if ( semverCompare "<= 1024" ( toString $values.targetPort ) ) }} - {{- $privPort = true }} - {{- end }} - {{- else if and ( $values.port ) ( kindIs "int" $values.port ) }} - {{- if ( semverCompare "<= 1024" ( toString $values.port ) ) }} - {{- $privPort = true }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- if $privPort }} - {{- $dynamicCapAdd = list "NET_BIND_SERVICE" }} - {{- end }} - - {{/* combine and write all capabilities to .Values */}} - {{- $CapAdd := concat $fixedCapAdd $valueCapAdd $dynamicCapAdd }} - {{- $CapDrop := concat $fixedCapDrop $valueCapDrop $dynamicCapDrop }} - {{- if $CapDrop }} - {{- $_ := set .Values.securityContext.capabilities "drop" $CapDrop -}} - {{- end }} - {{- if $CapAdd }} - {{- $_ := set .Values.securityContext.capabilities "add" $CapAdd -}} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/_persistenceSimple.tpl b/charts/common/templates/lib/values/_persistenceSimple.tpl deleted file mode 100644 index d2fbe386..00000000 --- a/charts/common/templates/lib/values/_persistenceSimple.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* Allow some extra "fake" persistence options for SCALE GUI simplification */}} -{{- define "tc.common.lib.values.persistence.simple" -}} - {{- range .Values.persistence }} - {{- if .type }} - {{- if eq .type "simplePVC" }} - {{- $_ := set . "type" "pvc" }} - {{- end }} - {{- if eq .type "simpleHP" }} - {{- $_ := set . "type" "hostPath" }} - {{- if .setPermissionsSimple }} - {{- $_ := set . "setPermissions" .setPermissionsSimple }} - {{- end }} - {{- if .hostPathSimple }} - {{- $_ := set . "hostPath" .hostPathSimple }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/_privileged.tpl b/charts/common/templates/lib/values/_privileged.tpl deleted file mode 100644 index 8fce3571..00000000 --- a/charts/common/templates/lib/values/_privileged.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{/* Enable privileged securitycontext when deviceList is used */}} -{{- define "tc.common.lib.values.securityContext.privileged" -}} - {{- if .Values.securityContext.privileged }} - {{- else if .Values.deviceList }} - {{- $_ := set .Values.securityContext "privileged" true -}} - {{- $_ := set .Values.securityContext "allowPrivilegeEscalation" true -}} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/_serviceSimple.tpl b/charts/common/templates/lib/values/_serviceSimple.tpl deleted file mode 100644 index 451eb47c..00000000 --- a/charts/common/templates/lib/values/_serviceSimple.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{/* Allow some extra "fake" service options for SCALE GUI simplification */}} -{{- define "tc.common.lib.values.service.simple" -}} - {{- range .Values.service }} - {{- if .type }} - {{- if eq .type "Simple" }} - {{- $_ := set . "type" "LoadBalancer" }} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/_supplementalGroups.tpl b/charts/common/templates/lib/values/_supplementalGroups.tpl deleted file mode 100644 index f86a5863..00000000 --- a/charts/common/templates/lib/values/_supplementalGroups.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* Append default supplementalGroups to user defined groups */}} -{{- define "tc.common.lib.values.supplementalGroups" -}} - - {{/* save supplementalGroups to placeholder variables */}} - {{- $fixedGroups := list 568 }} - {{- $valuegroups := list }} - {{- $devGroups := list }} - {{- $gpuGroups := list }} - - {{/* put user-entered supplementalgroups in placeholder variable */}} - {{- if .Values.podSecurityContext.supplementalGroups }} - {{- $valuegroups = .Values.podSecurityContext.supplementalGroups }} - {{- end }} - - {{/* Append requered groups to supplementalGroups when deviceList is used */}} - {{- if and ( .Values.deviceList ) ( .Values.global.ixChartContext ) }} - {{- $devGroups = list 5 10 20 24 }} - {{- end }} - - {{/* Append requered groups to supplementalGroups when scaleGPU is used */}} - {{- if and ( .Values.scaleGPU ) ( .Values.global.ixChartContext ) }} - {{- $gpuGroups = list 44 107 }} - {{- end }} - - {{/* combine and write all supplementalGroups to .Values */}} - {{- $supGroups := concat $fixedGroups $valuegroups $devGroups $gpuGroups }} - {{- $_ := set .Values.podSecurityContext "supplementalGroups" $supGroups -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/_values.tpl b/charts/common/templates/lib/values/_values.tpl deleted file mode 100644 index 8626c04e..00000000 --- a/charts/common/templates/lib/values/_values.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* Merge the local chart values and the common chart defaults */}} -{{- define "tc.common.values.init" -}} - {{- if .Values.common -}} - {{- $defaultValues := deepCopy .Values.common -}} - {{- $userValues := deepCopy (omit .Values "common") -}} - {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}} - {{- $_ := set . "Values" (deepCopy $mergedValues) -}} - {{- end -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/_vctSimple.tpl b/charts/common/templates/lib/values/_vctSimple.tpl deleted file mode 100644 index f70076f4..00000000 --- a/charts/common/templates/lib/values/_vctSimple.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{/* Allow some extra "fake" VolumeClaimTemplate options for SCALE GUI simplification */}} -{{- define "tc.common.lib.values.volumeClaimTemplates.simple" -}} - {{- range .Values.volumeClaimTemplates }} - {{- if .type }} - {{- if eq .type "simplePVC" }} - {{- $_ := set . "type" "pvc" }} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_controllerAnnotationsList.tpl b/charts/common/templates/lib/values/lists/_controllerAnnotationsList.tpl deleted file mode 100644 index cfb648f3..00000000 --- a/charts/common/templates/lib/values/lists/_controllerAnnotationsList.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* merge controllerAnnotationsList with controllerAnnotations */}} -{{- define "tc.common.lib.values.controller.annotations.list" -}} - {{- $controllerAnnotationsDict := dict }} - {{- range .Values.controller.annotationsList }} - {{- $_ := set $controllerAnnotationsDict .name .value }} - {{- end }} - {{- $controlleranno := merge .Values.controller.annotations $controllerAnnotationsDict }} - {{- $_ := set .Values.controller "annotations" (deepCopy $controlleranno) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_controllerLabelsList.tpl b/charts/common/templates/lib/values/lists/_controllerLabelsList.tpl deleted file mode 100644 index 747f0338..00000000 --- a/charts/common/templates/lib/values/lists/_controllerLabelsList.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* merge controllerLabelsList with controllerLabels */}} -{{- define "tc.common.lib.values.controller.label.list" -}} - {{- $controllerLabelsDict := dict }} - {{- range .Values.controller.labelsList }} - {{- $_ := set $controllerLabelsDict .name .value }} - {{- end }} - {{- $controllerlab := merge .Values.controller.labels $controllerLabelsDict }} - {{- $_ := set .Values "labels" (deepCopy $controllerlab) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_ingressAnnotationsList.tpl b/charts/common/templates/lib/values/lists/_ingressAnnotationsList.tpl deleted file mode 100644 index dd80543c..00000000 --- a/charts/common/templates/lib/values/lists/_ingressAnnotationsList.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* merge ingressAnnotationsList with ingressAnnotations */}} -{{- define "tc.common.lib.values.ingress.annotations.list" -}} - {{- range $index, $item := .Values.ingress }} - {{- if $item.enabled }} - {{- $ingressAnnotationsDict := dict }} - {{- range $item.annotationsList }} - {{- $_ := set $ingressAnnotationsDict .name .value }} - {{- end }} - {{- $tmp := $item.annotations }} - {{- $ingressanno := merge $tmp $ingressAnnotationsDict }} - {{- $_ := set $item "annotations" (deepCopy $ingressanno) -}} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_ingressLabelsList.tpl b/charts/common/templates/lib/values/lists/_ingressLabelsList.tpl deleted file mode 100644 index 702eaf27..00000000 --- a/charts/common/templates/lib/values/lists/_ingressLabelsList.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* merge ingressLabelsList with ingressLabels */}} -{{- define "tc.common.lib.values.ingress.label.list" -}} - {{- range $index, $item := .Values.ingress }} - {{- if $item.enabled }} - {{- $ingressLabelsDict := dict }} - {{- range $item.labelsList }} - {{- $_ := set $ingressLabelsDict .name .value }} - {{- end }} - {{- $tmp := $item.labels }} - {{- $ingresslab := merge $tmp $ingressLabelsDict }} - {{- $_ := set $item "labels" (deepCopy $ingresslab) -}} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_ingressList.tpl b/charts/common/templates/lib/values/lists/_ingressList.tpl deleted file mode 100644 index 2c24fd7f..00000000 --- a/charts/common/templates/lib/values/lists/_ingressList.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* merge ingressList with ingress */}} -{{- define "tc.common.lib.values.ingress.list" -}} - {{- $ingDict := dict }} - {{- range $index, $item := .Values.ingressList -}} - {{- $name := ( printf "list-%s" ( $index | toString ) ) }} - {{- if $item.name }} - {{- $name = $item.name }} - {{- end }} - {{- $_ := set $ingDict $name $item }} - {{- end }} - {{- $ing := merge .Values.ingress $ingDict }} - {{- $_ := set .Values "ingress" (deepCopy $ing) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_persistenceAnnotationsList.tpl b/charts/common/templates/lib/values/lists/_persistenceAnnotationsList.tpl deleted file mode 100644 index f73ef812..00000000 --- a/charts/common/templates/lib/values/lists/_persistenceAnnotationsList.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* merge persistenceAnnotationsList with persistenceAnnotations */}} -{{- define "tc.common.lib.values.persistence.annotations.list" -}} - {{- range $index, $item := .Values.persistence }} - {{- if $item.enabled }} - {{- $persistenceAnnotationsDict := dict }} - {{- range $item.annotationsList }} - {{- $_ := set $persistenceAnnotationsDict .name .value }} - {{- end }} - {{- $tmp := $item.annotations }} - {{- $persistenceanno := merge $tmp $persistenceAnnotationsDict }} - {{- $_ := set $item "annotations" (deepCopy $persistenceanno) -}} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_persistenceLabelsList.tpl b/charts/common/templates/lib/values/lists/_persistenceLabelsList.tpl deleted file mode 100644 index 051a853b..00000000 --- a/charts/common/templates/lib/values/lists/_persistenceLabelsList.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* merge persistenceLabelsList with persistenceLabels */}} -{{- define "tc.common.lib.values.persistence.label.list" -}} - {{- range $index, $item := .Values.persistence }} - {{- if $item.enabled }} - {{- $persistenceLabelsDict := dict }} - {{- range $item.labelsList }} - {{- $_ := set $persistenceLabelsDict .name .value }} - {{- end }} - {{- $tmp := $item.labels }} - {{- $persistencelab := merge $tmp $persistenceLabelsDict }} - {{- $_ := set $item "labels" (deepCopy $persistencelab) -}} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_persistenceList.tpl b/charts/common/templates/lib/values/lists/_persistenceList.tpl deleted file mode 100644 index 4907aa05..00000000 --- a/charts/common/templates/lib/values/lists/_persistenceList.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* merge persistenceList with Persitence */}} -{{- define "tc.common.lib.values.persistence.list" -}} - {{- $perDict := dict }} - {{- range $index, $item := .Values.persistenceList -}} - {{- $name := ( printf "list-%s" ( $index | toString ) ) }} - {{- if $item.name }} - {{- $name = $item.name }} - {{- end }} - {{- $_ := set $perDict $name $item }} - {{- end }} - - {{- range $index, $item := .Values.deviceList -}} - {{- $name := ( printf "device-%s" ( $index | toString ) ) }} - {{- if $item.name }} - {{- $name = $item.name }} - {{- end }} - {{- $_ := set $perDict $name $item }} - {{- end }} - {{- $per := merge .Values.persistence $perDict }} - {{- $_ := set .Values "persistence" (deepCopy $per) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_podAnnotationsList.tpl b/charts/common/templates/lib/values/lists/_podAnnotationsList.tpl deleted file mode 100644 index 38f8f7c7..00000000 --- a/charts/common/templates/lib/values/lists/_podAnnotationsList.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* merge podAnnotationsList with podAnnotations */}} -{{- define "tc.common.lib.values.pod.annotations.list" -}} - {{- $podAnnotationsDict := dict }} - {{- range .Values.podAnnotationsList }} - {{- $_ := set $podAnnotationsDict .name .value }} - {{- end }} - {{- $podanno := merge .Values.podAnnotations $podAnnotationsDict }} - {{- $_ := set .Values "podAnnotations" (deepCopy $podanno) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_podLabelsList.tpl b/charts/common/templates/lib/values/lists/_podLabelsList.tpl deleted file mode 100644 index 585106d8..00000000 --- a/charts/common/templates/lib/values/lists/_podLabelsList.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* merge podLabelsList with podLabels */}} -{{- define "tc.common.lib.values.pod.label.list" -}} - {{- $podLabelsDict := dict }} - {{- range .Values.controller.labelsList }} - {{- $_ := set $podLabelsDict .name .value }} - {{- end }} - {{- $podlab := merge .Values.controller.labels $podLabelsDict }} - {{- $_ := set .Values.controller "labels" (deepCopy $podlab) -}} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_portsList.tpl b/charts/common/templates/lib/values/lists/_portsList.tpl deleted file mode 100644 index 4182a9d5..00000000 --- a/charts/common/templates/lib/values/lists/_portsList.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* merge portsList with ports */}} -{{- define "tc.common.lib.values.ports.list" -}} - {{- range $index, $item := .Values.service -}} - {{- if $item.enabled }} - {{- $portsDict := dict }} - {{- range $index2, $item2 := $item.portsList -}} - {{- if $item2.enabled }} - {{- $name := ( printf "list-%s" ( $index2 | toString ) ) }} - {{- if $item2.name }} - {{- $name = $item2.name }} - {{- end }} - {{- $_ := set $portsDict $name $item2 }} - {{- end }} - {{- $tmp := $item.ports }} - {{- $ports := merge $tmp $portsDict }} - {{- $_ := set $item "ports" (deepCopy $ports) -}} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/common/templates/lib/values/lists/_serviceList.tpl b/charts/common/templates/lib/values/lists/_serviceList.tpl deleted file mode 100644 index 07b689b5..00000000 --- a/charts/common/templates/lib/values/lists/_serviceList.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* merge serviceList with service */}} -{{- define "tc.common.lib.values.service.list" -}} - {{- $portsDict := dict }} - {{- range $index, $item := .Values.serviceList -}} - {{- if $item.enabled }} - {{- $name := ( printf "list-%s" ( $index | toString ) ) }} - {{- if $item.name }} - {{- $name = $item.name }} - {{- end }} - {{- $_ := set $portsDict $name $item }} - {{- end }} - {{- end }} - {{- $srv := merge .Values.service $portsDict }} - {{- $_ := set .Values "service" (deepCopy $srv) -}} -{{- end -}} diff --git a/charts/common/templates/loader/_all.tpl b/charts/common/templates/loader/_all.tpl deleted file mode 100644 index 0c931509..00000000 --- a/charts/common/templates/loader/_all.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* -Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. -*/}} -{{- define "tc.common.loader.all" -}} - {{/* Generate chart and dependency values */}} - {{- include "tc.common.loader.init" . }} - - {{/* Generate remaining objects */}} - {{- include "tc.common.loader.apply" . }} - -{{- end -}} diff --git a/charts/common/templates/loader/_apply.tpl b/charts/common/templates/loader/_apply.tpl deleted file mode 100644 index 45931203..00000000 --- a/charts/common/templates/loader/_apply.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Secondary entrypoint and primary loader for the common chart -*/}} -{{- define "tc.common.loader.apply" -}} - - {{/* Render the externalInterfaces */}} - {{ include "tc.common.scale.externalInterfaces" . | nindent 0 }} - - {{/* Enable code-server add-on if required */}} - {{- if .Values.addons.codeserver.enabled }} - {{- include "tc.common.addon.codeserver" . }} - {{- end -}} - - {{/* Enable VPN add-on if required */}} - {{- if ne "disabled" .Values.addons.vpn.type -}} - {{- include "tc.common.addon.vpn" . }} - {{- end -}} - - {{/* Build the configmaps */}} - {{ include "tc.common.spawner.configmap" . | nindent 0 }} - - {{/* Build the secrets */}} - {{ include "tc.common.spawner.secret" . | nindent 0 }} - - {{/* Build the templates */}} - {{- include "tc.common.spawner.pvc" . }} - - {{ include "tc.common.spawner.serviceaccount" . | nindent 0 }} - - {{- if .Values.controller.enabled }} - {{- if eq .Values.controller.type "deployment" }} - {{- include "tc.common.deployment" . | nindent 0 }} - {{ else if eq .Values.controller.type "daemonset" }} - {{- include "tc.common.daemonset" . | nindent 0 }} - {{ else if eq .Values.controller.type "statefulset" }} - {{- include "tc.common.statefulset" . | nindent 0 }} - {{ else }} - {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) }} - {{- end -}} - {{- end -}} - - {{ include "tc.common.spawner.rbac" . | nindent 0 }} - - {{ include "tc.common.spawner.hpa" . | nindent 0 }} - - {{ include "tc.common.spawner.service" . | nindent 0 }} - - {{ include "tc.common.spawner.ingress" . | nindent 0 }} - - {{ include "tc.common.scale.portal" . | nindent 0 }} - - {{ include "tc.common.spawner.networkpolicy" . | nindent 0 }} - -{{- end -}} diff --git a/charts/common/templates/loader/_init.tpl b/charts/common/templates/loader/_init.tpl deleted file mode 100644 index 5e4faeb7..00000000 --- a/charts/common/templates/loader/_init.tpl +++ /dev/null @@ -1,41 +0,0 @@ -{{- define "tc.common.loader.init" -}} - {{/* Merge the local chart values and the common chart defaults */}} - {{- include "tc.common.values.init" . }} - - {{- include "tc.common.loader.lists" . }} - - {{- include "tc.common.lib.values.persistence.simple" . }} - - {{- include "tc.common.lib.values.volumeClaimTemplates.simple" . }} - - {{- include "tc.common.lib.values.service.simple" . }} - - {{- include "tc.common.lib.values.capabilities" . }} - - {{- include "tc.common.lib.values.supplementalGroups" . }} - - {{- include "tc.common.lib.values.securityContext.privileged" . }} - - {{ include "tc.common.lib.util.manifest.update" . | nindent 0 }} - - {{/* Autogenerate cnpg objects if needed */}} - {{- include "tc.common.dependencies.cnpg.main" . }} - - {{/* Autogenerate postgresql passwords if needed */}} - {{- include "tc.common.dependencies.postgresql.injector" . }} - - {{/* Autogenerate redis passwords if needed */}} - {{- include "tc.common.dependencies.redis.injector" . }} - - {{/* Autogenerate mariadb passwords if needed */}} - {{- include "tc.common.dependencies.mariadb.injector" . }} - - {{/* Autogenerate mongodb passwords if needed */}} - {{- include "tc.common.dependencies.mongodb.injector" . }} - - {{/* Autogenerate clickhouse passwords if needed */}} - {{- include "tc.common.dependencies.clickhouse.injector" . }} - - {{/* Autogenerate solr passwords if needed */}} - {{- include "tc.common.dependencies.solr.injector" . }} -{{- end -}} diff --git a/charts/common/templates/loader/_lists.tpl b/charts/common/templates/loader/_lists.tpl deleted file mode 100644 index 2cd8d794..00000000 --- a/charts/common/templates/loader/_lists.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* load all list to dict injectors */}} -{{- define "tc.common.loader.lists" -}} - - {{ include "tc.common.lib.values.controller.label.list" . }} - {{ include "tc.common.lib.values.controller.annotations.list" . }} - - {{ include "tc.common.lib.values.pod.label.list" . }} - {{ include "tc.common.lib.values.pod.annotations.list" . }} - - {{ include "tc.common.lib.values.persistence.list" . }} - {{ include "tc.common.lib.values.persistence.label.list" . }} - {{ include "tc.common.lib.values.persistence.annotations.list" . }} - - {{ include "tc.common.lib.values.service.list" . }} - {{ include "tc.common.lib.values.ports.list" . }} - - {{ include "tc.common.lib.values.ingress.list" . }} - {{ include "tc.common.lib.values.ingress.label.list" . }} - {{ include "tc.common.lib.values.ingress.annotations.list" . }} - -{{- end -}} diff --git a/charts/common/templates/pods/_daemonset.tpl b/charts/common/templates/pods/_daemonset.tpl deleted file mode 100644 index 211af94b..00000000 --- a/charts/common/templates/pods/_daemonset.tpl +++ /dev/null @@ -1,36 +0,0 @@ -{{/* -This template serves as the blueprint for the DaemonSet objects that are created -within the common library. -*/}} -{{- define "tc.common.daemonset" }} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "tc.common.names.fullname" . }} - {{- with (merge (.Values.controller.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with (merge (.Values.controller.annotations | default dict) (include "tc.common.annotations" $ | fromYaml) (include "tc.common.annotations.workload" $ | fromYaml)) }} - annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - {{- include "tc.common.annotations.workload.spec" . | nindent 8 }} - {{- with .Values.podAnnotations }} - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - labels: - {{- include "tc.common.labels.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - spec: - {{- include "tc.common.controller.pod" . | nindent 6 }} -{{- end }} diff --git a/charts/common/templates/pods/_deployment.tpl b/charts/common/templates/pods/_deployment.tpl deleted file mode 100644 index ac587afb..00000000 --- a/charts/common/templates/pods/_deployment.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -This template serves as the blueprint for the Deployment objects that are created -within the common library. -*/}} -{{- define "tc.common.deployment" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tc.common.names.fullname" . }} - {{- with (merge (.Values.controller.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with (merge (.Values.controller.annotations | default dict) (include "tc.common.annotations" $ | fromYaml) (include "tc.common.annotations.workload" $ | fromYaml)) }} - annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} - replicas: {{ .Values.controller.replicas }} - {{- $strategy := default "Recreate" .Values.controller.strategy }} - {{- if and (ne $strategy "Recreate") (ne $strategy "RollingUpdate") }} - {{- fail (printf "Not a valid strategy type for Deployment (%s)" $strategy) }} - {{- end }} - strategy: - type: {{ $strategy }} - {{- with .Values.controller.rollingUpdate }} - {{- if and (eq $strategy "RollingUpdate") (or .surge .unavailable) }} - rollingUpdate: - {{- with .unavailable }} - maxUnavailable: {{ . }} - {{- end }} - {{- with .surge }} - maxSurge: {{ . }} - {{- end }} - {{- end }} - {{- end }} - selector: - matchLabels: - {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - {{- include "tc.common.annotations.workload.spec" . | nindent 8 }} - {{- with .Values.podAnnotations }} - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - labels: - {{- include "tc.common.labels.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - spec: - {{- include "tc.common.controller.pod" . | nindent 6 }} -{{- end }} diff --git a/charts/common/templates/pods/_statefulset.tpl b/charts/common/templates/pods/_statefulset.tpl deleted file mode 100644 index be7eaaa8..00000000 --- a/charts/common/templates/pods/_statefulset.tpl +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -This template serves as the blueprint for the StatefulSet objects that are created -within the common library. -*/}} -{{- define "tc.common.statefulset" }} -{{- $values := .Values }} -{{- $releaseName := .Release.Name }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "tc.common.names.fullname" . }} - {{- with (merge (.Values.controller.labels | default dict) (include "tc.common.labels" $ | fromYaml)) }} - labels: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} - {{- with (merge (.Values.controller.annotations | default dict) (include "tc.common.annotations" $ | fromYaml) (include "tc.common.annotations.workload" $ | fromYaml)) }} - annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} - {{- end }} -spec: - revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} - replicas: {{ .Values.controller.replicas }} - {{- $strategy := default "RollingUpdate" .Values.controller.strategy }} - {{- if and (ne $strategy "OnDelete") (ne $strategy "RollingUpdate") }} - {{- fail (printf "Not a valid strategy type for StatefulSet (%s)" $strategy) }} - {{- end }} - updateStrategy: - type: {{ $strategy }} - {{- if and (eq $strategy "RollingUpdate") .Values.controller.rollingUpdate.partition }} - rollingUpdate: - partition: {{ .Values.controller.rollingUpdate.partition }} - {{- end }} - selector: - matchLabels: - {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} - serviceName: {{ include "tc.common.names.fullname" . }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - labels: - {{- include "tc.common.labels.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- tpl ( toYaml . ) $ | nindent 8 }} - {{- end }} - spec: - {{- include "tc.common.controller.pod" . | nindent 6 }} - volumeClaimTemplates: - {{- range $index, $vct := .Values.volumeClaimTemplates }} - - metadata: - name: {{ tpl ( toString $index ) $ }} - spec: - accessModes: - - {{ tpl ( $vct.accessMode | default "ReadWriteOnce" ) $ | quote }} - resources: - requests: - storage: {{ tpl ( $vct.size | default "999Gi" ) $ | quote }} - {{ include "tc.common.storage.storageClassName" ( dict "persistence" $vct "global" $) }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_configmap.tpl b/charts/common/templates/spawner/_configmap.tpl deleted file mode 100644 index 00009834..00000000 --- a/charts/common/templates/spawner/_configmap.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the configMap objects required by the chart. -*/}} -{{- define "tc.common.spawner.configmap" -}} - {{/* Generate named configMaps as required */}} - {{- range $name, $configmap := .Values.configmap }} - {{- if $configmap.enabled -}} - {{- $configmapValues := $configmap -}} - - {{/* set the default nameOverride to the configMap name */}} - {{- if not $configmapValues.nameOverride -}} - {{- $_ := set $configmapValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "configmap" $configmapValues) -}} - {{- include "tc.common.class.configmap" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_hpa.tpl b/charts/common/templates/spawner/_hpa.tpl deleted file mode 100644 index 38565db4..00000000 --- a/charts/common/templates/spawner/_hpa.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the configMap objects required by the chart. -*/}} -{{- define "tc.common.spawner.hpa" -}} - {{/* Generate named configMaps as required */}} - {{- range $name, $hpa := .Values.horizontalPodAutoscaler }} - {{- if $hpa.enabled -}} - {{- $hpaValues := $hpa -}} - - {{/* set the default nameOverride to the hpa name */}} - {{- if not $hpaValues.nameOverride -}} - {{- $_ := set $hpaValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "hpa" $hpaValues) -}} - {{- include "tc.common.class.hpa" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_ingress.tpl b/charts/common/templates/spawner/_ingress.tpl deleted file mode 100644 index 5aa7dc96..00000000 --- a/charts/common/templates/spawner/_ingress.tpl +++ /dev/null @@ -1,29 +0,0 @@ -{{/* Renders the Ingress objects required by the chart */}} -{{- define "tc.common.spawner.ingress" -}} - {{/* Generate named ingresses as required */}} - {{- range $name, $ingress := .Values.ingress }} - {{- if $ingress.enabled -}} - {{- $ingressValues := $ingress -}} - - {{/* set defaults */}} - {{- if and (not $ingressValues.nameOverride) (ne $name (include "tc.common.lib.util.ingress.primary" $)) -}} - {{- $_ := set $ingressValues "nameOverride" $name -}} - {{- end -}} - - {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} - {{- include "tc.common.class.ingress" $ }} - - {{- range $index, $tlsValues := $ingressValues.tls }} - {{- if and ( .scaleCert ) ( $.Values.global.ixChartContext ) }} - {{- $nameOverride := ( printf "%v-%v" "tls" $index ) -}} - {{- if $ingressValues.nameOverride -}} - {{- $nameOverride = ( printf "%v-%v-%v" $ingressValues.nameOverride "tls" $index ) -}} - {{- end }} - {{- $_ := set $tlsValues "nameOverride" $nameOverride -}} - {{- $_ := set $ "ObjectValues" (dict "certHolder" $tlsValues) -}} - {{- include "tc.common.scale.cert.secret" $ }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_networkPolicy.tpl b/charts/common/templates/spawner/_networkPolicy.tpl deleted file mode 100644 index d3d87feb..00000000 --- a/charts/common/templates/spawner/_networkPolicy.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the networkPolicy objects required by the chart. -*/}} -{{- define "tc.common.spawner.networkpolicy" -}} - {{/* Generate named networkpolicy as required */}} - {{- range $name, $networkPolicy := .Values.networkPolicy }} - {{- if $networkPolicy.enabled -}} - {{- $networkPolicyValues := $networkPolicy -}} - - {{/* set the default nameOverride to the networkpolicy name */}} - {{- if not $networkPolicyValues.nameOverride -}} - {{- $_ := set $networkPolicyValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "networkPolicy" $networkPolicyValues) -}} - {{- include "tc.common.class.networkpolicy" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_pvc.tpl b/charts/common/templates/spawner/_pvc.tpl deleted file mode 100644 index 9d4403f0..00000000 --- a/charts/common/templates/spawner/_pvc.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -Renders the Persistent Volume Claim objects required by the chart. -*/}} -{{- define "tc.common.spawner.pvc" -}} - {{/* Generate pvc as required */}} - {{- range $index, $PVC := .Values.persistence }} - {{- if and $PVC.enabled (eq (default "pvc" $PVC.type) "pvc") (not $PVC.existingClaim) -}} - {{- $persistenceValues := $PVC -}} - {{- if not $persistenceValues.nameOverride -}} - {{- $_ := set $persistenceValues "nameOverride" $index -}} - {{- end -}} - {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}} - {{- include "tc.common.class.pvc" $ | nindent 0 -}} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_rbac.tpl b/charts/common/templates/spawner/_rbac.tpl deleted file mode 100644 index 2d62fad8..00000000 --- a/charts/common/templates/spawner/_rbac.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the configMap objects required by the chart. -*/}} -{{- define "tc.common.spawner.rbac" -}} - {{/* Generate named rbac as required */}} - {{- range $name, $rbac := .Values.rbac }} - {{- if $rbac.enabled -}} - {{- $rbacValues := $rbac -}} - - {{/* set the default nameOverride to the rbac name */}} - {{- if and (not $rbacValues.nameOverride) (ne $name (include "tc.common.lib.util.rbac.primary" $)) -}} - {{- $_ := set $rbacValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "rbac" $rbacValues) -}} - {{- include "tc.common.class.rbac" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_secret.tpl b/charts/common/templates/spawner/_secret.tpl deleted file mode 100644 index b0bd40b5..00000000 --- a/charts/common/templates/spawner/_secret.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Renders the Secret objects required by the chart. -*/}} -{{- define "tc.common.spawner.secret" -}} - {{- with .Values.secretEnv }} - {{- $secretEnvValues := dict "data" . -}} - - {{- $_ := set $ "ObjectValues" (dict "secret" $secretEnvValues) -}} - {{- include "tc.common.class.secret" $ }} - {{- end }} - - {{/* Generate named secrets as required */}} - {{- range $name, $secret := .Values.secret }} - {{- if $secret.enabled -}} - {{- $secretValues := $secret -}} - - {{/* set the default nameOverride to the Secret name */}} - {{- if not $secretValues.nameOverride -}} - {{- $_ := set $secretValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "secret" $secretValues) -}} - {{- include "tc.common.class.secret" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_service.tpl b/charts/common/templates/spawner/_service.tpl deleted file mode 100644 index 4e598178..00000000 --- a/charts/common/templates/spawner/_service.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the Service objects required by the chart. -*/}} -{{- define "tc.common.spawner.service" -}} - {{/* Generate named services as required */}} - {{- range $name, $service := .Values.service }} - {{- if $service.enabled -}} - {{- $serviceValues := $service -}} - - {{/* set the default nameOverride to the service name */}} - {{- if and (not $serviceValues.nameOverride) (ne $name (include "tc.common.lib.util.service.primary" $)) -}} - {{- $_ := set $serviceValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} - {{- include "tc.common.class.service" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/templates/spawner/_serviceaccount.tpl b/charts/common/templates/spawner/_serviceaccount.tpl deleted file mode 100644 index a1240f07..00000000 --- a/charts/common/templates/spawner/_serviceaccount.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Renders the serviceAccount objects required by the chart. -*/}} -{{- define "tc.common.spawner.serviceaccount" -}} - {{/* Generate named serviceAccount as required */}} - {{- range $name, $serviceAccount := .Values.serviceAccount }} - {{- if $serviceAccount.enabled -}} - {{- $saValues := $serviceAccount -}} - - {{/* set the default nameOverride to the serviceAccount name */}} - {{- if and (not $saValues.nameOverride) (ne $name (include "tc.common.lib.util.serviceaccount.primary" $)) -}} - {{- $_ := set $saValues "nameOverride" $name -}} - {{ end -}} - - {{- $_ := set $ "ObjectValues" (dict "serviceAccount" $saValues) -}} - {{- include "tc.common.class.serviceAccount" $ }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/common/values.yaml b/charts/common/values.yaml deleted file mode 100644 index 763b2b63..00000000 --- a/charts/common/values.yaml +++ /dev/null @@ -1,1217 +0,0 @@ -# -- OpenVPN specific configuration -# @default -- See below -openvpnImage: - # -- Specify the openvpn client image - repository: tccr.io/truecharts/openvpn-client - # -- Specify the openvpn client image tag - tag: latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688 - # -- Specify the openvpn client image pull policy - pullPolicy: IfNotPresent - -# -- WireGuard specific configuration -# @default -- See below -wireguardImage: - # -- Specify the WireGuard image - repository: tccr.io/truecharts/wireguard - # -- Specify the WireGuard image tag - tag: v1.0.20210914@sha256:9f56e5660e8df8d4d38521ed73a4cc29fa24bf578007bfbe633e00184e2ebfbc - # -- Specify the WireGuard image pull policy - pullPolicy: IfNotPresent - -# -- Tailscale specific configuration -# @default -- See below -tailscaleImage: - # -- Specify the Tailscale image - repository: tailscale/tailscale - # -- Specify the Tailscale image tag - # TODO: Switch to stable once a v1.33.x is released - tag: v1.34.1@sha256:69bec9fdea25765e1b9dd129ccaeaf1e160f1132bb390535772fa939f0bf620b - # -- Specify the Tailscale image pull policy - pullPolicy: IfNotPresent - -# -- codeserver specific configuration -# @default -- See below -codeserverImage: - # -- Specify the code-server image - repository: tccr.io/truecharts/code-server - # -- Specify the code-server image tag - tag: 4.9.1@sha256:b339bd8f6da4c73c0259d6951991278aa1595a6be570a207ce635c75aac9893d - # -- Specify the code-server image pull policy - pullPolicy: IfNotPresent - -ubuntuImage: - # -- Specify the multi-init image - repository: tccr.io/truecharts/ubuntu - # -- Specify the redis image tag - tag: jammy-20221101@sha256:4b9475e08c5180d4e7417dc6a18a26dcce7691e4311e5353dbb952645c5ff43f - # -- Specify the redis image pull policy - pullPolicy: IfNotPresent - -alpineImage: - # -- Specify the multi-init image - repository: tccr.io/truecharts/alpine - # -- Specify the redis image tag - tag: v3.17.0@sha256:f8607e14a5e456c1b8fe50b7f0c9371b4aae543d23080f5e2fe0bdbb06d2413b - # -- Specify the redis image pull policy - pullPolicy: IfNotPresent - -kubectlImage: - # -- Specify the multi-init image - repository: tccr.io/truecharts/kubectl - # -- Specify the redis image tag - tag: v1.26.0@sha256:6d6e0e50f28b961ed1c1c6a9c140553238641591fbdc9ac7c1a348636f78c552 - # -- Specify the redis image pull policy - pullPolicy: IfNotPresent - -# -- Used to inject our own operator manifests into SCALE -manifests: - enabled: true - nonBlocking: true - staging: false - -global: - # -- Set an override for the prefix of the fullname - nameOverride: - # -- Set the entire name definition - fullnameOverride: - # -- Set additional global labels. Helm templates can be used. - labels: {} - # -- Set additional global annotations. Helm templates can be used. - annotations: {} - -controller: - # -- enable the controller. - enabled: true - # -- Set the controller type. - # Valid options are deployment, daemonset or statefulset - type: deployment - # -- Set additional annotations on the deployment/statefulset/daemonset - annotationsList: [] - # - name: somename - # value: somevalue - # -- Set annotations on the deployment/statefulset/daemonset - annotations: {} - # -- Set additional labels on the deployment/statefulset/daemonset - labelsList: [] - # - name: somename - # value: somevalue - # -- Set labels on the deployment/statefulset/daemonset - labels: {} - # -- Number of desired pods - replicas: 1 - # -- Set the controller upgrade strategy - # For Deployments, valid values are Recreate (default) and RollingUpdate. - # For StatefulSets, valid values are OnDelete and RollingUpdate (default). - # DaemonSets ignore this. - strategy: - rollingUpdate: - # -- Set deployment RollingUpdate max unavailable - unavailable: - # -- Set deployment RollingUpdate max surge - surge: - # -- Set statefulset RollingUpdate partition - partition: - # -- ReplicaSet revision history limit - revisionHistoryLimit: 3 - -image: - # -- image repository - repository: - # -- image tag - tag: - # -- image pull policy - pullPolicy: - -# -- Image Selector allows for easy picking a different image dict, important for the SCALE GUI -imageSelector: "image" - -# -- Override the command(s) for the default container -command: [] - -# -- Override the args for the default container -args: [] - -# -- Add args in addition to the arguments set by default. -# Primarily for the SCALE GUI -extraArgs: [] - -# -- Set Container Timezone -TZ: UTC - -patchInotify: true - -# -- Set the primary portal for TrueNAS SCALE -portal: - # -- enable generation of the portal configmap - enabled: false - # -- Override Path using helm variables - # path: '/' - # -- Override the host, for example: by using a custom IP - # host: 192.168.66.6 - # -- Override the auotmatically gathered ingress port - # ingressPort: 666 - -# -- Set additional annotations on the pod -podAnnotationsList: [] -# - name: somename -# value: somevalue - -# -# -- Set annotations on the pod -podAnnotations: {} - -# -- Set additional labels on the pod -podLabelsList: [] -# - name: somename -# value: somevalue - -# -- Set labels on the pod -podLabels: {} - -# -- Determines whether containers in a pod runs with TTY enabled. -tty: false - -# -- Determines whether containers in a pod runs with stdin enabled. -stdin: false - -# -- Add a Horizontal Pod Autoscaler -# @default -- -horizontalPodAutoscaler: - main: - enabled: false - # -- deployment kind of target - # @default -- main pod - targetKind: - # -- name of the targeted deployment - # @default -- main pod - target: - # -- minimum amount of replica's to spawn - # @default -- 1 - minReplicas: - # -- minimum amount of replica's to spawn - # @default -- 100 - maxReplicas: - # -- minimum amount of replica's to spawn - # @default -- 80 - targetCPUUtilizationPercentage: - # -- minimum amount of replica's to spawn - # @default -- 80 - targetMemoryUtilizationPercentage: - -# -- Create serviceaccount -# @default -- See below -serviceAccount: - main: - # -- Make this the primary serviceAccount (used in probes, notes, etc...). - # If there is more than 1 serviceAccount, make sure that only 1 serviceAccount is marked as primary. - primary: true - - # -- Specifies whether a service account should be created - enabled: false - - # -- Annotations to add to the service account - annotations: {} - - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# -- Create a ClusterRole and ClusterRoleBinding -# @default -- See below -rbac: - main: - # -- Make this the primary rbac (used in probes, notes, etc...). - # If there is more than 1 rbac, make sure that only 1 rbac is marked as primary. - primary: true - - # -- Enables or disables the ClusterRole and ClusterRoleBinding - enabled: false - - # -- Set Annotations on the ClusterRole - clusterRoleLabels: {} - - # -- Set labels on the ClusterRole - clusterRoleAnnotations: {} - - # -- Set Annotations on the ClusterRoleBinding - - clusterRoleBindingLabels: {} - - # -- Set labels on the ClusterRoleBinding - clusterRoleBindingAnnotations: {} - - # -- Set Rules on the ClusterRole - rules: {} - - # -- Defines default subject serviceAccount Name. - # serviceAccountName: "" - - # -- Add subjects to the ClusterRoleBinding. - # includes the above created serviceaccount - subjects: {} - -# -- Configure networkPolicy for the chart here. -# @default -- See below -networkPolicy: - main: - # -- Enables or disables the networkPolicy - enabled: false - - # customizes the podSelector (defaults to the helm-chart selector-labels - # podSelector: - - # -- add or remove Policy types. Options: ingress, egress, ingress-egress - policyType: "" - # -- add or remove egress policies - egress: [] - # -- add or remove egress policies - ingress: [] - -# -- Use this directly attach a pod to a SCALE interface. -# Please be aware: This bypasses k8s services -externalInterfaces: [] - # - hostInterface: "ens3" - # ipam: - # type: "dhcp" - # - hostInterface: "br0" - # ipam: - # type: "static" - # staticIPConfigurations: - # - "192.168.0.120/24" - # staticRoutes: - # - destination: "0.0.0.0/0" - # gateway: "192.168.0.1" - - -# -- Render these Env-Vars by putting them into a kubernetes secret first. -secretEnv: {} - -# -- Main environment variables. Template enabled. -# Syntax options: -# A) TZ: UTC -# B) PASSWD: '{{ .Release.Name }}' -# C) PASSWD: -# configMapKeyRef: -# name: config-map-name -# key: key-name -# D) PASSWD: -# valueFrom: -# secretKeyRef: -# name: secret-name -# key: key-name -# ... -# E) - name: TZ -# value: UTC -# F) - name: TZ -# value: '{{ .Release.Name }}' -env: {} - -envFrom: [] -# - configMapRef: -# name: config-map-name -# - secretRef: -# name: secret-name - -# -- Create secret objects directly from dict. -secret: - # -- Secret Name - example-secret: - # -- Enable or Disable the secret from being created - enabled: false - # -- The actual data to be loaded into the secret as stringData - # Can contain tpl templating - data: {} - -# -- Custom priority class for different treatment by the scheduler -priorityClassName: # system-node-critical - -# -- Allows specifying a custom scheduler name -schedulerName: # awkward-dangerous-scheduler - -# -- Allows specifying explicit hostname setting -# please be aware this breaks some guides that assume default k8s hostnames... -hostname: - -# -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet` -hostNetwork: false - -# -- Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true. -dnsPolicy: # ClusterFirst - -# -- Optional DNS settings, configuring the ndots option may resolve nslookup issues on some Kubernetes setups. -# By default we already specify " ndots=1 ", due to some reoccuring issues on SCALE. -dnsConfig: - options: - - name: ndots - value: "1" - nameservers: [] - searches: [] - -# -- Enable/disable the generation of environment variables for services. -# [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service) -enableServiceLinks: false - -# -- Set the Process User ID (PUID) env-var seperately -security: - PUID: 568 - UMASK: 002 - -# -- Can be used to set securityContext.capabilities outside of the GUI on TrueNAS SCALE -customCapabilities: - drop: [] - add: [] - -# -- Configure the Security Context for the Pod -podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - supplementalGroups: [] - fsGroupChangePolicy: OnRootMismatch - -# -- Configure the Security Context for the main container -securityContext: - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: [] - add: [] - -# -- Configure the lifecycle for the main container -lifecycle: {} - -# -- These containers will be run, as an initcontainer, a single time at install only. -installContainers: {} - -# -- These containers will be run, as an initcontainer, a single time at each edit or update of the chart. -upgradeContainers: {} - -# -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. -# The dictionary item key will determine the order. Helm templates can be used. -initContainers: {} - -# -- Specify any additional containers here as dictionary items. Each additional container should have its own key. -# Helm templates can be used. -additionalContainers: {} - -# -- Probe configuration -# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) -# @default -- See below -probes: - # -- Liveness probe configuration - # @default -- See below - liveness: - # -- Enable the liveness probe - enabled: true - # -- Set this to `true` if you wish to specify your own livenessProbe - custom: false - # -- sets the probe type when not using a custom probe - # @default -- "TCP" - type: TCP - # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used - # @default -- "/" - path: "/" - # -- The spec field contains the values for the default livenessProbe. - # If you selected `custom: true`, this field holds the definition of the livenessProbe. - # @default -- See below - spec: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - - # -- Redainess probe configuration - # @default -- See below - readiness: - # -- Enable the readiness probe - enabled: true - # -- Set this to `true` if you wish to specify your own readinessProbe - custom: false - # -- sets the probe type when not using a custom probe - # @default -- "TCP" - type: TCP - # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used - # @default -- "/" - path: "/" - # -- The spec field contains the values for the default readinessProbe. - # If you selected `custom: true`, this field holds the definition of the readinessProbe. - # @default -- See below - spec: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - - # -- Startup probe configuration - # @default -- See below - startup: - # -- Enable the startup probe - enabled: true - # -- Set this to `true` if you wish to specify your own startupProbe - custom: false - # -- sets the probe type when not using a custom probe - # @default -- "TCP" - type: TCP - # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used - # @default -- "/" - path: "/" - # -- set to override the default port without using custom startupProbe - # Accepts TPL - # @default -- "" - port: "" - # -- The spec field contains the values for the default startupProbe. - # If you selected `custom: true`, this field holds the definition of the startupProbe. - # @default -- See below - spec: - initialDelaySeconds: 10 - timeoutSeconds: 2 - ## This means it has a maximum of 5*30=150 seconds to start up before it fails - periodSeconds: 5 - failureThreshold: 60 - -termination: - # -- Configure the path at which the file to which the main container's termination message will be written. - # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] - messagePath: - - # -- Indicate how the main container's termination message should be populated. - # Valid options are `File` and `FallbackToLogsOnError`. - # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] - messagePolicy: - - # -- Duration in seconds the pod needs to terminate gracefully - # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)] - gracePeriodSeconds: 10 - -# -- Configure additional services for the chart here. -# @default -- See below -serviceList: [] - -# -- Configure the services for the chart here. -# Additional services can be added by adding a dictionary key similar to the 'main' service. -# @default -- See below -service: - main: - # -- Enables or disables the service - enabled: true - - # -- Make this the primary service (used in probes, notes, etc...). - # If there is more than 1 service, make sure that only 1 service is marked as primary. - primary: true - - # -- Override the name suffix that is used for this service - nameOverride: - - # -- Override default selector - selector: {} - - # -- Set the service type - # Options: Simple(Loadbalancer), LoadBalancer, ClusterIP, NodePort - type: ClusterIP - annotationsList: [] - # - name: somename - # value: somevalue - # -- Provide additional annotations which may be required. - annotations: {} - - labelsList: [] - # - name: somename - # value: somevalue - # -- Set labels on the deployment/statefulset/daemonset - # -- Provide additional labels which may be required. - labels: {} - - # -- Configure additional Service port information here. - # @default -- See below - portsList: [] - - # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local - # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)] - externalTrafficPolicy: - - # -- Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack - ipFamilyPolicy: SingleStack - - # -- The ip families that should be used. Options: IPv4, IPv6 - ipFamilies: [] - - # -- Configure the Service port information here. - # Additional ports can be added by adding a dictionary key similar to the 'http' service. - # @default -- See below - ports: - main: - # -- Enables or disables the port - enabled: true - - # -- Make this the primary port (used in probes, notes, etc...) - # If there is more than 1 service, make sure that only 1 port is marked as primary. - primary: true - - # -- The port number - port: - - # -- Port protocol. - # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. - # HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation - protocol: HTTP - - # -- Specify a service targetPort if you wish to differ the service port from the application port. - # If `targetPort` is specified, this port number is used in the container definition instead of - # the `port` value. Therefore named ports are not supported for this field. - targetPort: - - # -- Specify the nodePort value for the LoadBalancer and NodePort service types. - # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) - nodePort: - -# -- Configure ingressList for the chart here. -# Additional items can be added by adding a items similar to ingress -# @default -- [] -ingressList: [] - -# -- Configure the ingresses for the chart here. -# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. -# @default -- See below -ingress: - main: - # -- Enables or disables the ingress - enabled: false - - # -- Make this the primary ingress (used in probes, notes, etc...). - # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. - primary: true - - # -- Override the name suffix that is used for this ingress. - nameOverride: - - # -- Autolink the ingress to a service and port, both with the same name as the ingress. - autoLink: false - - # -- disable to ignore any default middlwares - enableFixedMiddlewares: true - - # -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically - # Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names - # Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user - fixedMiddlewares: - - chain-basic - - # -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically - # Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names - middlewares: [] - annotationsList: [] - # - name: somename - # value: somevalue - # -- Provide additional annotations which may be required. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - labelsList: [] - # - name: somename - # value: somevalue - # -- Set labels on the deployment/statefulset/daemonset - # -- Provide additional labels which may be required. - # -- Provide additional labels which may be required. - labels: {} - - # -- Set the ingressClass that is used for this ingress. - # Requires Kubernetes >=1.19 - ingressClassName: # "nginx" - - ## Configure the hosts for the ingress - hosts: - - # -- Host address. Helm template can be passed. - host: chart-example.local - ## Configure the paths for the host - paths: - - # -- Path. Helm template can be passed. - path: / - # -- Ignored if not kubeVersion >= 1.14-0 - pathType: Prefix - service: - # -- Overrides the service name reference for this path - name: - # -- Overrides the service port reference for this path - port: - - # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. - tls: [] - # - secretName: chart-example-tls - # -- Create a secret from a GUI selected TrueNAS SCALE certificate - # scaleCert: true - # hosts: - # - chart-example.local - -# -- Configure persistenceList for the chart here. -# Used to create an additional GUI element in SCALE for mounting USB devices -# Additional items can be added by adding a items similar to persistence -# @default -- [] -deviceList: [] - -# -- Configure persistenceList for the chart here. -# Additional items can be added by adding a items similar to persistence -# @default -- [] -persistenceList: [] - -# -- Configure configMaps for the chart here. -# Additional configMaps can be added by adding a dictionary key similar to the 'config' object. -# @default -- See below -configmap: - config: - # -- Enables or disables the configMap - enabled: false - # -- Labels to add to the configMap - labels: {} - # -- Annotations to add to the configMap - annotations: {} - # -- configMap data content. Helm template enabled. - data: {} - # foo: bar - -# -- Configure persistence for the chart here. -# Additional items can be added by adding a dictionary key similar to the 'config' key. -# @default -- See below -persistence: - # -- Default persistence for configuration files. - # @default -- See below - pvc-example: - # -- Enables or disables the persistence item - enabled: false - annotationsList: [] - # - name: somename - # value: somevalue - # -- Add annotations to PVC object - annotations: {} - - labelsList: [] - # - name: somename - # value: somevalue - # -- Set labels on the deployment/statefulset/daemonset - # -- Provide additional labels which may be required. - # -- Add labels to PVC object - labels: {} - - # -- Sets the persistence type - # Valid options are: simplePVC, simpleHP, pvc, emptyDir, secret, configMap, hostPath or custom - type: pvc - - # -- force the complete PVC name - # Will not add any prefix or suffix - forceName: "" - - # -- Where to mount the volume in the main container. - # Defaults to `/`, - # setting to '-' creates the volume but disables the volumeMount. - mountPath: # /config - # -- Specify if the volume should be mounted read-only. - readOnly: false - # -- Override the name suffix that is used for this volume. - nameOverride: - - # -- Storage Class for the config volume. - # If set to `-`, dynamic provisioning is disabled. - # If set to `SCALE-ZFS`, the default provisioner for TrueNAS SCALE is used. - # If set to something else, the given storageClass is used. - # If undefined (the default), no storageClassName spec is set, choosing the default provisioner. - storageClass: # "-" - - # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here. - existingClaim: # your-claim - - # -- Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root - subPath: # some-subpath - - # mountPropagation: {} - - # -- AccessMode for the persistent volume. - # Make sure to select an access mode that is supported by your storage provider! - # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - accessMode: ReadWriteOnce - - # -- The amount of storage that is requested for the persistent volume. - size: 999Gi - - # -- Set to true to retain the PVC upon `helm uninstall` - retain: false - - # -- Add additional custom spec parameters - # Used, for example, by openEBS to set dataset parameters - # Be sure not to add duplicates of the above variables - spec: {} - - # -- Create an emptyDir volume to share between all containers - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) - # @default -- See below - shared: - enabled: true - type: emptyDir - mountPath: /shared - - # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead - # of the storage medium that backs the node. - medium: # Memory - - # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can - # specify a size for memory backed volumes. - sizeLimit: # 1Gi - - # -- Create an emptyDir volume to share between all containers - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) - # @default -- See below - varlogs: - enabled: true - type: emptyDir - mountPath: /var/logs - - # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead - # of the storage medium that backs the node. - medium: # Memory - - # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can - # specify a size for memory backed volumes. - sizeLimit: # 1Gi - - # -- Create an emptyDir volume to share between all containers for temporary storage - # @default -- See below - temp: - enabled: true - type: emptyDir - mountPath: /tmp - # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead - # of the storage medium that backs the node. - medium: # Memory - # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can - # specify a size for memory backed volumes. - sizeLimit: # 1Gi - - # -- Create an emptyDir volume to share between all containers - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) - # @default -- See below - varrun: - enabled: false - type: emptyDir - mountPath: /var/run - # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead - # of the storage medium that backs the node. - medium: Memory - # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can - # specify a size for memory backed volumes. - sizeLimit: # 1Gi - - # -- Create an emptyDir volume to for /dev/shm - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) - # @default -- See below - shm: - enabled: true - type: emptyDir - mountPath: /dev/shm - # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead - # of the storage medium that backs the node. - medium: Memory - # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can - # specify a size for memory backed volumes. - sizeLimit: # 1Gi - - # -- Example of a hostPath mount - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) - # @default -- See below - host-dev: - enabled: false - type: hostPath - # -- Which path on the host should be mounted. - hostPath: /dev - # -- Automatic set permissions using chown and chmod - setPermissions: false - # -- Where to mount the path in the main container. - # Defaults to the value of `hostPath` - mountPath: # /myDev - # -- Specifying a hostPathType adds a check before trying to mount the path. - # See Kubernetes documentation for options. - hostPathType: "" - # -- Specify if the path should be mounted read-only. - readOnly: true - - # -- Example of a Simple hostPath mount - # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) - # @default -- See below - host-simple-dev: - enabled: false - type: simpleHP - # -- Which path on the host should be mounted. - hostPathSimple: /dev - # -- Automatic set permissions using chown and chmod - setPermissionsSimple: false - # -- Where to mount the path in the main container. - # Defaults to the value of `hostPath` - mountPath: # /myDev - # -- Specifying a hostPathType adds a check before trying to mount the path. - # See Kubernetes documentation for options. - hostPathType: "" - # -- Specify if the path should be mounted read-only. - readOnly: true - - # -- Example of a custom mount - # @default -- See below - custom-mount: - enabled: false - type: custom - # -- Where to mount the volume in the main container. - # Defaults to `/`, - # setting to '-' creates the volume but disables the volumeMount. - mountPath: # /custom-mount - # -- Specify if the volume should be mounted read-only. - readOnly: false - # -- Define the custom Volume spec here - # [[ref]](https://kubernetes.io/docs/concepts/storage/volumes/) - volumeSpec: {} - # configMap: - # defaultMode: 420 - # name: my-settings - - # -- Example of a configmap mount - # @default -- See below - configmap-example: - enabled: false - type: configMap - # -- Specify the name of the configmap object to be mounted - objectName: myconfig-map - # -- Where to mount the volume in the main container. - # Defaults to `/`, - # setting to '-' creates the volume but disables the volumeMount. - mountPath: # /custom-mount - # -- Specify if the volume should be mounted read-only. - readOnly: false - - # -- Example of a secret mount - # @default -- See below - secret-example: - enabled: false - type: secret - # -- Specify the name of the secret object to be mounted - objectName: mysecret - # -- Where to mount the volume in the main container. - # Defaults to `/`, - # setting to '-' creates the volume but disables the volumeMount. - mountPath: # /custom-mount - # -- Specify if the volume should be mounted read-only. - readOnly: false - # -- define the default mount mode for the secret - defaultMode: 777 - # -- Define the secret items to be mounted - items: - - key: username - path: my-group/my-username - - # -- Example of a nfs mount - # @default -- See below - nfs-example: - enabled: false - type: nfs - # -- Specify the name of the secret object to be mounted - server: 192.168.10.10 - # -- define the default mount path on the nfs server - path: "/somepath" - # -- Where to mount the volume in the main container. - # Defaults to `/`, - # setting to '-' creates the volume but disables the volumeMount. - mountPath: # /custom-mount - # -- Specify if the volume should be mounted read-only. - readOnly: false - -# -- Used in conjunction with `controller.type: statefulset` to create individual disks for each instance. -volumeClaimTemplates: [] -# data: -# mountPath: /data -# accessMode: "ReadWriteOnce" -# size: 1Gi - -## Or use a list -# - name: backup -# mountPath: /backup -# subPath: theSubPath -# accessMode: "ReadWriteOnce" -# size: 2Gi -# storageClass: cheap-storage-class - -# -- Node selection constraint -# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) -nodeSelector: {} - -# -- Defines affinity constraint rules. -# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) -affinity: {} - -# -- Defines topologySpreadConstraint rules. -# [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) -topologySpreadConstraints: [] -# - maxSkew: -# topologyKey: -# whenUnsatisfiable: -# labelSelector: - -# -- Specify taint tolerations -# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) -tolerations: [] - -# -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. -# [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/) -hostAliases: [] -# - ip: "192.168.1.100" -# hostnames: -# - "example.com" -# - "www.example.com" - -# -- Set the resource requests / limits for the main container. -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 10m - memory: 50Mi - -# -- used to add SCALE GPU configuration -scaleGPU: - -# -- used to fake certain states for tests -test: - # -- fake install for install initContainers - install: false - # -- fake upgrade for upgrade initContainers - upgrade: false - -# -- The common chart supports several add-ons. These can be configured under this key. -# @default -- See below -addons: - # -- The common chart supports adding a VPN add-on. It can be configured under this key. - # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn) - # @default -- See values.yaml - vpn: - # -- Specify the VPN type. Valid options are disabled, openvpn, wireguard or tailscale - type: disabled - - # -- OpenVPN specific configuration - # @default -- See below - openvpn: - # -- Credentials to connect to the VPN Service (used with -a) - # Only using password is enough - username: "" - password: "" - - # -- Tailscale specific configuration - # @default -- See below - # See more info for the configuration - # https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh - tailscale: - # -- Auth key to connect to the VPN Service - authkey: "" - # As a sidecar, it should only need to run in userspace - userspace: true - auth_once: true - accept_dns: false - routes: "" - dest_ip: "" - sock5_server: "" - extra_args: "" - daemon_extra_args: "" - outbound_http_proxy_listen: "" - # -- Annotations for tailscale sidecar - annotations: {} - - killSwitch: true - excludedNetworks_IPv4: [] - excludedNetworks_IPv6: [] - - # -- Set the VPN container specific securityContext - # @default -- See values.yaml - securityContext: {} - - # -- All variables specified here will be added to the vpn sidecar container - # See the documentation of the VPN image for all config values - env: {} - # TZ: UTC - - # -- All variables specified here will be added to the vpn sidecar container - # See the documentation of the VPN image for all config values - envList: [] - # - name: someenv - # value: somevalue - - # -- Provide a customized vpn configuration file to be used by the VPN. - configFile: - enabled: true - type: hostPath - # -- Which path on the host should be mounted. - hostPath: /vpn/vpn.conf - noMount: true - # -- Specifying a hostPathType adds a check before trying to mount the path. - # See Kubernetes documentation for options. - hostPathType: "File" - - # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. - # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server) - # @default -- See values.yaml - codeserver: - # -- Enable running a code-server container in the pod - enabled: false - - # -- Set any environment variables for code-server here - env: {} - # TZ: UTC - - # -- All variables specified here will be added to the codeserver sidecar container - # See the documentation of the codeserver image for all config values - envList: [] - # - name: someenv - # value: somevalue - # -- Set codeserver command line arguments. - # Consider setting --user-data-dir to a persistent location to preserve code-server setting changes - args: - - --auth - - none - # - --user-data-dir - # - "/config/.vscode" - - # -- Specify the working dir that will be opened when code-server starts - # If not given, the app will default to the mountpah of the first specified volumeMount - workingDir: "/" - - # -- Optionally allow access a Git repository by passing in a private SSH key - # @default -- See below - git: - # -- Raw SSH private key - deployKey: "" - # -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. - deployKeyBase64: "" - # -- Existing secret containing SSH private key - # The chart expects it to be present under the `id_rsa` key. - deployKeySecret: "" - - service: - # -- Enable a service for the code-server add-on. - enabled: true - type: ClusterIP - # Specify the default port information - ports: - codeserver: - port: 12321 - enabled: true - protocol: TCP - targetPort: codeserver - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: 36107 - - ingress: - # -- Enable an ingress for the code-server add-on. - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - labels: {} - hosts: - - host: code.chart-example.local - paths: - - path: / - # Ignored if not kubeVersion >= 1.14-0 - pathType: Prefix - tls: [] - -## -# This section contains some-preconfig for frequently used dependencies -## - -# -- Postgresql dependency configuration -# @default -- See below -postgresql: - enabled: false - existingSecret: "dbcreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false - -cnpg: - enabled: false - # -- number of instances for both postgres and pgbouncer - instances: 2 - database: "app" - user: "app" - # password: - # superUserPassword: - # -- change to supervised to disable unsupervised updates - # Example of rolling update strategy: - # - unsupervised: automated update of the primary once all - # replicas have been upgraded (default) - # - supervised: requires manual supervision to perform - # the switchover of the primary - primaryUpdateStrategy: unsupervised - # -- enable to create extra pgbouncer for readonly access - acceptRO: false - # -- storage size for the two pvc's per instance - storage: - size: "256Gi" - walsize: "256Gi" - # -- set to enable prometheus metrics - monitoring: - enablePodMonitor: true - # -- contains credentials and urls output by generator - creds: {} - - -# -- Redis dependency configuration -# @default -- See below -redis: - enabled: false - existingSecret: "rediscreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false - -# -- mariadb dependency configuration -# @default -- See below -mariadb: - enabled: false - existingSecret: "mariadbcreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false - -# -- mongodb dependency configuration -# @default -- See below -mongodb: - enabled: false - existingSecret: "mongodbcreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false - -# -- clickhouse dependency configuration -# @default -- See below -clickhouse: - enabled: false - existingSecret: "clickhousecreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false - -# -- solr dependency configuration -# @default -- See below -solr: - enabled: false - existingSecret: "solrcreds" - # -- can be used to make an easy accessable note which URLS to use to access the DB. - url: {} - manifests: - enabled: false diff --git a/helper-charts/common-test/CHANGELOG.md b/helper-charts/common-test/CHANGELOG.md deleted file mode 100644 index 327ef3f3..00000000 --- a/helper-charts/common-test/CHANGELOG.md +++ /dev/null @@ -1,130 +0,0 @@ -# Changelog
- - - -### [common-test-3.3.8](https://github.com/truecharts/apps/compare/common-test-3.3.7...common-test-3.3.8) (2022-03-07) - -#### Chore - -* update docker general non-major ([#2046](https://github.com/truecharts/apps/issues/2046)) - - - - -### [common-test-3.3.7](https://github.com/truecharts/apps/compare/common-test-3.3.6...common-test-3.3.7) (2021-12-08) - -#### Fix - -* correct common version reference - - - - -### common-test-3.3.6 (2021-12-05) - -#### Chore - -* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448)) -* retrigger common release -* bump common -* update non-major ([#1466](https://github.com/truecharts/apps/issues/1466)) -* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449)) -* update common - -#### Fix - -* use version-range -* move deps back to ghcr for now. - - - - -### [common-test-3.3.4](https://github.com/truecharts/apps/compare/common-test-3.3.2...common-test-3.3.4) (2021-12-05) - -#### Chore - -* update non-major ([#1466](https://github.com/truecharts/apps/issues/1466)) - -#### Fix - -* move deps back to ghcr for now. - - - - -### [common-test-3.3.2](https://github.com/truecharts/apps/compare/common-test-3.3.1...common-test-3.3.2) (2021-12-05) - -#### Fix - -* use version-range - - - - -### [common-test-3.3.1](https://github.com/truecharts/apps/compare/common-test-3.3.0...common-test-3.3.1) (2021-12-03) - -#### Chore - -* move all container references to TCCR ([#1448](https://github.com/truecharts/apps/issues/1448)) -* update non-major ([#1449](https://github.com/truecharts/apps/issues/1449)) - - - - -### [common-test-3.3.0](https://github.com/truecharts/apps/compare/common-test-3.2.0...common-test-3.3.0) (2021-10-20) - -#### Chore - -* Project-Eclipse 5, move app-readme to automatic generation script ([#1181](https://github.com/truecharts/apps/issues/1181)) -* Project-Eclipse part 2, adapting and cleaning changelog ([#1173](https://github.com/truecharts/apps/issues/1173)) - -#### Security - -* Improve Snyk hardening advisory ([#1208](https://github.com/truecharts/apps/issues/1208)) - - - - -### [common-test-3.2.0](https://github.com/truecharts/apps/compare/common-test-3.1.5...common-test-3.2.0) (2021-09-28) - - - - -### [common-test-3.1.5](https://github.com/truecharts/apps/compare/common-test-3.1.4...common-test-3.1.5) (2021-09-28) - -#### Chore - -* update non-major ([#1046](https://github.com/truecharts/apps/issues/1046)) - - - - -### [common-test-3.1.4](https://github.com/truecharts/apps/compare/common-test-3.1.3...common-test-3.1.4) (2021-09-25) - - - - -### [common-test-3.1.3](https://github.com/truecharts/apps/compare/common-test-3.1.2...common-test-3.1.3) (2021-09-21) - -#### Chore - -* update non-major ([#1013](https://github.com/truecharts/apps/issues/1013)) - - - - -### [common-test-3.1.2](https://github.com/truecharts/apps/compare/common-test-3.1.1...common-test-3.1.2) (2021-09-14) - -#### Fix - -* make sure autopermissions sets the group owner correctly ([#994](https://github.com/truecharts/apps/issues/994)) - - - - -### [common-test-3.1.1](https://github.com/truecharts/apps/compare/common-test-3.1.0...common-test-3.1.1) (2021-09-14) - -#### Chore - -* Use bitnami instead of stock postgresql container ([#960](https://github.com/truecharts/apps/issues/960)) -* update non-major ([#987](https://github.com/truecharts/apps/issues/987)) diff --git a/helper-charts/common-test/CONFIG.md b/helper-charts/common-test/CONFIG.md deleted file mode 100644 index fc9b2fa2..00000000 --- a/helper-charts/common-test/CONFIG.md +++ /dev/null @@ -1,8 +0,0 @@ -# Configuration Options - -##### Connecting to other apps -If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide: -https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/ - -##### Available config options -In the future this page is going to contain an automated list of options available in the installation/edit UI. diff --git a/helper-charts/common-test/README.md b/helper-charts/common-test/README.md deleted file mode 100644 index 22565c77..00000000 --- a/helper-charts/common-test/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# Introduction - -Helper chart to test different use cases of the common library - -TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. -**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** - -## Source Code - -* - -## Requirements - -Kubernetes: `>=1.16.0-0` - -## Dependencies - -| Repository | Name | Version | -|------------|------|---------| -| file://../common | common | >=0.0.1 | - -## Installing the Chart - -To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/). - -## Uninstalling the Chart - -To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/). - -## Support - -- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first. -- See the [Wiki](https://truecharts.org) -- Check our [Discord](https://discord.gg/tVsPTHWTtr) -- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) ---- -All Rights Reserved - The TrueCharts Project diff --git a/helper-charts/common-test/ci/basic-values.yaml b/helper-charts/common-test/ci/basic-values.yaml deleted file mode 100644 index 1d373dbd..00000000 --- a/helper-charts/common-test/ci/basic-values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/codeserver-values.yaml b/helper-charts/common-test/ci/codeserver-values.yaml deleted file mode 100644 index 3060bce1..00000000 --- a/helper-charts/common-test/ci/codeserver-values.yaml +++ /dev/null @@ -1,89 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - -addons: - codeserver: - enabled: true - service: - type: NodePort - ports: - codeserver: - nodePort: 30067 - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/configmap-values.yaml b/helper-charts/common-test/ci/configmap-values.yaml deleted file mode 100644 index 902bb16f..00000000 --- a/helper-charts/common-test/ci/configmap-values.yaml +++ /dev/null @@ -1,95 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -configmap: - configmap-example: - enabled: true - data: - test.yaml: "testfile content" - -persistence: - configmap: - enabled: true - type: configMap - objectName: '{{ include "tc.common.names.fullname" . -}}-configmap-example' - mountPath: /configmapmount - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/ingress-values.yaml b/helper-charts/common-test/ci/ingress-values.yaml deleted file mode 100644 index f3ee5f6f..00000000 --- a/helper-charts/common-test/ci/ingress-values.yaml +++ /dev/null @@ -1,190 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - autolink: - enabled: true - ports: - autolink: - enabled: true - port: 8081 - -args: - - --port - - '8080' - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -# -- Configure the ingresses for the chart here. -# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. -# @default -- See below -ingress: - main: - enabled: true - primary: true - nameOverride: - fixedMiddlewares: - - chain-basic - middlewares: [] - annotationsList: [] - annotations: {} - - labelsList: [] - labels: {} - ingressClassName: # "nginx" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: Prefix - service: - name: - port: - tls: [] - - label: - enabled: true - nameOverride: - fixedMiddlewares: - - chain-basic - middlewares: [] - annotationsList: [] - annotations: {} - labelsList: [] - labels: - labelexample1: labelvalue2 - ingressClassName: # "nginx" - hosts: - - host: label.chart-example.local - paths: - - path: / - pathType: Prefix - service: - name: - port: - tls: [] - - autolink: - enabled: true - fixedMiddlewares: - - chain-basic - hosts: - - host: label.chart-example.local - paths: - - path: / - pathType: Prefix - service: - name: - port: - tls: [] - autoLink: true - - labellist: - enabled: true - nameOverride: - fixedMiddlewares: - - chain-basic - middlewares: [] - annotationsList: [] - annotations: {} - labelsList: - - name: labelexample - value: labelcontent - labels: {} - ingressClassName: # "nginx" - hosts: - - host: labellist.chart-example.local - paths: - - path: / - pathType: Prefix - service: - name: - port: - tls: [] - - notls: - enabled: true - nameOverride: - fixedMiddlewares: - - chain-basic - middlewares: [] - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - ingressClassName: # "nginx" - hosts: - - host: notls.chart-example.local - paths: - - path: / - pathType: Prefix - service: - name: - port: - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/manifest-values.yaml b/helper-charts/common-test/ci/manifest-values.yaml deleted file mode 100644 index 21b9e54c..00000000 --- a/helper-charts/common-test/ci/manifest-values.yaml +++ /dev/null @@ -1,86 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -manifests: - enabled: true - nonBlocking: false - staging: false - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/netshoot-values.yaml b/helper-charts/common-test/ci/netshoot-values.yaml deleted file mode 100644 index db450c25..00000000 --- a/helper-charts/common-test/ci/netshoot-values.yaml +++ /dev/null @@ -1,84 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - -addons: - netshoot: - enabled: true - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/networkpolicy-values.yaml b/helper-charts/common-test/ci/networkpolicy-values.yaml deleted file mode 100644 index 6cc05aad..00000000 --- a/helper-charts/common-test/ci/networkpolicy-values.yaml +++ /dev/null @@ -1,128 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" - -networkPolicy: - main: - enabled: true - - ingress: - - from: - - ipBlock: - cidr: 172.17.0.0/16 - except: - - 172.17.1.0/24 - - namespaceSelector: - matchLabels: - project: myproject - - podSelector: - matchLabels: - role: frontend - - namespaceSelector: - matchLabels: - project: myproject2 - podSelector: - matchLabels: - role: frontend2 - ports: - - protocol: TCP - port: 6379 - egress: - - to: - - ipBlock: - cidr: 172.17.2.0/16 - except: - - 172.17.2.0/24 - - namespaceSelector: - matchLabels: - project: myproject3 - - podSelector: - matchLabels: - role: frontend3 - - namespaceSelector: - matchLabels: - project: myproject4 - podSelector: - matchLabels: - role: frontend4 - ports: - - protocol: TCP - port: 5978 diff --git a/helper-charts/common-test/ci/persistence-values.yaml b/helper-charts/common-test/ci/persistence-values.yaml deleted file mode 100644 index 5f5d93d0..00000000 --- a/helper-charts/common-test/ci/persistence-values.yaml +++ /dev/null @@ -1,241 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -persistence: - pvc-stock: - enabled: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - type: pvc - forceName: "" - mountPath: - readOnly: false - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - pvc-forcedname: - enabled: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - type: pvc - forceName: "testname" - mountPath: - readOnly: false - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - pvc-readonly: - enabled: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - type: pvc - forceName: "" - mountPath: - readOnly: true - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - pvc-labeled: - enabled: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: - labelexample1: labelvalue2 - type: pvc - forceName: "" - mountPath: - readOnly: false - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - pvc-labeled-list: - enabled: true - annotationsList: [] - annotations: {} - labelsList: - - name: labelexample - value: labelcontent - labels: {} - type: pvc - forceName: "" - mountPath: - readOnly: false - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - pvc-sc-empty: - enabled: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - type: pvc - forceName: "" - mountPath: - readOnly: false - nameOverride: - storageClass: "" - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - - emptydir: - enabled: true - type: emptyDir - mountPath: /emptydir - medium: - sizeLimit: - emptydir-mem: - enabled: true - type: emptyDir - mountPath: /emptydirmem - medium: Memory - sizeLimit: - emptydir-size: - enabled: true - type: emptyDir - mountPath: /emptydirsize - medium: - sizeLimit: 1Gi - emptydir-memsize: - enabled: true - type: emptyDir - mountPath: /emptydirmemsize - medium: Memory - sizeLimit: 1Gi - - hostpath-stock: - enabled: true - type: hostPath - hostPath: /usr - mountPath: - hostPathType: "" - readOnly: false - - pvc-auto: - enabled: true - setPermissions: true - annotationsList: [] - annotations: {} - labelsList: [] - labels: {} - type: pvc - forceName: "" - mountPath: /autotest - readOnly: false - nameOverride: - storageClass: - existingClaim: - subPath: - accessMode: ReadWriteOnce - size: 1Gi - retain: false - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/simple-persistence-values.yaml b/helper-charts/common-test/ci/simple-persistence-values.yaml deleted file mode 100644 index 58f877ae..00000000 --- a/helper-charts/common-test/ci/simple-persistence-values.yaml +++ /dev/null @@ -1,91 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -persistence: - simple-pvc: - enabled: true - type: simplePVC - simple-hostpath: - enabled: true - type: simpleHP - hostPathSimple: /usr - setPermissionsSimple: false - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/simple-service-values.yaml b/helper-charts/common-test/ci/simple-service-values.yaml deleted file mode 100644 index f3e0dfb7..00000000 --- a/helper-charts/common-test/ci/simple-service-values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - type: Simple - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/ci/stagingmanifest-values.yaml b/helper-charts/common-test/ci/stagingmanifest-values.yaml deleted file mode 100644 index 32421bd5..00000000 --- a/helper-charts/common-test/ci/stagingmanifest-values.yaml +++ /dev/null @@ -1,86 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -args: - - --port - - '8080' - -manifests: - enabled: true - nonBlocking: false - staging: true - -ingress: - main: - enabled: true - -probes: - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/helm-values.md b/helper-charts/common-test/helm-values.md deleted file mode 100644 index f66651af..00000000 --- a/helper-charts/common-test/helm-values.md +++ /dev/null @@ -1,19 +0,0 @@ -# Default Helm-Values - -TrueCharts is primarily build to supply TrueNAS SCALE Apps. -However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file. - -Most of our Apps also consume our "common" Helm Chart. -If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart. -You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/truecharts/whoami"` | | -| image.tag | string | `"v1.8.0@sha256:057b682b74eae04bdfc994050bc3a9c1ba5c13cb6f415464828f9d4219e7331f"` | | -| service.main.ports.main.port | int | `8080` | | - -All Rights Reserved - The TrueCharts Project diff --git a/helper-charts/common-test/security.md b/helper-charts/common-test/security.md deleted file mode 100644 index ed56b0e5..00000000 --- a/helper-charts/common-test/security.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -hide: - - toc ---- - -# Security Overview - - - -## Helm-Chart - -##### Scan Results - -#### Chart Object: common-test/templates/common.yaml - - - -| Type | Misconfiguration ID | Check | Severity | Explaination | Links | -|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| -| Kubernetes Security Check | KSV011 | CPU not limited | LOW |
Expand... Enforcing CPU limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'resources.limits.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
| -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| -| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| -| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| -| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |
Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'resources.requests.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
| -| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |
Expand... When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'resources.requests.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016
| -| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| -| Kubernetes Security Check | KSV018 | Memory not limited | LOW |
Expand... Enforcing memory limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'resources.limits.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018
| -| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| -| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| -| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| -| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| -| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| -| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| -| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.


Deployment 'RELEASE-NAME-common-test' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| -| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-common-test' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/whoami:v1.8.0@sha256:057b682b74eae04bdfc994050bc3a9c1ba5c13cb6f415464828f9d4219e7331f - -##### Scan Results - - -#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - - -**alpine** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| - - -#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - - -**alpine** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| -| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| -| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| - - -#### Container: whoami - - -**gobinary** - - -| No Vulnerabilities found | -|:---------------------------------| diff --git a/helper-charts/common-test/templates/common.yaml b/helper-charts/common-test/templates/common.yaml deleted file mode 100644 index c1a366e1..00000000 --- a/helper-charts/common-test/templates/common.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "tc.common.loader.all" . }} diff --git a/helper-charts/common-test/test.yaml b/helper-charts/common-test/test.yaml deleted file mode 100644 index 4707ed02..00000000 --- a/helper-charts/common-test/test.yaml +++ /dev/null @@ -1,123 +0,0 @@ -image: - repository: b4bz/homer - tag: latest - pullPolicy: IfNotPresent - - -# -- Configure the ingresses for the chart here. -# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. -# @default -- See below -ingress: - main: - # -- Enables or disables the ingress - enabled: true - - # -- Make this the primary ingress (used in probes, notes, etc...). - # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. - primary: true - - # -- Override the name suffix that is used for this ingress. - nameOverride: - - # -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically - # Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names - # Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user - fixedMiddlewares: - - chain-basic - - # -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically - # Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names - middlewares: [] - - # -- Provide additional annotations which may be required. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Provide additional labels which may be required. - labels: {} - - # -- Set the ingressClass that is used for this ingress. - # Requires Kubernetes >=1.19 - ingressClassName: # "nginx" - - ## Configure the hosts for the ingress - hosts: - - # -- Host address. Helm template can be passed. - host: chart-example.local - ## Configure the paths for the host - paths: - - # -- Path. Helm template can be passed. - path: / - # -- Ignored if not kubeVersion >= 1.14-0 - pathType: Prefix - service: - # -- Overrides the service name reference for this path - name: - # -- Overrides the service port reference for this path - port: - - # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. - tls: - # - secretName: chart-example-tls - # -- Create a secret from a GUI selected TrueNAS SCALE certificate - - scaleCert: 1 - hosts: - - chart-example.local - - scaleCert: 1 - hosts: - - chart-example2.local - -"ixCertificateAuthorities": {} -"ixCertificates": - "1": - "CA_type_existing": false - "CA_type_intermediate": false - "CA_type_internal": false - "CSR": "" - "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" - "cert_type": "CERTIFICATE" - "cert_type_CSR": false - "cert_type_existing": true - "cert_type_internal": false - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - "certificate_path": "/etc/certificates/freenas_default.crt" - "chain": false - "chain_list": [ - "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" - ] - "city": "Maryville" - "common": "localhost" - "country": "US" - "csr_path": "/etc/certificates/freenas_default.csr" - "digest_algorithm": "SHA256" - "email": "info@ixsystems.com" - "extensions": - "ExtendedKeyUsage": "TLS Web Server Authentication" - "SubjectAltName": "DNS:localhost" - "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" - "from": "Fri Sep 25 16:05:38 2020" - "id": 1 - "internal": "NO" - "issuer": "external" - "key_length": 2048 - "key_type": "RSA" - "lifetime": 825 - "name": "freenas_default" - "organization": "iXsystems" - "organizational_unit": "" - "parsed": true - "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" - "privatekey_path": "/etc/certificates/freenas_default.key" - "revoked": false - "revoked_date": "" - "root_path": "/etc/certificates" - "san": [ - "DNS:localhost" - ] - "serial": 1 - "signedby": "" - "state": "Tennessee" - "subject_name_hash": 3193428416 - "type": 8 - "until": "Thu Dec 29 15:05:38 2022" diff --git a/helper-charts/common-test/tests/addons/codeserver_test.yaml b/helper-charts/common-test/tests/addons/codeserver_test.yaml deleted file mode 100644 index d75a66a4..00000000 --- a/helper-charts/common-test/tests/addons/codeserver_test.yaml +++ /dev/null @@ -1,167 +0,0 @@ -suite: addon codeserver -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: &DeploymentDocument 0 - isKind: - of: Deployment - - documentIndex: 1 - isKind: - of: Service - - documentIndex: *DeploymentDocument - not: true - equal: - path: spec.template.spec.containers[0].name - value: codeserver - - - it: addon enabled should pass - set: - addons: - codeserver: - enabled: true - volumeMounts: - - name: "config" - mountPath: "/data/config" - asserts: - - hasDocuments: - count: 3 - - documentIndex: 0 - isKind: - of: Service - - documentIndex: &DeploymentDocument 1 - isKind: - of: Deployment - - documentIndex: &AddonServiceDocument 2 - isKind: - of: Service - - documentIndex: *DeploymentDocument - equal: - path: spec.template.spec.containers[1].name - value: codeserver - - documentIndex: *AddonServiceDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: addon enabled with deployKey should pass - set: - addons: - codeserver: - enabled: true - git: - deployKey: test - volumeMounts: - - name: "config" - mountPath: "/data/config" - asserts: - - hasDocuments: - count: 4 - - documentIndex: &AddonDeployKeySecretDocument 0 - isKind: - of: Secret - - documentIndex: &DeploymentDocument 2 - isKind: - of: Deployment - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.containers[1].volumeMounts - content: - mountPath: /root/.ssh/id_rsa - name: deploykey - subPath: id_rsa - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.volumes - content: - name: deploykey - secret: - defaultMode: 256 - items: - - key: id_rsa - path: id_rsa - secretName: RELEASE-NAME-common-test-deploykey - - documentIndex: *AddonDeployKeySecretDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-deploykey - - - it: addon enabled with InlineBase64 deployKey should pass - set: - addons: - codeserver: - enabled: true - git: - deployKeyBase64: dGVzdEtleQ== - volumeMounts: - - name: "config" - mountPath: "/data/config" - asserts: - - hasDocuments: - count: 4 - - documentIndex: &AddonDeployKeySecretDocument 0 - isKind: - of: Secret - - documentIndex: &DeploymentDocument 2 - isKind: - of: Deployment - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.containers[1].volumeMounts - content: - mountPath: /root/.ssh/id_rsa - name: deploykey - subPath: id_rsa - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.volumes - content: - name: deploykey - secret: - defaultMode: 256 - items: - - key: id_rsa - path: id_rsa - secretName: RELEASE-NAME-common-test-deploykey - - documentIndex: *AddonDeployKeySecretDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-deploykey - - - it: addon enabled with existingSecret deployKey should pass - set: - addons: - codeserver: - enabled: true - git: - deployKeySecret: test-secret - volumeMounts: - - name: "config" - mountPath: "/data/config" - asserts: - - hasDocuments: - count: 3 - - documentIndex: &DeploymentDocument 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.containers[1].volumeMounts - content: - mountPath: /root/.ssh/id_rsa - name: deploykey - subPath: id_rsa - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.volumes - content: - name: deploykey - secret: - defaultMode: 256 - items: - - key: id_rsa - path: id_rsa - secretName: test-secret diff --git a/helper-charts/common-test/tests/addons/vpn_test.yaml b/helper-charts/common-test/tests/addons/vpn_test.yaml deleted file mode 100644 index ba07db99..00000000 --- a/helper-charts/common-test/tests/addons/vpn_test.yaml +++ /dev/null @@ -1,131 +0,0 @@ -suite: addon vpn -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: &DeploymentDocument 0 - isKind: - of: Deployment - - documentIndex: 1 - isKind: - of: Service - - documentIndex: *DeploymentDocument - not: true - equal: - path: spec.template.spec.containers[0].name - value: vpn - - - it: addon enabled with configFile should pass - set: - addons: - vpn: - type: openvpn - configFile: - enabled: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: &AddonVPNConfigSecretDocument 0 - isKind: - of: Secret - - documentIndex: &DeploymentDocument 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.containers[1].volumeMounts - content: - mountPath: /vpn/vpn.conf - name: vpnconfig - - documentIndex: *DeploymentDocument - contains: - path: spec.template.spec.volumes - content: - name: vpnconfig - hostPath: - path: /vpn/vpn.conf - type: File - - documentIndex: *AddonVPNConfigSecretDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-openvpn - - - it: addon enabled with managed secret should pass - set: - addons: - vpn: - type: openvpn - openvpn: - username: something - password: something - asserts: - - hasDocuments: - count: 3 - - documentIndex: &SecretDocument 0 - isKind: - of: Secret - - documentIndex: &DeploymentDocument 1 - isKind: - of: Deployment - - documentIndex: 2 - isKind: - of: Service - - documentIndex: *DeploymentDocument - not: true - equal: - path: spec.template.spec.containers[0].name - value: vpn - - - it: tailscale addon enabled with authkey should pass - set: - addons: - vpn: - type: tailscale - tailscale: - authkey: something - asserts: - - hasDocuments: - count: 4 - - documentIndex: &SecretDocument 0 - isKind: - of: Secret - - documentIndex: *SecretDocument - isNotNull: - path: data.TS_AUTH_KEY - - documentIndex: *SecretDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-tailscale-secret - - documentIndex: &PersistentVolumeClaim 1 - isKind: - of: PersistentVolumeClaim - - documentIndex: &PersistentVolumeClaim 1 - equal: - path: metadata.name - value: RELEASE-NAME-common-test-RELEASE-NAME-tailscale - - documentIndex: &PersistentVolumeClaim 1 - equal: - path: spec.resources.requests.storage - value: 1Gi - - documentIndex: &DeploymentDocument 2 - isKind: - of: Deployment - - documentIndex: *DeploymentDocument - not: true - equal: - path: spec.template.spec.containers[0].name - value: tailscale - - documentIndex: *DeploymentDocument - equal: - path: spec.template.spec.containers[1].name - value: tailscale - - documentIndex: *DeploymentDocument - equal: - path: spec.template.spec.containers[1].env[0].value - value: /var/run/tailscale/tailscaled.sock - - documentIndex: &ServiceDocument 3 - isKind: - of: Service diff --git a/helper-charts/common-test/tests/configmap/metadata_test.yaml b/helper-charts/common-test/tests/configmap/metadata_test.yaml deleted file mode 100644 index 27b9271b..00000000 --- a/helper-charts/common-test/tests/configmap/metadata_test.yaml +++ /dev/null @@ -1,87 +0,0 @@ -suite: configmap metadata -templates: - - common.yaml -tests: - - it: default metadata should pass - set: - configmap: - config: - enabled: true - asserts: - - documentIndex: &ConfigmapDocument 0 - isKind: - of: ConfigMap - - documentIndex: *ConfigmapDocument - isNull: - path: metadata.annotations - - documentIndex: *ConfigmapDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - configmap: - config: - enabled: true - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ConfigmapDocument 0 - isKind: - of: ConfigMap - - documentIndex: *ConfigmapDocument - equal: - path: metadata.annotations - value: - test_annotation: test - - documentIndex: *ConfigmapDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - configmap: - config: - enabled: true - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ConfigmapDocument 0 - isKind: - of: ConfigMap - - documentIndex: *ConfigmapDocument - equal: - path: metadata.annotations - value: - global_annotation: test - test_annotation: test - - documentIndex: *ConfigmapDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/configmap/names_test.yaml b/helper-charts/common-test/tests/configmap/names_test.yaml deleted file mode 100644 index 764e75fa..00000000 --- a/helper-charts/common-test/tests/configmap/names_test.yaml +++ /dev/null @@ -1,91 +0,0 @@ -suite: configMap names -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: 0 - not: true - isKind: - of: ConfigMap - - documentIndex: 1 - not: true - isKind: - of: ConfigMap - - - it: with disabled configMap should pass - set: - configmap: - config: - enabled: false - asserts: - - hasDocuments: - count: 2 - - documentIndex: 0 - not: true - isKind: - of: ConfigMap - - documentIndex: 1 - not: true - isKind: - of: ConfigMap - - - it: with multiple configMap should pass - set: - configmap: - config: - enabled: true - data: - foo: bar - secondary: - enabled: true - asserts: - - hasDocuments: - count: 4 - - documentIndex: 0 - isKind: - of: ConfigMap - - documentIndex: 0 - isNotNull: - path: metadata.name - - documentIndex: 1 - isKind: - of: ConfigMap - - documentIndex: 1 - isNotNull: - path: metadata.name - - - it: default name should pass - set: - configmap: - config: - enabled: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 0 - isKind: - of: ConfigMap - - documentIndex: 0 - equal: - path: metadata.name - value: RELEASE-NAME-common-test-config - - - it: with nameOverride should pass - set: - configmap: - config: - enabled: true - nameOverride: http - asserts: - - hasDocuments: - count: 3 - - documentIndex: 0 - isKind: - of: ConfigMap - - documentIndex: 0 - equal: - path: metadata.name - value: RELEASE-NAME-common-test-http diff --git a/helper-charts/common-test/tests/container/args_test.yaml b/helper-charts/common-test/tests/container/args_test.yaml deleted file mode 100644 index b17ddedb..00000000 --- a/helper-charts/common-test/tests/container/args_test.yaml +++ /dev/null @@ -1,41 +0,0 @@ -suite: container args override -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - isNull: - path: spec.template.spec.containers[0].args - - - it: single string should pass - set: - args: sleep infinity - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].args - value: - - sleep infinity - - - it: list of strings should pass - set: - args: - - sleep - - infinity - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].args - value: - - sleep - - infinity diff --git a/helper-charts/common-test/tests/container/command_test.yaml b/helper-charts/common-test/tests/container/command_test.yaml deleted file mode 100644 index 78c272b7..00000000 --- a/helper-charts/common-test/tests/container/command_test.yaml +++ /dev/null @@ -1,41 +0,0 @@ -suite: container command override -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - isNull: - path: spec.template.spec.containers[0].command - - - it: single string should pass - set: - command: /bin/sh - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].command - value: - - /bin/sh - - - it: list of strings should pass - set: - command: - - /bin/sh - - -c - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].command - value: - - /bin/sh - - -c diff --git a/helper-charts/common-test/tests/container/env_test.yaml b/helper-charts/common-test/tests/container/env_test.yaml deleted file mode 100644 index f05b991d..00000000 --- a/helper-charts/common-test/tests/container/env_test.yaml +++ /dev/null @@ -1,180 +0,0 @@ -suite: container env values -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env - value: - - name: UMASK - value: "2" - - name: UMASK_SET - value: "2" - - name: S6_READ_ONLY_ROOT - value: "1" - - name: NVIDIA_VISIBLE_DEVICES - value: void - - name: TZ - value: UTC - - - it: KeyValue string should pass - set: - env: - string: value_of_env - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: string - value: value_of_env - - - it: KeyValue float should pass - set: - env: - string: 4.2 - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: string - value: "4.2" - - - it: KeyValue int should pass - set: - env: - string: 1 - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: string - value: "1" - - - it: KeyValue float should pass - set: - env: - string: 4.2 - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: string - value: "4.2" - - - it: List should pass - set: - env: - - name: STATIC_ENV_FROM_LIST - value: STATIC_ENV_VALUE_FROM_LIST - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: STATIC_ENV_FROM_LIST - value: STATIC_ENV_VALUE_FROM_LIST - - - it: Explicit ValueFrom in list should pass - set: - env: - - name: DYNAMIC_ENV_FROM_LIST - valueFrom: - fieldRef: - fieldPath: spec.nodeName - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: DYNAMIC_ENV_FROM_LIST - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - it: Implicit ValueFrom should pass - set: - env: - DYNAMIC_ENV: - fieldRef: - fieldPath: spec.nodeName - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: DYNAMIC_ENV - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - it: Templated value should pass - set: - env: - DYNAMIC_ENV: "{{ .Release.Name }}-admin" - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: DYNAMIC_ENV - value: RELEASE-NAME-admin - - - it: Combined KeyValue with Explicit ValueFrom should pass - set: - env: - STATIC_ENV: static - DYNAMIC_ENV: - valueFrom: - fieldRef: - fieldPath: spec.nodeName - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[5] - value: - name: DYNAMIC_ENV - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].env[6] - value: - name: STATIC_ENV - value: static diff --git a/helper-charts/common-test/tests/container/envfrom_test.yaml b/helper-charts/common-test/tests/container/envfrom_test.yaml deleted file mode 100644 index 12620b94..00000000 --- a/helper-charts/common-test/tests/container/envfrom_test.yaml +++ /dev/null @@ -1,43 +0,0 @@ -suite: container envFrom values -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - isNull: - path: spec.template.spec.containers[0].envFrom - - - it: explicit envFrom should pass - set: - envFrom: - - secretRef: - name: myCustomSecret - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].envFrom[0] - value: - secretRef: - name: myCustomSecret - - - it: from secretEnv should pass - set: - secretEnv: - STATIC_SECRET: value_of_secret - asserts: - - documentIndex: &DeploymentDoc 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].envFrom[0] - value: - secretRef: - name: RELEASE-NAME-common-test diff --git a/helper-charts/common-test/tests/container/ports_test.yaml b/helper-charts/common-test/tests/container/ports_test.yaml deleted file mode 100644 index 78520f04..00000000 --- a/helper-charts/common-test/tests/container/ports_test.yaml +++ /dev/null @@ -1,95 +0,0 @@ -suite: container ports -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8080 - name: main - protocol: TCP - - - it: custom port should pass - set: - service: - main: - ports: - main: - enabled: false - server: - enabled: true - port: 8081 - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8081 - name: server - protocol: TCP - - - it: HTTP protocol should pass - set: - service: - main: - ports: - main: - protocol: HTTP - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8080 - name: main - protocol: TCP - - - it: HTTPS protocol should pass - set: - service: - main: - ports: - main: - protocol: HTTPS - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8080 - name: main - protocol: TCP - - - it: UDP protocol should pass - set: - service: - main: - ports: - main: - protocol: UDP - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8080 - name: main - protocol: UDP diff --git a/helper-charts/common-test/tests/container/volumemounts_test.yaml b/helper-charts/common-test/tests/container/volumemounts_test.yaml deleted file mode 100644 index cd09e8eb..00000000 --- a/helper-charts/common-test/tests/container/volumemounts_test.yaml +++ /dev/null @@ -1,131 +0,0 @@ -suite: container volumeMounts -templates: - - common.yaml -tests: - - it: no persistence should pass - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts - value: - - mountPath: /shared - name: shared - - mountPath: /dev/shm - name: shm - - mountPath: /tmp - name: temp - - mountPath: /var/logs - name: varlogs - - - it: default should pass - set: - persistence: - config: - enabled: true - asserts: - - documentIndex: &DeploymentDoc 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: config - mountPath: /config - - - it: emptyDir should pass - set: - persistence: - cache: - enabled: true - type: emptyDir - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: cache - mountPath: /cache - - - it: custom mountPath should pass - set: - persistence: - config: - enabled: true - mountPath: /custom - accessMode: ReadWriteMany - size: 1G - asserts: - - documentIndex: &DeploymentDoc 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: config - mountPath: /custom - - - it: mount with subPath should pass - set: - persistence: - config: - enabled: true - existingClaim: myClaim - subPath: "mySubPath" - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: config - mountPath: /config - subPath: mySubPath - - - it: hostPath with custom mountPath should pass - set: - persistence: - config: - enabled: true - type: hostPath - mountPath: /data - hostPath: /tmp - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: config - mountPath: /data - - - it: hostPath mount with subPath should pass - set: - persistence: - config: - enabled: true - type: hostPath - hostPath: /dev - subPath: mySubPath - asserts: - - documentIndex: &DeploymentDoc 0 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.containers[0].volumeMounts[0] - value: - name: config - mountPath: /dev - subPath: mySubPath diff --git a/helper-charts/common-test/tests/controller/metadata_daemonset_test.yaml b/helper-charts/common-test/tests/controller/metadata_daemonset_test.yaml deleted file mode 100644 index 3736f024..00000000 --- a/helper-charts/common-test/tests/controller/metadata_daemonset_test.yaml +++ /dev/null @@ -1,85 +0,0 @@ -suite: controller metadata daemonset -templates: - - common.yaml -tests: - - it: default metadata should pass - set: - controller.type: daemonset - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: DaemonSet - - documentIndex: *ControllerDoc - matchRegex: - path: metadata.annotations.rollme - pattern: ^[a-zA-Z0-9]{5}$ - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - controller: - type: daemonset - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: DaemonSet - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - controller: - type: daemonset - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: DaemonSet - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.global_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/controller/metadata_deployment_test.yaml b/helper-charts/common-test/tests/controller/metadata_deployment_test.yaml deleted file mode 100644 index 7117cb4a..00000000 --- a/helper-charts/common-test/tests/controller/metadata_deployment_test.yaml +++ /dev/null @@ -1,85 +0,0 @@ -suite: controller metadata deployment -templates: - - common.yaml -tests: - - it: default metadata should pass - set: - controller.type: deployment - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: Deployment - - documentIndex: *ControllerDoc - matchRegex: - path: metadata.annotations.rollme - pattern: ^[a-zA-Z0-9]{5}$ - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - controller: - type: deployment - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: Deployment - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - controller: - type: deployment - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: Deployment - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.global_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/controller/metadata_statefulset_test.yaml b/helper-charts/common-test/tests/controller/metadata_statefulset_test.yaml deleted file mode 100644 index 496b37ee..00000000 --- a/helper-charts/common-test/tests/controller/metadata_statefulset_test.yaml +++ /dev/null @@ -1,85 +0,0 @@ -suite: controller metadata statefulset -templates: - - common.yaml -tests: - - it: default metadata should pass - set: - controller.type: statefulset - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: StatefulSet - - documentIndex: *ControllerDoc - matchRegex: - path: metadata.annotations.rollme - pattern: ^[a-zA-Z0-9]{5}$ - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - controller: - type: statefulset - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: StatefulSet - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - controller: - type: statefulset - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: StatefulSet - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.global_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.annotations.test_annotation - value: test - - documentIndex: *ControllerDoc - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/controller/type_test.yaml b/helper-charts/common-test/tests/controller/type_test.yaml deleted file mode 100644 index 59bb9fe8..00000000 --- a/helper-charts/common-test/tests/controller/type_test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -suite: controller types -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: Deployment - - documentIndex: *ControllerDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: daemonset should pass - set: - controller.type: daemonset - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: DaemonSet - - documentIndex: *ControllerDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: statefulset should pass - set: - controller.type: statefulset - asserts: - - documentIndex: &ControllerDoc 0 - isKind: - of: StatefulSet - - documentIndex: *ControllerDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: disabled should pass - set: - controller.enabled: false - asserts: - - hasDocuments: - count: 1 - - documentIndex: &ControllerDoc 0 - not: true - isKind: - of: StatefulSet - - documentIndex: *ControllerDoc - not: true - isKind: - of: DaemonSet - - documentIndex: *ControllerDoc - not: true - isKind: - of: Controller diff --git a/helper-charts/common-test/tests/ingress/metadata_test.yaml b/helper-charts/common-test/tests/ingress/metadata_test.yaml deleted file mode 100644 index f3df841d..00000000 --- a/helper-charts/common-test/tests/ingress/metadata_test.yaml +++ /dev/null @@ -1,91 +0,0 @@ -suite: ingress metadata -templates: - - common.yaml -tests: - - it: default metadata should pass - set: - ingress.main.enabled: true - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: metadata.annotations - value: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: default-chain-basic@kubernetescrd - - - documentIndex: *IngressDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - ingress.main: - enabled: true - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: metadata.annotations - value: - test_annotation: test - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: default-chain-basic@kubernetescrd - - documentIndex: *IngressDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - ingress.main: - enabled: true - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: metadata.annotations - value: - global_annotation: test - test_annotation: test - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: default-chain-basic@kubernetescrd - - documentIndex: *IngressDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/ingress/presence_test.yaml b/helper-charts/common-test/tests/ingress/presence_test.yaml deleted file mode 100644 index ace5582e..00000000 --- a/helper-charts/common-test/tests/ingress/presence_test.yaml +++ /dev/null @@ -1,71 +0,0 @@ -suite: ingress presence -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: 0 - not: true - isKind: - of: Ingress - - documentIndex: 1 - not: true - isKind: - of: Ingress - - - it: explicitly disabled should pass - set: - ingress.main.enabled: false - asserts: - - hasDocuments: - count: 2 - - documentIndex: 0 - not: true - isKind: - of: Ingress - - documentIndex: 1 - not: true - isKind: - of: Ingress - - - it: explicitly enabled should pass - set: - ingress.main.enabled: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 0 - not: true - isKind: - of: Ingress - - documentIndex: 1 - not: true - isKind: - of: Ingress - - documentIndex: 2 - isKind: - of: Ingress - - - it: multiple enabled should pass - set: - ingress.main.enabled: true - ingress.test.enabled: true - asserts: - - hasDocuments: - count: 4 - - documentIndex: 0 - not: true - isKind: - of: Ingress - - documentIndex: 1 - not: true - isKind: - of: Ingress - - documentIndex: 2 - isKind: - of: Ingress - - documentIndex: 3 - isKind: - of: Ingress diff --git a/helper-charts/common-test/tests/ingress/service_reference_test.yaml b/helper-charts/common-test/tests/ingress/service_reference_test.yaml deleted file mode 100644 index ffa626ea..00000000 --- a/helper-charts/common-test/tests/ingress/service_reference_test.yaml +++ /dev/null @@ -1,39 +0,0 @@ -suite: ingress service reference -templates: - - common.yaml -tests: - - it: default should pass - set: - ingress.main.enabled: true - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].http.paths[0].backend - value: - serviceName: RELEASE-NAME-common-test - servicePort: 8080 - - - it: custom service reference should pass - set: - ingress.main: - enabled: true - hosts: - - host: chart-test.local - paths: - - path: / - service: - name: pathService - port: 1234 - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].http.paths[0].backend - value: - serviceName: pathService - servicePort: 1234 diff --git a/helper-charts/common-test/tests/ingress/tls_test.yaml b/helper-charts/common-test/tests/ingress/tls_test.yaml deleted file mode 100644 index e66a002f..00000000 --- a/helper-charts/common-test/tests/ingress/tls_test.yaml +++ /dev/null @@ -1,72 +0,0 @@ -suite: ingress tls -templates: - - common.yaml -tests: - - it: default should pass - set: - ingress.main.enabled: true - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - isNull: - path: spec.tls - - - it: tls enabled should pass - set: - ingress.main: - enabled: true - tls: - - secretName: test - hosts: - - hostname - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.tls[0] - value: - secretName: test - hosts: - - hostname - - - it: tls enabled without secret should pass - set: - ingress.main: - enabled: true - tls: - - hosts: - - hostname - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.tls[0] - value: - hosts: - - hostname - - - it: tls enabled with secret template should pass - set: - ingress.main: - enabled: true - tls: - - secretName: "{{ .Release.Name }}-secret" - hosts: - - hostname - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.tls[0] - value: - secretName: RELEASE-NAME-secret - hosts: - - hostname diff --git a/helper-charts/common-test/tests/ingress/values_test.yaml b/helper-charts/common-test/tests/ingress/values_test.yaml deleted file mode 100644 index ed142166..00000000 --- a/helper-charts/common-test/tests/ingress/values_test.yaml +++ /dev/null @@ -1,72 +0,0 @@ -suite: ingress values -templates: - - common.yaml -tests: - - it: default should pass - set: - ingress.main.enabled: true - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].host - value: chart-example.local - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].http.paths[0].path - value: "/" - - - it: custom host and path should pass - set: - ingress.main: - enabled: true - hosts: - - host: chart-test.local - paths: - - path: /test - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].host - value: chart-test.local - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].http.paths[0].path - value: "/test" - - - it: host with template should pass - set: - ingress.main: - enabled: true - hosts: - - host: "{{ .Release.Name }}.hostname" - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].host - value: RELEASE-NAME.hostname - - - it: path with template should pass - set: - ingress.main: - enabled: true - hosts: - - host: chart-test.local - paths: - - path: "/{{ .Release.Name }}.path" - asserts: - - documentIndex: &IngressDocument 2 - isKind: - of: Ingress - - documentIndex: *IngressDocument - equal: - path: spec.rules[0].http.paths[0].path - value: "/RELEASE-NAME.path" diff --git a/helper-charts/common-test/tests/persistence/claimnames_test.yaml b/helper-charts/common-test/tests/persistence/claimnames_test.yaml deleted file mode 100644 index 81776125..00000000 --- a/helper-charts/common-test/tests/persistence/claimnames_test.yaml +++ /dev/null @@ -1,78 +0,0 @@ -suite: persistence claimnames -templates: - - common.yaml -tests: - - it: default should pass - set: - persistence: - config: - enabled: true - asserts: - - documentIndex: 1 - isKind: - of: Deployment - - documentIndex: 1 - equal: - path: spec.template.spec.volumes[0] - value: - name: config - persistentVolumeClaim: - claimName: RELEASE-NAME-common-test-config - - - it: with existingClaim should pass - set: - persistence: - existingClaim: - enabled: true - existingClaim: myClaim - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: existingClaim - persistentVolumeClaim: - claimName: myClaim - - - it: disabled suffix should pass - set: - persistence: - claimWithoutSuffix: - enabled: true - nameOverride: "-" - accessMode: ReadWriteMany - size: 1G - asserts: - - documentIndex: 1 - isKind: - of: Deployment - - documentIndex: 1 - equal: - path: spec.template.spec.volumes[0] - value: - name: claimWithoutSuffix - persistentVolumeClaim: - claimName: RELEASE-NAME-common-test - - - it: custom suffix should pass - set: - persistence: - claimWithNameOverride: - enabled: true - nameOverride: suffix - accessMode: ReadWriteMany - size: 1G - asserts: - - documentIndex: 1 - isKind: - of: Deployment - - documentIndex: 1 - equal: - path: spec.template.spec.volumes[0] - value: - name: claimWithNameOverride - persistentVolumeClaim: - claimName: RELEASE-NAME-common-test-suffix diff --git a/helper-charts/common-test/tests/persistence/emptydir_test.yaml b/helper-charts/common-test/tests/persistence/emptydir_test.yaml deleted file mode 100644 index 02cb1914..00000000 --- a/helper-charts/common-test/tests/persistence/emptydir_test.yaml +++ /dev/null @@ -1,60 +0,0 @@ -suite: persistence emptydir -templates: - - common.yaml -tests: - - it: default emptyDir should pass - set: - persistence: - config: - enabled: true - type: emptyDir - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: config - emptyDir: {} - - - it: emptyDir with medium should pass - set: - persistence: - config: - enabled: true - type: emptyDir - medium: memory - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: config - emptyDir: - medium: memory - - - it: emptyDir with medium and sizeLimit should pass - set: - persistence: - config: - enabled: true - type: emptyDir - medium: memory - sizeLimit: 1Gi - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: config - emptyDir: - medium: memory - sizeLimit: 1Gi diff --git a/helper-charts/common-test/tests/persistence/hostpath_test.yaml b/helper-charts/common-test/tests/persistence/hostpath_test.yaml deleted file mode 100644 index 40ce62cd..00000000 --- a/helper-charts/common-test/tests/persistence/hostpath_test.yaml +++ /dev/null @@ -1,45 +0,0 @@ -suite: persistence hostpath -templates: - - common.yaml -tests: - - it: hostPath should pass - set: - persistence: - hostpathmounts-data: - enabled: true - type: hostPath - hostPath: "/tmp1" - mountPath: "/data" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: hostpathmounts-data - hostPath: - path: /tmp1 - - - it: hostPath with type should pass - set: - persistence: - hostpathmounts-with-type: - enabled: true - type: hostPath - hostPath: "/tmp2" - hostPathType: "Directory" - mountPath: "/data2" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: hostpathmounts-with-type - hostPath: - path: /tmp2 - type: Directory diff --git a/helper-charts/common-test/tests/persistence/types_test.yaml b/helper-charts/common-test/tests/persistence/types_test.yaml deleted file mode 100644 index f0bed3c4..00000000 --- a/helper-charts/common-test/tests/persistence/types_test.yaml +++ /dev/null @@ -1,127 +0,0 @@ -suite: persistence types -templates: - - common.yaml -tests: - - it: custom persistence type should pass - set: - persistence: - custom-mount: - enabled: true - type: custom - volumeSpec: - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: custom-mount - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - - it: configmap persistence type should pass - set: - persistence: - configmap: - enabled: true - type: configMap - objectName: mySettings - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: configmap - configMap: - name: mySettings - - - it: configmap persistence type with name template should pass - set: - persistence: - configmap: - enabled: true - type: configMap - objectName: "{{ include \"tc.common.names.fullname\" $ }}-config" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: configmap - configMap: - name: RELEASE-NAME-common-test-config - - - it: secret persistence type should pass - set: - persistence: - secret: - enabled: true - type: secret - objectName: mySettings - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: secret - secret: - secretName: mySettings - - - it: secret persistence type with name template should pass - set: - persistence: - secret: - enabled: true - type: secret - objectName: "{{ .Release.Name }}-config" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: secret - secret: - secretName: RELEASE-NAME-config - - - it: nfs persistence type should pass - set: - persistence: - nfs: - enabled: true - type: nfs - server: 10.10.0.8 - path: /tank/nas/library - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: nfs - nfs: - path: /tank/nas/library - server: 10.10.0.8 diff --git a/helper-charts/common-test/tests/persistence/volumeclaimtemplates_test.yaml b/helper-charts/common-test/tests/persistence/volumeclaimtemplates_test.yaml deleted file mode 100644 index 3315c713..00000000 --- a/helper-charts/common-test/tests/persistence/volumeclaimtemplates_test.yaml +++ /dev/null @@ -1,30 +0,0 @@ -suite: persistence volumeclaimtemplates -templates: - - common.yaml -tests: - - it: volumeClaimTemplates should pass - set: - controller: - type: statefulset - volumeClaimTemplates: - - name: "storage" - accessMode: "ReadWriteOnce" - size: "10Gi" - storageClass: "storage" - asserts: - - documentIndex: 0 - isKind: - of: StatefulSet - - documentIndex: 0 - equal: - path: spec.volumeClaimTemplates[0] - value: - metadata: - name: 0 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: storage diff --git a/helper-charts/common-test/tests/pod/additionalcontainers_test.yaml b/helper-charts/common-test/tests/pod/additionalcontainers_test.yaml deleted file mode 100644 index 30a1043e..00000000 --- a/helper-charts/common-test/tests/pod/additionalcontainers_test.yaml +++ /dev/null @@ -1,45 +0,0 @@ -suite: pod additional containers -templates: - - common.yaml -tests: - - it: with explicit name should pass - set: - additionalContainers: - additional1: - name: template-test - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[1].name - value: template-test - - - it: with implicit name should pass - set: - additionalContainers: - additional1: - image: template-test - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[1].name - value: additional1 - - - it: with templated name should pass - set: - additionalContainers: - additional1: - name: "{{ .Release.Name }}-container" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.containers[1].name - value: RELEASE-NAME-container diff --git a/helper-charts/common-test/tests/pod/initcontainers_test.yaml b/helper-charts/common-test/tests/pod/initcontainers_test.yaml deleted file mode 100644 index fee293d5..00000000 --- a/helper-charts/common-test/tests/pod/initcontainers_test.yaml +++ /dev/null @@ -1,45 +0,0 @@ -suite: pod initContainers -templates: - - common.yaml -tests: - - it: with explicit name should pass - set: - initContainers: - init1: - name: template-test - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: template-test - - - it: with implicit name should pass - set: - initContainers: - init1: - image: template-test - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: init1 - - - it: with templated name should pass - set: - initContainers: - init1: - name: "{{ .Release.Name }}-container" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: RELEASE-NAME-container diff --git a/helper-charts/common-test/tests/pod/installcontainers_test.yaml b/helper-charts/common-test/tests/pod/installcontainers_test.yaml deleted file mode 100644 index c9303627..00000000 --- a/helper-charts/common-test/tests/pod/installcontainers_test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -suite: pod install initContainers -templates: - - common.yaml -tests: - - it: with explicit name should pass - set: - installContainers: - install1: - name: template-test - test: - install: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: template-test - - - it: with implicit name should pass - set: - installContainers: - install1: - image: template-test - test: - install: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: install1 - - - it: with templated name should pass - set: - installContainers: - install1: - name: "{{ .Release.Name }}-container" - test: - install: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: RELEASE-NAME-container diff --git a/helper-charts/common-test/tests/pod/network_test.yaml b/helper-charts/common-test/tests/pod/network_test.yaml deleted file mode 100644 index 295052a6..00000000 --- a/helper-charts/common-test/tests/pod/network_test.yaml +++ /dev/null @@ -1,59 +0,0 @@ -suite: pod replicas -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - isNull: - path: spec.template.spec.hostNetwork - - documentIndex: 0 - equal: - path: spec.template.spec.dnsPolicy - value: ClusterFirst - - - it: hostNetwork disabled should pass and set dnspolicy - set: - hostNetwork: false - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - isNull: - path: spec.template.spec.hostNetwork - - documentIndex: 0 - equal: - path: spec.template.spec.dnsPolicy - value: ClusterFirst - - - it: hostNetwork enabled should pass and set dnspolicy - set: - hostNetwork: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.hostNetwork - value: true - - documentIndex: 0 - equal: - path: spec.template.spec.dnsPolicy - value: ClusterFirstWithHostNet - - - it: custom dnsPolicy should pass - set: - dnsPolicy: None - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.dnsPolicy - value: None diff --git a/helper-charts/common-test/tests/pod/replicas_test.yaml b/helper-charts/common-test/tests/pod/replicas_test.yaml deleted file mode 100644 index 7e4a3793..00000000 --- a/helper-charts/common-test/tests/pod/replicas_test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -suite: pod replicas -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.replicas - value: 1 - - - it: custom replicas should pass - set: - controller.replicas: 3 - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.replicas - value: 3 diff --git a/helper-charts/common-test/tests/pod/upgradecontainers_test.yaml b/helper-charts/common-test/tests/pod/upgradecontainers_test.yaml deleted file mode 100644 index d7f63958..00000000 --- a/helper-charts/common-test/tests/pod/upgradecontainers_test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -suite: pod upgrade initContainers -templates: - - common.yaml -tests: - - it: with explicit name should pass - set: - upgradeContainers: - upgrade1: - name: template-test - test: - upgrade: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: template-test - - - it: with implicit name should pass - set: - upgradeContainers: - upgrade1: - image: template-test - test: - upgrade: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: upgrade1 - - - it: with templated name should pass - set: - upgradeContainers: - aupgrade1: - name: "{{ .Release.Name }}-container" - test: - upgrade: true - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.initContainers[0].name - value: RELEASE-NAME-container diff --git a/helper-charts/common-test/tests/portal/defaults_test.yaml b/helper-charts/common-test/tests/portal/defaults_test.yaml deleted file mode 100644 index 948e0c60..00000000 --- a/helper-charts/common-test/tests/portal/defaults_test.yaml +++ /dev/null @@ -1,84 +0,0 @@ -suite: portal defaults -templates: - - common.yaml -tests: - - it: uses "$node_ip" by default - set: - portal: - enabled: true - ingress: - main: - enabled: false - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.host - value: $node_ip - - - it: uses port "443" by default - set: - portal: - enabled: true - ixChartContext: - placeholder: true - ingress: - main: - enabled: false - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.port - value: "443" - - - it: uses protocol "http" by default - set: - portal: - enabled: true - ingress: - main: - enabled: false - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.protocol - value: http - - - - it: uses path "/" by default - set: - portal: - enabled: true - ixChartContext: - placeholder: true - ingress: - main: - enabled: true - asserts: - - hasDocuments: - count: 4 - - documentIndex: 3 - isKind: - of: ConfigMap - - documentIndex: 3 - equal: - path: data.path - value: / diff --git a/helper-charts/common-test/tests/portal/metadata_test.yaml b/helper-charts/common-test/tests/portal/metadata_test.yaml deleted file mode 100644 index d4839103..00000000 --- a/helper-charts/common-test/tests/portal/metadata_test.yaml +++ /dev/null @@ -1,96 +0,0 @@ -suite: portal configmap metadata -templates: - - common.yaml -tests: - - it: with enabled portal should pass - set: - portal: - enabled: true - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: &ConfigmapDocument 2 - isKind: - of: ConfigMap - - documentIndex: *ConfigmapDocument - isNull: - path: metadata.annotations - - documentIndex: *ConfigmapDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - documentIndex: *ConfigmapDocument - equal: - path: metadata.name - value: portal - - -## TODO: allow label and annotation changes for the portal -# - it: custom metadata should pass -# set: -# configmap: -# config: -# enabled: true -# annotations: -# test_annotation: test -# labels: -# test_label: test -# asserts: -# - documentIndex: &ConfigmapDocument 0 -# isKind: -# of: ConfigMap -# - documentIndex: *ConfigmapDocument -# equal: -# path: metadata.annotations -# value: -# test_annotation: test -# - documentIndex: *ConfigmapDocument -# equal: -# path: metadata.labels -# value: -# app.kubernetes.io/instance: RELEASE-NAME -# app.kubernetes.io/managed-by: Helm -# app.kubernetes.io/name: common-test -# helm.sh/chart: common-test-4.0.0 -# test_label: test -# -# - it: custom metadata with global metadata should pass -# set: -# global: -# labels: -# global_label: test -# annotations: -# global_annotation: test -# configmap: -# config: -# enabled: true -# annotations: -# test_annotation: test -# labels: -# test_label: test -# asserts: -# - documentIndex: &ConfigmapDocument 0 -# isKind: -# of: ConfigMap -# - documentIndex: *ConfigmapDocument -# equal: -# path: metadata.annotations -# value: -# global_annotation: test -# test_annotation: test -# - documentIndex: *ConfigmapDocument -# equal: -# path: metadata.labels -# value: -# app.kubernetes.io/instance: RELEASE-NAME -# app.kubernetes.io/managed-by: Helm -# app.kubernetes.io/name: common-test -# global_label: test -# helm.sh/chart: common-test-4.0.0 -# test_label: test diff --git a/helper-charts/common-test/tests/portal/nodeport_test.yaml b/helper-charts/common-test/tests/portal/nodeport_test.yaml deleted file mode 100644 index 708bc215..00000000 --- a/helper-charts/common-test/tests/portal/nodeport_test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -suite: portal overrides -templates: - - common.yaml -tests: - - it: nodePort host defaults to node_ip - set: - portal: - enabled: true - ixChartContext: - placeholder: true - ingress: - main: - enabled: false - service: - main: - port: - nodePort: 666 - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.host - value: $node_ip diff --git a/helper-charts/common-test/tests/portal/overrides_test.yaml b/helper-charts/common-test/tests/portal/overrides_test.yaml deleted file mode 100644 index 90ee842b..00000000 --- a/helper-charts/common-test/tests/portal/overrides_test.yaml +++ /dev/null @@ -1,66 +0,0 @@ -suite: portal overrides -templates: - - common.yaml -tests: - - it: ingressPort can be overridden - set: - portal: - enabled: true - ingressPort: 666 - ingress: - main: - enabled: true - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 4 - - documentIndex: 3 - isKind: - of: ConfigMap - - documentIndex: 3 - equal: - path: data.port - value: "666" - - - it: nodePort Host can be overridden - set: - portal: - enabled: true - host: "test.host" - ingress: - main: - enabled: false - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.host - value: test.host - - - it: path can be overridden - set: - portal: - enabled: true - path: "/path" - ingress: - main: - enabled: false - ixChartContext: - placeholder: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: 2 - isKind: - of: ConfigMap - - documentIndex: 2 - equal: - path: data.path - value: /path diff --git a/helper-charts/common-test/tests/pvc/metadata_test.yaml b/helper-charts/common-test/tests/pvc/metadata_test.yaml deleted file mode 100644 index 51e24b0b..00000000 --- a/helper-charts/common-test/tests/pvc/metadata_test.yaml +++ /dev/null @@ -1,106 +0,0 @@ -suite: pvc metadata -templates: - - common.yaml -tests: - - it: default should pass - set: - persistence.config.enabled: true - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - isNull: - path: metadata.annotations - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: retain enabled should pass - set: - persistence.config: - enabled: true - retain: true - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.annotations - value: - helm.sh/resource-policy: keep - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - persistence.config: - enabled: true - labels: - test_label: test - annotations: - test_annotation: test - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.annotations - value: - test_annotation: test - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - persistence.config: - enabled: true - labels: - test_label: test - annotations: - test_annotation: test - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.annotations - value: - test_annotation: test - global_annotation: test - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/pvc/names_test.yaml b/helper-charts/common-test/tests/pvc/names_test.yaml deleted file mode 100644 index deed6713..00000000 --- a/helper-charts/common-test/tests/pvc/names_test.yaml +++ /dev/null @@ -1,66 +0,0 @@ -suite: pvc names -templates: - - common.yaml -tests: - - it: disabled should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: 0 - not: true - isKind: - of: PersistentVolumeClaim - - documentIndex: 1 - not: true - isKind: - of: PersistentVolumeClaim - - - it: default should pass - set: - persistence.config.enabled: true - asserts: - - hasDocuments: - count: 3 - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: 1 - not: true - isKind: - of: PersistentVolumeClaim - - documentIndex: 2 - not: true - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-config - - - it: without suffix should pass - set: - persistence.config: - enabled: true - nameOverride: "-" - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: with custom suffix should pass - set: - persistence.config: - enabled: true - nameOverride: "custom" - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-custom diff --git a/helper-charts/common-test/tests/pvc/storageclass_test.yaml b/helper-charts/common-test/tests/pvc/storageclass_test.yaml deleted file mode 100644 index 4b24a1ec..00000000 --- a/helper-charts/common-test/tests/pvc/storageclass_test.yaml +++ /dev/null @@ -1,42 +0,0 @@ -suite: pvc storageclass -templates: - - common.yaml -tests: - - it: default should pass - set: - persistence.config.enabled: true - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - isNull: - path: spec.storageClassName - - - it: custom should pass - set: - persistence.config: - enabled: true - storageClass: custom - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: spec.storageClassName - value: custom - - - it: empty should pass - set: - persistence.config: - enabled: true - storageClass: "-" - asserts: - - documentIndex: &PersistentVolumeClaimDocument 0 - isKind: - of: PersistentVolumeClaim - - documentIndex: *PersistentVolumeClaimDocument - equal: - path: spec.storageClassName - value: "" diff --git a/helper-charts/common-test/tests/sa-rbac/multiple_sa_rbac_test.yaml b/helper-charts/common-test/tests/sa-rbac/multiple_sa_rbac_test.yaml deleted file mode 100644 index d70c3e81..00000000 --- a/helper-charts/common-test/tests/sa-rbac/multiple_sa_rbac_test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -suite: sa-rbac multiple -templates: - - common.yaml -tests: - - it: multiple sa and rbac should be named correctly - set: - serviceAccount: - main: - enabled: true - secondary: - enabled: true - rbac: - main: - enabled: true - secondary: - enabled: true - asserts: - - documentIndex: &DeploymentDoc 2 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-common-test - - - documentIndex: &ServiceAccountDoc 0 - isKind: - of: ServiceAccount - - documentIndex: *ServiceAccountDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - documentIndex: &ServiceAccountSecondaryDoc 1 - isKind: - of: ServiceAccount - - documentIndex: *ServiceAccountSecondaryDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test-secondary - - - documentIndex: &ClusterRoleBindingDoc 4 - isKind: - of: ClusterRoleBinding - - documentIndex: *ClusterRoleBindingDoc - equal: - path: subjects[0].name - value: RELEASE-NAME-common-test - - - documentIndex: &ClusterRoleBindingSecondaryDoc 6 - isKind: - of: ClusterRoleBinding - - documentIndex: *ClusterRoleBindingSecondaryDoc - equal: - path: subjects[0].name - value: RELEASE-NAME-common-test-secondary diff --git a/helper-charts/common-test/tests/sa-rbac/no sa-rbac.yaml b/helper-charts/common-test/tests/sa-rbac/no sa-rbac.yaml deleted file mode 100644 index db9f08d2..00000000 --- a/helper-charts/common-test/tests/sa-rbac/no sa-rbac.yaml +++ /dev/null @@ -1,13 +0,0 @@ -suite: no sa-rbac -templates: - - common.yaml -tests: - - it: single sa and rbac should be named correctly - asserts: - - documentIndex: &DeploymentDoc 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.serviceAccountName - value: default diff --git a/helper-charts/common-test/tests/sa-rbac/sa_rbac_different_names_test.yaml b/helper-charts/common-test/tests/sa-rbac/sa_rbac_different_names_test.yaml deleted file mode 100644 index e0e60012..00000000 --- a/helper-charts/common-test/tests/sa-rbac/sa_rbac_different_names_test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -suite: sa-rbac different names -templates: - - common.yaml -tests: - - it: rbac with different name than sa are linked with the default sa - set: - serviceAccount: - main: - enabled: true - secondary: - enabled: true - rbac: - main: - enabled: true - third: - enabled: true - asserts: - - documentIndex: &DeploymentDoc 2 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-common-test - - - documentIndex: &ServiceAccountDoc 0 - isKind: - of: ServiceAccount - - documentIndex: *ServiceAccountDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - documentIndex: &ServiceAccountSecondaryDoc 1 - isKind: - of: ServiceAccount - - documentIndex: *ServiceAccountSecondaryDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test-secondary - - - documentIndex: &ClusterRoleBindingDoc 4 - isKind: - of: ClusterRoleBinding - - documentIndex: *ClusterRoleBindingDoc - equal: - path: subjects[0].name - value: RELEASE-NAME-common-test - - - documentIndex: &ClusterRoleBindingThirdDoc 6 - isKind: - of: ClusterRoleBinding - - documentIndex: *ClusterRoleBindingThirdDoc - equal: - path: subjects[0].name - value: default diff --git a/helper-charts/common-test/tests/sa-rbac/single_sa_rbac_test.yaml b/helper-charts/common-test/tests/sa-rbac/single_sa_rbac_test.yaml deleted file mode 100644 index 37bb9403..00000000 --- a/helper-charts/common-test/tests/sa-rbac/single_sa_rbac_test.yaml +++ /dev/null @@ -1,35 +0,0 @@ -suite: sa-rbac single -templates: - - common.yaml -tests: - - it: single sa and rbac should be named correctly - set: - serviceAccount: - main: - enabled: true - rbac: - main: - enabled: true - asserts: - - documentIndex: &DeploymentDoc 1 - isKind: - of: Deployment - - documentIndex: *DeploymentDoc - equal: - path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-common-test - - - documentIndex: &ServiceAccountDoc 0 - isKind: - of: ServiceAccount - - documentIndex: *ServiceAccountDoc - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - documentIndex: &ClusterRoleBindingDoc 3 - isKind: - of: ClusterRoleBinding - - documentIndex: *ClusterRoleBindingDoc - equal: - path: subjects[0].name - value: RELEASE-NAME-common-test diff --git a/helper-charts/common-test/tests/service/metadata_test.yaml b/helper-charts/common-test/tests/service/metadata_test.yaml deleted file mode 100644 index efe37931..00000000 --- a/helper-charts/common-test/tests/service/metadata_test.yaml +++ /dev/null @@ -1,81 +0,0 @@ -suite: service metadata -templates: - - common.yaml -tests: - - it: default metadata should pass - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - isNull: - path: metadata.annotations - - documentIndex: *ServiceDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - - - it: custom metadata should pass - set: - service: - main: - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: metadata.annotations - value: - test_annotation: test - - documentIndex: *ServiceDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - helm.sh/chart: common-test-4.0.0 - test_label: test - - - it: custom metadata with global metadata should pass - set: - global: - labels: - global_label: test - annotations: - global_annotation: test - service: - main: - annotations: - test_annotation: test - labels: - test_label: test - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: metadata.annotations - value: - global_annotation: test - test_annotation: test - - documentIndex: *ServiceDocument - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: common-test - global_label: test - helm.sh/chart: common-test-4.0.0 - test_label: test diff --git a/helper-charts/common-test/tests/service/names_test.yaml b/helper-charts/common-test/tests/service/names_test.yaml deleted file mode 100644 index 3598dc6e..00000000 --- a/helper-charts/common-test/tests/service/names_test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -suite: service names -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test - - - it: custom name suffix should pass - set: - service: - main: - nameOverride: http - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: metadata.name - value: RELEASE-NAME-common-test-http diff --git a/helper-charts/common-test/tests/service/port_names_test.yaml b/helper-charts/common-test/tests/service/port_names_test.yaml deleted file mode 100644 index ca9563b3..00000000 --- a/helper-charts/common-test/tests/service/port_names_test.yaml +++ /dev/null @@ -1,63 +0,0 @@ -suite: service port names -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0] - value: - name: main - port: 8080 - protocol: TCP - targetPort: main - - - it: custom name should pass - set: - service: - main: - ports: - main: - enabled: false - server: - enabled: true - port: 8080 - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0] - value: - name: server - port: 8080 - protocol: TCP - targetPort: server - - - it: custom target port should pass - set: - service: - main: - ports: - main: - enabled: true - targetPort: 80 - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0] - value: - name: main - port: 8080 - protocol: TCP - targetPort: 80 diff --git a/helper-charts/common-test/tests/service/port_protocols_test.yaml b/helper-charts/common-test/tests/service/port_protocols_test.yaml deleted file mode 100644 index 462879f8..00000000 --- a/helper-charts/common-test/tests/service/port_protocols_test.yaml +++ /dev/null @@ -1,71 +0,0 @@ -suite: service protocols -templates: - - common.yaml -tests: - - it: default should pass - asserts: - - hasDocuments: - count: 2 - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0].protocol - value: TCP - - - it: explicit TCP should pass - set: - service.main.ports.main.protocol: TCP - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0].protocol - value: TCP - - - it: explicit UDP should pass - set: - service.main.ports.main.protocol: UDP - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0].protocol - value: UDP - - - it: explicit HTTP should pass - set: - service.main.ports.main.protocol: HTTP - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0].protocol - value: TCP - - documentIndex: *ServiceDocument - isNull: - path: metadata.annotations - - - it: explicit HTTPS should pass - set: - service.main.ports.main.protocol: HTTPS - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.ports[0].protocol - value: TCP - - documentIndex: *ServiceDocument - equal: - path: metadata.annotations - value: - traefik.ingress.kubernetes.io/service.serversscheme: https diff --git a/helper-charts/common-test/tests/service/values_test.yaml b/helper-charts/common-test/tests/service/values_test.yaml deleted file mode 100644 index b7edd82f..00000000 --- a/helper-charts/common-test/tests/service/values_test.yaml +++ /dev/null @@ -1,33 +0,0 @@ -suite: service values -templates: - - common.yaml -tests: - - it: externalTrafficPolicy should pass for NodePort service - set: - service: - main: - type: NodePort - externalTrafficPolicy: Local - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.externalTrafficPolicy - value: Local - - - it: externalTrafficPolicy should pass for LoadBalancer service - set: - service: - main: - type: LoadBalancer - externalTrafficPolicy: Local - asserts: - - documentIndex: &ServiceDocument 1 - isKind: - of: Service - - documentIndex: *ServiceDocument - equal: - path: spec.externalTrafficPolicy - value: Local diff --git a/helper-charts/common-test/values.yaml b/helper-charts/common-test/values.yaml deleted file mode 100644 index 1f4c0b83..00000000 --- a/helper-charts/common-test/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -image: - repository: ghcr.io/truecharts/whoami - pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 - -service: - main: - ports: - main: - port: 8080 - -manifests: - enabled: false - nonBlocking: false diff --git a/helper-charts/common-test/Chart.yaml b/library/common-test/Chart.yaml similarity index 89% rename from helper-charts/common-test/Chart.yaml rename to library/common-test/Chart.yaml index 9434217d..56bf9080 100644 --- a/helper-charts/common-test/Chart.yaml +++ b/library/common-test/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: "" dependencies: - name: common - repository: file://../../charts/common - version: n/a + repository: file://../common + version: ~12.0.0 deprecated: false description: Helper chart to test different use cases of the common library home: https://github.com/truecharts/apps/tree/master/charts/library/common-test @@ -22,4 +22,4 @@ name: common-test sources: - https://github.com/truecharts/apps/tree/master/charts/library/common-test type: application -version: 4.0.0 +version: 1.0.0 diff --git a/library/common-test/README.md b/library/common-test/README.md new file mode 100644 index 00000000..e69de29b diff --git a/library/common-test/ci/basic-values.yaml b/library/common-test/ci/basic-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/basic-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/configmaps-values.yaml b/library/common-test/ci/configmaps-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/configmaps-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/extracontainers-values.yaml b/library/common-test/ci/extracontainers-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/extracontainers-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/jobs-values.yaml b/library/common-test/ci/jobs-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/jobs-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/persistence-values.yaml b/library/common-test/ci/persistence-values.yaml new file mode 100644 index 00000000..fc6c323a --- /dev/null +++ b/library/common-test/ci/persistence-values.yaml @@ -0,0 +1,98 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + port: 8080 + +args: + - --port + - '8080' + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + +persistence: + pvc-stock: + enabled: true + type: pvc + mountPath: /pvcstock + + pvc-size: + enabled: true + type: pvc + mountPath: /pvcsize + size: 1Gi + + pvc-forcedname: + enabled: true + type: pvc + forceName: "testname" + mountPath: /pvcfn + + pvc-readonly: + enabled: true + type: pvc + mountPath: /pvcro + readOnly: true + + pvc-labeled: + enabled: true + labels: + labelexample1: labelvalue2 + type: pvc + mountPath: /pvclabeled + + pvc-sc-empty: + enabled: true + type: pvc + mountPath: /pvcscempty + readOnly: false + storageClass: "" + + pvc-auto: + enabled: true + setPermissions: true + type: pvc + mountPath: /autotest + readOnly: false + + emptydir: + enabled: true + type: emptyDir + mountPath: /emptydir + + emptydir-mem: + enabled: true + type: emptyDir + mountPath: /emptydirmem + medium: Memory + + emptydir-size: + enabled: true + type: emptyDir + mountPath: /emptydirsize + sizeLimit: 1Gi + + emptydir-memsize: + enabled: true + type: emptyDir + mountPath: /emptydirmemsize + medium: Memory + sizeLimit: 1Gi + + hostpath-stock: + enabled: true + type: hostPath + hostPath: /usr + mountPath: /hptest + hostPathType: "" diff --git a/helper-charts/common-test/ci/rbac-values.yaml b/library/common-test/ci/rbac-values.yaml similarity index 88% rename from helper-charts/common-test/ci/rbac-values.yaml rename to library/common-test/ci/rbac-values.yaml index 0a39938b..5e6de232 100644 --- a/helper-charts/common-test/ci/rbac-values.yaml +++ b/library/common-test/ci/rbac-values.yaml @@ -1,7 +1,7 @@ image: - repository: ghcr.io/truecharts/whoami + repository: traefik/whoami pullPolicy: IfNotPresent - tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 + tag: latest service: main: @@ -13,6 +13,14 @@ args: - --port - '8080' +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + rbac: main: enabled: true diff --git a/library/common-test/ci/secrets-values.yaml b/library/common-test/ci/secrets-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/secrets-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/ci/statefullset-values.yaml b/library/common-test/ci/statefullset-values.yaml new file mode 100644 index 00000000..16c6b98b --- /dev/null +++ b/library/common-test/ci/statefullset-values.yaml @@ -0,0 +1,23 @@ +image: + repository: traefik/whoami + pullPolicy: IfNotPresent + tag: latest + +service: + main: + ports: + main: + protocol: HTTP + port: 8080 + +args: + - --port + - "8080" + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true diff --git a/library/common-test/templates/common.yaml b/library/common-test/templates/common.yaml new file mode 100644 index 00000000..8b11432b --- /dev/null +++ b/library/common-test/templates/common.yaml @@ -0,0 +1 @@ +{{ include "ix.v1.common.loader.all" . }} diff --git a/library/common-test/tests/cert/cert_dict_test.yaml b/library/common-test/tests/cert/cert_dict_test.yaml new file mode 100644 index 00000000..f381c6cf --- /dev/null +++ b/library/common-test/tests/cert/cert_dict_test.yaml @@ -0,0 +1,288 @@ +suite: certificate dict test +templates: + - common.yaml +tests: + - it: should fail with empty ixCertificates key + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: {} + asserts: + - failedTemplate: + errorMessage: Key is empty + + - it: should fail with cert that don't exist + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "2": + certificate: cert_content + asserts: + - failedTemplate: + errorMessage: Certificate (1) was not found. + + - it: should fail with expired cert + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + expired: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) is expired + + - it: should fail with revoked cert + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + revoked: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) has been revoked + + - it: should pass with 1 secret created with dash in name + documentIndex: &secretDoc 0 + set: + scaleCerts: + cert-name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert-name-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created + documentIndex: *secretDoc + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased and name overriden + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCerts: + certname: + id: 1 + nameOverride: name-override + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-name-override-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 EXPIRED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: true + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: true + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 1 EXPIRED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: false + scaleCerts: + certname: + id: 1 + useExpired: true + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: false + scaleCerts: + certname: + id: 1 + useRevoked: true + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc1) + documentIndex: *secretDoc + set: + scaleCerts: + certname: + id: 1 + certname2: + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc2) + documentIndex: &secretDoc 1 + set: + scaleCerts: + certname: + id: 1 + certname2: + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname2-ixcert-2-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key diff --git a/library/common-test/tests/cert/cert_list_test.yaml b/library/common-test/tests/cert/cert_list_test.yaml new file mode 100644 index 00000000..262b3f32 --- /dev/null +++ b/library/common-test/tests/cert/cert_list_test.yaml @@ -0,0 +1,288 @@ +suite: certificate list test +templates: + - common.yaml +tests: + - it: should fail with empty ixCertificates key + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: {} + asserts: + - failedTemplate: + errorMessage: Key is empty + + - it: should fail with cert that don't exist + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "2": + certificate: cert_content + asserts: + - failedTemplate: + errorMessage: Certificate (1) was not found. + + - it: should fail with expired cert + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + expired: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) is expired + + - it: should fail with revoked cert + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + revoked: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) has been revoked + + - it: should pass with 1 secret created with dash in the name + documentIndex: &secretDoc 0 + set: + scaleCertsList: + - name: cert-name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert-name-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created + documentIndex: *secretDoc + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased and name overriden + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCertsList: + - name: certname + id: 1 + nameOverride: name-override + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-name-override-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 EXPIRED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: true + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: true + scaleCertsList: + - name: certname + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 1 EXPIRED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: false + scaleCertsList: + - name: certname + id: 1 + useExpired: true + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: false + scaleCertsList: + - name: certname + id: 1 + useRevoked: true + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc1) + documentIndex: *secretDoc + set: + scaleCertsList: + - name: certname + id: 1 + - name: certname2 + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc2) + documentIndex: &secretDoc 1 + set: + scaleCertsList: + - name: certname + id: 1 + - name: certname2 + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname2-ixcert-2-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key diff --git a/library/common-test/tests/cert/cert_secret_mount_test.yaml b/library/common-test/tests/cert/cert_secret_mount_test.yaml new file mode 100644 index 00000000..cdf65cae --- /dev/null +++ b/library/common-test/tests/cert/cert_secret_mount_test.yaml @@ -0,0 +1,447 @@ +suite: certificate secret mount test +templates: + - common.yaml +release: + revision: 2 +tests: + - it: should pass with 1 secret created + documentIndex: &secretDoc 0 + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-2 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with secret with dash in the name and mounted both certificate and private key + documentIndex: &deploymentDoc 1 + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + cert-name: + id: 1 + cert: + enabled: true + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: true + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: &patternCert '^ix-certificate-cert-([0-9]+)-([a-z0-9]){5}$' + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-cert-name-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + readOnly: true + - matchRegex: + path: spec.template.spec.volumes[1].name + pattern: &patternKey '^ix-certificate-key-([0-9]+)-([a-z0-9]){5}$' + - equal: + path: spec.template.spec.volumes[1].secret + value: + secretName: RELEASE-NAME-common-test-cert-name-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[1].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[1] + content: + mountPath: /some/path/key.key + subPath: tls.key + readOnly: true + + - it: should pass with mounted secret both certificate and private key + documentIndex: *deploymentDoc + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: true + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: true + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + readOnly: true + - matchRegex: + path: spec.template.spec.volumes[1].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[1].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[1].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[1] + content: + mountPath: /some/path/key.key + subPath: tls.key + readOnly: true + + - it: should pass with mounted secret only certificate + documentIndex: *deploymentDoc + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: true + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: false + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + readOnly: true + + - it: should pass with mounted secret only private key + documentIndex: *deploymentDoc + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: false + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: true + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + asserts: + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/key.key + subPath: tls.key + readOnly: true + + - it: should pass with 2 mounted secret both certificate and private key + documentIndex: &secondDeploymentDoc 2 + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + "2": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: true + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: true + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + certname2: + id: 2 + cert: + enabled: true + path: /some/path/crt.key + readOnly: true + defaultMode: "0700" + key: + enabled: true + path: /some/path/key.key + readOnly: true + defaultMode: "0700" + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + readOnly: true + + - matchRegex: + path: spec.template.spec.volumes[1].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[1].secret + value: + secretName: RELEASE-NAME-common-test-certname2-ixcert-2-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[1].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[1] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + readOnly: true + + - matchRegex: + path: spec.template.spec.volumes[2].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[2].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[2].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[2] + content: + mountPath: /some/path/key.key + subPath: tls.key + readOnly: true + + - matchRegex: + path: spec.template.spec.volumes[3].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[3].secret + value: + secretName: RELEASE-NAME-common-test-certname2-ixcert-2-2 + defaultMode: 0700 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[3].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[3] + content: + mountPath: /some/path/key.key + subPath: tls.key + readOnly: true + + - it: should pass with mounted secret both certificate and private key without extra options + documentIndex: *deploymentDoc + set: + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: true + path: /some/path/crt.key + key: + enabled: true + path: /some/path/key.key + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + - matchRegex: + path: spec.template.spec.volumes[1].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[1].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[1].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[1] + content: + mountPath: /some/path/key.key + subPath: tls.key + + - it: should pass with mounted secret both certificate and private key without extra options and paths from tpl + documentIndex: *deploymentDoc + set: + path1: /some/path/crt.key + path2: /some/path/key.key + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + scaleCerts: + certname: + id: 1 + cert: + enabled: true + path: "{{ .Values.path1 }}" + key: + enabled: true + path: "{{ .Values.path2 }}" + asserts: + - isKind: + of: Deployment + - matchRegex: + path: spec.template.spec.volumes[0].name + pattern: *patternCert + - equal: + path: spec.template.spec.volumes[0].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[0].name + pattern: *patternCert + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[0] + content: + mountPath: /some/path/crt.key + subPath: tls.crt + - matchRegex: + path: spec.template.spec.volumes[1].name + pattern: *patternKey + - equal: + path: spec.template.spec.volumes[1].secret + value: + secretName: RELEASE-NAME-common-test-certname-ixcert-1-2 + - matchRegex: + path: spec.template.spec.containers[0].volumeMounts[1].name + pattern: *patternKey + - isSubset: + path: spec.template.spec.containers[0].volumeMounts[1] + content: + mountPath: /some/path/key.key + subPath: tls.key diff --git a/library/common-test/tests/cert/cert_test.yaml b/library/common-test/tests/cert/cert_test.yaml new file mode 100644 index 00000000..b9d36141 --- /dev/null +++ b/library/common-test/tests/cert/cert_test.yaml @@ -0,0 +1,185 @@ +suite: certificate test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with 1 secret created + documentIndex: &secretDoc 0 + set: + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-certname-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + - isNull: + path: metadata.annotations + + - it: should pass with 1 secret created with global labels added + documentIndex: &secretDoc 0 + set: + global: + labels: + some_key: some_value + some_key1: some_value1 + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + - isNull: + path: metadata.annotations + + - it: should pass with 1 secret created with global labels added from tpl + documentIndex: &secretDoc 0 + set: + k1: some_value + k2: some_value1 + global: + labels: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + - isNull: + path: metadata.annotations + + - it: should pass with 1 secret created with global annotations added + documentIndex: &secretDoc 0 + set: + global: + annotations: + some_key: some_value + some_key1: some_value1 + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - equal: + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 + + - it: should pass with 1 secret created with global annotations added from tpl + documentIndex: &secretDoc 0 + set: + k1: some_value + k2: some_value1 + global: + annotations: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + scaleCerts: + certname: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - equal: + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 + + - it: should fail with uppercase in cert name + set: + scaleCerts: + certName: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - failedTemplate: + errorMessage: Certificate has invalid name (certName). Name must be lowercase. + + - it: should fail with underscore in cert name + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - failedTemplate: + errorMessage: Certificate has invalid name (cert_name). Name cannot contain underscores (_) diff --git a/library/common-test/tests/configmap/configmap_test.yaml b/library/common-test/tests/configmap/configmap_test.yaml new file mode 100644 index 00000000..904200a4 --- /dev/null +++ b/library/common-test/tests/configmap/configmap_test.yaml @@ -0,0 +1,616 @@ +suite: configmap test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without a dict in configmap + set: + configmap: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: key must have at least one dict. Found (bool) + + - it: should fail with uppercase in name in configmap + set: + configmap: + someName: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: Configmap has invalid name (someName). Name must be lowercase. + + - it: should fail with underscore in name in configmap + set: + configmap: + some_name: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: Configmap has invalid name (some_name). Name cannot contain underscores (_). + + - it: should fail with empty content in configmap + set: + configmap: + somename: + enabled: true + content: + asserts: + - failedTemplate: + errorMessage: Content of Configmap (somename) are empty. Please disable or add content. + + - it: should fail with string in content in configmap + set: + configmap: + somename: + enabled: true + content: something + asserts: + - failedTemplate: + errorMessage: Content of Configmap (somename) are string. Must be in key/value format. Value can be scalar too. + + - it: should pass with 1 configmap created with parseAsEnv set + documentIndex: &configMapDoc 0 + set: + configmap: + some-name: + enabled: true + parseAsEnv: true + content: + key1: 123 + key2: value2 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: data + value: + key1: "123" + key2: value2 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with empty key in content in configmap + documentIndex: *configMapDoc + set: + configmap: + somename: + enabled: true + content: + key: "" + asserts: + - equal: + path: data + value: + key: "" + + - it: should pass with 1 configmap created with parseAsEnv and values set from tpl + documentIndex: *configMapDoc + set: + k1: 123 + k2: value2 + configmap: + some-name: + enabled: true + parseAsEnv: true + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + asserts: + - equal: + path: data + value: + key1: "123" + key2: value2 + + - it: should pass with 1 configmap created with nameOverride set + documentIndex: *configMapDoc + set: + k1: true + k2: value2 + configmap: + some-name: + enabled: true + parseAsEnv: true + nameOverride: some-new-name + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + asserts: + - equal: + path: data + value: + key1: "true" + key2: value2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-new-name + + - it: should pass with multiple configmap created with parseAsEnv set (1/2) and values from tpl + documentIndex: *configMapDoc + set: + k1: value1 + k2: false + k3: value3 + k4: value4 + configmap: + some-name: + enabled: true + parseAsEnv: true + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + some-other-name: + enabled: true + parseAsEnv: true + content: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: data + value: + key1: value1 + key2: "false" + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple configmap created with parseAsEnv set (2/2) and values from tpl + documentIndex: &otherConfigMapDoc 1 + set: + configmap: + some-name: + enabled: true + parseAsEnv: true + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + parseAsEnv: true + content: + key3: value3 + key4: value4 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: data + value: + key3: value3 + key4: value4 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple configmap created with scalar in contents and tpl (1/2) + documentIndex: *configMapDoc + set: + k1: value1 + k2: 80 + k3: pair + k4: value2 + k5: 81 + k6: false + configmap: + some-name: + enabled: true + content: + key: "{{ .Values.k3 }}" + nginx.conf1: | + alias {{ .Values.k1 }} + listen {{ .Values.k2 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + some-other-name: + enabled: true + content: + key: "{{ .Values.k6 }}" + nginx.conf2: | + alias {{ .Values.k4 }} + listen {{ .Values.k5 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + asserts: + - equal: + path: data + value: + key: pair + nginx.conf1: | + alias value1 + listen 80 + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with multiple configmap created with scalar in contents and tpl (2/2) + documentIndex: *otherConfigMapDoc + set: + k1: value1 + k2: 80 + k3: pair + k4: value2 + k5: 81 + k6: false + configmap: + some-name: + enabled: true + content: + key: "{{ .Values.k3 }}" + nginx.conf1: | + alias {{ .Values.k1 }} + listen {{ .Values.k2 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + some-other-name: + enabled: true + content: + key: "{{ .Values.k6 }}" + nginx.conf2: | + alias {{ .Values.k4 }} + listen {{ .Values.k5 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + asserts: + - equal: + path: data + value: + key: "false" + nginx.conf2: | + alias value2 + listen 81 + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + + - it: should pass with multiple configmap created and labels and global labels added from tpl (1/2) + documentIndex: *configMapDoc + set: + l1: lab1 + l2: lab2 + l5: lab5 + l6: lab6 + global: + labels: + gl1: glab1 + gl2: glab2 + configmap: + some-name: + enabled: true + labels: + label1: "{{ .Values.l1 }}" + label2: "{{ .Values.l2 }}" + label3: lab3 + label4: lab4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + labels: + label5: "{{ .Values.l5 }}" + label6: "{{ .Values.l6 }}" + label7: lab7 + label8: lab8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + label1: lab1 + label2: lab2 + label3: lab3 + label4: lab4 + gl1: glab1 + gl2: glab2 + + - it: should pass with multiple configmap created and labels and global labels added from tpl (2/2) + documentIndex: *otherConfigMapDoc + set: + l1: lab1 + l2: lab2 + l5: lab5 + l6: lab6 + global: + labels: + gl1: glab1 + gl2: glab2 + configmap: + some-name: + enabled: true + labels: + label1: "{{ .Values.l1 }}" + label2: "{{ .Values.l2 }}" + label3: lab3 + label4: lab4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + labels: + label5: "{{ .Values.l5 }}" + label6: "{{ .Values.l6 }}" + label7: lab7 + label8: lab8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + label5: lab5 + label6: lab6 + label7: lab7 + label8: lab8 + gl1: glab1 + gl2: glab2 + + - it: should pass with multiple configmap created and annotations and global annotations added from tpl (1/2) + documentIndex: *configMapDoc + set: + a1: anno1 + a2: anno2 + a5: anno5 + a6: anno6 + global: + annotations: + ga1: ganno1 + ga2: ganno2 + configmap: + some-name: + enabled: true + annotations: + annotation1: "{{ .Values.a1 }}" + annotation2: "{{ .Values.a2 }}" + annotation3: anno3 + annotation4: anno4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + annotations: + annotation5: "{{ .Values.a5 }}" + annotation6: "{{ .Values.a6 }}" + annotation7: anno7 + annotation8: anno8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - equal: + path: metadata.annotations + value: + annotation1: anno1 + annotation2: anno2 + annotation3: anno3 + annotation4: anno4 + ga1: ganno1 + ga2: ganno2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple configmap created and annotations and global annotations added from tpl (2/2) + documentIndex: *otherConfigMapDoc + set: + a1: anno1 + a2: anno2 + a5: anno5 + a6: anno6 + global: + annotations: + ga1: ganno1 + ga2: ganno2 + configmap: + some-name: + enabled: true + annotations: + annotation1: "{{ .Values.a1 }}" + annotation2: "{{ .Values.a2 }}" + annotation3: anno3 + annotation4: anno4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + annotations: + annotation5: "{{ .Values.a5 }}" + annotation6: "{{ .Values.a6 }}" + annotation7: anno7 + annotation8: anno8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ConfigMap + - equal: + path: metadata.annotations + value: + annotation5: anno5 + annotation6: anno6 + annotation7: anno7 + annotation8: anno8 + ga1: ganno1 + ga2: ganno2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME diff --git a/library/common-test/tests/container_in_deployment/command-arg_test.yaml b/library/common-test/tests/container_in_deployment/command-arg_test.yaml new file mode 100644 index 00000000..1b20a3e5 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/command-arg_test.yaml @@ -0,0 +1,238 @@ +suite: container in deployment command-arg test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with command set single value + documentIndex: *deploymentDoc + set: + command: entrypoint.sh + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - entrypoint.sh + + - it: should pass with command set single value from tpl + documentIndex: *deploymentDoc + set: + cmd: entrypoint.sh + command: "{{ .Values.cmd }}" + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - entrypoint.sh + + - it: should pass with command set + documentIndex: *deploymentDoc + set: + command: + - /bin/bash + - test + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - /bin/bash + - test + + - it: should pass with command block set + documentIndex: *deploymentDoc + set: + command: + - /bin/bash + - -c + - | + echo "works!" + exit + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - /bin/bash + - -c + - | + echo "works!" + exit + + - it: should pass with command set from tpl + documentIndex: *deploymentDoc + set: + some_key: some_value + command: + - /bin/bash + - "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].command + value: + - /bin/bash + - some_value + + - it: should pass with args set with single value + documentIndex: *deploymentDoc + set: + args: --worker + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --worker + + - it: should pass with args set with single value from tpl + documentIndex: *deploymentDoc + set: + some_arg: --worker + args: "{{ .Values.some_arg }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --worker + + - it: should pass with args set + documentIndex: *deploymentDoc + set: + args: + - --port + - 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - 8000 + + - it: should pass with args set from tpl + documentIndex: *deploymentDoc + set: + some_port: 9000 + args: + - --port + - "{{ .Values.some_port }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - "9000" + + - it: should pass with extraArgs set single value + documentIndex: *deploymentDoc + set: + extraArgs: --worker + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --worker + + - it: should pass with extraArgs set single value from tpl + documentIndex: *deploymentDoc + set: + some_extra_arg: --worker + extraArgs: "{{ .Values.some_extra_arg }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --worker + + - it: should pass with extraArgs set + documentIndex: *deploymentDoc + set: + extraArgs: + - --port + - 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - 8000 + + - it: should pass with extraArgs set from tpl + documentIndex: *deploymentDoc + set: + some_port: 9000 + extraArgs: + - --port + - "{{ .Values.some_port }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - "9000" + + - it: should pass with args and extraArgs set + documentIndex: *deploymentDoc + set: + args: + - --port + - 8000 + extraArgs: + - --photos + - /photos + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - 8000 + - --photos + - /photos + + - it: should pass with args and extraArgs set from tpl + documentIndex: *deploymentDoc + set: + some_port: 9000 + some_path: /photos + args: + - --port + - "{{ .Values.some_port }}" + extraArgs: + - --photos + - "{{ .Values.some_path }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --port + - "9000" + - --photos + - /photos + + - it: should pass with args and extraArgs set - single values + documentIndex: *deploymentDoc + set: + args: --path + extraArgs: /photos + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --path + - /photos + + - it: should pass with args and extraArgs set from tpl - single values + documentIndex: *deploymentDoc + set: + some_arg: --path + some_path: /photos + args: "{{ .Values.some_arg }}" + extraArgs: "{{ .Values.some_path }}" + asserts: + - equal: + path: spec.template.spec.containers[0].args + value: + - --path + - /photos diff --git a/library/common-test/tests/container_in_deployment/env_from.yaml b/library/common-test/tests/container_in_deployment/env_from.yaml new file mode 100644 index 00000000..2cc21a89 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/env_from.yaml @@ -0,0 +1,139 @@ +suite: container in deployment envFrom test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with envFrom configMapRef has empty name + set: + envFrom: + - configMapRef: + name: "" + asserts: + - failedTemplate: + errorMessage: Name is required for configMapRef in envFrom. + + - it: should fail with envFrom secretRef has empty name + set: + envFrom: + - secretRef: + name: "" + asserts: + - failedTemplate: + errorMessage: Name is required for secretRef in envFrom. + + - it: should fail with envFrom secretRef has missing name + set: + envFrom: + - secretRef: + asserts: + - failedTemplate: + errorMessage: Not valid Ref or key is missing in envFrom. + + - it: should fail with envFrom configMapRef has missing name + set: + envFrom: + - configMapRef: + asserts: + - failedTemplate: + errorMessage: Not valid Ref or key is missing in envFrom. + + - it: should fail with envFrom configMapRef and secretRef on the same item + set: + envFrom: + - configMapRef: + name: something + secretRef: + name: something + asserts: + - failedTemplate: + errorMessage: You can't define both secretRef and configMapRef on the same item. + + - it: should pass with envFrom configMapRef entry added + documentIndex: *deploymentDoc + set: + envFrom: + - configMapRef: + name: some_name + asserts: + - equal: + path: spec.template.spec.containers[0].envFrom + value: + - configMapRef: + name: some_name + + - it: should pass with envFrom configMapRef entries added from tpl + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].envFrom + value: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with envFrom secretRef entry added + documentIndex: *deploymentDoc + set: + envFrom: + - secretRef: + name: some_name + asserts: + - equal: + path: spec.template.spec.containers[0].envFrom + value: + - secretRef: + name: some_name + + - it: should pass with envFrom secretRef entries added from tpl + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + envFrom: + - secretRef: + name: "{{ .Values.some_name }}" + - secretRef: + name: "{{ .Values.some_name2 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].envFrom + value: + - secretRef: + name: a_name + - secretRef: + name: a_name2 + + - it: should pass with envFrom secretRef and configMapRef entries added from tpl + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + envFrom: + - secretRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].envFrom + value: + - secretRef: + name: a_name + - configMapRef: + name: a_name2 diff --git a/library/common-test/tests/container_in_deployment/env_list.yaml b/library/common-test/tests/container_in_deployment/env_list.yaml new file mode 100644 index 00000000..c0ce9598 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/env_list.yaml @@ -0,0 +1,173 @@ +suite: container in deployment env list test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with envList missing name + set: + envList: + - value: some_value + asserts: + - failedTemplate: + errorMessage: Please specify both name and value for environment variable + + - it: should fail with envList missing value + set: + envList: + - name: some_name + asserts: + - failedTemplate: + errorMessage: Please specify both name and value for environment variable + + - it: should fail with envList name as a map + set: + envList: + - name: + some_key: some_value + value: some_value + asserts: + - failedTemplate: + errorMessage: Name in envList cannot be a map or slice + + - it: should fail with envList name as a slice + set: + envList: + - name: + - some_key: some_value + value: some_value + asserts: + - failedTemplate: + errorMessage: Name in envList cannot be a map or slice + + - it: should fail with envList value as a map + set: + envList: + - name: some_name + value: + some_key: some_value + asserts: + - failedTemplate: + errorMessage: Value in envList cannot be a map or slice + + - it: should fail with envList value as a slice + set: + envList: + - name: some_name + value: + - some_key: some_value + asserts: + - failedTemplate: + errorMessage: Value in envList cannot be a map or slice + + - it: should pass with envList entry added + documentIndex: *deploymentDoc + set: + envList: + - name: some_name + value: some_value + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: some_name + value: some_value + + - it: should pass with envList entries added + documentIndex: *deploymentDoc + set: + envList: + - name: some_name + value: some_value + - name: some_name2 + value: some_value2 + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: some_name + value: some_value + - name: some_name2 + value: some_value2 + + - it: should pass with envList entry added from tpl + documentIndex: *deploymentDoc + set: + some_name: a_name + some_value: a_value + envList: + - name: "{{ .Values.some_name }}" + value: "{{ .Values.some_value }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: a_name + value: a_value + + - it: should pass with envList entries added + documentIndex: *deploymentDoc + set: + some_name: a_name + some_value: a_value + some_name2: a_name2 + some_value2: a_value2 + envList: + - name: "{{ .Values.some_name }}" + value: "{{ .Values.some_value }}" + - name: "{{ .Values.some_name2 }}" + value: "{{ .Values.some_value2 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: a_name + value: a_value + - name: a_name2 + value: a_value2 diff --git a/library/common-test/tests/container_in_deployment/env_test.yaml b/library/common-test/tests/container_in_deployment/env_test.yaml new file mode 100644 index 00000000..34c2deaf --- /dev/null +++ b/library/common-test/tests/container_in_deployment/env_test.yaml @@ -0,0 +1,690 @@ +suite: container in deployment env test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with envs defined as a list + set: + env: + - name: some_name + value: some_value + asserts: + - failedTemplate: + errorMessage: Environment Variables as a list is not supported. Use key-value format. + + - it: should fail with envs defined with an invalid keyRef + set: + env: + ENVVAR: + invalidKeyRef: + name: blabla + key: blbla + asserts: + - failedTemplate: + errorMessage: Not a valid valueFrom reference. Valid options are (configMapKeyRef and secretKeyRef) + + - it: should fail with envs defined without a name in configMapKeyRef + set: + env: + ENVVAR: + configMapKeyRef: + key: some_key + asserts: + - failedTemplate: + errorMessage: for the keyRef is not defined in (ENVVAR) + + - it: should fail with envs defined without a name in secretKeyRef + set: + env: + ENVVAR: + secretKeyRef: + key: some_key + asserts: + - failedTemplate: + errorMessage: for the keyRef is not defined in (ENVVAR) + + - it: should fail with envs defined without a key in configMapKeyRef + set: + env: + ENVVAR: + configMapKeyRef: + name: some_name + asserts: + - failedTemplate: + errorMessage: for the keyRef is not defined in (ENVVAR) + + - it: should fail with envs defined without a key in secretKeyRef + set: + env: + ENVVAR: + secretKeyRef: + name: some_name + asserts: + - failedTemplate: + errorMessage: for the keyRef is not defined in (ENVVAR) + + - it: should fail with envs defined with a non-bool in secretKeyRef + set: + env: + ENVVAR: + secretKeyRef: + name: some_name + key: some_key + optional: non-bool + asserts: + - failedTemplate: + errorMessage: in secretKeyRef must be a boolean on Environment Variable (ENVVAR) + + - it: should fail with envs defined with valueFrom key + set: + env: + ENVVAR: + valueFrom: + secretKeyRef: + name: some_name + key: some_key + optional: non-bool + asserts: + - failedTemplate: + errorMessage: Please remove and use directly configMapKeyRef or secretKeyRef + + - it: should fail with envs defined with optional in configMapKeyRef + set: + env: + ENVVAR: + configMapKeyRef: + name: some_name + key: some_key + optional: non-bool + asserts: + - failedTemplate: + errorMessage: is not supported in configMapRefKey + + - it: should fail with env trying to override fixedEnv + set: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap + set: + env: + ENVVAR: something + configmap: + somename: + enabled: true + parseAsEnv: true + content: + ENVVAR: ABC + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (ENVVAR) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (env)] and [to (ABC) on (configmap-RELEASE-NAME-common-test-somename)] + + - it: should fail with env trying to override secret + set: + env: + ENVVAR: something + secret: + somename: + enabled: true + parseAsEnv: true + content: + ENVVAR: ABC + envFrom: + - secretRef: + name: RELEASE-NAME-common-test-somename + asserts: + - failedTemplate: + errorMessage: Environment Variable (ENVVAR) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (env)] and [to (ABC) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with env trying to override envList + set: + env: + ENVVAR: something + envList: + - name: ENVVAR + value: ABC + asserts: + - failedTemplate: + errorMessage: Environment Variable (ENVVAR) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (env)] and [to (ABC) on (envList)] + + - it: should fail with envList trying to override fixedEnv + set: + envList: + - name: TZ + value: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (envList)] + + - it: should fail with envList trying to override env + set: + env: + POSTGRES_HOST: postgres.svc.cluster.local + envList: + - name: POSTGRES_HOST + value: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (env)] and [to (something) on (envList)] + + - it: should fail with envList trying to override configmap + set: + envList: + - name: POSTGRES_HOST + value: something + configmap: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (envList)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] + + - it: should fail with envList trying to override secret + set: + envList: + - name: POSTGRES_HOST + value: something + secret: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - secretRef: + name: RELEASE-NAME-common-test-somename + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (envList)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with configmap trying to override fixedEnv + set: + configmap: + somename: + enabled: true + parseAsEnv: true + content: + TZ: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] + + - it: should fail with configmap trying to override env + set: + env: + POSTGRES_HOST: postgres.svc.cluster.local + configmap: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (env)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] + + - it: should fail with configmap trying to override envList + set: + envList: + - name: POSTGRES_HOST + value: postgres.svc.cluster.local + configmap: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (envList)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] + + - it: should fail with configmap trying to override secret + set: + secret: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something123 + configmap: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (configmap-RELEASE-NAME-common-test-somename)] and [to (something123) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with secret trying to override fixedEnv + set: + secret: + somename: + enabled: true + parseAsEnv: true + content: + TZ: something + envFrom: + - secretRef: + name: RELEASE-NAME-common-test-somename + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with secret trying to override env + set: + env: + POSTGRES_HOST: postgres.svc.cluster.local + secret: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - secretRef: + name: RELEASE-NAME-common-test-somename + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (env)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with secret trying to override envList + set: + envList: + - name: POSTGRES_HOST + value: postgres.svc.cluster.local + secret: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - secretRef: + name: RELEASE-NAME-common-test-somename + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (envList)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should fail with secret trying to override configmap + set: + configmap: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something123 + secret: + somename: + enabled: true + parseAsEnv: true + content: + POSTGRES_HOST: something + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' + asserts: + - failedTemplate: + errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something123) on (configmap-RELEASE-NAME-common-test-somename)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] + + - it: should pass with envs defined with int value + documentIndex: *deploymentDoc + set: + env: + ENVVAR: 123 + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + value: "123" + + - it: should pass with envs defined with bool value + documentIndex: *deploymentDoc + set: + env: + ENVVAR: true + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + value: "true" + + - it: should pass with envs defined with string value + documentIndex: *deploymentDoc + set: + env: + ENVVAR: "some_value" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + value: "some_value" + + - it: should pass with multiple envs defined via tpl + documentIndex: *deploymentDoc + set: + some_string: a_string + some_int: 123 + some_bool: false + env: + ENVVAR: "{{ .Values.some_string }}" + ENVVAR2: "{{ .Values.some_int }}" + ENVVAR3: "{{ .Values.some_bool }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + value: "a_string" + - name: ENVVAR2 + value: "123" + - name: ENVVAR3 + value: "false" + + - it: should pass with envs defined with valueFrom configMapKeyRef + documentIndex: *deploymentDoc + set: + env: + ENVVAR: + configMapKeyRef: + name: some_name + key: some_key + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + configMapKeyRef: + name: some_name + key: some_key + + - it: should pass with envs defined with valueFrom secretKeyRef + documentIndex: *deploymentDoc + set: + env: + ENVVAR: + secretKeyRef: + name: some_name + key: some_key + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + secretKeyRef: + name: some_name + key: some_key + + - it: should pass with envs defined with valueFrom configMapKeyRef from tpl + documentIndex: *deploymentDoc + set: + name: some_name + key: some_key + env: + ENVVAR: + configMapKeyRef: + name: "{{ .Values.name }}" + key: "{{ .Values.key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + configMapKeyRef: + name: some_name + key: some_key + + - it: should pass with envs defined with valueFrom secretKeyRef from tpl + documentIndex: *deploymentDoc + set: + name: some_name + key: some_key + env: + ENVVAR: + secretKeyRef: + name: "{{ .Values.name }}" + key: "{{ .Values.key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + secretKeyRef: + name: some_name + key: some_key + + - it: should pass with envs defined with valueFrom secretKeyRef with true + documentIndex: *deploymentDoc + set: + env: + ENVVAR: + secretKeyRef: + name: some_name + key: some_key + optional: true + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + secretKeyRef: + optional: true + name: some_name + key: some_key + + - it: should pass with envs defined with valueFrom secretKeyRef with false + documentIndex: *deploymentDoc + set: + env: + ENVVAR: + secretKeyRef: + name: some_name + key: some_key + optional: false + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + secretKeyRef: + optional: false + name: some_name + key: some_key + + - it: should pass with multiple envs defined with valueFrom configMapKeyRef and secretKeyRef via tpl + documentIndex: *deploymentDoc + set: + name: some_name + key: some_key + name2: some_name2 + key2: some_key2 + name3: some_name3 + key3: some_key3 + env: + ENVVAR: + configMapKeyRef: + name: "{{ .Values.name }}" + key: "{{ .Values.key }}" + ENVVAR2: + secretKeyRef: + name: "{{ .Values.name2 }}" + key: "{{ .Values.key2 }}" + optional: false + ENVVAR3: + secretKeyRef: + name: "{{ .Values.name3 }}" + key: "{{ .Values.key3 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: "void" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: ENVVAR + valueFrom: + configMapKeyRef: + name: some_name + key: some_key + - name: ENVVAR2 + valueFrom: + secretKeyRef: + name: some_name2 + key: some_key2 + optional: false + - name: ENVVAR3 + valueFrom: + secretKeyRef: + name: some_name3 + key: some_key3 diff --git a/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml b/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml new file mode 100644 index 00000000..c6d592a1 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml @@ -0,0 +1,393 @@ +suite: container in deployment fixed env test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with empty PUID + documentIndex: *deploymentDoc + set: + security: + PUID: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (568) to take effect. + + - it: should fail with PUID not-int + documentIndex: *deploymentDoc + set: + security: + PUID: "1000" + asserts: + - failedTemplate: + errorMessage: key has value of ("1000"). But must be an int. + + - it: should fail with empty UMASK + documentIndex: *deploymentDoc + set: + security: + UMASK: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (002) to take effect. + + - it: should fail with UMASK not-string + documentIndex: *deploymentDoc + set: + security: + UMASK: 2 + asserts: + - failedTemplate: + errorMessage: key must be a string, so the format is kept intact. + + - it: should pass with injectFixedEnvs false + documentIndex: *deploymentDoc + set: + injectFixedEnvs: false + asserts: + - isNull: + path: spec.template.spec.containers[0].env + + - it: should pass with TZ and UMASK changed + documentIndex: *deploymentDoc + set: + TZ: ETC + security: + UMASK: "003" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: ETC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with an env referencing TZ and PUID + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsNonRoot: false + env: + TIMEZONE: "{{ .Values.TZ }}" + APP_USER_ID: "{{ .Values.security.PUID }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "568" + - name: USER_ID + value: "568" + - name: UID + value: "568" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + - name: APP_USER_ID + value: "568" + - name: TIMEZONE + value: UTC + + - it: should pass without S6_READ_ONLY_ROOT + documentIndex: *deploymentDoc + set: + securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + + - it: should pass with scaleGPU set + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_DRIVER_CAPABILITIES + value: all + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs changed because run as user root + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsNonRoot: false + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "568" + - name: USER_ID + value: "568" + - name: UID + value: "568" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs changed because run as group root + documentIndex: *deploymentDoc + set: + securityContext: + runAsGroup: 0 + runAsNonRoot: false + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "568" + - name: USER_ID + value: "568" + - name: UID + value: "568" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs changed because run as user root and PUID 0 + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + PUID: 0 + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "0" + - name: USER_ID + value: "0" + - name: UID + value: "0" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs changed because run as group root and PUID 0 + documentIndex: *deploymentDoc + set: + securityContext: + runAsGroup: 0 + runAsNonRoot: false + security: + PUID: 0 + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "0" + - name: USER_ID + value: "0" + - name: UID + value: "0" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs changed because run as group root and fsGroup 0 and PUID 0 + documentIndex: *deploymentDoc + set: + podSecurityContext: + fsGroup: 0 + securityContext: + runAsGroup: 0 + runAsNonRoot: false + security: + PUID: 0 + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "0" + - name: USER_ID + value: "0" + - name: UID + value: "0" + - name: PGID + value: "0" + - name: GROUP_ID + value: "0" + - name: GID + value: "0" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with envs defined with scaleGPU + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_DRIVER_CAPABILITIES + value: "all" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should fail with non-unique nvidiaCaps + documentIndex: *deploymentDoc + set: + nvidiaCaps: + - compute + - compute + - utility + asserts: + - failedTemplate: + errorMessage: ([compute compute utility]) are must have unique values only + + - it: should fail with invalid nvidiaCaps value + documentIndex: *deploymentDoc + set: + nvidiaCaps: + - invalid + - compute + - utility + asserts: + - failedTemplate: + errorMessage: Invalid options in (invalid). Valid options are compute, utility, all, graphics, video + + - it: should pass with envs defined with scaleGPU and custom capabilities + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + nvidiaCaps: + - compute + - utility + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: "UTC" + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_DRIVER_CAPABILITIES + value: "compute,utility" + - name: S6_READ_ONLY_ROOT + value: "1" diff --git a/library/common-test/tests/container_in_deployment/image_test.yaml b/library/common-test/tests/container_in_deployment/image_test.yaml new file mode 100644 index 00000000..d825cd97 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/image_test.yaml @@ -0,0 +1,120 @@ + +suite: container in deployment image test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with imagePullPolicy changed + documentIndex: *deploymentDoc + set: + image: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should pass with image changed + documentIndex: *deploymentDoc + set: + image: + repository: some_repo + tag: some_tag + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: some_repo:some_tag + + - it: should fail without repository + set: + image: + repository: "" + tag: some_tag + asserts: + - failedTemplate: + errorMessage: Image is required + + - it: should fail without tag + set: + image: + repository: some_repo + tag: "" + asserts: + - failedTemplate: + errorMessage: Image is required + + - it: should fail with invalid pullPolicy + set: + image: + repository: some_repo + tag: some_tag + pullPolicy: invalid_policy + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_policy). Valid options are IfNotPresent, Always, Never + + - it: should fail with selected image that does not exist in values + set: + imageX: + repository: some_repo + tag: some_tag + pullPolicy: invalid_policy + imageSelector: imageY + asserts: + - failedTemplate: + errorMessage: Selected image (imageY) does not exist in values + + - it: should pass with image from image selector + documentIndex: *deploymentDoc + set: + betaImage: + repository: some_other_repo + tag: some_other_tag + imageSelector: betaImage + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: some_other_repo:some_other_tag + + - it: should pass with pullPolicy from image selector + documentIndex: *deploymentDoc + set: + betaImage: + repository: some_other_repo + tag: some_other_tag + pullPolicy: Never + imageSelector: betaImage + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: some_other_repo:some_other_tag + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Never + + - it: should fail without repo from image selector + set: + betaImage: + repository: "" + tag: some_other_tag + imageSelector: betaImage + asserts: + - failedTemplate: + errorMessage: Image is required + + - it: should fail without tag from image selector + set: + betaImage: + repository: some_other_repo + tag: "" + imageSelector: betaImage + asserts: + - failedTemplate: + errorMessage: Image is required diff --git a/library/common-test/tests/container_in_deployment/lifecycle_test.yaml b/library/common-test/tests/container_in_deployment/lifecycle_test.yaml new file mode 100644 index 00000000..56aef6d4 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/lifecycle_test.yaml @@ -0,0 +1,194 @@ + +suite: container in deployment lifecycle test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with single postStart lifecycle set + documentIndex: *deploymentDoc + set: + lifecycle: + postStart: + command: some_command + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + postStart: + exec: + command: + - some_command + + - it: should pass with single postStart lifecycle set from tpl + documentIndex: *deploymentDoc + set: + some_key: some_command + lifecycle: + postStart: + command: "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + postStart: + exec: + command: + - some_command + + - it: should pass with postStart lifecycle set + documentIndex: *deploymentDoc + set: + lifecycle: + postStart: + command: + - /bin/bash + - test + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + postStart: + exec: + command: + - /bin/bash + - test + + - it: should pass with postStart lifecycle set from tpl + documentIndex: *deploymentDoc + set: + some_key: some_value + lifecycle: + postStart: + command: + - /bin/bash + - "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + postStart: + exec: + command: + - /bin/bash + - some_value + + - it: should pass with single preStop lifecycle set + documentIndex: *deploymentDoc + set: + lifecycle: + preStop: + command: some_command + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + preStop: + exec: + command: + - some_command + + - it: should pass with single preStop lifecycle set from tpl + documentIndex: *deploymentDoc + set: + some_key: some_command + lifecycle: + preStop: + command: "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + preStop: + exec: + command: + - some_command + + + - it: should pass with preStop lifecycle set + documentIndex: *deploymentDoc + set: + lifecycle: + preStop: + command: + - /bin/bash + - test + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + preStop: + exec: + command: + - /bin/bash + - test + + - it: should pass with preStop lifecycle set from tpl + documentIndex: *deploymentDoc + set: + some_key: some_value + lifecycle: + preStop: + command: + - /bin/bash + - "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].lifecycle + value: + preStop: + exec: + command: + - /bin/bash + - some_value + + - it: should fail with invalid key + set: + lifecycle: + preStart: + command: something + asserts: + - failedTemplate: + errorMessage: Invalid key (preStart) in lifecycle. Valid keys are preStop and postStart + + - it: should fail with no command in preStop + set: + lifecycle: + preStop: + command: "" + asserts: + - failedTemplate: + errorMessage: No commands were given for preStop lifecycle hook + + - it: should fail with no command in postStart + set: + lifecycle: + postStart: + command: "" + asserts: + - failedTemplate: + errorMessage: No commands were given for postStart lifecycle hook + + - it: should fail with no command in preStop + set: + lifecycle: + preStop: + command: "" + asserts: + - failedTemplate: + errorMessage: No commands were given for preStop lifecycle hook + + - it: should fail with no command in postStart + set: + lifecycle: + postStart: + command: "" + asserts: + - failedTemplate: + errorMessage: No commands were given for postStart lifecycle hook diff --git a/library/common-test/tests/container_in_deployment/port_test.yaml b/library/common-test/tests/container_in_deployment/port_test.yaml new file mode 100644 index 00000000..96308ce1 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/port_test.yaml @@ -0,0 +1,235 @@ +suite: container in deployment port test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with named port + set: + service: + main: + ports: + main: + port: 443 + targetPort: some_name + asserts: + - failedTemplate: + errorMessage: This common library does not support named ports for targetPort. port name (main), targetPort (some_name) + + - it: should fail without port + set: + service: + main: + ports: + main: + port: + asserts: + - failedTemplate: + errorMessage: Port is required on enabled services. Service (main) + + - it: should fail with multiple port, but none set as primary + set: + service: + main: + ports: + main: + enabled: true + primary: false + port: 65535 + main2: + enabled: true + primary: false + port: 65534 + asserts: + - failedTemplate: + errorMessage: At least one port must be set as primary in service (main) + + - it: should fail without ports dict in an enabled service + set: + service: + other: + enabled: true + asserts: + - failedTemplate: + errorMessage: At least one port is required in an enabled service (other) + + - it: should fail with disabled port on enabled service + set: + service: + main: + ports: + main: + enabled: false + asserts: + - failedTemplate: + errorMessage: No ports are enabled for the service + + - it: should fail with invalid protocol + set: + service: + main: + ports: + main: + port: 443 + protocol: NOT_VALID + asserts: + - failedTemplate: + errorMessage: Not valid (NOT_VALID) + + - it: should pass with only port set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 443 + protocol: TCP + + - it: should pass with port and targetPort set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + targetPort: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 8000 + protocol: TCP + + - it: should pass with port and targetPort and protocol set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + protocol: TCP + targetPort: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 8000 + protocol: TCP + + - it: should pass with port and targetPort and protocol UDP set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + protocol: UDP + targetPort: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 8000 + protocol: UDP + + - it: should pass with port and targetPort and protocol HTTP set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + protocol: HTTP + targetPort: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 8000 + protocol: TCP + + - it: should pass with port and targetPort and protocol HTTPS set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + protocol: HTTPS + targetPort: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + name: main + containerPort: 8000 + protocol: TCP + + - it: should pass with multiple port and targetPort and protocol set + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 443 + protocol: HTTP + targetPort: 8000 + secondary: + enabled: true + ports: + secondary: + enabled: true + port: 444 + protocol: TCP + targetPort: 8001 + third: + enabled: true + ports: + third: + enabled: true + port: 445 + protocol: UDP + targetPort: 8002 + asserts: + - equal: + path: spec.template.spec.containers[0].ports + value: + - name: main + containerPort: 8000 + protocol: TCP + - name: secondary + containerPort: 8001 + protocol: TCP + - name: third + containerPort: 8002 + protocol: UDP diff --git a/library/common-test/tests/container_in_deployment/probe_test.yaml b/library/common-test/tests/container_in_deployment/probe_test.yaml new file mode 100644 index 00000000..033f0e2e --- /dev/null +++ b/library/common-test/tests/container_in_deployment/probe_test.yaml @@ -0,0 +1,741 @@ +suite: container in deployment probe test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isSubset: + path: spec.template.spec.containers[0] + content: + livenessProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + startupProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 60 + timeoutSeconds: 2 + periodSeconds: 5 + + - it: should fail with wrong probe name + set: + probes: + invalid_probe_name: + asserts: + - failedTemplate: + errorMessage: Invalid probe name (invalid_probe_name) in (RELEASE-NAME-common-test) container. Valid options are (liveness, readiness, startup) + + - it: should fail with auto probe type and no service enabled + set: + service: + main: + enabled: false + probes: + liveness: + type: auto + asserts: + - failedTemplate: + errorMessage: probe type in probe (liveness) in (RELEASE-NAME-common-test) container, is only supported for the main container and only if there is at least 1 port enabled + + - it: should fail with probe type set to UDP + set: + probes: + liveness: + type: udp + asserts: + - failedTemplate: + errorMessage: Invalid probe type (udp) on probe (liveness) in (RELEASE-NAME-common-test) container. Valid types are tcp, http, https, grpc, exec, auto + + - it: should fail with probe type auto and port protocol UDP + set: + probes: + liveness: + type: auto + service: + main: + ports: + main: + port: 65535 + protocol: UDP + asserts: + - failedTemplate: + errorMessage: UDP Probes are not supported. Please use a different probe type or disable probes in (RELEASE-NAME-common-test) container. + + - it: should fail without commands on exec probe + set: + probes: + liveness: + type: exec + asserts: + - failedTemplate: + errorMessage: No commands were defined for type on probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should fail without port on http(s) liveness probe and disabled service + set: + service: + main: + enabled: false + ports: + main: + enabled: false + probes: + liveness: + path: "/" + type: http + asserts: + - failedTemplate: + errorMessage: must be defined for / probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should fail without port on http(s) liveness probe and disabled service + set: + service: + main: + enabled: false + ports: + main: + enabled: false + probes: + liveness: + path: "/" + type: https + port: + asserts: + - failedTemplate: + errorMessage: must be defined for / probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should fail without port on http(s) liveness probe and disabled service + set: + service: + main: + enabled: false + ports: + main: + enabled: false + probes: + liveness: + path: "/" + type: http + port: + asserts: + - failedTemplate: + errorMessage: must be defined for / probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should fail without initialDelaySeconds on non-custom probes + set: + probes: + liveness: + spec: + initialDelaySeconds: + asserts: + - failedTemplate: + errorMessage: cannot be empty in probe (liveness) in (RELEASE-NAME-common-test) container + + - it: should fail without failureThreshold on non-custom probes + set: + probes: + liveness: + spec: + failureThreshold: + asserts: + - failedTemplate: + errorMessage: cannot be empty in probe (liveness) in (RELEASE-NAME-common-test) container + + - it: should fail without timeoutSeconds on non-custom probes + set: + probes: + liveness: + spec: + timeoutSeconds: + asserts: + - failedTemplate: + errorMessage: cannot be empty in probe (liveness) in (RELEASE-NAME-common-test) container + + - it: should fail without periodSeconds on non-custom probes + set: + probes: + liveness: + spec: + periodSeconds: + asserts: + - failedTemplate: + errorMessage: cannot be empty in probe (liveness) in (RELEASE-NAME-common-test) container + + - it: should fail with invalid probe type + set: + probes: + liveness: + type: not_valid_type + asserts: + - failedTemplate: + errorMessage: Invalid probe type (not_valid_type) on probe (liveness) in (RELEASE-NAME-common-test) container. Valid types are tcp, http, https, grpc, exec, auto + + - it: should fail with probe path not starting with / + set: + probes: + liveness: + type: http + path: a/random/path + asserts: + - failedTemplate: + errorMessage: Probe in container (RELEASE-NAME-common-test) with path (a/random/path), must start with a forward slash -> / <- + + - it: should fail with httpHeader value is defined as list + set: + probes: + liveness: + type: http + httpHeaders: + some_header: + - list_value + - list_value2 + asserts: + - failedTemplate: + errorMessage: Lists or Dicts are not allowed in httpHeaders on probe (liveness) + + - it: should fail with httpHeader value is defined as dict + set: + probes: + liveness: + type: http + httpHeaders: + some_header: + some_key: + asserts: + - failedTemplate: + errorMessage: Lists or Dicts are not allowed in httpHeaders on probe (liveness) + + - it: should fail without spec in custom defined probe + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: custom + spec: {} + asserts: + - failedTemplate: + errorMessage: must be defined for probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should pass with with custom defined liveness probe + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: custom + spec: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + + - it: should pass with with custom defined readiness probe + documentIndex: *deploymentDoc + set: + probes: + readiness: + type: custom + spec: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + asserts: + - equal: + path: spec.template.spec.containers[0].readinessProbe + value: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + + - it: should pass with with custom defined startup probe + documentIndex: *deploymentDoc + set: + probes: + startup: + type: custom + spec: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + asserts: + - equal: + path: spec.template.spec.containers[0].startupProbe + value: + httpGet: + path: /path + scheme: HTTPS + port: 1234 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + + - it: should pass with with no probe type and service HTTP + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + protocol: HTTP + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type TCP and service TCP + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: tcp + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should fail without port on tcp liveness probe and disabled service + set: + service: + main: + enabled: false + ports: + main: + enabled: false + probes: + liveness: + path: "/" + type: tcp + port: "" + asserts: + - failedTemplate: + errorMessage: must be defined for probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should pass with with no probe type and service HTTP with custom path + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + protocol: HTTP + probes: + liveness: + path: /some_path + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: /some_path + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with no probe type and service HTTP with custom port + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + protocol: HTTP + probes: + liveness: + port: 1234 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 1234 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with no probe type and service HTTP with httpHeaders + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + protocol: HTTP + probes: + liveness: + httpHeaders: + some_header: 1234 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 65535 + httpHeaders: + - name: some_header + value: 1234 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type HTTP with httpHeaders set from tpl + documentIndex: *deploymentDoc + set: + some_header_value: 1234 + probes: + liveness: + type: http + httpHeaders: + some_header: "{{ .Values.some_header_value }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 65535 + httpHeaders: + - name: some_header + value: 1234 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type HTTP with multiple httpHeaders set from tpl + documentIndex: *deploymentDoc + set: + some_header_value: 1234 + some_header_value2: some_value + probes: + liveness: + type: http + httpHeaders: + some_header: "{{ .Values.some_header_value }}" + some_header2: "{{ .Values.some_header_value2 }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 65535 + httpHeaders: + - name: some_header + value: 1234 + - name: some_header2 + value: some_value + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type HTTP with path set from tpl + documentIndex: *deploymentDoc + set: + some_path: /ping + probes: + liveness: + type: http + path: "{{ .Values.some_path }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: /ping + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type HTTP with port set from tpl + documentIndex: *deploymentDoc + set: + some_port: 1234 + probes: + liveness: + type: http + port: "{{ .Values.some_port }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + scheme: HTTP + port: 1234 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type TCP with port set from tpl + documentIndex: *deploymentDoc + set: + some_port: 1234 + probes: + liveness: + type: tcp + port: "{{ .Values.some_port }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 1234 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with changed times + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: tcp + spec: + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 65535 + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + + - it: should pass with with probe type GRPC + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: grpc + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + grpc: + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should fail without port on grpc liveness probe and disabled service + set: + service: + main: + enabled: false + ports: + main: + enabled: false + probes: + liveness: + path: "/" + type: grpc + port: "" + asserts: + - failedTemplate: + errorMessage: must be defined for probe types in probe (liveness) in (RELEASE-NAME-common-test) container. + + - it: should pass with with probe type exec with multiline command + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: exec + command: + - /bin/bash + - -c + - | + echo "probe!" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + exec: + command: + - /bin/bash + - -c + - | + echo "probe!" + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type exec with multiline command from tpl + documentIndex: *deploymentDoc + set: + some_msg: probe! + probes: + liveness: + type: exec + command: + - /bin/bash + - -c + - | + echo "{{ .Values.some_msg }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + exec: + command: + - /bin/bash + - -c + - | + echo "probe!" + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type exec single command + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: exec + command: env + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + exec: + command: + - env + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type exec single command from tpl + documentIndex: *deploymentDoc + set: + some_command: env + probes: + liveness: + type: exec + command: "{{ .Values.some_command }}" + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + exec: + command: + - env + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with with probe type exec single command and custom timings + documentIndex: *deploymentDoc + set: + probes: + liveness: + type: exec + command: env + spec: + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + exec: + command: + - env + initialDelaySeconds: 15 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 15 diff --git a/library/common-test/tests/container_in_deployment/resources_test.yaml b/library/common-test/tests/container_in_deployment/resources_test.yaml new file mode 100644 index 00000000..5261b53f --- /dev/null +++ b/library/common-test/tests/container_in_deployment/resources_test.yaml @@ -0,0 +1,571 @@ +suite: container in deployment resources test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + + - it: should fail with inherit defined in main container + documentIndex: *deploymentDoc + set: + resources: + inherit: + asserts: + - failedTemplate: + errorMessage: key is only available for additional/init/install/upgrade containers. + + - it: should fail with empty key in gpu + documentIndex: *deploymentDoc + set: + scaleGPU: + somekey: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: Value is not provided for GPU ( somekey) + + - it: should fail with empty requests.cpu + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: cannot be empty. + + - it: should fail with empty requests.memory + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: + asserts: + - failedTemplate: + errorMessage: cannot be empty. + + - it: should fail with invalid format in requests.memory (zero) + documentIndex: *deploymentDoc + set: + scaleGPU: + somekey: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 0.0 + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in requests.memory (zero exponent) + documentIndex: *deploymentDoc + set: + scaleGPU: + somekey: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 0e0 + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in requests.memory (zero with suffix) + documentIndex: *deploymentDoc + set: + scaleGPU: + somekey: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 0M + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0M). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in requests.memory (string) + documentIndex: *deploymentDoc + set: + scaleGPU: + somekey: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: not-valid + asserts: + - failedTemplate: + errorMessage: has invalid format in value (not-valid). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in limits.memory (zero) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 0.0 + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in limits.memory (zero exponent) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 0e0 + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in requests.limits (zero with suffix) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 0M + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0M). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in limits.memory (string) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: not-valid + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (not-valid). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6). + + - it: should fail with invalid format in limits.cpu (zero) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 0.0 + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should fail with invalid format in limits.cpu (zero with suffix) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 0m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0m). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should fail with invalid format in limits.cpu (string) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: not-valid + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (not-valid). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should fail with invalid format in requests.cpu (zero) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: 0.0 + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should fail with invalid format in requests.cpu (zero with suffix) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: 0m + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (0m). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should fail with invalid format in requests.cpu (string) + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: not-valid + memory: 100Mi + asserts: + - failedTemplate: + errorMessage: has invalid format in value (not-valid). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m). + + - it: should pass with changed resources + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + + - it: should pass with only limits.cpu resource changed + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: 3000m + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 3000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only limits.memory resource changed + documentIndex: *deploymentDoc + set: + resources: + limits: + memory: 4Gi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only requests.cpu resource changed + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 20m + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 20m + memory: 50Mi + + - it: should pass with only requests.memory resource changed + documentIndex: *deploymentDoc + set: + resources: + requests: + memory: 25Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 25Mi + + - it: should pass with only scaleGOU resource changed + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 4000m + memory: 8Gi + gpu.intel.com/i915: "1" + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with changed resources and added GPU + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + + - it: should pass with empty resources.limits + documentIndex: *deploymentDoc + set: + resources: + limits: + cpu: + memory: + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only limits.cpu defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: 3000m + memory: + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 3000m + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only limits.memory defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: + memory: 4Gi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + memory: 4Gi + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only requests.cpu defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: + memory: + requests: + cpu: 30m + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: 30m + memory: 50Mi + + - it: should pass with only requests.memory defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: + memory: + requests: + memory: 15Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: 10m + memory: 15Mi + + - it: should pass with only limits.gpu defined + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: + memory: + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + gpu.intel.com/i915: "1" + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only requests defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: + memory: + requests: + cpu: 10m + memory: 50Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: 10m + memory: 50Mi + + - it: should pass with only limits defined + documentIndex: *deploymentDoc + set: + scaleGPU: {} + resources: + limits: + cpu: 1000m + memory: 1Gi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 10m + memory: 50Mi + + + - it: should pass with only gpu defined + documentIndex: *deploymentDoc + set: + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: + memory: + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + gpu.intel.com/i915: "1" + requests: + cpu: 10m + memory: 50Mi diff --git a/library/common-test/tests/container_in_deployment/securityContext_test.yaml b/library/common-test/tests/container_in_deployment/securityContext_test.yaml new file mode 100644 index 00000000..27bb7e79 --- /dev/null +++ b/library/common-test/tests/container_in_deployment/securityContext_test.yaml @@ -0,0 +1,385 @@ +suite: container in deployment securityContext test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: [] + drop: + - ALL + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + securityContext: + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + privileged: true + capabilities: + add: + - SYS_MODULE + drop: + - NET_ADMIN + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: true + privileged: true + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + capabilities: + add: + - SYS_MODULE + drop: + - NET_ADMIN + + - it: should pass with securityContext changed from tpl + documentIndex: *deploymentDoc + set: + source: + addCap: SYS_MODULE + remCap: NET_ADMIN + securityContext: + capabilities: + add: + - "{{ .Values.source.addCap }}" + drop: + - "{{ .Values.source.remCap }}" + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + capabilities: + add: + - SYS_MODULE + drop: + - NET_ADMIN + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + + - it: should fail with inherit key added in securityContext on main container + set: + securityContext: + inherit: true + asserts: + - failedTemplate: + errorMessage: key is only available for additional/init/install/upgrade containers. + + - it: should fail with securityContext changed, runAsNonRoot true and runAsUser 0 + set: + securityContext: + runAsNonRoot: true + runAsUser: 0 + asserts: + - failedTemplate: + errorMessage: You are trying to run as root (user or group), but runAsNonRoot is set to true + + - it: should fail with securityContext changed, runAsNonRoot true and runAsGroup 0 + set: + securityContext: + runAsNonRoot: true + runAsUser: 0 + asserts: + - failedTemplate: + errorMessage: You are trying to run as root (user or group), but runAsNonRoot is set to true + + - it: should fail with securityContext changed and runAsNonRoot set to a non-bool value + set: + securityContext: + runAsNonRoot: non-bool + asserts: + - failedTemplate: + errorMessage: key has value (non-bool). But it must be boolean. + + - it: should fail with securityContext changed and privileged set to a non-bool value + set: + securityContext: + privileged: non-bool + asserts: + - failedTemplate: + errorMessage: key has value (non-bool). But it must be boolean. + + - it: should fail with securityContext changed and readOnlyRootFilesystem set to a non-bool value + set: + securityContext: + readOnlyRootFilesystem: non-bool + asserts: + - failedTemplate: + errorMessage: key has value (non-bool). But it must be boolean. + + - it: should fail with securityContext changed and allowPrivilegeEscalation set to a non-bool value + set: + securityContext: + allowPrivilegeEscalation: non-bool + asserts: + - failedTemplate: + errorMessage: key has value (non-bool). But it must be boolean. + + - it: should fail with securityContext changed and capabilities.add is not a list + set: + securityContext: + capabilities: + add: non-a-list + asserts: + - failedTemplate: + errorMessage: key has value (non-a-list). But it must be a list. Set a list value or remove the key for the default ([]) to take effect. + + - it: should fail with securityContext changed and capabilities.drop is not a list + set: + securityContext: + capabilities: + drop: non-a-list + asserts: + - failedTemplate: + errorMessage: key has value (non-a-list). But it must be a list. Set a list value or remove the key for the default ([ALL]) to take effect. + + - it: should fail with empty capabilities.drop in securityContext + set: + securityContext: + capabilities: + drop: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be a list. Set a list value or remove the key for the default ([ALL]) to take effect. + + - it: should fail with empty capabilities.add in securityContext + set: + securityContext: + capabilities: + add: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be a list. Set a list value or remove the key for the default ([]) to take effect. + + - it: should fail with empty runAsGroup in securityContext + set: + securityContext: + runAsGroup: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (568) to take effect. + + - it: should fail with non int runAsGroup in securityContext + set: + securityContext: + runAsGroup: "1000" + asserts: + - failedTemplate: + errorMessage: key has value of ("1000"). But must be an int. + + - it: should fail with non int runAsUser in securityContext + set: + securityContext: + runAsUser: "1000" + asserts: + - failedTemplate: + errorMessage: key has value of ("1000"). But must be an int. + + - it: should fail with empty runAsUser in securityContext + set: + securityContext: + runAsUser: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (568) to take effect. + + - it: should fail with empty privileged in securityContext + set: + securityContext: + privileged: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be boolean. + + - it: should fail with empty allowPrivilegeEscalation in securityContext + set: + securityContext: + allowPrivilegeEscalation: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be boolean. + + - it: should fail with empty readOnlyRootFilesystem in securityContext + set: + securityContext: + readOnlyRootFilesystem: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be boolean. + + - it: should fail with empty runAsNonRoot in securityContext + set: + securityContext: + runAsNonRoot: + asserts: + - failedTemplate: + errorMessage: key has value (). But it must be boolean. + + - it: should pass with deviceList defined + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + hostPath: /dev/usb + mountPath: /host/dev/usb + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: true + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: [] + drop: + - ALL + + - it: should pass with scaleGPU defined + documentIndex: *deploymentDoc + set: + scaleGPU: + nvidia: something + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: [] + drop: + - ALL + + - it: should pass with both scaleGPU and deviceList defined + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + hostPath: /dev/usb + mountPath: /host/dev/usb + scaleGPU: + nvidia: something + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: true + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: [] + drop: + - ALL + + - it: should pass with container port <=1024 defined + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 5000 + targetPort: 1024 + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + + - it: should pass with container port <=1024 defined + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + port: 5000 + targetPort: 80 + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL diff --git a/library/common-test/tests/container_in_deployment/various_options_test.yaml b/library/common-test/tests/container_in_deployment/various_options_test.yaml new file mode 100644 index 00000000..e5e1aa5b --- /dev/null +++ b/library/common-test/tests/container_in_deployment/various_options_test.yaml @@ -0,0 +1,81 @@ + +suite: container in deployment various options test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with tty set + documentIndex: *deploymentDoc + set: + tty: true + asserts: + - equal: + path: spec.template.spec.containers[0].tty + value: true + + - it: should pass with stdin set + documentIndex: *deploymentDoc + set: + stdin: true + asserts: + - equal: + path: spec.template.spec.containers[0].stdin + value: true + + - it: should pass with terminationMessagePath set + documentIndex: *deploymentDoc + set: + termination: + messagePath: /tmp/log + asserts: + - equal: + path: spec.template.spec.containers[0].terminationMessagePath + value: /tmp/log + + - it: should pass with terminationMessagePath set from tpl + documentIndex: *deploymentDoc + set: + some_path: /tmp/log + termination: + messagePath: "{{ .Values.some_path }}" + asserts: + - equal: + path: spec.template.spec.containers[0].terminationMessagePath + value: /tmp/log + + - it: should pass with terminationMessagePolicy set + documentIndex: *deploymentDoc + set: + termination: + messagePolicy: FallbackToLogsOnError + asserts: + - equal: + path: spec.template.spec.containers[0].terminationMessagePolicy + value: FallbackToLogsOnError + + - it: should pass with terminationMessagePolicy set from tpl + documentIndex: *deploymentDoc + set: + some_key: FallbackToLogsOnError + termination: + messagePolicy: "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.containers[0].terminationMessagePolicy + value: FallbackToLogsOnError + + - it: should fail with invalid terminationMessagePolicy + set: + some_key: invalid + termination: + messagePolicy: "{{ .Values.some_key }}" + asserts: + - failedTemplate: + errorMessage: Not valid option for messagePolicy (invalid). Valid options are FallbackToLogsOnError and File diff --git a/library/common-test/tests/container_in_deployment/volumeMounts_test.yaml b/library/common-test/tests/container_in_deployment/volumeMounts_test.yaml new file mode 100644 index 00000000..4d1d486d --- /dev/null +++ b/library/common-test/tests/container_in_deployment/volumeMounts_test.yaml @@ -0,0 +1,263 @@ +suite: container in deployment volumeMount test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - mountPath: /shared + name: shared + - mountPath: /tmp + name: tmp + - mountPath: /var/logs + name: varlogs + + - it: should fail with no mountPath set + set: + persistence: + vol1: + enabled: true + asserts: + - failedTemplate: + errorMessage: must be defined, alternatively use the flag. + + - it: should fail when mountPath does not start with / + set: + persistence: + vol1: + enabled: true + mountPath: relative/path/to/dir + asserts: + - failedTemplate: + errorMessage: Mount path (relative/path/to/dir), must start with a forward slash -> / <- + + - it: should fail with empty readOnly + set: + persistence: + vol1: + enabled: true + mountPath: /some/path + readOnly: + asserts: + - failedTemplate: + errorMessage: cannot be empty on item (vol1) + + - it: should fail with empty mountPath + set: + persistence: + vol1: + enabled: true + mountPath: + asserts: + - failedTemplate: + errorMessage: must be defined, alternatively use the flag. + + - it: should pass with enabled false + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: false + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: vol1 + + - it: should pass with noMount true + documentIndex: *deploymentDoc + set: + persistence: + vol1: + noMount: true + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: vol1 + + - it: should pass with mountPath set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + + - it: should pass with mountPath set (multiple entries) + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + vol2: + enabled: true + mountPath: /some_path2 + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path2 + name: vol2 + + - it: should pass with mountPath and readOnly(true) set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + readOnly: true + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + readOnly: true + + - it: should pass with mountPath and readOnly(false) set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + readOnly: false + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + readOnly: false + + - it: should pass with mountPath and subPath set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + subPath: config.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + subPath: config.yaml + + - it: should pass with mountPath and mountPropagation set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + mountPropagation: HostToContainer + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + mountPropagation: HostToContainer + + - it: should pass with all set set + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + mountPropagation: HostToContainer + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + mountPropagation: HostToContainer + + - it: should pass with all set (readonly false) + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + subPath: config.yaml + readOnly: false + mountPropagation: HostToContainer + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + subPath: config.yaml + readOnly: false + mountPropagation: HostToContainer + + - it: should pass with all set (readonly true) + documentIndex: *deploymentDoc + set: + persistence: + vol1: + enabled: true + mountPath: /some_path + subPath: config.yaml + readOnly: true + mountPropagation: HostToContainer + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + subPath: config.yaml + readOnly: true + mountPropagation: HostToContainer + + - it: should pass with all set (readonly true) from tpl + documentIndex: *deploymentDoc + set: + some_mount: /some_path + sub_path: config.yaml + mount_propagation: HostToContainer + persistence: + vol1: + enabled: true + mountPath: "{{ .Values.some_mount }}" + subPath: "{{ .Values.sub_path }}" + readOnly: true + mountPropagation: "{{ .Values.mount_propagation }}" + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some_path + name: vol1 + subPath: config.yaml + readOnly: true + mountPropagation: HostToContainer diff --git a/library/common-test/tests/deployment/annotation_test.yaml b/library/common-test/tests/deployment/annotation_test.yaml new file mode 100644 index 00000000..137f4f02 --- /dev/null +++ b/library/common-test/tests/deployment/annotation_test.yaml @@ -0,0 +1,60 @@ +suite: deployment annotation test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: metadata.annotations + - matchRegex: + path: spec.template.metadata.annotations.rollme + pattern: "^[a-zA-Z0-9]{5}$" + + - it: should pass with controller and global annotations + documentIndex: *deploymentDoc + set: + some_key: some_value + controller: + annotations: + controller_key: controller_value + controller_key2: "{{ .Values.some_key }}" + global: + annotations: + global_key: global_value + global_key2: "{{ .Values.some_key }}" + asserts: + - equal: + path: metadata.annotations + value: + controller_key: controller_value + controller_key2: some_value + global_key: global_value + global_key2: some_value + - isNull: + path: metadata.annotations.rollme + - matchRegex: + path: spec.template.metadata.annotations.rollme + pattern: "^[a-zA-Z0-9]{5}$" + + - it: should pass with podAnnotations set + documentIndex: *deploymentDoc + set: + some_key: some_value2 + podAnnotations: + test: some_value + test2: "{{ .Values.some_key }}" + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + test2: some_value2 + test: some_value diff --git a/library/common-test/tests/deployment/controller_test.yaml b/library/common-test/tests/deployment/controller_test.yaml new file mode 100644 index 00000000..a6d747b0 --- /dev/null +++ b/library/common-test/tests/deployment/controller_test.yaml @@ -0,0 +1,80 @@ +suite: deployment controller test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: apiVersion + value: apps/v1 + - equal: + path: spec.revisionHistoryLimit + value: 3 + - equal: + path: spec.replicas + value: 1 + - equal: + path: spec.strategy.type + value: Recreate + - isNull: + path: spec.strategy.rollingUpdate + + - it: should pass with controller disabled + documentIndex: *deploymentDoc + set: + controller: + enabled: false + asserts: + - hasDocuments: + count: 2 + + - it: should pass with controller strategy changed and rollingUpdate strategies set + documentIndex: *deploymentDoc + set: + controller: + strategy: RollingUpdate + rollingUpdate: + unavailable: 2 + surge: 3 + asserts: + - equal: + path: spec.strategy.type + value: RollingUpdate + - equal: + path: spec.strategy.rollingUpdate + value: + maxUnavailable: 2 + maxSurge: 3 + + - it: should pass with controller strategy changed + documentIndex: *deploymentDoc + set: + controller: + strategy: RollingUpdate + asserts: + - equal: + path: spec.strategy.type + value: RollingUpdate + - isNull: + path: spec.strategy.rollingUpdate + + - it: should fail with wrong controller + set: + controller: + type: not_valid_controller + asserts: + - failedTemplate: + errorMessage: Not a valid controller.type (not_valid_controller). Valid options are Deployment, DaemonSet, StatefulSet + + - it: should fail with wrong strategy + set: + controller: + strategy: not_valid_strategy + asserts: + - failedTemplate: + errorMessage: Not a valid strategy type for Deployment (not_valid_strategy) diff --git a/library/common-test/tests/deployment/default_test.yaml b/library/common-test/tests/deployment/default_test.yaml new file mode 100644 index 00000000..f3f62188 --- /dev/null +++ b/library/common-test/tests/deployment/default_test.yaml @@ -0,0 +1,102 @@ +suite: deployment default test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isAPIVersion: + of: apps/v1 + - equal: + path: spec.template.spec.serviceAccountName + value: default + - equal: + path: spec.template.spec.hostNetwork + value: false + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 10 + - equal: + path: spec.template.spec.enableServiceLinks + value: false + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 10 + - isNull: + path: spec.template.spec.hostname + - equal: + path: spec.template.spec.dnsPolicy + value: ClusterFirst + - isNull: + path: spec.template.spec.dnsConfig + - isNull: + path: spec.template.spec.priorityClassName + - isNull: + path: spec.template.spec.schedulerName + - equal: + path: spec.template.spec.containers[0].name + value: RELEASE-NAME-common-test + - equal: + path: spec.template.spec.containers[0].image + value: repo:tag + - isNull: + path: spec.template.spec.containers[0].command + - isNull: + path: spec.template.spec.containers[0].args + - equal: + path: spec.template.spec.containers[0].tty + value: false + - equal: + path: spec.template.spec.containers[0].stdin + value: false + - isNull: + path: spec.template.spec.containers[0].lifecycle + - isNull: + path: spec.template.spec.containers[0].terminationMessagePath + - isNull: + path: spec.template.spec.containers[0].terminationMessagePolicy + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: [] + drop: + - ALL + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - mountPath: /shared + name: shared + - mountPath: /tmp + name: tmp + - mountPath: /var/logs + name: varlogs diff --git a/library/common-test/tests/deployment/dns-network_test.yaml b/library/common-test/tests/deployment/dns-network_test.yaml new file mode 100644 index 00000000..f7dc1b34 --- /dev/null +++ b/library/common-test/tests/deployment/dns-network_test.yaml @@ -0,0 +1,321 @@ + +suite: deployment dns-network test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with hostNetwork set + documentIndex: *deploymentDoc + set: + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true + + - it: should pass with hostname set + documentIndex: *deploymentDoc + set: + hostname: some_hostname + asserts: + - equal: + path: spec.template.spec.hostname + value: some_hostname + + - it: should pass with hostname set from tpl + documentIndex: *deploymentDoc + set: + name: some_hostname + hostname: "{{ .Values.name }}" + asserts: + - equal: + path: spec.template.spec.hostname + value: some_hostname + + - it: should pass with enableServiceLinks set + documentIndex: *deploymentDoc + set: + enableServiceLinks: true + asserts: + - equal: + path: spec.template.spec.enableServiceLinks + value: true + + - it: should fail with invalid dnsPolicy + set: + dnsPolicy: invalid + asserts: + - failedTemplate: + errorMessage: Not valid dnsPolicy (invalid). Valid options are ClusterFirst, Default, ClusterFirstWithHostNet, None + + - it: should pass with changed dnsPolicy + documentIndex: *deploymentDoc + set: + dnsPolicy: Default + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: Default + + - it: should pass with hostNet dnsPolicy + documentIndex: *deploymentDoc + set: + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: ClusterFirstWithHostNet + + - it: should pass with hostNet and changed dnsPolicy + documentIndex: *deploymentDoc + set: + dnsPolicy: Default + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.dnsPolicy + value: Default + + - it: should fail with more than 3 nameservers + set: + dnsConfig: + nameservers: + - ns1 + - ns2 + - ns3 + - ns4 + asserts: + - failedTemplate: + errorMessage: There can be at most 3 nameservers specified in dnsConfig + + - it: should fail with more than 6 domain searches + set: + dnsConfig: + searches: + - domain_search_1 + - domain_search_2 + - domain_search_3 + - domain_search_4 + - domain_search_5 + - domain_search_6 + - domain_search_7 + asserts: + - failedTemplate: + errorMessage: There can be at most 6 search domains specified in dnsConfig + + - it: should fail with no nameservers and dnsPolicy set to None + set: + dnsPolicy: None + asserts: + - failedTemplate: + errorMessage: With dnsPolicy set to None, you must specify at least 1 nameservers on dnsConfig + + - it: should pass with dnsConfig defined + documentIndex: *deploymentDoc + set: + dnsConfig: + nameservers: + - ns1 + - ns2 + searches: + - domain_search_1 + - domain_search_2 + options: + - name: ndots + value: 2 + - name: edns0 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + nameservers: + - ns1 + - ns2 + searches: + - domain_search_1 + - domain_search_2 + options: + - name: ndots + value: "2" + - name: edns0 + + - it: should pass with dnsConfig nameservers only + documentIndex: *deploymentDoc + set: + dnsConfig: + nameservers: + - ns1 + - ns2 + - 1.1.1.1 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + nameservers: + - ns1 + - ns2 + - 1.1.1.1 + + - it: should pass with dnsConfig searches only + documentIndex: *deploymentDoc + set: + dnsConfig: + searches: + - domain_search_1 + - domain_search_2 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + searches: + - domain_search_1 + - domain_search_2 + + - it: should pass with dnsConfig options only + documentIndex: *deploymentDoc + set: + dnsConfig: + options: + - name: ndots + value: 2 + - name: edns0 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + options: + - name: ndots + value: "2" + - name: edns0 + + - it: should pass with dnsConfig nameservers only from tpl + documentIndex: *deploymentDoc + set: + ns1: ns1 + dnsConfig: + nameservers: + - "{{ .Values.ns1 }}" + - ns2 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + nameservers: + - ns1 + - ns2 + + - it: should pass with dnsConfig searches only from tpl + documentIndex: *deploymentDoc + set: + ds: domain_search_1 + dnsConfig: + searches: + - "{{ .Values.ds }}" + - domain_search_2 + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + searches: + - domain_search_1 + - domain_search_2 + + - it: should pass with dnsConfig options only from tpl + documentIndex: *deploymentDoc + set: + opt1_name: ndots + opt1_value: 2 + opt2_name: edns0 + dnsConfig: + options: + - name: "{{ .Values.opt1_name }}" + value: "{{ .Values.opt1_value }}" + - name: "{{ .Values.opt2_name }}" + asserts: + - equal: + path: spec.template.spec.dnsConfig + value: + options: + - name: ndots + value: "2" + - name: edns0 + + - it: should fail without ip in hostAliases + set: + hostAliases: + - hostnames: + - hostname1 + asserts: + - failedTemplate: + errorMessage: field is required in hostAliases + + - it: should fail without hostnames in hostAliases + set: + hostAliases: + - ip: 1.1.1.1 + asserts: + - failedTemplate: + errorMessage: At least one is required in hostAliases + + - it: should pass with hostAliases defined + documentIndex: *deploymentDoc + set: + hostAliases: + - ip: 1.1.1.1 + hostnames: + - hostname1 + - hostname2 + - ip: 8.8.8.8 + hostnames: + - hostname3 + - hostname4 + asserts: + - equal: + path: spec.template.spec.hostAliases + value: + - ip: 1.1.1.1 + hostnames: + - hostname1 + - hostname2 + - ip: 8.8.8.8 + hostnames: + - hostname3 + - hostname4 + + - it: should pass with hostAliases defined from tpl + documentIndex: *deploymentDoc + set: + ip1: 1.1.1.1 + ip2: 8.8.8.8 + host1: hostname1 + host2: hostname2 + host3: hostname3 + host4: hostname4 + hostAliases: + - ip: "{{ .Values.ip1 }}" + hostnames: + - "{{ .Values.host1 }}" + - "{{ .Values.host2 }}" + - ip: "{{ .Values.ip2 }}" + hostnames: + - "{{ .Values.host3 }}" + - "{{ .Values.host4 }}" + asserts: + - equal: + path: spec.template.spec.hostAliases + value: + - ip: 1.1.1.1 + hostnames: + - hostname1 + - hostname2 + - ip: 8.8.8.8 + hostnames: + - hostname3 + - hostname4 diff --git a/library/common-test/tests/deployment/label_test.yaml b/library/common-test/tests/deployment/label_test.yaml new file mode 100644 index 00000000..979eac28 --- /dev/null +++ b/library/common-test/tests/deployment/label_test.yaml @@ -0,0 +1,75 @@ +suite: deployment label test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + - equal: + path: spec.selector.matchLabels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + + - it: should pass with controller and global labels + documentIndex: *deploymentDoc + set: + some_key: some_value + controller: + labels: + controller_key: controller_value + controller_key2: "{{ .Values.some_key }}" + global: + labels: + global_key: global_value + global_key2: "{{ .Values.some_key }}" + asserts: + - equal: + path: metadata.labels + value: + controller_key: controller_value + controller_key2: some_value + global_key: global_value + global_key2: some_value + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with podLabels set + documentIndex: *deploymentDoc + set: + some_key: some_value2 + podLabels: + test: some_value + test2: "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.metadata.labels.test2 + value: some_value2 + - equal: + path: spec.template.metadata.labels.test + value: some_value diff --git a/library/common-test/tests/deployment/names_test.yaml b/library/common-test/tests/deployment/names_test.yaml new file mode 100644 index 00000000..8c220ae6 --- /dev/null +++ b/library/common-test/tests/deployment/names_test.yaml @@ -0,0 +1,34 @@ +suite: deployment name test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with nameOverride + documentIndex: *deploymentDoc + set: + nameOverride: overrodeName + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-overrodeName + + - it: should pass with global.nameOverride + documentIndex: *deploymentDoc + set: + nameOverride: overrodeName + global: + nameOverride: globalOverrodeName + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-globalOverrodeName diff --git a/library/common-test/tests/deployment/podSecurityContext_test.yaml b/library/common-test/tests/deployment/podSecurityContext_test.yaml new file mode 100644 index 00000000..a2dbc06a --- /dev/null +++ b/library/common-test/tests/deployment/podSecurityContext_test.yaml @@ -0,0 +1,74 @@ +suite: deployment podSecurityContext test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + + - it: should pass with changed podSecurity values + documentIndex: *deploymentDoc + set: + podSecurityContext: + fsGroup: 999 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 999 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + + - it: should fail with invalid fsGroupChangePolicy + set: + podSecurityContext: + fsGroupChangePolicy: invalid_policy + asserts: + - failedTemplate: + errorMessage: Invalid option for fsGroupChangePolicy. Valid options are and . + + - it: should fail with empty fsGroupChangePolicy + set: + podSecurityContext: + fsGroupChangePolicy: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (OnRootMismatch) to take effect. + + - it: should fail with empty fsGroup + set: + podSecurityContext: + fsGroup: + asserts: + - failedTemplate: + errorMessage: key cannot be empty. Set a value or remove the key for the default (568) to take effect. + + - it: should fail with non-int fsGroup + set: + podSecurityContext: + fsGroup: "1000" + asserts: + - failedTemplate: + errorMessage: key has value of ("1000"). But must be an int. + + - it: should fail with empty supplementalGroups + set: + podSecurityContext: + supplementalGroups: + asserts: + - failedTemplate: + errorMessage: key has a value (). But it must be a list. Set a list value or remove the key for the default ([]) to take effect. diff --git a/library/common-test/tests/deployment/runtimeClass_test.yaml b/library/common-test/tests/deployment/runtimeClass_test.yaml new file mode 100644 index 00000000..b4fa67ba --- /dev/null +++ b/library/common-test/tests/deployment/runtimeClass_test.yaml @@ -0,0 +1,90 @@ +suite: deployment runtimeClassName test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.runtimeClassName + + - it: should pass with addNvidiaRuntimeClass and nvidiaRuntimeClassName set + documentIndex: *deploymentDoc + set: + scaleGPU: + something: blabla + global: + ixChartContext: + addNvidiaRuntimeClass: true + nvidiaRuntimeClassName: something + asserts: + - equal: + path: spec.template.spec.runtimeClassName + value: something + + - it: should pass with addNvidiaRuntimeClass and nvidiaRuntimeClassName set and gpu on initContainers + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + scaleGPU: + something: blabla + global: + ixChartContext: + addNvidiaRuntimeClass: true + nvidiaRuntimeClassName: something + asserts: + - equal: + path: spec.template.spec.runtimeClassName + value: something + + - it: should pass overriding global and per pod runtime + documentIndex: *deploymentDoc + set: + runtimeClassName: perpod + scaleGPU: + something: blabla + global: + defaults: + runtimeClassName: global + ixChartContext: + addNvidiaRuntimeClass: true + nvidiaRuntimeClassName: something + asserts: + - equal: + path: spec.template.spec.runtimeClassName + value: something + + - it: should pass with nvidiaRuntimeClassName set but not addNvidiaRuntimeClassName + documentIndex: *deploymentDoc + set: + global: + ixChartContext: + nvidiaRuntimeClassName: something + asserts: + - isNull: + path: spec.template.spec.runtimeClassName + + - it: should pass with global runtime set + documentIndex: *deploymentDoc + set: + global: + defaults: + runtimeClassName: something + asserts: + - equal: + path: spec.template.spec.runtimeClassName + value: something + + - it: should pass with pod runtime set + documentIndex: *deploymentDoc + set: + runtimeClassName: something + asserts: + - equal: + path: spec.template.spec.runtimeClassName + value: something diff --git a/library/common-test/tests/deployment/serviceAccountName_test.yaml b/library/common-test/tests/deployment/serviceAccountName_test.yaml new file mode 100644 index 00000000..e201e487 --- /dev/null +++ b/library/common-test/tests/deployment/serviceAccountName_test.yaml @@ -0,0 +1,51 @@ + +suite: deployment serviceAccountName +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass (have correct serviceAccountName) with service account enabled + documentIndex: &deploymentDoc 1 + set: + serviceAccount: + main: + enabled: true + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: RELEASE-NAME-common-test + + - it: should pass (have correct serviceAccountName) with primary service account enabled and nameOverride defined + documentIndex: *deploymentDoc + set: + serviceAccount: + main: + enabled: true + nameOverride: some-name + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: RELEASE-NAME-common-test-some-name + + - it: should pass (have correct serviceAccountName) with non-primary service account enabled and nameOverride defined + documentIndex: &deploymentDoc 2 + set: + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: false + nameOverride: some-name + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: RELEASE-NAME-common-test diff --git a/library/common-test/tests/deployment/various_options_test.yaml b/library/common-test/tests/deployment/various_options_test.yaml new file mode 100644 index 00000000..6806637f --- /dev/null +++ b/library/common-test/tests/deployment/various_options_test.yaml @@ -0,0 +1,396 @@ +suite: deployment various options test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.runtimeClassName + + - it: should pass with gracePeriodSeconds set + documentIndex: *deploymentDoc + set: + termination: + gracePeriodSeconds: 25 + asserts: + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 25 + + - it: should pass with schedulerName set + documentIndex: *deploymentDoc + set: + schedulerName: some_scheduler + asserts: + - equal: + path: spec.template.spec.schedulerName + value: some_scheduler + + - it: should pass with schedulerName set from tpl + documentIndex: *deploymentDoc + set: + name: some_scheduler + schedulerName: "{{ .Values.name }}" + asserts: + - equal: + path: spec.template.spec.schedulerName + value: some_scheduler + + - it: should pass with schedulerName set + documentIndex: *deploymentDoc + set: + priorityClassName: some_priority_class_name + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: some_priority_class_name + + - it: should pass with schedulerName set from tpl + documentIndex: *deploymentDoc + set: + name: some_priority_class_name + priorityClassName: "{{ .Values.name }}" + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: some_priority_class_name + + - it: should pass with not set restartPolicy (default will be used) + documentIndex: *deploymentDoc + asserts: + - equal: + path: spec.template.spec.restartPolicy + value: Always + + - it: should pass with set restartPolicy + documentIndex: *deploymentDoc + set: + restartPolicy: Always + asserts: + - equal: + path: spec.template.spec.restartPolicy + value: Always + + - it: should fail with invalid restartPolicy + set: + restartPolicy: invalid + asserts: + - failedTemplate: + errorMessage: Invalid (invalid). Valid options are Always, Never, OnFailure + + - it: should fail with invalid restartPolicy on Deployment + set: + controller: + type: Deployment + restartPolicy: OnFailure + asserts: + - failedTemplate: + errorMessage: Invalid + + - it: should pass with nodeSelector set + documentIndex: *deploymentDoc + set: + nodeSelector: + diskType: ssd + cpuType: intel + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + cpuType: intel + + - it: should pass with nodeSelector set from tpl + documentIndex: *deploymentDoc + set: + some_key: ssd + some_other_key: intel + nodeSelector: + diskType: "{{ .Values.some_key }}" + cpuType: "{{ .Values.some_other_key }}" + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + diskType: ssd + cpuType: intel + + - it: should fail with invalid operator in tolerations + set: + tolerations: + - operator: invalid_op + asserts: + - failedTemplate: + errorMessage: Invalid . Valid options are Exists, Equal. + + - it: should fail with invalid effect in tolerations + set: + tolerations: + - effect: invalid_effect + operator: Exists + asserts: + - failedTemplate: + errorMessage: Invalid (invalid_effect). Valid options are NoExecute, NoSchedule, PreferNoSchedule + + - it: should fail with empty key and operator Equal in tolerations + set: + tolerations: + - key: "" + operator: Equal + asserts: + - failedTemplate: + errorMessage: is required when is set to + + - it: should fail with operator Exists and defined value in tolerations + set: + tolerations: + - value: something + operator: Exists + asserts: + - failedTemplate: + errorMessage: When is set to , you cannot define a + + - it: should fail with operator Exists and non-integer tolerationSeconds in tolerations + set: + tolerations: + - tolerationSeconds: not_an_int + operator: Exists + asserts: + - failedTemplate: + errorMessage: must result to an integer. + + - it: should pass with tolerations defined, with tolerationSeconds set + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Exists + tolerationSeconds: 6000 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Exists + tolerationSeconds: 6000 + + - it: should pass with tolerations defined, with only operator Exists + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Exists + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Exists + + - it: should pass with tolerations defined, with only operator Exists from tpl + documentIndex: *deploymentDoc + set: + op: Exists + tolerations: + - operator: "{{ .Values.op }}" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Exists + + - it: should pass with tolerations defined, with only operator Equal and key defined + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Equal + key: key1 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + key: key1 + + - it: should pass with tolerations defined, with only operator Equal and key defined from tpl + documentIndex: *deploymentDoc + set: + some_key: key1 + tolerations: + - operator: Equal + key: "{{ .Values.some_key }}" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + key: key1 + + - it: should pass with tolerations defined, with operator Exists and effect defined + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Exists + effect: NoExecute + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Exists + effect: NoExecute + + - it: should pass with tolerations defined, with operator Exists and effect defined from tpl + documentIndex: *deploymentDoc + set: + ef1: NoExecute + tolerations: + - operator: Exists + effect: "{{ .Values.ef1 }}" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Exists + effect: NoExecute + + - it: should pass with tolerations defined, with operator Equal and value defined + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Equal + value: some_value + key: key1 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + value: some_value + key: key1 + + - it: should pass with tolerations defined, with operator Equal and value defined from tpl + documentIndex: *deploymentDoc + set: + val: some_value + tolerations: + - operator: Equal + value: "{{ .Values.val }}" + key: key1 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + value: some_value + key: key1 + + - it: should pass with tolerations defined, with operator Equal and value defined from tpl + documentIndex: *deploymentDoc + set: + val: some_value + tolerations: + - operator: Equal + value: "{{ .Values.val }}" + key: key1 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + value: some_value + key: key1 + + - it: should pass with tolerations defined, with everything set, multiple entries + documentIndex: *deploymentDoc + set: + tolerations: + - operator: Equal + value: some_value + key: key1 + effect: NoExecute + tolerationSeconds: 6000 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + value: some_value + key: key1 + effect: NoExecute + tolerationSeconds: 6000 + + - it: should pass with tolerations defined, with everything set from tpl, multiple entries + documentIndex: *deploymentDoc + set: + op1: Equal + val1: some_value1 + k1: key1 + ef1: NoExecute + op2: Equal + val2: some_value2 + k2: key2 + ef2: NoSchedule + tolerations: + - operator: "{{ .Values.op1 }}" + value: "{{ .Values.val1 }}" + key: "{{ .Values.k1 }}" + effect: "{{ .Values.ef1 }}" + tolerationSeconds: 6000 + - operator: "{{ .Values.op2 }}" + value: "{{ .Values.val2 }}" + key: "{{ .Values.k2 }}" + effect: "{{ .Values.ef2 }}" + tolerationSeconds: 6000 + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - operator: Equal + value: some_value1 + key: key1 + effect: NoExecute + tolerationSeconds: 6000 + - operator: Equal + value: some_value2 + key: key2 + effect: NoSchedule + tolerationSeconds: 6000 diff --git a/library/common-test/tests/deployment/volume_configMap_test.yaml b/library/common-test/tests/deployment/volume_configMap_test.yaml new file mode 100644 index 00000000..83e87891 --- /dev/null +++ b/library/common-test/tests/deployment/volume_configMap_test.yaml @@ -0,0 +1,207 @@ +suite: deployment configMap volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail with not set objectName on configMap + set: + persistence: + some_volume: + type: configMap + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: objectName not set for persistence item some_volume + + - it: should fail with not set objectName on configmap + set: + persistence: + some_volume: + type: configMap + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: objectName not set for persistence item some_volume + + - it: should fail with not set objectName on configMap + set: + persistence: + some_volume: + type: configMap + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: objectName not set for persistence item some_volume + + - it: should pass with added configMap + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + configMap: + name: some_object_name + + - it: should fail with added configMap and defaultMode as int + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + defaultMode: 0777 + noMount: true + asserts: + - failedTemplate: + errorMessage: (511, converted to octal) is not valid format. Valid format is string with 4 digits <0777>. + + - it: should pass with added configMap and defaultMode as string + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + defaultMode: "0777" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + configMap: + name: some_object_name + defaultMode: 0777 + + - it: should fail with added configMap and defaultMode as int from tpl + documentIndex: *deploymentDoc + set: + mode: 644 + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + defaultMode: "{{ .Values.mode }}" + noMount: true + asserts: + - failedTemplate: + errorMessage: (644, converted to octal) is not valid format. Valid format is string with 4 digits <0777>. + + - it: should pass with added configMap and defaultMode as string from tpl + documentIndex: *deploymentDoc + set: + mode: "0644" + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + defaultMode: "{{ .Values.mode }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + configMap: + name: some_object_name + defaultMode: 0644 + + - it: should pass with added configMap and items + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + items: + - key: some_key + path: some_path + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + configMap: + name: some_object_name + items: + - key: some_key + path: some_path + + - it: should fail with added configMap and no key on items + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + items: + - path: some_path + noMount: true + asserts: + - failedTemplate: + errorMessage: No key was given for persistence item some_volume + + - it: should fail with added configMap and no path on items + set: + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + items: + - key: some_key + noMount: true + asserts: + - failedTemplate: + errorMessage: No path was given for persistence item some_volume + + - it: should pass with added configMap and items from tpl + documentIndex: *deploymentDoc + set: + key: some_key + path: some_path + persistence: + some_volume: + type: configMap + enabled: true + objectName: some_object_name + items: + - key: "{{ .Values.key }}" + path: "{{ .Values.path }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + configMap: + name: some_object_name + items: + - key: some_key + path: some_path diff --git a/library/common-test/tests/deployment/volume_custom_test.yaml b/library/common-test/tests/deployment/volume_custom_test.yaml new file mode 100644 index 00000000..5c790378 --- /dev/null +++ b/library/common-test/tests/deployment/volume_custom_test.yaml @@ -0,0 +1,112 @@ +suite: deployment custom volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail with custom type but empty volumeSpec + set: + persistence: + some_volume: + type: custom + enabled: true + mountPath: /container + volumeSpec: {} + asserts: + - failedTemplate: + errorMessage: You have defined custom persistence type but no was given on item (some_volume) + + - it: should pass with custom type volume from tpl + documentIndex: *deploymentDoc + set: + k1: value1 + name: some_name + persistence: + some_volume: + type: custom + enabled: true + mountPath: /container + volumeSpec: + arbitraryKey: value + someDict: + k1: "{{ .Values.k1 }}" + k2: value2 + someList: + - name: "{{ .Values.name }}" + something: test + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + arbitraryKey: value + someDict: + k1: value1 + k2: value2 + someList: + - name: some_name + something: test + + - it: should pass with multiple custom type volume from tpl + documentIndex: *deploymentDoc + set: + v1: value1 + v2: value2 + name1: some_name1 + name2: some_name2 + persistence: + some_volume: + type: custom + enabled: true + mountPath: /container + volumeSpec: + arbitraryKey: value + someDict: + k1: "{{ .Values.v1 }}" + k2: value + someList: + - name: "{{ .Values.name1 }}" + something: test + some_volume2: + type: custom + enabled: true + mountPath: /container + volumeSpec: + arbitraryKey: value + someDict: + k1: "{{ .Values.v2 }}" + k2: value + someList: + - name: "{{ .Values.name2 }}" + something: test + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + arbitraryKey: value + someDict: + k1: value1 + k2: value + someList: + - name: some_name1 + something: test + - contains: + path: spec.template.spec.volumes + content: + name: some_volume2 + arbitraryKey: value + someDict: + k1: value2 + k2: value + someList: + - name: some_name2 + something: test diff --git a/library/common-test/tests/deployment/volume_emptyDir_test.yaml b/library/common-test/tests/deployment/volume_emptyDir_test.yaml new file mode 100644 index 00000000..9da64088 --- /dev/null +++ b/library/common-test/tests/deployment/volume_emptyDir_test.yaml @@ -0,0 +1,114 @@ +suite: deployment emptyDir volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should pass with added emptyDir volume + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: emptyDir + sizeLimit: 1Gi + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + emptyDir: + sizeLimit: 1Gi + + - it: should pass with added emptyDir volume and no sizeLimit + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: emptyDir + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + emptyDir: {} + + - it: should pass with added emptyDir volume memory backed with sizeLimit + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: emptyDir + medium: Memory + sizeLimit: 1Gi + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + emptyDir: + medium: Memory + sizeLimit: 1Gi + + - it: should pass with added emptyDir volume memory backed with sizeLimit via tpl + documentIndex: *deploymentDoc + set: + some_medium: Memory + some_size: 1Gi + persistence: + volume1: + enabled: true + type: emptyDir + medium: "{{ .Values.some_medium }}" + sizeLimit: "{{ .Values.some_size }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + emptyDir: + medium: Memory + sizeLimit: 1Gi + + - it: should pass with added emptyDir volume memory backed and no sizeLimit + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: emptyDir + medium: Memory + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + emptyDir: + medium: Memory + + - it: should fail with added emptyDir and non Memory medium + set: + persistence: + volume1: + enabled: true + type: emptyDir + medium: not_memory + noMount: true + asserts: + - failedTemplate: + errorMessage: You can only set as Memory on item (volume1) diff --git a/library/common-test/tests/deployment/volume_hostPath_test.yaml b/library/common-test/tests/deployment/volume_hostPath_test.yaml new file mode 100644 index 00000000..28fa65ee --- /dev/null +++ b/library/common-test/tests/deployment/volume_hostPath_test.yaml @@ -0,0 +1,289 @@ +suite: deployment hostPath volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail with not set path on hostPath + set: + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: hostPath not set on item (some_volume) + + - it: should fail with hostPath not starting with / + set: + persistence: + some_volume: + type: hostPath + enabled: true + mountPath: /some/path + hostPath: some/relative/path + asserts: + - failedTemplate: + errorMessage: Host path (some/relative/path) on item (some_volume) must start with a forward slash -> / <- + + - it: should fail with ValidateHostPath globally set on and invalid hostPath (/mnt/pool) + set: + global: + defaults: + validateHostPath: true + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /mnt/pool + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/mnt/pool). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath globally set on and invalid hostPath (/cluster/ctdb_shared_vol) + set: + global: + defaults: + validateHostPath: true + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /cluster/ctdb_shared_vol + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/cluster/ctdb_shared_vol). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath globally set on and invalid hostPath (/not_allowed_path) + set: + global: + defaults: + validateHostPath: true + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /not_allowed_path + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/not_allowed_path). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath set on the persistence item and invalid hostPath (/mnt/pool) + set: + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /mnt/pool + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/mnt/pool). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath set on the persistence item and invalid hostPath (/cluster/ctdb_shared_vol) + set: + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /cluster/ctdb_shared_vol + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/cluster/ctdb_shared_vol). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath set on the persistence item and invalid hostPath (/not_allowed_path) + set: + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /not_allowed_path + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/not_allowed_path). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with ValidateHostPath globally disabled but enabled on the item and invalid hostPath (/not_allowed_path) + set: + global: + defaults: + validateHostPath: false + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /not_allowed_path + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/not_allowed_path). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY + + - it: should fail with added hostPath and invalid hostPathType set + documentIndex: *deploymentDoc + set: + hostType: invalid + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /some_path + hostPathType: "{{ .Values.hostType }}" + noMount: true + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid) on item (volume1). Valid options are DirectoryOrCreate, Directory, FileOrCreate, File, Socket, CharDevice and BlockDevice + + - it: should pass with ValidateHostPath globally enabled but disabled on the item and not allowed path for hostPath (/not_allowed_path) + documentIndex: *deploymentDoc + set: + global: + defaults: + validateHostPath: true + persistence: + some_volume: + type: hostPath + enabled: true + noMount: true + hostPath: /not_allowed_path + validateHostPath: false + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + hostPath: + path: /not_allowed_path + + - it: should pass with added hostPath and validation globally enabled (/mnt/pool/dataset) + documentIndex: *deploymentDoc + set: + global: + defaults: + validateHostPath: true + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /mnt/pool/test + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/test + + - it: should pass with added hostPath and validation globally enabled (/cluster/something) + documentIndex: *deploymentDoc + set: + global: + defaults: + validateHostPath: true + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /cluster/something + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /cluster/something + + - it: should pass with added hostPath and validation globally enabled (/sys) + documentIndex: *deploymentDoc + set: + global: + defaults: + validateHostPath: true + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /sys + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /sys + + - it: should pass with added hostPath and validation globally enabled (/dev) + documentIndex: *deploymentDoc + set: + global: + defaults: + validateHostPath: true + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /dev + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /dev + + - it: should pass with added hostPath + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: hostPath + hostPath: /mnt/pool/test + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/test + + - it: should pass with added hostPath and hostPathType set via tpl + documentIndex: *deploymentDoc + set: + some_key: Directory + persistence: + volume1: + enabled: true + type: hostPath + hostPathType: "{{ .Values.some_key }}" + hostPath: /mnt/pool/test + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/test + type: Directory diff --git a/library/common-test/tests/deployment/volume_ixVols_test.yaml b/library/common-test/tests/deployment/volume_ixVols_test.yaml new file mode 100644 index 00000000..8d350c74 --- /dev/null +++ b/library/common-test/tests/deployment/volume_ixVols_test.yaml @@ -0,0 +1,145 @@ +suite: deployment ixVolumes volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail without set datasetName on ixVolume type + set: + persistence: + some_volume: + type: ixVolume + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: Item (some_volume) is set as ixVolume type, but has no defined + + - it: should fail with set datasetName on ixVolume type but empty ixVolumes + set: + persistence: + some_volume: + type: ixVolume + datasetName: ix-app + enabled: true + noMount: true + ixVolumes: [] + asserts: + - failedTemplate: + errorMessage: Key is empty. But persistence volumes of type ixVolumes is defined. + + - it: should fail on ixVolume type with datasetName set but missing path in ixVolumes + set: + ixVolumes: + - /mnt/pool/ix-applications/ix-other-app + persistence: + some_volume: + type: ixVolume + datasetName: ix-app + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: Dataset Name (ix-app) on item (some_volume) does not exist in ixVolumes list + + - it: should fail on ixVolume type with hostPath set + set: + ixVolumes: + - /mnt/pool/ix-applications/ix-app + persistence: + some_volume: + type: ixVolume + datasetName: ix-app + hostPath: /mnt/pool/test + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: Item (some_volume), is set as ixVolume but has hostPath defined. This is automatically calculated. + + - it: should fail with added ixVolume and invalid hostPathType set + documentIndex: *deploymentDoc + set: + hostType: invalid + ixVolumes: + - /mnt/pool/ix-applications/ix-app + persistence: + volume1: + enabled: true + type: ixVolume + datasetName: ix-app + hostPathType: "{{ .Values.hostType }}" + noMount: true + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid) on item (volume1). Valid options are DirectoryOrCreate, Directory, FileOrCreate, File, Socket, CharDevice and BlockDevice + + - it: should pass with added ixVolume + documentIndex: *deploymentDoc + set: + ixVolumes: + - /mnt/pool/ix-applications/ix-app + persistence: + volume1: + enabled: true + type: ixVolume + datasetName: ix-app + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/ix-applications/ix-app + + - it: should pass with added ixVolume and hostPathType set + documentIndex: *deploymentDoc + set: + ixVolumes: + - /mnt/pool/ix-applications/ix-app + persistence: + volume1: + enabled: true + type: ixVolume + datasetName: ix-app + hostPathType: Directory + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/ix-applications/ix-app + type: Directory + + - it: should pass with added ixVolume and hostPathType set from tpl + documentIndex: *deploymentDoc + set: + hostType: Directory + ixVolumes: + - /mnt/pool/ix-applications/ix-app + persistence: + volume1: + enabled: true + type: ixVolume + datasetName: ix-app + hostPathType: "{{ .Values.hostType }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + hostPath: + path: /mnt/pool/ix-applications/ix-app + type: Directory diff --git a/library/common-test/tests/deployment/volume_nfs_test.yaml b/library/common-test/tests/deployment/volume_nfs_test.yaml new file mode 100644 index 00000000..9011cbe1 --- /dev/null +++ b/library/common-test/tests/deployment/volume_nfs_test.yaml @@ -0,0 +1,68 @@ +suite: deployment nfs volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should pass with added nfs + documentIndex: *deploymentDoc + set: + persistence: + volume1: + enabled: true + type: nfs + server: some.server.local + path: /nfs/path + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: volume1 + nfs: + server: some.server.local + path: /nfs/path + + - it: should fail with not set server on nfs + set: + persistence: + some_volume: + type: nfs + enabled: true + path: /some_path + noMount: true + asserts: + - failedTemplate: + errorMessage: NFS Server not set on item some_volume + + - it: should fail with path not starting with / + set: + persistence: + some_volume: + type: nfs + enabled: true + path: some/relative/path + noMount: true + asserts: + - failedTemplate: + errorMessage: NFS path (some/relative/path) on (some_volume) must start with a forward slash -> / <- + + - it: should fail with not set path on nfs + set: + persistence: + some_volume: + type: nfs + enabled: true + server: some_server + noMount: true + asserts: + - failedTemplate: + errorMessage: NFS Path not set on item some_volume diff --git a/library/common-test/tests/deployment/volume_pvc_test.yaml b/library/common-test/tests/deployment/volume_pvc_test.yaml new file mode 100644 index 00000000..c5039077 --- /dev/null +++ b/library/common-test/tests/deployment/volume_pvc_test.yaml @@ -0,0 +1,134 @@ +suite: deployment pvc volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should pass with added PVC + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: pvc + enabled: true + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: RELEASE-NAME-common-test-some_volume + + - it: should pass with added PVC and existingClaim + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: pvc + enabled: true + existingClaim: some_existing_claim + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: some_existing_claim + + - it: should pass with added PVC and existingClaim from tpl + documentIndex: *deploymentDoc + set: + claim: some_existing_claim + persistence: + some_volume: + type: pvc + enabled: true + existingClaim: "{{ .Values.claim }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: some_existing_claim + + - it: should pass with added PVC and nameOverride + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: pvc + enabled: true + nameOverride: some_claim + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: RELEASE-NAME-common-test-some_claim + + - it: should pass with added PVC and nameOverride from tpl + documentIndex: *deploymentDoc + set: + claim: some_claim + persistence: + some_volume: + type: pvc + enabled: true + nameOverride: "{{ .Values.claim }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: RELEASE-NAME-common-test-some_claim + + - it: should pass with added PVC and forceName + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: pvc + enabled: true + forceName: forced_name + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: forced_name + + - it: should pass with added PVC and forceName from tpl + documentIndex: *deploymentDoc + set: + claim: forced_name + persistence: + some_volume: + type: pvc + enabled: true + forceName: "{{ .Values.claim }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + persistentVolumeClaim: + claimName: forced_name diff --git a/library/common-test/tests/deployment/volume_secret_test.yaml b/library/common-test/tests/deployment/volume_secret_test.yaml new file mode 100644 index 00000000..fbabca3f --- /dev/null +++ b/library/common-test/tests/deployment/volume_secret_test.yaml @@ -0,0 +1,197 @@ +suite: deployment secret volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail with not set objectName on secret + set: + persistence: + some_volume: + type: secret + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: objectName not set for persistence item some_volume + + - it: should fail with not set objectName on secret + set: + persistence: + some_volume: + type: secret + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: objectName not set for persistence item some_volume + + - it: should pass with added secret + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + noMount: true + asserts: + - contains: + documentIndex: *deploymentDoc + path: spec.template.spec.volumes + content: + name: some_volume + secret: + secretName: some_object_name + + - it: should fail with added secret and defaultMode as int + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + defaultMode: 0777 + noMount: true + asserts: + - failedTemplate: + errorMessage: (511, converted to octal) is not valid format. Valid format is string with 4 digits <0777>. + + - it: should pass with added secret and defaultMode as string + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + defaultMode: "0777" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + secret: + secretName: some_object_name + defaultMode: 0777 + + - it: should fail with added secret and defaultMode as int from tpl + documentIndex: *deploymentDoc + set: + mode: 644 + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + defaultMode: "{{ .Values.mode }}" + noMount: true + asserts: + - failedTemplate: + errorMessage: (644, converted to octal) is not valid format. Valid format is string with 4 digits <0777>. + + - it: should pass with added secret and defaultMode as string from tpl + documentIndex: *deploymentDoc + set: + mode: "0644" + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + defaultMode: "{{ .Values.mode }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + secret: + secretName: some_object_name + defaultMode: 0644 + + - it: should fail with added secret and no key on items + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + items: + - path: some_path + noMount: true + asserts: + - failedTemplate: + errorMessage: No key was given for persistence item some_volume + + - it: should fail with added secret and no path on items + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + items: + - key: some_key + noMount: true + asserts: + - failedTemplate: + errorMessage: No path was given for persistence item some_volume + + - it: should pass with added secret and items + documentIndex: *deploymentDoc + set: + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + items: + - key: some_key + path: some_path + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + secret: + secretName: some_object_name + items: + - key: some_key + path: some_path + + - it: should pass with added secret and items from tpl + documentIndex: *deploymentDoc + set: + key: some_key + path: some_path + persistence: + some_volume: + type: secret + enabled: true + objectName: some_object_name + items: + - key: "{{ .Values.key }}" + path: "{{ .Values.path }}" + noMount: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: some_volume + secret: + secretName: some_object_name + items: + - key: some_key + path: some_path diff --git a/library/common-test/tests/deployment/volume_test.yaml b/library/common-test/tests/deployment/volume_test.yaml new file mode 100644 index 00000000..34c3316b --- /dev/null +++ b/library/common-test/tests/deployment/volume_test.yaml @@ -0,0 +1,24 @@ +suite: deployment volume test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should fail with wrong persistence type + set: + persistence: + some_volume: + type: not_valid_persistence + enabled: true + noMount: true + asserts: + - failedTemplate: + errorMessage: Not a valid persistence.type (not_valid_persistence) diff --git a/library/common-test/tests/externalInterfaces/externalInterfaces_test.yaml b/library/common-test/tests/externalInterfaces/externalInterfaces_test.yaml new file mode 100644 index 00000000..40702233 --- /dev/null +++ b/library/common-test/tests/externalInterfaces/externalInterfaces_test.yaml @@ -0,0 +1,405 @@ +suite: external interfaces test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without hostInterface + set: + externalInterfaces: + - hostInterface: "" + asserts: + - failedTemplate: + errorMessage: is required when configuring External Interfaces. + + - it: should fail without ipam type + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: {} + asserts: + - failedTemplate: + errorMessage: is required. Interface (ens3s0) + + - it: should fail with invalid ipam type + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: invalid_type + asserts: + - failedTemplate: + errorMessage: Invalid option for (invalid_type). Valid options are static and dhcp. Interface (ens3s0) + + - it: should fail with dhcp ipam and staticIPConfigurations + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + staticIPConfigurations: + - 1.1.1.1 + asserts: + - failedTemplate: + errorMessage: and cannot be used with of (dhcp). Interface (ens3s0) + + - it: should fail with dhcp ipam and staticRoutes + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + staticRoutes: + - gateway: 1.1.1.1 + destination: 1.1.1.1 + asserts: + - failedTemplate: + errorMessage: and cannot be used with of (dhcp). Interface (ens3s0) + + - it: should fail with static ipam and no staticIPConfigurations + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: static + staticIPConfigurations: [] + asserts: + - failedTemplate: + errorMessage: Static IP is required when is static. Interface (ens3s0) + + - it: should fail with static ipam and no staticRoutes.gateway + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: static + staticIPConfigurations: + - 1.1.1.1 + staticRoutes: + - gateway: "" + asserts: + - failedTemplate: + errorMessage: and are required when are defined. Interface (ens3s0) + + - it: should fail with static ipam and no staticRoutes.destination + set: + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: static + staticIPConfigurations: + - 1.1.1.1 + staticRoutes: + - gateway: 1.1.1.1 + destination: "" + asserts: + - failedTemplate: + errorMessage: and are required when are defined. Interface (ens3s0) + + - it: should fail with ixExternalInterfacesConfiguration empty + documentIndex: &externalInterfaceDoc 0 + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + asserts: + - failedTemplate: + errorMessage: There are externalInterfaces defined, but key is empty. + + - it: should pass with externalInterface defined + documentIndex: &externalInterfaceDoc 0 + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: spec + value: + config: '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + - equal: + path: metadata.name + value: ix-RELEASE-NAME-0 + + - it: should pass with externalInterface defined (annotation check) + documentIndex: &deploymentDoc 1 + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: Deployment + - isSubset: + path: metadata.annotations + content: + k8s.v1.cni.cncf.io/networks: ix-RELEASE-NAME-0 + - isNull: + path: metadata.annotations.rollme + - matchRegex: + path: spec.template.metadata.annotations.rollme + pattern: "^[a-zA-Z0-9]{5}$" + + - it: should pass with externalInterface defined, multiple entries (First Doc) + documentIndex: *externalInterfaceDoc + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-1", "type": "macvlan", "master": "ens5s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: spec + value: + config: '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + - equal: + path: metadata.name + value: ix-RELEASE-NAME-0 + + - it: should pass with externalInterface defined, multiple entries (Second Doc) + documentIndex: &otherExternalInterfaceDoc 1 + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-1", "type": "macvlan", "master": "ens5s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + - ix-RELEASE-NAME-1 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: spec + value: + config: '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-1", "type": "macvlan", "master": "ens5s0", "ipam": {"type": "dhcp"}}' + - equal: + path: metadata.name + value: ix-RELEASE-NAME-1 + + - it: should pass with externalInterface defined, multiple entries (annotation check) + documentIndex: &deploymentDoc 2 + set: + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-1", "type": "macvlan", "master": "ens5s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + - ix-RELEASE-NAME-1 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Deployment + - isSubset: + path: metadata.annotations + content: + k8s.v1.cni.cncf.io/networks: ix-RELEASE-NAME-0, ix-RELEASE-NAME-1 + - isNull: + path: metadata.annotations.rollme + - matchRegex: + path: spec.template.metadata.annotations.rollme + pattern: "^[a-zA-Z0-9]{5}$" + + - it: should pass with externalInterface defined and global annotations, multiple entries + documentIndex: &externalInterfaceDoc 0 + set: + global: + annotations: + key1: value1 + key2: value2 + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with externalInterface defined and global annotations from tpl, multiple entries + documentIndex: &externalInterfaceDoc 0 + set: + k1: value1 + k2: value2 + global: + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with externalInterface defined and global labels, multiple entries + documentIndex: &externalInterfaceDoc 0 + set: + global: + labels: + key1: value1 + key2: value2 + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + key1: value1 + key2: value2 + release: RELEASE-NAME + + - it: should pass with externalInterface defined and global labels from tpl, multiple entries + documentIndex: &externalInterfaceDoc 0 + set: + k1: value1 + k2: value2 + global: + labels: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + # Only to pass validation + externalInterfaces: + - hostInterface: ens3s0 + ipam: + type: dhcp + # Simulate the ix Injected values + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-RELEASE-NAME-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: + - ix-RELEASE-NAME-0 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: NetworkAttachmentDefinition + - isAPIVersion: + of: k8s.cni.cncf.io/v1 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + key1: value1 + key2: value2 + release: RELEASE-NAME diff --git a/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml b/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml new file mode 100644 index 00000000..fee8d570 --- /dev/null +++ b/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml @@ -0,0 +1,416 @@ +suite: image pull secrets test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without name in imagePullCredentials + set: + imagePullCredentials: + - enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is required for Image Pull Secrets Credentials + + - it: should fail without content in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without registry in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + username: some_name + password: some_password + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without email in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + username: some_name + password: some_password + registry: quay.io + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without username in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + password: some_password + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without password in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + username: some_name + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail with special characters in name in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds!!! + enabled: true + content: + username: some_name + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: (registry-creds!!!) can only container this alphanumerical characters (- a-z A-Z 0-9) + + - it: should pass with imagePullCredentials defined and super long name + documentIndex: &secretDoc 0 + set: + imagePullCredentials: + - name: thisNameIsSuperLong-1111111111111111111111111-ItsStillGoing22222222222222-SOMEMORE + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-thisnameissuperlong-111111111111111111 + + - it: should pass with imagePullCredentials defined (Secret) + documentIndex: *secretDoc + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - hasDocuments: + count: 4 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with imagePullCredentials defined (Deployment) + documentIndex: &deploymentDoc 1 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: RELEASE-NAME-common-test-registry-creds + + - it: should pass with multiple imagePullCredentials defined (Secret 1/2) + documentIndex: *secretDoc + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + content: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple imagePullCredentials defined (Secret 2/2) + documentIndex: &secondSecretDoc 1 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + content: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds2 + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with imagePullCredentials defined (Deployment) + documentIndex: &deploymentDoc 2 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + content: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: RELEASE-NAME-common-test-registry-creds + - name: RELEASE-NAME-common-test-registry-creds2 + + - it: should pass with imagePullCredentials defined and global annotations + documentIndex: *secretDoc + set: + global: + annotations: + key1: value1 + key2: value2 + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global annotations from tpl + documentIndex: *secretDoc + set: + k1: value1 + k2: value2 + global: + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global labels + documentIndex: *secretDoc + set: + global: + labels: + key1: value1 + key2: value2 + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global labels from tpl + documentIndex: *secretDoc + set: + k1: value1 + k2: value2 + global: + labels: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + imagePullCredentials: + - name: registry-creds + enabled: true + content: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key1: value1 + key2: value2 diff --git a/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml new file mode 100644 index 00000000..69e86d32 --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml @@ -0,0 +1,1297 @@ +suite: additionalContainer in deployment test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in additional container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + additionalImage: + repository: some-repo-additional + tag: some-tag-additional + pullPolicy: Never + additionalContainers: + some-name: + imageSelector: additionalImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.containers[1] + content: + image: some-repo-additional:some-tag-additional + imagePullPolicy: Never + + - it: should pass with image defined in multiple additional container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + additionalImage: + repository: some-repo-additional + tag: some-tag-additional + pullPolicy: Never + additionalImage2: + repository: some-repo-additional2 + tag: some-tag-additional2 + pullPolicy: IfNotPresent + additionalContainers: + some-name: + imageSelector: additionalImage + pullPolicy: Never + some-name2: + imageSelector: additionalImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.containers[1] + content: + image: some-repo-additional:some-tag-additional + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.containers[2] + content: + image: some-repo-additional2:some-tag-additional2 + imagePullPolicy: IfNotPresent + + - it: should pass with tty and stdin defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.containers[1] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in additional container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + additionalContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.containers[1] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.containers[1] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in additional container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + additionalContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.containers[1].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in additional container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + additionalContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.containers[1] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in additional container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + additionalContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.containers[1] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.containers[1] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.containers[0].e1v + + - it: should pass with lifecycle defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + lifecycle: + postStart: + command: + - /bin/bash + - test1 + preStop: + command: + - /bin/bash + - test2 + asserts: + - isNull: + path: spec.template.spec.containers[0].lifecycle + - isSubset: + path: spec.template.spec.containers[1] + content: + lifecycle: + postStart: + exec: + command: + - /bin/bash + - test1 + preStop: + exec: + command: + - /bin/bash + - test2 + + - it: should fail with env trying to override fixedEnvs in additional container + set: + additionalContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-additional-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in additional container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + additionalContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-additional-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in additional container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + additionalContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-additional-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + additionalContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList defined in additionalContainer + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in additionalContainer + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + additionalContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + additionalContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.containers[1] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probe type set to auto in additional container + set: + additionalContainers: + some-name: + probes: + liveness: + enabled: true + type: auto + asserts: + - failedTemplate: + errorMessage: probe type in probe (liveness) in (RELEASE-NAME-common-test-additional-some-name) container, is only supported for the main container and only if there is at least 1 port enabled + + - it: should pass with probes defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + probes: + liveness: + enabled: true + type: tcp + port: 3000 + readiness: + enabled: true + type: http + port: 3000 + path: / + startup: + enabled: true + type: exec + command: + - /bin/bash + - -c + - | + echo "start!" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + livenessProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + startupProbe: + httpGet: + path: / + scheme: HTTP + port: 65535 + initialDelaySeconds: 10 + failureThreshold: 60 + timeoutSeconds: 2 + periodSeconds: 5 + - isSubset: + path: spec.template.spec.containers[1] + content: + livenessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + scheme: HTTP + port: 3000 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + startupProbe: + exec: + command: + - /bin/bash + - -c + - | + echo "start!" + initialDelaySeconds: 10 + failureThreshold: 60 + timeoutSeconds: 2 + periodSeconds: 5 + + - it: should fail with invalid protocol in ports in additional container + set: + additionalContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-additional-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in additional container + set: + additionalContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-additional-some-name) container. + + - it: should fail without containerPort in ports in additional container + set: + additionalContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-additional-some-name) container. + + - it: should fail with non-int containerPort in ports in additional container + set: + additionalContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-additional-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in additional container + set: + additionalContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-additional-some-name) container. Must be an int. + + - it: should pass without protocol in ports in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.containers[1] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in additional container + documentIndex: *deploymentDoc + set: + additionalContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.containers[1] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in additional container + set: + additionalContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in additional container + set: + additionalContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in additional container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + additionalContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in additional container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + additionalContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in additional container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + additionalContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + - it: should pass with deviceList and volumeMounts defined in additional container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + additionalContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.containers[1].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled additional container from tpl + documentIndex: *deploymentDoc + set: + flag: false + additionalContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml new file mode 100644 index 00000000..32122e96 --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml @@ -0,0 +1,1196 @@ +suite: initContainer in deployment test (onInstall) +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with image defined in multiple init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initImage2: + repository: some-repo-init2 + tag: some-tag-init2 + pullPolicy: IfNotPresent + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + some-name2: + imageSelector: initImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-init2:some-tag-init2 + imagePullPolicy: IfNotPresent + + - it: should pass with tty and stdin defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in init container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + initContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in init container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + initContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in init container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + initContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in init container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + initContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.initContainers[0].env + + - it: should fail with lifecycle defined in init container + set: + initContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-init-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in init container + set: + initContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in init container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in init container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in init container + set: + initContainers: + some-name: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-init-some-name) do not support probes + + - it: should fail with invalid protocol in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-init-some-name) container. + + - it: should fail without containerPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. + + - it: should fail with non-int containerPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Must be an int. + + - it: should pass without protocol in ports in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in init container + set: + initContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in init container + set: + initContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + initContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + initContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + initContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + - it: should pass with deviceList and volumeMounts defined in init container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + initContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled init container from tpl + documentIndex: *deploymentDoc + set: + flag: false + initContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml new file mode 100644 index 00000000..fed7181b --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml @@ -0,0 +1,1198 @@ +suite: initContainer in deployment test (on Upgrade) +templates: + - common.yaml +release: + upgrade: true +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with image defined in multiple init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initImage2: + repository: some-repo-init2 + tag: some-tag-init2 + pullPolicy: IfNotPresent + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + some-name2: + imageSelector: initImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-init2:some-tag-init2 + imagePullPolicy: IfNotPresent + + - it: should pass with tty and stdin defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in init container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + initContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in init container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + initContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in init container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + initContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in init container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + initContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.initContainers[0].env + + - it: should fail with lifecycle defined in init container + set: + initContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-init-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in init container + set: + initContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in init container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in init container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-init-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + initContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + initContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in init container + set: + initContainers: + some-name: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-init-some-name) do not support probes + + - it: should fail with invalid protocol in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-init-some-name) container. + + - it: should fail without containerPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. + + - it: should fail with non-int containerPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in init container + set: + initContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-init-some-name) container. Must be an int. + + - it: should pass without protocol in ports in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in init container + set: + initContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in init container + set: + initContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + initContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + initContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + initContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + - it: should pass with deviceList and volumeMounts defined in init container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + initContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled init container from tpl + documentIndex: *deploymentDoc + set: + flag: false + initContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml new file mode 100644 index 00000000..6ac90175 --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml @@ -0,0 +1,1210 @@ + +suite: installContainer in deployment test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in install container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + installImage: + repository: some-repo-install + tag: some-tag-install + pullPolicy: Never + installContainers: + some-name: + imageSelector: installImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-install:some-tag-install + imagePullPolicy: Never + + - it: should pass with image defined in multiple install container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + installImage: + repository: some-repo-install + tag: some-tag-install + pullPolicy: Never + installImage2: + repository: some-repo-install2 + tag: some-tag-install2 + pullPolicy: IfNotPresent + installContainers: + some-name: + imageSelector: installImage + pullPolicy: Never + some-name2: + imageSelector: installImage2 + pullPolicy: Never + initContainers: + some-name3: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-install:some-tag-install + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-install2:some-tag-install2 + imagePullPolicy: IfNotPresent + - isSubset: + path: spec.template.spec.initContainers[2] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in install container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + installContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in install container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + installContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in install container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + installContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in install container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + installContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.initContainers[0].env + + - it: should fail with lifecycle defined in install container + set: + installContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-install-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in install container + set: + installContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-install-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in install container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + installContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-install-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in install container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + installContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-install-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + installContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + installContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + installContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in install container + set: + installContainers: + some-name: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-install-some-name) do not support probes + + - it: should fail with invalid protocol in ports in install container + set: + installContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-install-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in install container + set: + installContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-install-some-name) container. + + - it: should fail without containerPort in ports in install container + set: + installContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-install-some-name) container. + + - it: should fail with non-int containerPort in ports in install container + set: + installContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-install-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in install container + set: + installContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-install-some-name) container. Must be an int. + + - it: should pass without protocol in ports in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in install container + set: + installContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in install container + set: + installContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in install container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + installContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in install container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + installContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in install container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + installContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + - it: should pass with deviceList and volumeMounts defined in install container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + installContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled install container from tpl + documentIndex: *deploymentDoc + set: + flag: false + installContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml b/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml new file mode 100644 index 00000000..b0288900 --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml @@ -0,0 +1,1196 @@ +suite: systemContainer in deployment test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in system container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + systemImage: + repository: some-repo-system + tag: some-tag-system + pullPolicy: Never + systemContainers: + some-name: + imageSelector: systemImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-system:some-tag-system + imagePullPolicy: Never + + - it: should pass with image defined in multiple system container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + systemImage: + repository: some-repo-system + tag: some-tag-system + pullPolicy: Never + systemImage2: + repository: some-repo-system2 + tag: some-tag-system2 + pullPolicy: IfNotPresent + systemContainers: + some-name: + imageSelector: systemImage + pullPolicy: Never + some-name2: + imageSelector: systemImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-system:some-tag-system + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-system2:some-tag-system2 + imagePullPolicy: IfNotPresent + + - it: should pass with tty and stdin defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in system container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + systemContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in system container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + systemContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in system container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + systemContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in system container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + systemContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.initContainers[0].env + + - it: should fail with lifecycle defined in system container + set: + systemContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-system-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in system container + set: + systemContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-system-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in system container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + systemContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-system-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in system container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + systemContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-system-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + systemContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + systemContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + systemContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in system container + set: + systemContainers: + some-name: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-system-some-name) do not support probes + + - it: should fail with invalid protocol in ports in system container + set: + systemContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-system-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in system container + set: + systemContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-system-some-name) container. + + - it: should fail without containerPort in ports in system container + set: + systemContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-system-some-name) container. + + - it: should fail with non-int containerPort in ports in system container + set: + systemContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-system-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in system container + set: + systemContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-system-some-name) container. Must be an int. + + - it: should pass without protocol in ports in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in system container + documentIndex: *deploymentDoc + set: + systemContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in system container + set: + systemContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in system container + set: + systemContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in system container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + systemContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in system container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + systemContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in system container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + systemContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + - it: should pass with deviceList and volumeMounts defined in system container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + systemContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled system container from tpl + documentIndex: *deploymentDoc + set: + flag: false + systemContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml new file mode 100644 index 00000000..d88d513c --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml @@ -0,0 +1,1213 @@ + +suite: upgradeContainer in deployment test +templates: + - common.yaml +release: + upgrade: true +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in upgrade container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + upgradeImage: + repository: some-repo-upgrade + tag: some-tag-upgrade + pullPolicy: Never + upgradeContainers: + some-name: + imageSelector: upgradeImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-upgrade:some-tag-upgrade + imagePullPolicy: Never + + - it: should pass with image defined in multiple upgrade container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + upgradeImage: + repository: some-repo-upgrade + tag: some-tag-upgrade + pullPolicy: Never + upgradeImage2: + repository: some-repo-upgrade2 + tag: some-tag-upgrade2 + pullPolicy: IfNotPresent + upgradeContainers: + some-name: + imageSelector: upgradeImage + pullPolicy: Never + some-name2: + imageSelector: upgradeImage2 + pullPolicy: Never + initContainers: + some-name3: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-upgrade:some-tag-upgrade + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-upgrade2:some-tag-upgrade2 + imagePullPolicy: IfNotPresent + - isSubset: + path: spec.template.spec.initContainers[2] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in upgrade container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + upgradeContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in upgrade container + documentIndex: *deploymentDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + upgradeContainers: + some-name: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 25m + memory: 80Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - notContains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: all + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in upgrade container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + upgradeContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in upgrade container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + upgradeContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - isNull: + path: spec.template.spec.initContainers[0].env + + - it: should fail with lifecycle defined in upgrade container + set: + upgradeContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-upgrade-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in upgrade container + set: + upgradeContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-upgrade-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in upgrade container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + upgradeContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-upgrade-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in upgrade container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + upgradeContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-upgrade-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + upgradeContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with both deviceList and scaleGPU defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *deploymentDoc + set: + upgradeContainers: + some_container: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *deploymentDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + upgradeContainers: + some_container: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in upgrade container + set: + upgradeContainers: + some-name: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-upgrade-some-name) do not support probes + + - it: should fail with invalid protocol in ports in upgrade container + set: + upgradeContainers: + some-name: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-upgrade-some-name) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in upgrade container + set: + upgradeContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-upgrade-some-name) container. + + - it: should fail without containerPort in ports in upgrade container + set: + upgradeContainers: + some-name: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-upgrade-some-name) container. + + - it: should fail with non-int containerPort in ports in upgrade container + set: + upgradeContainers: + some-name: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-upgrade-some-name) container. Must be an int. + + - it: should fail with non-int hostPort in ports in upgrade container + set: + upgradeContainers: + some-name: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-upgrade-some-name) container. Must be an int. + + - it: should pass without protocol in ports in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + protocol: TCP + name: main + - isSubset: + path: spec.template.spec.initContainers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in upgrade container + set: + upgradeContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in upgrade container + set: + upgradeContainers: + some-name: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in upgrade container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + upgradeContainers: + some-name: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with volumeMounts inherit all in upgrade container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + upgradeContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in upgrade container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + upgradeContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /some/other/path + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + + + - it: should pass with deviceList and volumeMounts defined in upgrade container + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + upgradeContainers: + some-name: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /host/dev/something + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: device-some-name-1 + mountPath: /host/dev/serial + + - it: should pass with disabled upgrade container from tpl + documentIndex: *deploymentDoc + set: + flag: false + upgradeContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/jobs/cronJobSpecContainer_test copy.yaml b/library/common-test/tests/jobs/cronJobSpecContainer_test copy.yaml new file mode 100644 index 00000000..15de64ef --- /dev/null +++ b/library/common-test/tests/jobs/cronJobSpecContainer_test copy.yaml @@ -0,0 +1,1130 @@ +suite: cron Job Containers test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with default in job + documentIndex: &cronJobDoc 3 + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: CronJob + - isAPIVersion: + of: batch/v1 + + - it: should pass with default container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0] + value: + name: RELEASE-NAME-common-test-job-main + image: repo:tag + imagePullPolicy: IfNotPresent + tty: false + stdin: false + env: + - name: "TZ" + value: "UTC" + - name: "UMASK" + value: "002" + - name: "UMASK_SET" + value: "002" + - name: "NVIDIA_VISIBLE_DEVICES" + value: "void" + - name: "S6_READ_ONLY_ROOT" + value: "1" + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + add: [] + drop: + - "ALL" + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi + + - it: should pass with image defined in job container + documentIndex: *cronJobDoc + set: + jobImage: + repository: some-repo-job + tag: some-tag-job + pullPolicy: Never + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: jobImage + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + image: some-repo-job:some-tag-job + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + tty: true + stdin: true + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + tty: true + stdin: true + + - it: should pass with command defined in job container + documentIndex: *cronJobDoc + set: + port: 8080 + entrypoint: ./run.sh + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in job container + documentIndex: *cronJobDoc + set: + port: 8080 + entrypoint: ./run.sh + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in job container + documentIndex: *cronJobDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in job container + documentIndex: *cronJobDoc + set: + some_name: a_name + some_name2: a_name2 + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in job container + documentIndex: *cronJobDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isNull: + path: spec.jobTemplate.spec.template.spec.containers[0].env + + - it: should fail with lifecycle defined in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-job-main) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in job container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in job container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *cronJobDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *cronJobDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-job-main) do not support probes + + - it: should fail with invalid protocol in ports in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-job-main) container. + + - it: should fail without containerPort in ports in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. + + - it: should fail with non-int containerPort in ports in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Must be an int. + + - it: should fail with non-int hostPort in ports in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Must be an int. + + - it: should pass without protocol in ports in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in job container + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.jobTemplate.spec.template.spec.containers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in job container + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in job container + documentIndex: *cronJobDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with deviceList and volumeMounts defined in job container + documentIndex: *cronJobDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: device-job-main-0 + mountPath: /host/dev/usb + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: device-job-main-1 + mountPath: /host/dev/serial diff --git a/library/common-test/tests/jobs/cronJob_test.yaml b/library/common-test/tests/jobs/cronJob_test.yaml new file mode 100644 index 00000000..6b7ee58f --- /dev/null +++ b/library/common-test/tests/jobs/cronJob_test.yaml @@ -0,0 +1,479 @@ +suite: cronJobs test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without schedule in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + asserts: + - failedTemplate: + errorMessage: is required in (job-name) + + - it: should fail with non-string schedule in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: 1 + asserts: + - failedTemplate: + errorMessage: must be a string in (job-name) + + - it: should fail with non-string timezone in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + timezone: 2 + asserts: + - failedTemplate: + errorMessage: must be a string in (job-name). Leave empty to use the default (UTC) + + - it: should fail with invalid concurrencyPolicy in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + concurrencyPolicy: invalid + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid) for in (job-name). Valid options are Allow, Forbid, Replace. Leave empty to use the default (Forbid) + + - it: should fail with negative value in failedJobsHistoryLimit in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + failedJobsHistoryLimit: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. Leave empty to use (1) + + - it: should fail with negative value in successfulJobsHistoryLimit in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + successfulJobsHistoryLimit: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. Leave empty to use (3) + + - it: should fail with zero value in startingDeadlineSeconds in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + startingDeadlineSeconds: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. + + - it: should fail with negative value in startingDeadlineSeconds in cronjobs + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + startingDeadlineSeconds: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. + + - it: should pass with cronjob disabled + set: + jobs: + job-name: + enabled: false + cron: + enabled: false + asserts: + - hasDocuments: + count: 3 + + - it: should pass with cronjob defined + documentIndex: &cronJobDoc 3 + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: CronJob + - isAPIVersion: + of: batch/v1 + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-job-name + + - it: should pass with nameOverride in cronjob defined + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + nameOverride: other-job-name + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other-job-name + + - it: should pass with global labels and labels from tpl defined in cronjob + documentIndex: *cronJobDoc + set: + l1: val1 + l2: val2 + global: + labels: + label1: val3 + label2: val4 + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + labels: + l1: "{{ .Values.l1 }}" + l2: "{{ .Values.l2 }}" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.labels + value: + app: common-test + release: RELEASE-NAME + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + l1: val1 + l2: val2 + label1: val3 + label2: val4 + + - it: should pass with annotations from tpl defined in cronjob + documentIndex: *cronJobDoc + set: + a1: val1 + a2: val2 + global: + annotations: + annotation1: val3 + annotation2: val4 + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + annotations: + a1: "{{ .Values.a1 }}" + a2: "{{ .Values.a2 }}" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.annotations + value: + a1: val1 + a2: val2 + annotation1: val3 + annotation2: val4 + + - it: should pass with defaults in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + schedule: "* * * * *" + timeZone: UTC + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + + - it: should pass with defaults in multiple cronjob (1/2) + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + other-job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: CronJob + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-job-name + - isSubset: + path: spec + content: + schedule: "* * * * *" + timeZone: UTC + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + + - it: should pass with defaults in multiple cronjob (2/2) + documentIndex: &otherCronJobDoc 4 + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + other-job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: CronJob + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other-job-name + - isSubset: + path: spec + content: + schedule: "* * * * *" + timeZone: UTC + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + + - it: should pass with schedule defined defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.schedule + value: "* * * * *" + + - it: should pass with timezone defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + timezone: Europe/Athens + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.timeZone + value: Europe/Athens + + - it: should pass with concurrencyPolicy defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + concurrencyPolicy: Allow + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.concurrencyPolicy + value: Allow + + - it: should pass with failedJobsHistoryLimit defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + failedJobsHistoryLimit: 5 + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.failedJobsHistoryLimit + value: 5 + + - it: should pass with successfulJobsHistoryLimit defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + successfulJobsHistoryLimit: 5 + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.successfulJobsHistoryLimit + value: 5 + + - it: should pass with startingDeadLineSeconds defined in cronjob + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + startingDeadLineSeconds: 150 + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.startingDeadLineSeconds + value: 150 + + - it: should pass with values set in jobTemplate + documentIndex: *cronJobDoc + set: + jobs: + job-name: + enabled: true + cron: + enabled: true + schedule: "* * * * *" + completions: 5 + parallelism: 6 + backoffLimit: 3 + activeDeadlineSeconds: 120 + ttlSecondsAfterFinished: 150 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.jobTemplate.spec + content: + completions: 5 + parallelism: 6 + backoffLimit: 3 + activeDeadlineSeconds: 120 + ttlSecondsAfterFinished: 150 + +# TODO: add basic test to make sure jobTemplate spec (mostly containers part) is actually rendered +# Most of the jobTemplate spec will be tested on another file diff --git a/library/common-test/tests/jobs/jobSpecContainer_test.yaml b/library/common-test/tests/jobs/jobSpecContainer_test.yaml new file mode 100644 index 00000000..1376b9dd --- /dev/null +++ b/library/common-test/tests/jobs/jobSpecContainer_test.yaml @@ -0,0 +1,1022 @@ +suite: job Containers test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with default in job + documentIndex: &jobDoc 3 + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isAPIVersion: + of: batch/v1 + + - it: should pass with default container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.template.spec.containers[0] + value: + name: RELEASE-NAME-common-test-job-main + image: repo:tag + imagePullPolicy: IfNotPresent + tty: false + stdin: false + env: + - name: "TZ" + value: "UTC" + - name: "UMASK" + value: "002" + - name: "UMASK_SET" + value: "002" + - name: "NVIDIA_VISIBLE_DEVICES" + value: "void" + - name: "S6_READ_ONLY_ROOT" + value: "1" + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + add: [] + drop: + - "ALL" + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi + + - it: should pass with image defined in job container + documentIndex: *jobDoc + set: + jobImage: + repository: some-repo-job + tag: some-tag-job + pullPolicy: Never + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: jobImage + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo-job:some-tag-job + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: true + stdin: true + + - it: should pass with command defined in job container + documentIndex: *jobDoc + set: + port: 8080 + entrypoint: ./run.sh + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in job container + documentIndex: *jobDoc + set: + port: 8080 + entrypoint: ./run.sh + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources inherited from main container and modified in job container + documentIndex: *jobDoc + set: + resources: + requests: + cpu: 25m + memory: 80Mi + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + resources: + inherit: true + limits: + cpu: 1000m + memory: 1Gi + requests: + memory: 120Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 25m + memory: 120Mi + + - it: should pass with resources defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + nvidiaCaps: + - compute + scaleGPU: + gpu.intel.com/i915: "1" + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + gpu.intel.com/i915: "1" + requests: + cpu: 20m + memory: 100Mi + - contains: + path: spec.template.spec.containers[0].env + content: + name: NVIDIA_DRIVER_CAPABILITIES + value: compute + + - it: should pass with envFrom defined in job container + documentIndex: *jobDoc + set: + some_name: a_name + some_name2: a_name2 + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in job container + documentIndex: *jobDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "002" + - name: UMASK_SET + value: "002" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should pass with changed PUID/UMASK + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + securityContext: + runAsUser: 0 + runAsNonRoot: false + security: + UMASK: "003" + PUID: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: PUID + value: "1000" + - name: USER_ID + value: "1000" + - name: UID + value: "1000" + - name: PGID + value: "568" + - name: GROUP_ID + value: "568" + - name: GID + value: "568" + - name: S6_READ_ONLY_ROOT + value: "1" + + - it: should pass with disabled injectFixedEnvs + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + securityContext: + runAsUser: 0 + runAsNonRoot: false + injectFixedEnvs: false + asserts: + - isNull: + path: spec.template.spec.containers[0].env + + - it: should fail with lifecycle defined in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-job-main) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in job container + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in job container + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-job-main) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] + + - it: should pass with securityContext inherited + documentIndex: *jobDoc + set: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with deviceList defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with deviceList and scaleGPU defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + scaleGPU: + nvidia: something + deviceList: + - enabled: true + mountPath: /host/dev/usb + hostPath: /dev/usb + securityContext: + inherit: true + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 5 + - 10 + - 20 + - 24 + - 44 + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with port <=1024 defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - name: http + containerPort: 80 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext default + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + + - it: should pass with securityContext changed + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - Something + drop: + - Something_Else + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with some values changed + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + add: + - Something + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - Something + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + - it: should pass with securityContext with inherit and at least one value changed + documentIndex: *jobDoc + set: + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + drop: + - something_else + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + securityContext: + inherit: true + runAsNonRoot: false + runAsUser: 0 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: [] + drop: + - something_else + privileged: true + readOnlyRootFilesystem: true + runAsGroup: 568 + runAsNonRoot: false + runAsUser: 0 + + - it: should fail with probes in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + probes: + liveness: + enabled: true + asserts: + - failedTemplate: + errorMessage: Init/System/Install/Upgrade/(Cron)Job Container (RELEASE-NAME-common-test-job-main) do not support probes + + - it: should fail with invalid protocol in ports in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: invalid-proto + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (invalid-proto) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Valid protocols are TCP and UDP. + + - it: should fail without name in ports in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: TCP + name: "" + asserts: + - failedTemplate: + errorMessage: is required in all in (RELEASE-NAME-common-test-job-main) container. + + - it: should fail without containerPort in ports in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: "" + name: tcp-port + asserts: + - failedTemplate: + errorMessage: is required in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. + + - it: should fail with non-int containerPort in ports in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Must be an int. + + - it: should fail with non-int hostPort in ports in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: 1234 + hostPort: not-int + name: tcp-port + asserts: + - failedTemplate: + errorMessage: Invalid (not-int) in port (tcp-port) in (RELEASE-NAME-common-test-job-main) container. Must be an int. + + - it: should pass without protocol in ports in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: 5678 + name: tcp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + + - it: should pass with ports defined in job container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 5678 + protocol: TCP + name: tcp-port + - containerPort: 1234 + protocol: UDP + name: udp-port + + - it: should fail without trying to mount a non existent volume in volumeMounts defined in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + volumeMounts: + - name: some-volume + mountPath: /some/path + asserts: + - failedTemplate: + errorMessage: You are trying to mount a volume that does not exist (some-volume). Please define the volume in . + + - it: should fail without name in volumeMounts defined in job container + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + volumeMounts: + - name: + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + asserts: + - failedTemplate: + errorMessage: is required in volumeMounts in init/system/install/upgrade/additional containers. + + - it: should pass with volumeMounts defined in job container + documentIndex: *jobDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + + - it: should pass with deviceList and volumeMounts defined in job container + documentIndex: *jobDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/something + hostPath: /dev/something + persistence: + some-volume: + enabled: true + noMount: true + type: emptyDir + some-other-volume: + enabled: true + noMount: true + type: emptyDir + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + deviceList: + - enabled: true + type: hostPath + mountPath: /host/dev/usb + hostPath: /dev/usb + - enabled: true + type: hostPath + mountPath: /host/dev/serial + hostPath: /dev/serial + volumeMounts: + - name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-volume + mountPath: /some/path + readOnly: false + subPath: /some/sub/path + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: some-other-volume + mountPath: /some/other/path + readOnly: false + subPath: /some/other/sub/path + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-job-main-0 + mountPath: /host/dev/usb + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-job-main-1 + mountPath: /host/dev/serial diff --git a/library/common-test/tests/jobs/jobTemplate_test.yaml b/library/common-test/tests/jobs/jobTemplate_test.yaml new file mode 100644 index 00000000..22d4b1f2 --- /dev/null +++ b/library/common-test/tests/jobs/jobTemplate_test.yaml @@ -0,0 +1,898 @@ +suite: jobTemplate test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with zero value in backoffLimit in jobs + set: + jobs: + job-name: + enabled: true + backoffLimit: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. Leave empty to use the default (6) + + - it: should fail with negative value in backoffLimit in jobs + set: + jobs: + job-name: + enabled: true + backoffLimit: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. Leave empty to use the default (6) + + - it: should fail with zero value in ttlSecondsAfterFinished in jobs + set: + jobs: + job-name: + enabled: true + ttlSecondsAfterFinished: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. + + - it: should fail with negative value in ttlSecondsAfterFinished in jobs + set: + jobs: + job-name: + enabled: true + ttlSecondsAfterFinished: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. + + - it: should fail with zero value in activeDeadlineSeconds in jobs + set: + jobs: + job-name: + enabled: true + activeDeadlineSeconds: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. + + - it: should fail with negative value in activeDeadlineSeconds in jobs + set: + jobs: + job-name: + enabled: true + activeDeadlineSeconds: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. + + - it: should fail with zero value in parallelism in jobs + set: + jobs: + job-name: + enabled: true + parallelism: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. + + - it: should fail with negative value in parallelism in jobs + set: + jobs: + job-name: + enabled: true + parallelism: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. + + - it: should fail with zero value in completions in jobs + set: + jobs: + job-name: + enabled: true + completions: 0 + asserts: + - failedTemplate: + errorMessage: Zero value in (0) in (job-name) is not allowed. + + - it: should fail with negative value in completions in jobs + set: + jobs: + job-name: + enabled: true + completions: -1 + asserts: + - failedTemplate: + errorMessage: (-1) in (job-name) must be a positive integer. + + - it: should fail with invalid completionMode in jobs + set: + jobs: + job-name: + enabled: true + completionMode: invalid + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid) for in (job-name). Valid options are NonIndexed and Indexed. Leave empty to use the default (NonIndexed) + + - it: should fail without pod in jobs + set: + jobs: + job-name: + enabled: true + asserts: + - failedTemplate: + errorMessage: A pod in is required in (job-name). + + - it: should fail without containers in pod in jobs + set: + jobs: + job-name: + enabled: true + podSpec: + containers: {} + asserts: + - failedTemplate: + errorMessage: At least one container in is required in (job-name). + + - it: should pass with job values changed + documentIndex: *deploymentDoc + set: + jobs: + job-name: + enabled: true + podSpec: + dnsPolicy: None + hostname: some-hostname + priorityClassName: some-priorityClass + schedulerName: some-schedulerName + serviceAccountName: some-serviceAccountName + runtimeClassName: some-runtimeClassName + hostNetwork: true + enableServiceLinks: true + restartPolicy: OnFailure + podSecurityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 50 + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.serviceAccountName + value: default + - equal: + path: spec.template.spec.dnsPolicy + value: ClusterFirst + - isNull: + path: spec.template.spec.hostname + - isNull: + path: spec.template.spec.priorityClassName + - isNull: + path: spec.template.spec.runtimeClassName + - isNull: + path: spec.template.spec.schedulerName + - equal: + path: spec.template.spec.hostNetwork + value: false + - equal: + path: spec.template.spec.enableServiceLinks + value: false + - equal: + path: spec.template.spec.restartPolicy + value: Always + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + + - it: should pass with default in job + documentIndex: &jobDoc 3 + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isAPIVersion: + of: batch/v1 + - isSubset: + path: spec + content: + backoffLimit: 6 + completionMode: NonIndexed + + - it: should pass with default in multiple job (1/2) + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + other-job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isAPIVersion: + of: batch/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-job-name + - isSubset: + path: spec + content: + backoffLimit: 6 + completionMode: NonIndexed + + - it: should pass with default in multiple job (2/2) + documentIndex: &otherJobDoc 4 + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + other-job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isAPIVersion: + of: batch/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other-job-name + - isSubset: + path: spec + content: + backoffLimit: 6 + completionMode: NonIndexed + + - it: should pass with backoffLimit set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + backoffLimit: 3 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + backoffLimit: 3 + + - it: should pass with completionMode set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + completionMode: Indexed + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + completionMode: Indexed + + - it: should pass with ttlSecondsAfterFinished set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + ttlSecondsAfterFinished: 150 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + ttlSecondsAfterFinished: 150 + + - it: should pass with activeDeadlineSeconds set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + activeDeadlineSeconds: 120 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + activeDeadlineSeconds: 120 + + - it: should pass with parallelism set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + parallelism: 5 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + parallelism: 5 + + - it: should pass with completions set in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + completions: 5 + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec + content: + completions: 5 + + - it: should pass with default podSpec + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + enableServiceLinks: false + hostNetwork: false + restartPolicy: Never + securityContext: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + + - it: should pass with inherit set in serviceAccountName + documentIndex: &saJobDoc 4 + set: + serviceAccount: + main: + enabled: true + jobs: + job-name: + enabled: true + podSpec: + serviceAccountName: inherit + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isSubset: + path: spec.template.spec + content: + serviceAccountName: RELEASE-NAME-common-test + + - it: should pass with custom serviceAccountName + documentIndex: &saJobDoc 4 + set: + saName: custom + serviceAccount: + main: + enabled: true + jobs: + job-name: + enabled: true + podSpec: + serviceAccountName: "{{ .Values.saName }}" + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isSubset: + path: spec.template.spec + content: + serviceAccountName: custom + + - it: should pass with inherit set in schedulerName + documentIndex: *jobDoc + set: + schedulerName: somename + jobs: + job-name: + enabled: true + podSpec: + schedulerName: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + schedulerName: somename + + - it: should pass with custom schedulerName + documentIndex: *jobDoc + set: + key: somename + schedulerName: main-scheduler + jobs: + job-name: + enabled: true + podSpec: + schedulerName: "{{ .Values.key }}" + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + schedulerName: somename + + - it: should pass with inherit set in termination.gracePeriodSeconds + documentIndex: *jobDoc + set: + termination: + gracePeriodSeconds: 35 + jobs: + job-name: + enabled: true + podSpec: + termination: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + terminationGracePeriodSeconds: 35 + + - it: should pass with custom termination.gracePeriodSeconds + documentIndex: *jobDoc + set: + key: 50 + jobs: + job-name: + enabled: true + podSpec: + termination: + gracePeriodSeconds: 50 + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + terminationGracePeriodSeconds: 50 + + - it: should pass with inherit set for hostNetwork + documentIndex: *jobDoc + set: + hostNetwork: true + jobs: + job-name: + enabled: true + podSpec: + hostNetwork: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + hostNetwork: true + + - it: should pass with false on hostNetwork and true on main + documentIndex: *jobDoc + set: + hostNetwork: true + jobs: + job-name: + enabled: true + podSpec: + hostNetwork: false + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + hostNetwork: false + + - it: should pass with inherit set for enableServiceLinks + documentIndex: *jobDoc + set: + enableServiceLinks: true + jobs: + job-name: + enabled: true + podSpec: + enableServiceLinks: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + enableServiceLinks: true + + - it: should pass with false on enableServiceLinks and true on main + documentIndex: *jobDoc + set: + enableServiceLinks: true + jobs: + job-name: + enabled: true + podSpec: + enableServiceLinks: false + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + enableServiceLinks: false + + - it: should pass with changed restartPolicy + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + restartPolicy: Always + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + restartPolicy: Always + + - it: should pass with inherit set in priorityClassName + documentIndex: *jobDoc + set: + priorityClassName: somename + jobs: + job-name: + enabled: true + podSpec: + priorityClassName: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + priorityClassName: somename + + - it: should pass with custom priorityClassName + documentIndex: *jobDoc + set: + key: somename + priorityClassName: main-priorityClass + jobs: + job-name: + enabled: true + podSpec: + priorityClassName: "{{ .Values.key }}" + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + priorityClassName: somename + + - it: should pass with inherit set in runtimeClassName + documentIndex: *jobDoc + set: + global: + ixChartContext: + addNvidiaRuntimeClass: true + nvidiaRuntimeClassName: nvidia-runtime + scaleGPU: + gpu: somegpu + jobs: + job-name: + enabled: true + podSpec: + runtimeClassName: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + runtimeClassName: nvidia-runtime + + - it: should pass with custom runtimeClassName + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + runtimeClassName: some-runtime + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + runtimeClassName: some-runtime + + - it: should pass with inherit set in hostname + documentIndex: *jobDoc + set: + hostname: somename + jobs: + job-name: + enabled: true + podSpec: + hostname: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + hostname: somename + + - it: should pass with custom hostname + documentIndex: *jobDoc + set: + key: somename + hostname: main-hostname + jobs: + job-name: + enabled: true + podSpec: + hostname: "{{ .Values.key }}" + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + hostname: somename + + - it: should pass with inherit set in dnsPolicy + documentIndex: *jobDoc + set: + dnsPolicy: ClusterFirstWithHostNet + jobs: + job-name: + enabled: true + podSpec: + dnsPolicy: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + dnsPolicy: ClusterFirstWithHostNet + + - it: should pass with custom dnsPolicy + documentIndex: *jobDoc + set: + dnsPolicy: ClusterFirstWithHostNet + jobs: + job-name: + enabled: true + podSpec: + dnsPolicy: None + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + dnsPolicy: None + + - it: should pass with volumes added + documentIndex: *jobDoc + set: + persistence: + some-volume: + enabled: true + type: nfs + server: some-server + path: /some/path + mountPath: /some/path + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - contains: + path: spec.template.spec.volumes + content: + name: some-volume + nfs: + server: some-server + path: /some/path + + - it: should pass with security Context changed and added gpu + documentIndex: *jobDoc + set: + global: + ixChartContext: + addNvidiaRuntimeClass: true + nvidiaRuntimeClassName: nvidia-runtime + jobs: + job-name: + enabled: true + podSpec: + podSecurityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 50 + containers: + main: + imageSelector: image + scaleGPU: + gpu: nvidia + asserts: + - isSubset: + path: spec.template.spec + content: + runtimeClassName: nvidia-runtime + securityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 50 + - 44 + + - it: should pass with security Context set to inherit + documentIndex: *jobDoc + set: + podSecurityContext: + fsGroup: 100 + fsGroupChangePolicy: Always + supplementalGroups: + - 100 + jobs: + job-name: + enabled: true + podSpec: + podSecurityContext: inherit + containers: + main: + imageSelector: image + asserts: + - isSubset: + path: spec.template.spec + content: + securityContext: + fsGroup: 100 + fsGroupChangePolicy: Always + supplementalGroups: + - 100 + + - it: should pass with default container + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: spec.template.spec.containers[0] + value: + name: RELEASE-NAME-common-test-job-main + image: repo:tag + imagePullPolicy: IfNotPresent + tty: false + stdin: false + env: + - name: "TZ" + value: "UTC" + - name: "UMASK" + value: "002" + - name: "UMASK_SET" + value: "002" + - name: "NVIDIA_VISIBLE_DEVICES" + value: "void" + - name: "S6_READ_ONLY_ROOT" + value: "1" + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + add: [] + drop: + - "ALL" + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi diff --git a/library/common-test/tests/jobs/job_test.yaml b/library/common-test/tests/jobs/job_test.yaml new file mode 100644 index 00000000..f47be0c2 --- /dev/null +++ b/library/common-test/tests/jobs/job_test.yaml @@ -0,0 +1,130 @@ +suite: job test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with disabled job + set: + jobs: + job-name: + enabled: false + podSpec: + containers: + main: + imageSelector: image + asserts: + - hasDocuments: + count: 3 + + - it: should pass with defined job + documentIndex: &jobDoc 3 + set: + jobs: + job-name: + enabled: true + podSpec: + containers: + main: + imageSelector: image + asserts: + - isKind: + of: Job + - isAPIVersion: + of: batch/v1 + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-job-name + + - it: should pass with nameOverride defined in job + documentIndex: *jobDoc + set: + jobs: + job-name: + enabled: true + nameOverride: other-job-name + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other-job-name + + - it: should pass with global labels and labels from tpl defined in job + documentIndex: *jobDoc + set: + l1: val1 + l2: val2 + global: + labels: + label1: val3 + label2: val4 + jobs: + job-name: + enabled: true + labels: + l1: "{{ .Values.l1 }}" + l2: "{{ .Values.l2 }}" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.labels + value: + app: common-test + release: RELEASE-NAME + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + l1: val1 + l2: val2 + label1: val3 + label2: val4 + + - it: should pass with annotations from tpl defined in job + documentIndex: *jobDoc + set: + a1: val1 + a2: val2 + global: + annotations: + annotation1: val3 + annotation2: val4 + jobs: + job-name: + enabled: true + annotations: + a1: "{{ .Values.a1 }}" + a2: "{{ .Values.a2 }}" + podSpec: + containers: + main: + imageSelector: image + asserts: + - equal: + path: metadata.annotations + value: + a1: val1 + a2: val2 + annotation1: val3 + annotation2: val4 + +# TODO: add basic test to make sure jobTemplate spec (mostly containers part) is actually rendered +# Most of the jobTemplate spec will be tested on another file diff --git a/library/common-test/tests/lists/deviceList_test.yaml b/library/common-test/tests/lists/deviceList_test.yaml new file mode 100644 index 00000000..2f583486 --- /dev/null +++ b/library/common-test/tests/lists/deviceList_test.yaml @@ -0,0 +1,70 @@ +suite: deviceList test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should pass with deviceList defined + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /dev/usb + hostPath: /dev/usb + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /dev/usb + - contains: + path: spec.template.spec.volumes + content: + name: device-0 + hostPath: + path: /dev/usb + + - it: should pass with deviceList defined as readOnly + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /dev/usb + hostPath: /dev/usb + readOnly: true + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: device-0 + mountPath: /dev/usb + readOnly: true + - contains: + path: spec.template.spec.volumes + content: + name: device-0 + hostPath: + path: /dev/usb + + - it: should pass with deviceList defined, validateHostPath true and a malicious not allowed path + documentIndex: *deploymentDoc + set: + deviceList: + - enabled: true + type: hostPath + mountPath: /dev/usb + hostPath: /mnt + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/mnt). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY diff --git a/library/common-test/tests/lists/persistenceList_test.yaml b/library/common-test/tests/lists/persistenceList_test.yaml new file mode 100644 index 00000000..a963c072 --- /dev/null +++ b/library/common-test/tests/lists/persistenceList_test.yaml @@ -0,0 +1,106 @@ +suite: persistenceList test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - isNull: + path: spec.template.spec.volume + + - it: should pass with persistenceList defined + documentIndex: *deploymentDoc + set: + persistenceList: + - enabled: true + type: pvc + mountPath: /some-path + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: persist-list-0 + mountPath: /some-path + - contains: + path: spec.template.spec.volumes + content: + name: persist-list-0 + persistentVolumeClaim: + claimName: RELEASE-NAME-common-test-persist-list-0 + + - it: should pass with persistenceList defined + documentIndex: *deploymentDoc + set: + persistenceList: + - enabled: true + type: nfs + server: 10.10.10.100 + path: /nfs/path + mountPath: /some-path + - enabled: true + type: hostPath + mountPath: /some-path + hostPath: /mnt/pool/dataset/dir + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: persist-list-0 + mountPath: /some-path + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: persist-list-1 + mountPath: /some-path + - contains: + path: spec.template.spec.volumes + content: + name: persist-list-0 + nfs: + server: 10.10.10.100 + path: /nfs/path + - contains: + path: spec.template.spec.volumes + content: + name: persist-list-1 + hostPath: + path: /mnt/pool/dataset/dir + + - it: should pass with persistenceList defined as readOnly + documentIndex: *deploymentDoc + set: + persistenceList: + - enabled: true + type: pvc + mountPath: /some-path + readOnly: true + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: persist-list-0 + mountPath: /some-path + readOnly: true + - contains: + path: spec.template.spec.volumes + content: + name: persist-list-0 + persistentVolumeClaim: + claimName: RELEASE-NAME-common-test-persist-list-0 + + - it: should pass with persistenceList defined, validateHostPath true and a malicious not allowed path + documentIndex: *deploymentDoc + set: + persistenceList: + - enabled: true + type: hostPath + mountPath: /some-path + hostPath: /mnt + validateHostPath: true + asserts: + - failedTemplate: + errorMessage: Invalid hostPath (/mnt). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY diff --git a/library/common-test/tests/lists/serviceList_test.yaml b/library/common-test/tests/lists/serviceList_test.yaml new file mode 100644 index 00000000..8e694c02 --- /dev/null +++ b/library/common-test/tests/lists/serviceList_test.yaml @@ -0,0 +1,180 @@ +suite: serviceList test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with serviceList defined (container) + documentIndex: *deploymentDoc + set: + serviceList: + - enabled: true + type: ClusterIP + portsList: + - enabled: true + primary: true + protocol: HTTP + targetPort: 1234 + port: 3425 + - enabled: true + protocol: HTTP + targetPort: 12346 + port: 3427 + - enabled: true + type: NodePort + portsList: + - enabled: true + protocol: HTTP + targetPort: 12345 + nodePort: 30000 + port: 3426 + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + ports: + - containerPort: 65535 + name: main + protocol: TCP + - name: port-list-0-0 + containerPort: 1234 + protocol: TCP + - name: port-list-0-1 + containerPort: 12346 + protocol: TCP + - name: port-list-1-0 + containerPort: 12345 + protocol: TCP + + - it: should pass with serviceList defined (service 1/2) + documentIndex: &serviceDoc 3 + set: + serviceList: + - enabled: true + type: ClusterIP + portsList: + - enabled: true + primary: true + protocol: HTTP + targetPort: 1234 + port: 3425 + - enabled: true + protocol: HTTP + targetPort: 12346 + port: 3427 + - enabled: true + type: NodePort + portsList: + - enabled: true + protocol: HTTP + targetPort: 12345 + nodePort: 30000 + port: 3426 + asserts: + - isSubset: + path: spec + content: + type: NodePort + ports: + - name: port-list-1-0 + port: 3426 + protocol: TCP + targetPort: 12345 + nodePort: 30000 + + - it: should pass with serviceList defined (service 2/2) + documentIndex: &otherServiceDoc 2 + set: + serviceList: + - enabled: true + type: ClusterIP + portsList: + - enabled: true + primary: true + protocol: HTTP + targetPort: 1234 + port: 3425 + - enabled: true + protocol: HTTP + targetPort: 12346 + port: 3427 + - enabled: true + type: NodePort + portsList: + - enabled: true + protocol: HTTP + targetPort: 12345 + nodePort: 30000 + port: 3426 + asserts: + - isSubset: + path: spec + content: + type: ClusterIP + ports: + - name: port-list-0-0 + port: 3425 + protocol: TCP + targetPort: 1234 + - name: port-list-0-1 + port: 3427 + protocol: TCP + targetPort: 12346 + + - it: should pass with serviceList defined (portal) + documentIndex: &portalDoc 4 + set: + serviceList: + - enabled: true + type: ClusterIP + portsList: + - enabled: true + primary: true + protocol: HTTP + targetPort: 1234 + port: 3425 + - enabled: true + protocol: HTTP + targetPort: 12346 + port: 3427 + - enabled: true + type: NodePort + portsList: + - enabled: true + protocol: HTTP + targetPort: 12345 + nodePort: 30000 + port: 3426 + asserts: + - equal: + path: kind + value: ConfigMap + - equal: + path: data + value: + host-main-main: $node_ip + host-svc-list-0-port-list-0-0: $node_ip + host-svc-list-0-port-list-0-1: $node_ip + host-svc-list-1-port-list-1-0: $node_ip + path-main-main: / + path-svc-list-0-port-list-0-0: / + path-svc-list-0-port-list-0-1: / + path-svc-list-1-port-list-1-0: / + port-main-main: "443" + port-svc-list-0-port-list-0-0: "443" + port-svc-list-0-port-list-0-1: "443" + port-svc-list-1-port-list-1-0: "30000" + protocol-main-main: http + protocol-svc-list-0-port-list-0-0: http + protocol-svc-list-0-port-list-0-1: http + protocol-svc-list-1-port-list-1-0: http + url-main-main: http://$node_ip:443/ + url-svc-list-0-port-list-0-0: http://$node_ip:443/ + url-svc-list-0-port-list-0-1: http://$node_ip:443/ + url-svc-list-1-port-list-1-0: http://$node_ip:30000/ diff --git a/library/common-test/tests/portal/portal_host_test.yaml b/library/common-test/tests/portal/portal_host_test.yaml new file mode 100644 index 00000000..fef96bfc --- /dev/null +++ b/library/common-test/tests/portal/portal_host_test.yaml @@ -0,0 +1,279 @@ +suite: portal host test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with portal override with empty host + set: + portal: + main: + main: + host: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: You have defined empty in . Define a host or remove the key. + + - it: should pass with defaults on single service/port + documentIndex: &portalDoc 2 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: $node_ip + + - it: should pass with LoadBalancer and IP set on single service/port + documentIndex: &portalDoc 2 + set: + service: + main: + enabled: true + type: LoadBalancer + loadBalancerIP: 10.10.10.100 + ports: + main: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: "10.10.10.100" + + - it: should pass with host override on single service/port + documentIndex: *portalDoc + set: + portal: + main: + main: + host: 10.10.10.100 + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: "10.10.10.100" + + - it: should pass with defaults on multiple service/port + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: $node_ip + host-main-main2: $node_ip + host-other-other: $node_ip + host-other-other2: $node_ip + + - it: should pass with host override on multiple service/port + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + host: 10.10.10.100 + main2: + host: 10.10.10.101 + other: + other: + host: 10.10.10.102 + other2: + host: 10.10.10.103 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: "10.10.10.100" + host-main-main2: "10.10.10.101" + host-other-other: "10.10.10.102" + host-other-other2: "10.10.10.103" + + - it: should pass with override on multiple service/port from tpl + documentIndex: *dualServicePortalDoc + set: + host1: 10.10.10.100 + host2: 10.10.10.101 + host3: 10.10.10.102 + host4: 10.10.10.103 + portal: + main: + main: + host: "{{ .Values.host1 }}" + main2: + host: "{{ .Values.host2 }}" + other: + other: + host: "{{ .Values.host3 }}" + other2: + host: "{{ .Values.host4 }}" + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + host-main-main: "10.10.10.100" + host-main-main2: "10.10.10.101" + host-other-other: "10.10.10.102" + host-other-other2: "10.10.10.103" diff --git a/library/common-test/tests/portal/portal_path_test.yaml b/library/common-test/tests/portal/portal_path_test.yaml new file mode 100644 index 00000000..f94bb987 --- /dev/null +++ b/library/common-test/tests/portal/portal_path_test.yaml @@ -0,0 +1,270 @@ +suite: portal path test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with portal override with empty path + set: + portal: + main: + main: + path: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: You have defined empty in . Define a path or remove the key. + + - it: should fail with portal override with path not starting with / + set: + portal: + main: + main: + path: a/relative/path + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: Portal path (a/relative/path) must start with a forward slash -> / <- + + - it: should pass with defaults on single service/port + documentIndex: &portalDoc 2 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + path-main-main: / + + - it: should pass with path override on single service/port + documentIndex: *portalDoc + set: + portal: + main: + main: + path: /some_path + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + path-main-main: /some_path + + - it: should pass with defaults on multiple service/port + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + path-main-main: / + path-main-main2: / + path-other-other: / + path-other-other2: / + + - it: should pass with path override on multiple service/port + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + path: /some_path1 + main2: + path: /some_path2 + other: + other: + path: /some_path3 + other2: + path: /some_path4 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + path-main-main: /some_path1 + path-main-main2: /some_path2 + path-other-other: /some_path3 + path-other-other2: /some_path4 + + - it: should pass with path override on multiple service/port from tpl + documentIndex: *dualServicePortalDoc + set: + path1: /some_path1 + path2: /some_path2 + path3: /some_path3 + path4: /some_path4 + portal: + main: + main: + path: "{{ .Values.path1 }}" + main2: + path: "{{ .Values.path2 }}" + other: + other: + path: "{{ .Values.path3 }}" + other2: + path: "{{ .Values.path4 }}" + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10001 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10002 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10003 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + path-main-main: /some_path1 + path-main-main2: /some_path2 + path-other-other: /some_path3 + path-other-other2: /some_path4 diff --git a/library/common-test/tests/portal/portal_port_test.yaml b/library/common-test/tests/portal/portal_port_test.yaml new file mode 100644 index 00000000..4e282d4a --- /dev/null +++ b/library/common-test/tests/portal/portal_port_test.yaml @@ -0,0 +1,1139 @@ +suite: portal port test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with portal override out of upper range (upper) + set: + portal: + main: + main: + port: 65536 + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: Port (65536) in is out of range. Range is 1-65535 + + - it: should fail with portal override out of lower range (lower) + set: + portal: + main: + main: + port: 0 + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: Port (0) in is out of range. Range is 1-65535 + + - it: should fail with portal override out of range (negative) + set: + portal: + main: + main: + port: -1 + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: Port (-1) in is out of range. Range is 1-65535 + + - it: should pass with hostPort single service + documentIndex: &portalDoc 2 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + hostPort: 11000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + + - it: should pass with hostPort multiple service + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + hostPort: 11000 + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + port: 10001 + hostPort: 11001 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + port-other-other: "11001" + + - it: should pass with hostPort multiple service and multiple port + documentIndex: *dualServicePortalDoc + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + hostPort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10002 + hostPort: 11002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + hostPort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + hostPort: 11003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + port-main-main2: "11002" + port-other-other: "11001" + port-other-other2: "11003" + + - it: should pass with hostPort multiple service and multiple port and single port override on portal + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + port: 20000 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + hostPort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10002 + hostPort: 11002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + hostPort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + hostPort: 11003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "11002" + port-other-other: "11001" + port-other-other2: "11003" + + - it: should pass with hostPort multiple service and multiple port and multiple port override on portal + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + port: 20000 + main2: + port: 20002 + other: + other: + port: 20001 + other2: + port: 20003 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + hostPort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10002 + hostPort: 11002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + hostPort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + hostPort: 11003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "20002" + port-other-other: "20001" + port-other-other2: "20003" + + - it: should pass with hostPort multiple service and multiple port and override on portal from tpl + documentIndex: *dualServicePortalDoc + set: + port1: 20000 + port2: 20002 + port3: 20001 + port4: 20003 + portal: + main: + main: + port: "{{ .Values.port1 }}" + main2: + port: "{{ .Values.port2 }}" + other: + other: + port: "{{ .Values.port3 }}" + other2: + port: "{{ .Values.port4 }}" + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + hostPort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10002 + hostPort: 11002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + hostPort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + hostPort: 11003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "20002" + port-other-other: "20001" + port-other-other2: "20003" + + - it: should pass with hostNetwork single service + documentIndex: *portalDoc + set: + hostNetwork: true + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + + - it: should pass with hostNetwork multiple service + documentIndex: *dualServicePortalDoc + set: + hostNetwork: true + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + port: 10001 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + port-other-other: "10001" + + - it: should pass with hostNetwork multiple service and multiple port + documentIndex: *dualServicePortalDoc + set: + hostNetwork: true + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + port-main-main2: "10002" + port-other-other: "10001" + port-other-other2: "10003" + + - it: should pass with hostNetwork multiple service and multiple port and single port override on portal + documentIndex: *dualServicePortalDoc + set: + hostNetwork: true + portal: + main: + main: + port: 20000 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "10002" + port-other-other: "10001" + port-other-other2: "10003" + + - it: should pass with hostNetwork multiple service and multiple port and multiple port override on portal + documentIndex: *dualServicePortalDoc + set: + hostNetwork: true + portal: + main: + main: + port: 20000 + main2: + port: 20002 + other: + other: + port: 20001 + other2: + port: 20003 + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "20002" + port-other-other: "20001" + port-other-other2: "20003" + + - it: should pass with hostNetwork multiple service and multiple port and override on portal from tpl + documentIndex: *dualServicePortalDoc + set: + port1: 20000 + port2: 20002 + port3: 20001 + port4: 20003 + hostNetwork: true + portal: + main: + main: + port: "{{ .Values.port1 }}" + main2: + port: "{{ .Values.port2 }}" + other: + other: + port: "{{ .Values.port3 }}" + other2: + port: "{{ .Values.port4 }}" + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10002 + targetPort: 81 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10001 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "20000" + port-main-main2: "20002" + port-other-other: "20001" + port-other-other2: "20003" + + - it: should pass with nodePort single service + documentIndex: *portalDoc + set: + service: + main: + type: NodePort + enabled: true + ports: + main: + enabled: true + port: 10000 + nodePort: 11000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + + - it: should pass with nodePort multiple service + documentIndex: *dualServicePortalDoc + set: + service: + main: + enabled: true + type: NodePort + ports: + main: + enabled: true + port: 10000 + nodePort: 11000 + targetPort: 80 + other: + enabled: true + type: NodePort + ports: + other: + enabled: true + port: 10001 + nodePort: 11001 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + port-other-other: "11001" + + - it: should pass with nodePort multiple service + documentIndex: *dualServicePortalDoc + set: + service: + main: + enabled: true + type: NodePort + ports: + main: + enabled: true + primary: true + port: 10000 + nodePort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10001 + nodePort: 11002 + targetPort: 81 + other: + enabled: true + type: NodePort + ports: + other: + enabled: true + primary: true + port: 10002 + nodePort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + nodePort: 11003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + port-main-main2: "11002" + port-other-other: "11001" + port-other-other2: "11003" + + - it: should pass with nodePort multiple service and single override portal port + documentIndex: *dualServicePortalDoc + set: + portal: + other: + other2: + port: 21003 + service: + main: + enabled: true + type: NodePort + ports: + main: + enabled: true + primary: true + port: 10000 + nodePort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10001 + nodePort: 11002 + targetPort: 81 + other: + enabled: true + type: NodePort + ports: + other: + enabled: true + primary: true + port: 10002 + nodePort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + nodePort: 11003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "11000" + port-main-main2: "11002" + port-other-other: "11001" + port-other-other2: "21003" + + - it: should pass with nodePort multiple service and multiple override portal port + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + port: 21000 + main2: + port: 21002 + other: + other: + port: 21001 + other2: + port: 21003 + service: + main: + enabled: true + type: NodePort + ports: + main: + enabled: true + primary: true + port: 10000 + nodePort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10001 + nodePort: 11002 + targetPort: 81 + other: + enabled: true + type: NodePort + ports: + other: + enabled: true + primary: true + port: 10002 + nodePort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + nodePort: 11003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "21000" + port-main-main2: "21002" + port-other-other: "21001" + port-other-other2: "21003" + + - it: should pass with nodePort multiple service and multiple override portal port from tpl + documentIndex: *dualServicePortalDoc + set: + port1: 21000 + port2: 21002 + port3: 21001 + port4: 21003 + portal: + main: + main: + port: "{{ .Values.port1 }}" + main2: + port: "{{ .Values.port2 }}" + other: + other: + port: "{{ .Values.port3 }}" + other2: + port: "{{ .Values.port4 }}" + service: + main: + enabled: true + type: NodePort + ports: + main: + enabled: true + primary: true + port: 10000 + nodePort: 11000 + targetPort: 80 + main2: + enabled: true + port: 10001 + nodePort: 11002 + targetPort: 81 + other: + enabled: true + type: NodePort + ports: + other: + enabled: true + primary: true + port: 10002 + nodePort: 11001 + targetPort: 80 + other2: + enabled: true + port: 10003 + nodePort: 11003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "21000" + port-main-main2: "21002" + port-other-other: "21001" + port-other-other2: "21003" + + - it: should pass with loadBalancer single service + documentIndex: *portalDoc + set: + service: + main: + type: LoadBalancer + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + + - it: should pass with loadBalancer multiple service + documentIndex: *dualServicePortalDoc + set: + service: + main: + enabled: true + type: LoadBalancer + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + other: + enabled: true + type: LoadBalancer + ports: + other: + enabled: true + port: 10001 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + port-other-other: "10001" + + - it: should pass with loadBalancer multiple service + documentIndex: *dualServicePortalDoc + set: + service: + main: + enabled: true + type: LoadBalancer + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10001 + targetPort: 81 + other: + enabled: true + type: LoadBalancer + ports: + other: + enabled: true + primary: true + port: 10002 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + port-main-main2: "10001" + port-other-other: "10002" + port-other-other2: "10003" + + - it: should pass with loadBalancer multiple service and single override portal port + documentIndex: *dualServicePortalDoc + set: + portal: + other: + other2: + port: 21003 + service: + main: + enabled: true + type: LoadBalancer + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10001 + targetPort: 81 + other: + enabled: true + type: LoadBalancer + ports: + other: + enabled: true + primary: true + port: 10002 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "10000" + port-main-main2: "10001" + port-other-other: "10002" + port-other-other2: "21003" + + - it: should pass with loadBalancer multiple service and multiple override portal port + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + port: 21000 + main2: + port: 21002 + other: + other: + port: 21001 + other2: + port: 21003 + service: + main: + enabled: true + type: LoadBalancer + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10001 + targetPort: 81 + other: + enabled: true + type: LoadBalancer + ports: + other: + enabled: true + primary: true + port: 10002 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "21000" + port-main-main2: "21002" + port-other-other: "21001" + port-other-other2: "21003" + + - it: should pass with loadBalancer multiple service and multiple override portal port from tpl + documentIndex: *dualServicePortalDoc + set: + port1: 21000 + port2: 21002 + port3: 21001 + port4: 21003 + portal: + main: + main: + port: "{{ .Values.port1 }}" + main2: + port: "{{ .Values.port2 }}" + other: + other: + port: "{{ .Values.port3 }}" + other2: + port: "{{ .Values.port4 }}" + service: + main: + enabled: true + type: LoadBalancer + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10001 + targetPort: 81 + other: + enabled: true + type: LoadBalancer + ports: + other: + enabled: true + primary: true + port: 10002 + targetPort: 80 + other2: + enabled: true + port: 10003 + targetPort: 81 + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + port-main-main: "21000" + port-main-main2: "21002" + port-other-other: "21001" + port-other-other2: "21003" diff --git a/library/common-test/tests/portal/portal_protocol_test.yaml b/library/common-test/tests/portal/portal_protocol_test.yaml new file mode 100644 index 00000000..d92b019f --- /dev/null +++ b/library/common-test/tests/portal/portal_protocol_test.yaml @@ -0,0 +1,469 @@ +suite: portal protocol test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with portal override with invalid protocol + set: + portal: + main: + main: + protocol: tcp + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - failedTemplate: + errorMessage: Invalid protocol (tcp). Only HTTP/HTTPS protocols are allowed for + + - it: should pass with http protocol on single service/port + documentIndex: &portalDoc 2 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + + - it: should pass with https protocol on single service/port + documentIndex: *portalDoc + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: https + + - it: should pass with no protocol on single service/port + documentIndex: *portalDoc + set: + service: + main: + enabled: true + ports: + main: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + + - it: should pass with http protocol on multiple service/port + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTP + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTP + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + protocol-main-main2: http + protocol-other-other: http + protocol-other-other2: http + + - it: should pass with https protocol on multiple service/port + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: https + protocol-main-main2: https + protocol-other-other: https + protocol-other-other2: https + + - it: should pass with no protocol on multiple service/port + documentIndex: &dualServicePortalDoc 3 + set: + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + targetPort: 80 + main2: + enabled: true + port: 10000 + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + targetPort: 80 + other2: + enabled: true + port: 10000 + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + protocol-main-main2: http + protocol-other-other: http + protocol-other-other2: http + + - it: should pass with https protocol on multiple service/port and override on single + documentIndex: &dualServicePortalDoc 3 + set: + portal: + other: + other: + protocol: http + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: https + protocol-main-main2: https + protocol-other-other: http + protocol-other-other2: https + + - it: should pass with https protocol on multiple service/port and override on single (caps) + documentIndex: *dualServicePortalDoc + set: + portal: + other: + other: + protocol: HTTP + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: https + protocol-main-main2: https + protocol-other-other: http + protocol-other-other2: https + + - it: should pass with https protocol on multiple service/port and override on multiple + documentIndex: *dualServicePortalDoc + set: + portal: + main: + main: + protocol: http + main2: + protocol: http + other: + other: + protocol: http + other2: + protocol: http + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + protocol-main-main2: http + protocol-other-other: http + protocol-other-other2: http + + - it: should pass with https protocol on multiple service/port and override on multiple from tpl + documentIndex: *dualServicePortalDoc + set: + protocol1: http + protocol2: http + protocol3: http + protocol4: http + portal: + main: + main: + protocol: "{{ .Values.protocol1 }}" + main2: + protocol: "{{ .Values.protocol2 }}" + other: + other: + protocol: "{{ .Values.protocol3 }}" + other2: + protocol: "{{ .Values.protocol4 }}" + service: + main: + enabled: true + ports: + main: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + main2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other: + enabled: true + ports: + other: + enabled: true + primary: true + port: 10000 + protocol: HTTPS + targetPort: 80 + other2: + enabled: true + port: 10000 + protocol: HTTPS + targetPort: 80 + asserts: + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: portal + - isSubset: + path: data + content: + protocol-main-main: http + protocol-main-main2: http + protocol-other-other: http + protocol-other-other2: http diff --git a/library/common-test/tests/portal/portal_test.yaml b/library/common-test/tests/portal/portal_test.yaml new file mode 100644 index 00000000..168752a3 --- /dev/null +++ b/library/common-test/tests/portal/portal_test.yaml @@ -0,0 +1,120 @@ +suite: portal port test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &portalDoc 2 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: ConfigMap + - isAPIVersion: + of: v1 + + - it: should pass with portal disabled + set: + portal: + enabled: false + asserts: + - hasDocuments: + count: 2 + + - it: should pass with default labels + documentIndex: *portalDoc + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with global labels + documentIndex: *portalDoc + set: + global: + labels: + some_key: some_value + some_key1: some_value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + + - it: should pass with global labels from tpl + documentIndex: *portalDoc + set: + k1: some_value + k2: some_value1 + global: + labels: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + + - it: should pass with default annotations + documentIndex: *portalDoc + asserts: + - isNull: + path: metadata.annotations + + - it: should pass with global annotations + documentIndex: *portalDoc + set: + global: + annotations: + some_key: some_value + some_key1: some_value1 + asserts: + - equal: + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 + + - it: should pass with global annotations from tpl + documentIndex: *portalDoc + set: + k1: some_value + k2: some_value1 + global: + annotations: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + asserts: + - equal: + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 diff --git a/library/common-test/tests/pvc/pvc_test.yaml b/library/common-test/tests/pvc/pvc_test.yaml new file mode 100644 index 00000000..445cc55b --- /dev/null +++ b/library/common-test/tests/pvc/pvc_test.yaml @@ -0,0 +1,697 @@ +suite: pvc test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with SCALE-ZFS storageClass but not scaleZFSStorageClass in global + set: + persistence: + vol1: + enabled: true + type: pvc + storageClass: SCALE-ZFS + mountPath: /somepath + asserts: + - failedTemplate: + errorMessage: A storageClass must be defined in global.defaults.scaleZFSStorageClass + + - it: should fail with invalid accessMode + set: + persistence: + vol1: + enabled: true + type: pvc + accessMode: invalid_mode + mountPath: /somepath + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_mode). Valid options are ReadWriteOnce, ReadOnlyMany, ReadWriteMany and ReadWriteOncePod + + - it: should pass with correct name + documentIndex: &pvcDoc 2 + set: + persistence: + vol1: + enabled: true + type: pvc + mountPath: /somepath + asserts: + - isKind: + of: PersistentVolumeClaim + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-vol1 + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with force name defined + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + type: pvc + mountPath: /somepath + forceName: forced_name + asserts: + - equal: + path: metadata.name + value: forced_name + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with force name defined from tpl + documentIndex: *pvcDoc + set: + some_name: forced_name + persistence: + vol1: + enabled: true + type: pvc + mountPath: /somepath + forceName: "{{ .Values.some_name }}" + asserts: + - equal: + path: metadata.name + value: forced_name + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with nameOverride defined + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + type: pvc + mountPath: /somepath + nameOverride: some_name + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some_name + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass without type explicitly set to pvc + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-vol1 + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass without accessMode explicitly set to ReadWriteOnce + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with accessMode changed + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + accessMode: ReadOnlyMany + asserts: + - equal: + path: spec + value: + accessModes: + - ReadOnlyMany + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with accessMode changed from tpl + documentIndex: *pvcDoc + set: + mode: ReadOnlyMany + persistence: + vol1: + enabled: true + mountPath: /somepath + accessMode: "{{ .Values.mode }}" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadOnlyMany + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass without size explicitly set to 1Gi + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with size changed + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + size: 2Gi + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with size changed from tpl + documentIndex: *pvcDoc + set: + size: 2Gi + persistence: + vol1: + enabled: true + mountPath: /somepath + size: "{{ .Values.size }}" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with storageClass set to SCALE-ZFS + documentIndex: *pvcDoc + set: + global: + defaults: + scaleZFSStorageClass: something + persistence: + vol1: + enabled: true + mountPath: /somepath + storageClass: SCALE-ZFS + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: something + + - it: should pass with storageClass set to SCALE-ZFS from tpl + documentIndex: *pvcDoc + set: + key: something + global: + defaults: + scaleZFSStorageClass: "{{ .Values.key }}" + persistence: + vol1: + enabled: true + mountPath: /somepath + storageClass: SCALE-ZFS + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: something + + - it: should pass with storageClass set to "-" + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + storageClass: "-" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: "" + - isNotNull: + path: spec.storageClassName + + - it: should pass with storageClass set to something + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + storageClass: something + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: something + + - it: should pass with storageClass set to something from tpl + documentIndex: *pvcDoc + set: + scName: something + persistence: + vol1: + enabled: true + mountPath: /somepath + storageClass: "{{ .Values.scName }}" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: something + + - it: should pass with storageClass defined globally + documentIndex: *pvcDoc + set: + global: + defaults: + storageClass: something + persistence: + vol1: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: something + + - it: should pass with volumeName set to something + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + volumeName: something + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: something + - isNull: + path: spec.storageClassName + + - it: should pass with volumeName set to something from tpl + documentIndex: *pvcDoc + set: + vName: something + persistence: + vol1: + enabled: true + mountPath: /somepath + volumeName: "{{ .Values.vName }}" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: something + - isNull: + path: spec.storageClassName + + - it: should pass with custom spec is applied + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + spec: + some: + value: custom + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + some: + value: custom + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with custom spec is applied with tpl + documentIndex: *pvcDoc + set: + key: custom + persistence: + vol1: + enabled: true + mountPath: /somepath + spec: + some: + value: "{{ .Values.key }}" + asserts: + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + some: + value: custom + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with multiple persistence enabled + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + vol2: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-vol1 + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with multiple persistence enabled (other pvcDoc) + documentIndex: &otherPvcDoc 3 + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + vol2: + enabled: true + mountPath: /somepath + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-vol2 + - equal: + path: spec + value: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - isNull: + path: spec.storageClassName + - isNull: + path: spec.volumeName + + - it: should pass with labels + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + labels: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + + - it: should pass with labels and global labels + documentIndex: *pvcDoc + set: + global: + labels: + some_key2: value2 + some_key3: value3 + persistence: + vol1: + enabled: true + mountPath: /somepath + labels: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + some_key2: value2 + some_key3: value3 + + - it: should pass with annotations + documentIndex: *pvcDoc + set: + persistence: + vol1: + enabled: true + mountPath: /somepath + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + some_key: value + some_key1: value1 + + - it: should pass with annotations and global annotations + documentIndex: *pvcDoc + set: + global: + annotations: + some_key2: value2 + some_key3: value3 + persistence: + vol1: + enabled: true + mountPath: /somepath + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + some_key: value + some_key1: value1 + some_key2: value2 + some_key3: value3 + + - it: should pass with annotations and global retain true + documentIndex: *pvcDoc + set: + global: + defaults: + PVCRetain: true + persistence: + vol1: + enabled: true + mountPath: /somepath + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + "helm.sh/resource-policy": keep + some_key: value + some_key1: value1 + + - it: should pass with annotations and global retain true and pvc object to false + documentIndex: *pvcDoc + set: + global: + defaults: + PVCRetain: true + persistence: + vol1: + enabled: true + mountPath: /somepath + retain: false + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + some_key: value + some_key1: value1 + + - it: should pass with annotations and global retain false and pvc object to true + documentIndex: *pvcDoc + set: + global: + defaults: + PVCRetain: false + persistence: + vol1: + enabled: true + mountPath: /somepath + retain: true + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + "helm.sh/resource-policy": keep + some_key: value + some_key1: value1 diff --git a/library/common-test/tests/rbac/rbac_test.yaml b/library/common-test/tests/rbac/rbac_test.yaml new file mode 100644 index 00000000..1bbd2d87 --- /dev/null +++ b/library/common-test/tests/rbac/rbac_test.yaml @@ -0,0 +1,1212 @@ + +suite: rbac test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +release: + namespace: &ns some_name_space +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with multiple rbac, without any set as primary + set: + rbac: + main: + enabled: true + primary: false + main2: + enabled: true + primary: false + asserts: + - failedTemplate: + errorMessage: At least one RBAC must be set as primary + + - it: should fail with no rules in rbac + set: + rbac: + main: + enabled: true + rules: [] + subjects: &subjects + - kind: something + name: something + apiGroup: something + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC. + + - it: should fail with no apiGroups in rules + set: + rbac: + main: + enabled: true + rules: + - apiGroups: [] + resources: + - something + verbs: + - something + subjects: *subjects + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC rules. + + - it: should fail with no resources in rules + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - something + resources: [] + verbs: + - something + subjects: *subjects + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC rules. + + - it: should fail with no verbs in rules + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - something + resources: + - something + verbs: [] + subjects: *subjects + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC rules. + + - it: should fail with no kind in subjects + set: + rbac: + main: + enabled: true + rules: &rules + - apiGroups: + - something + resources: + - something + verbs: + - something + subjects: + - kind: "" + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC subjects. + + - it: should fail with no name in subjects + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: something + name: "" + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC subjects. + + - it: should fail with no apiGroup in subjects + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: something + name: something + apiGroup: "" + asserts: + - failedTemplate: + errorMessage: cannot be empty in RBAC subjects. + + - it: should pass with rbac account enabled (Role) + documentIndex: &roleDoc 0 + set: + rbac: + main: + enabled: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - isAPIVersion: + of: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.namespace + value: *ns + + - it: should pass with rbac account enabled (RoleBinding) + documentIndex: &roleBindingDoc 1 + set: + rbac: + main: + enabled: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - isAPIVersion: + of: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.namespace + value: *ns + - equal: + path: roleRef + value: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: RELEASE-NAME-common-test + + - it: should pass with rbac account enabled (ClusterRole) + documentIndex: &roleDoc 0 + set: + rbac: + main: + enabled: true + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - isAPIVersion: + of: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with rbac account enabled (ClusterRoleBinding) + documentIndex: &roleBindingDoc 1 + set: + rbac: + main: + enabled: true + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRoleBinding + - isAPIVersion: + of: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: roleRef + value: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: RELEASE-NAME-common-test + + - it: should pass with primary rbac enabled and nameOverride defined (Role) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with primary rbac enabled and nameOverride defined (RoleBinding) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with primary rbac enabled and nameOverride defined (ClusterRole) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + nameOverride: some-name + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with primary rbac enabled and nameOverride defined (ClusterRoleBinding) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + nameOverride: some-name + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with primary rbac enabled annotations and labels added (Role) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + annotations: + key1: value1 + key2: value2 + labels: + key3: value3 + key4: value4 + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added (RoleBinding) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + annotations: + key1: value1 + key2: value2 + labels: + key3: value3 + key4: value4 + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added (ClusterRole) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + clusterWide: true + annotations: + key1: value1 + key2: value2 + labels: + key3: value3 + key4: value4 + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added (ClusterRoleBinding) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + clusterWide: true + annotations: + key1: value1 + key2: value2 + labels: + key3: value3 + key4: value4 + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added from tpl (Role) + documentIndex: *roleDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + rbac: + main: + enabled: true + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + labels: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added from tpl (RoleBinding) + documentIndex: *roleBindingDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + rbac: + main: + enabled: true + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + labels: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added (ClusterRole) + documentIndex: *roleDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + rbac: + main: + enabled: true + clusterWide: true + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + labels: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary rbac enabled annotations and labels added (ClusterRoleBinding) + documentIndex: *roleBindingDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + rbac: + main: + enabled: true + clusterWide: true + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + labels: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + + - it: should pass with non-primary rbac enabled and nameOverride defined (Role - main) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with non-primary rbac enabled and nameOverride defined (RoleBinding - main) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with non-primary rbac enabled and nameOverride defined (Role - main) + documentIndex: &otherRoleDoc 2 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with non-primary rbac enabled and nameOverride defined (RoleBinding - other) + documentIndex: &otherRoleBindingDoc 3 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with non-primary rbac enabled and nameOverride defined (ClusterRole - other) + documentIndex: &otherRoleDoc 2 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + clusterWide: true + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with non-primary rbac enabled and nameOverride defined (ClusterRoleBinding - other) + documentIndex: &otherRoleBindingDoc 3 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + clusterWide: true + nameOverride: some-name + rules: *rules + subjects: *subjects + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with "" in apiGroups in rules + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - something + verbs: + - something + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "" + resources: + - something + verbs: + - something + + - it: should pass with "" in apiGroups in rules, multiple entries + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - something + verbs: + - something + - apiGroups: + - "" + resources: + - something_else + verbs: + - something_else + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "" + resources: + - something + verbs: + - something + - apiGroups: + - "" + resources: + - something_else + verbs: + - something_else + + - it: should pass with * in rules + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + + - it: should pass with * in rules, multiple entries + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + + - it: should pass with rules from tpl + documentIndex: *roleDoc + set: + k1: "*" + k2: value2 + k3: value3 + rbac: + main: + enabled: true + rules: + - apiGroups: + - "{{ .Values.k1 }}" + resources: + - "{{ .Values.k2 }}" + verbs: + - "{{ .Values.k3 }}" + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "*" + resources: + - value2 + verbs: + - value3 + + - it: should pass with rules from tpl, multiple entries + documentIndex: *roleDoc + set: + k1: "*" + k2: value2 + k3: value3 + k4: "*" + k5: value5 + k6: value6 + rbac: + main: + enabled: true + rules: + - apiGroups: + - "{{ .Values.k1 }}" + resources: + - "{{ .Values.k2 }}" + verbs: + - "{{ .Values.k3 }}" + - apiGroups: + - "{{ .Values.k4 }}" + resources: + - "{{ .Values.k5 }}" + verbs: + - "{{ .Values.k6 }}" + subjects: *subjects + asserts: + - isKind: + of: Role + - equal: + path: rules + value: + - apiGroups: + - "*" + resources: + - value2 + verbs: + - value3 + - apiGroups: + - "*" + resources: + - value5 + verbs: + - value6 + + - it: should pass with rules from tpl, multiple entries (ClusterRole) + documentIndex: *roleDoc + set: + k1: "*" + k2: value2 + k3: value3 + k4: "*" + k5: value5 + k6: value6 + rbac: + main: + enabled: true + clusterWide: true + rules: + - apiGroups: + - "{{ .Values.k1 }}" + resources: + - "{{ .Values.k2 }}" + verbs: + - "{{ .Values.k3 }}" + - apiGroups: + - "{{ .Values.k4 }}" + resources: + - "{{ .Values.k5 }}" + verbs: + - "{{ .Values.k6 }}" + subjects: *subjects + asserts: + - isKind: + of: ClusterRole + - equal: + path: rules + value: + - apiGroups: + - "*" + resources: + - value2 + verbs: + - value3 + - apiGroups: + - "*" + resources: + - value5 + verbs: + - value6 + + - it: should pass with subjects set + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: value1 + name: value2 + apiGroup: value3 + asserts: + - isKind: + of: RoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: default + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + + - it: should pass with subjects set, multiple entries + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + asserts: + - isKind: + of: RoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: default + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + + - it: should pass with subjects set, multiple entries from tpl + documentIndex: *roleBindingDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + k5: value5 + k6: value6 + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: "{{ .Values.k1 }}" + name: "{{ .Values.k2 }}" + apiGroup: "{{ .Values.k3 }}" + - kind: "{{ .Values.k4 }}" + name: "{{ .Values.k5 }}" + apiGroup: "{{ .Values.k6 }}" + asserts: + - isKind: + of: RoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: default + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + + - it: should pass with subjects set, multiple entries from tpl (ClusterRoleBinding) + documentIndex: *roleBindingDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + k5: value5 + k6: value6 + rbac: + main: + enabled: true + clusterWide: true + rules: *rules + subjects: + - kind: "{{ .Values.k1 }}" + name: "{{ .Values.k2 }}" + apiGroup: "{{ .Values.k3 }}" + - kind: "{{ .Values.k4 }}" + name: "{{ .Values.k5 }}" + apiGroup: "{{ .Values.k6 }}" + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: default + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + + - it: should pass with subjects set, multiple entries and 2 service account 1 primary and nameOverride + documentIndex: &roleBindingDoc 3 + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + serviceAccount: + main: + enabled: true + primary: true + nameOverride: the-main + other: + enabled: true + primary: false + asserts: + - isKind: + of: RoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: RELEASE-NAME-common-test-the-main + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + + - it: should pass with subjects set, multiple entries and 2 service account 1 primary + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + rules: *rules + subjects: + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: false + asserts: + - isKind: + of: RoleBinding + - equal: + path: subjects + value: + - kind: ServiceAccount + name: RELEASE-NAME-common-test + namespace: *ns + - kind: value1 + name: value2 + apiGroup: value3 + - kind: value4 + name: value5 + apiGroup: value6 diff --git a/library/common-test/tests/secret/secret_test.yaml b/library/common-test/tests/secret/secret_test.yaml new file mode 100644 index 00000000..d2f6cea7 --- /dev/null +++ b/library/common-test/tests/secret/secret_test.yaml @@ -0,0 +1,679 @@ +suite: secret test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without a dict in secret + set: + secret: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: key must have at least one dict. Found (bool) + + - it: should fail with uppercase in name in secret + set: + secret: + someName: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: Secret has invalid name (someName). Name must be lowercase. + + - it: should fail with underscore in name in secret + set: + secret: + some_name: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: Secret has invalid name (some_name). Name cannot contain underscores (_). + + - it: should fail with empty content in secret + set: + secret: + somename: + enabled: true + content: + asserts: + - failedTemplate: + errorMessage: Content of Secret (somename) are empty. Please disable or add content. + + - it: should fail with string in content in secret + set: + secret: + somename: + enabled: true + content: something + asserts: + - failedTemplate: + errorMessage: Content of Secret (somename) are string. Must be in key/value format. Value can be scalar too. + + - it: should pass with 1 secret created with parseAsEnv set + documentIndex: &secretDoc 0 + set: + secret: + some-name: + enabled: true + parseAsEnv: true + content: + key1: 123 + key2: value2 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: stringData + value: + key1: "123" + key2: value2 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with empty key in content in secret + documentIndex: *secretDoc + set: + secret: + somename: + enabled: true + content: + key: "" + asserts: + - equal: + path: stringData + value: + key: "" + + - it: should pass with 1 secret created with parseAsEnv and values set from tpl + documentIndex: *secretDoc + set: + k1: 123 + k2: value2 + secret: + some-name: + enabled: true + parseAsEnv: true + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + asserts: + - equal: + path: stringData + value: + key1: "123" + key2: value2 + + - it: should pass with 1 secret created with nameOverride set + documentIndex: *secretDoc + set: + k1: true + k2: value2 + secret: + some-name: + enabled: true + parseAsEnv: true + nameOverride: some-new-name + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + asserts: + - equal: + path: stringData + value: + key1: "true" + key2: value2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-new-name + + - it: should pass with multiple secret created with parseAsEnv set (1/2) and values from tpl + documentIndex: *secretDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + secret: + some-name: + enabled: true + parseAsEnv: true + content: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + some-other-name: + enabled: true + parseAsEnv: true + content: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: Opaque + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: stringData + value: + key1: value1 + key2: value2 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple secret created with parseAsEnv set (2/2) and values from tpl + documentIndex: &otherSecretDoc 1 + set: + secret: + some-name: + enabled: true + parseAsEnv: true + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + parseAsEnv: true + content: + key3: value3 + key4: value4 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: stringData + value: + key3: value3 + key4: value4 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple secret created with scalar in contents and tpl (1/2) + documentIndex: *secretDoc + set: + k1: value1 + k2: 80 + k3: pair + k4: value2 + k5: 81 + k6: pair2 + secret: + some-name: + enabled: true + content: + nginx.conf1: | + alias {{ .Values.k1 }} + listen {{ .Values.k2 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + key: "{{ .Values.k3 }}" + some-other-name: + enabled: true + content: + key: "{{ .Values.k6 }}" + nginx.conf2: | + alias {{ .Values.k4 }} + listen {{ .Values.k5 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + asserts: + - equal: + path: stringData + value: + key: pair + nginx.conf1: | + alias value1 + listen 80 + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with multiple secret created with scalar in contents and tpl (2/2) + documentIndex: *otherSecretDoc + set: + k1: value1 + k2: 80 + k3: pair + k4: value2 + k5: 81 + k6: pair2 + secret: + some-name: + enabled: true + content: + key: "{{ .Values.k3 }}" + nginx.conf1: | + alias {{ .Values.k1 }} + listen {{ .Values.k2 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + some-other-name: + enabled: true + content: + key: "{{ .Values.k6 }}" + nginx.conf2: | + alias {{ .Values.k4 }} + listen {{ .Values.k5 }} + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + asserts: + - equal: + path: stringData + value: + key: pair2 + nginx.conf2: | + alias value2 + listen 81 + + function { + # some json + "key": { + "key2": "value", + "key3": "value2" + } + } + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + + - it: should pass with multiple secret created and labels and global labels added from tpl (1/2) + documentIndex: *secretDoc + set: + l1: lab1 + l2: lab2 + l5: lab5 + l6: lab6 + global: + labels: + gl1: glab1 + gl2: glab2 + secret: + some-name: + enabled: true + labels: + label1: "{{ .Values.l1 }}" + label2: "{{ .Values.l2 }}" + label3: lab3 + label4: lab4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + labels: + label5: "{{ .Values.l5 }}" + label6: "{{ .Values.l6 }}" + label7: lab7 + label8: lab8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + label1: lab1 + label2: lab2 + label3: lab3 + label4: lab4 + gl1: glab1 + gl2: glab2 + + - it: should pass with multiple secret created and labels and global labels added from tpl (2/2) + documentIndex: *otherSecretDoc + set: + l1: lab1 + l2: lab2 + l5: lab5 + l6: lab6 + global: + labels: + gl1: glab1 + gl2: glab2 + secret: + some-name: + enabled: true + labels: + label1: "{{ .Values.l1 }}" + label2: "{{ .Values.l2 }}" + label3: lab3 + label4: lab4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + labels: + label5: "{{ .Values.l5 }}" + label6: "{{ .Values.l6 }}" + label7: lab7 + label8: lab8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - isNull: + path: metadata.annotations + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + label5: lab5 + label6: lab6 + label7: lab7 + label8: lab8 + gl1: glab1 + gl2: glab2 + + - it: should pass with multiple secret created and annotations and global annotations added from tpl (1/2) + documentIndex: *secretDoc + set: + a1: anno1 + a2: anno2 + a5: anno5 + a6: anno6 + global: + annotations: + ga1: ganno1 + ga2: ganno2 + secret: + some-name: + enabled: true + annotations: + annotation1: "{{ .Values.a1 }}" + annotation2: "{{ .Values.a2 }}" + annotation3: anno3 + annotation4: anno4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + annotations: + annotation5: "{{ .Values.a5 }}" + annotation6: "{{ .Values.a6 }}" + annotation7: anno7 + annotation8: anno8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - equal: + path: metadata.annotations + value: + annotation1: anno1 + annotation2: anno2 + annotation3: anno3 + annotation4: anno4 + ga1: ganno1 + ga2: ganno2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple secret created and annotations and global annotations added from tpl (2/2) + documentIndex: *otherSecretDoc + set: + a1: anno1 + a2: anno2 + a5: anno5 + a6: anno6 + global: + annotations: + ga1: ganno1 + ga2: ganno2 + secret: + some-name: + enabled: true + annotations: + annotation1: "{{ .Values.a1 }}" + annotation2: "{{ .Values.a2 }}" + annotation3: anno3 + annotation4: anno4 + content: + key1: value1 + key2: value2 + some-other-name: + enabled: true + annotations: + annotation5: "{{ .Values.a5 }}" + annotation6: "{{ .Values.a6 }}" + annotation7: anno7 + annotation8: anno8 + content: + key1: value1 + key2: value2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - equal: + path: type + value: Opaque + - equal: + path: metadata.annotations + value: + annotation5: anno5 + annotation6: anno6 + annotation7: anno7 + annotation8: anno8 + ga1: ganno1 + ga2: ganno2 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-other-name + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with 1 secret created with custom type set + documentIndex: &secretDoc 0 + set: + secret: + some-name: + enabled: true + secretType: myCustomType + content: + key1: false + key2: value2 + asserts: + - hasDocuments: + count: 4 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + - equal: + path: type + value: myCustomType + - equal: + path: stringData + value: + key1: "false" + key2: value2 + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME diff --git a/library/common-test/tests/service/service_test.yaml b/library/common-test/tests/service/service_test.yaml new file mode 100644 index 00000000..8986e6f4 --- /dev/null +++ b/library/common-test/tests/service/service_test.yaml @@ -0,0 +1,401 @@ +suite: service test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with multiple services, without any set as primary + set: + service: + main: + enabled: true + primary: false + ports: + main: + enabled: true + port: 65535 + main2: + enabled: true + primary: false + ports: + main2: + enabled: true + port: 65534 + asserts: + - failedTemplate: + errorMessage: At least one Service must be set as primary + + - it: should fail without externalName on ExternalName service + set: + service: + main: + type: ExternalName + externalName: "" + asserts: + - failedTemplate: + errorMessage: is required when service type is set to ExternalName + + - it: should fail with invalid externalTrafficPolicy + set: + service: + main: + type: LoadBalancer + externalTrafficPolicy: invalid_traffic_policy + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_traffic_policy) for . Valid options are Cluster and Local + + - it: should fail with invalid sessionAffinity + set: + service: + main: + sessionAffinity: invalid_affinity + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_affinity) for . Valid options are ClientIP and None + + - it: should fail with invalid timeoutSeconds in sessionAffinityConfig negative + set: + service: + main: + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: -1 + asserts: + - failedTemplate: + errorMessage: Invalid value (-1) for . Valid values must be with 0 and 86400 + + - it: should fail with invalid timeoutSeconds in sessionAffinityConfig too high + set: + service: + main: + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 86401 + asserts: + - failedTemplate: + errorMessage: Invalid value (86401) for . Valid values must be with 0 and 86400 + + - it: should fail with invalid ipFamilyPolicy + set: + service: + main: + ipFamilyPolicy: invalid_fam_policy + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_fam_policy) for . Valid options are SingleStack, PreferDualStack, RequireDualStack + + - it: should fail with invalid ipFamily + set: + service: + main: + ipFamilies: + - invalid_family + asserts: + - failedTemplate: + errorMessage: Invalid option (invalid_family) for . Valid options are IPv4 and IPv6 + + - it: should fail with externalIP type but no externalIP defined + set: + service: + main: + type: ExternalIP + externalIP: [] + asserts: + - failedTemplate: + errorMessage: Service type is set to ExternalIP, but no externalIP is defined. + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with correct name + documentIndex: *serviceDoc + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with nameOverride on other service + documentIndex: &otherServiceDoc 2 + set: + service: + other: + enabled: true + nameOverride: something + ports: + other: + enabled: true + port: 80 + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-something + + - it: should pass with addAnnotations set to true + documentIndex: *serviceDoc + set: + addAnnotations: + traefik: true + metallb: true + service: + main: + type: LoadBalancer + ports: + main: + protocol: HTTPS + asserts: + - equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/service.serversscheme: https + metallb.universe.tf/allow-shared-ip: RELEASE-NAME-common-test + + - it: should pass with addAnnotations set to false + documentIndex: *serviceDoc + set: + addAnnotations: + traefik: false + metallb: false + service: + main: + type: LoadBalancer + ports: + main: + protocol: HTTPS + asserts: + - isNull: + path: metadata.annotations + + - it: should pass with addAnnotations set to true and annotations + documentIndex: *serviceDoc + set: + addAnnotations: + traefik: true + metallb: true + service: + main: + type: LoadBalancer + annotations: + some_key: value + some_key1: value1 + ports: + main: + protocol: HTTPS + asserts: + - equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/service.serversscheme: https + metallb.universe.tf/allow-shared-ip: RELEASE-NAME-common-test + some_key: value + some_key1: value1 + + - it: should pass with addAnnotations set to true and global annotations + documentIndex: *serviceDoc + set: + global: + annotations: + some_key: value + some_key1: value1 + addAnnotations: + traefik: true + metallb: true + service: + main: + type: LoadBalancer + ports: + main: + protocol: HTTPS + asserts: + - equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/service.serversscheme: https + metallb.universe.tf/allow-shared-ip: RELEASE-NAME-common-test + some_key: value + some_key1: value1 + + - it: should pass with addAnnotations set to true and overridden metalLBSharedKey + documentIndex: *serviceDoc + set: + addAnnotations: + traefik: true + metallb: true + service: + main: + type: LoadBalancer + metalLBSharedKey: custom-shared-key + ports: + main: + protocol: HTTPS + asserts: + - equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/service.serversscheme: https + metallb.universe.tf/allow-shared-ip: custom-shared-key + + - it: should pass with labels + documentIndex: *serviceDoc + set: + service: + main: + labels: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + + - it: should pass with labels and global labels + documentIndex: *serviceDoc + set: + global: + labels: + some_key2: value2 + some_key3: value3 + service: + main: + labels: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + some_key2: value2 + some_key3: value3 + + - it: should pass with labels (Endpoints) + documentIndex: &endpointsDoc 2 + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + labels: + some_key: value + some_key1: value1 + asserts: + - isKind: + of: Endpoints + - isAPIVersion: + of: v1 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + + - it: should pass with labels and global labels (Endpoints) + documentIndex: *endpointsDoc + set: + global: + labels: + some_key2: value2 + some_key3: value3 + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + labels: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: value + some_key1: value1 + some_key2: value2 + some_key3: value3 + + - it: should pass with annotations (Endpoints) + documentIndex: *endpointsDoc + set: + addAnnotations: + traefik: true + metallb: true + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + annotations: + some_key: value + some_key1: value1 + asserts: + - equal: + path: metadata.annotations + value: + some_key: value + some_key1: value1 + + - it: should pass with global annotations (Endpoints) + documentIndex: *endpointsDoc + set: + global: + annotations: + some_key: value + some_key1: value1 + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + asserts: + - equal: + path: metadata.annotations + value: + some_key: value + some_key1: value1 diff --git a/library/common-test/tests/service/service_test_ClusterIP.yaml b/library/common-test/tests/service/service_test_ClusterIP.yaml new file mode 100644 index 00000000..1994f833 --- /dev/null +++ b/library/common-test/tests/service/service_test_ClusterIP.yaml @@ -0,0 +1,294 @@ + +suite: service test clusterIP +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with ClusterIP service type + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + publishNotReadyAddresses: false + selector: &defaultSelector + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + + - it: should pass with ClusterIP service type and clusterIP set + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + clusterIP: 172.16.0.12 + asserts: + - equal: + path: spec + value: + type: ClusterIP + clusterIP: 172.16.0.12 + publishNotReadyAddresses: false + ports: *defaultPort + selector: *defaultSelector + + - it: should pass with ClusterIP service type and externalTrafficPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + externalTrafficPolicy: Cluster + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + - isNull: + path: spec.externalTrafficPolicy + + - it: should pass with ClusterIP service type and sessionAffinity set to None + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + sessionAffinity: None + sessionAffinityConfig: + ClientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: None + - isNull: + path: spec.sessionAffinityConfig + + - it: should pass with ClusterIP service type and sessionAffinity set to ClientIP + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with ClusterIP service type and sessionAffinity set to ClientIP from tpl + documentIndex: *serviceDoc + set: + timeout: 1000 + service: + main: + type: ClusterIP + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with ClusterIP service type and externalIPs + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with ClusterIP service type and externalIPs from tpl + documentIndex: *serviceDoc + set: + ip1: 192.168.1.20 + ip2: 192.168.1.21 + ip3: 192.168.1.22 + service: + main: + type: ClusterIP + externalIPs: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + - "{{ .Values.ip3 }}" + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with ClusterIP service type and publishNotReadyAddresses + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + publishNotReadyAddresses: true + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + selector: *defaultSelector + publishNotReadyAddresses: true + + - it: should pass with ClusterIP service type and ipFamilyPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + ipFamilyPolicy: SingleStack + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilyPolicy: SingleStack + + - it: should pass with ClusterIP service type and ipFamilies + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + ipFamilies: + - IPv6 + - IPv4 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilies: + - IPv6 + - IPv4 + + - it: should pass with ClusterIP service type and custom selector + documentIndex: *serviceDoc + set: + service: + main: + type: ClusterIP + selector: + some_key: some_value + some_key1: some_value1 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 + + - it: should pass with ClusterIP service type and custom selector from tpl + documentIndex: *serviceDoc + set: + k1: some_value + k2: some_value1 + service: + main: + type: ClusterIP + selector: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 diff --git a/library/common-test/tests/service/service_test_ExternalIP.yaml b/library/common-test/tests/service/service_test_ExternalIP.yaml new file mode 100644 index 00000000..27d71203 --- /dev/null +++ b/library/common-test/tests/service/service_test_ExternalIP.yaml @@ -0,0 +1,269 @@ +suite: service test ExternalIP +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with ExternalIP service type + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type (Endpoint) + documentIndex: &endpointDoc 2 + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + asserts: + - isKind: + of: Endpoints + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: subsets[0] + value: + addresses: + - 10.10.10.100 + ports: + - port: 65535 + name: main + + - it: should pass with ExternalIP service type with multiple ports (Endpoint) + documentIndex: &endpointDoc 2 + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + ports: + main: + enabled: true + port: 65535 + main2: + enabled: true + port: 65534 + asserts: + - isKind: + of: Endpoints + - isAPIVersion: + of: v1 + - equal: + path: subsets[0] + value: + addresses: + - 10.10.10.100 + ports: + - port: 65535 + name: main + - port: 65534 + name: main2 + + - it: should pass with ExternalIP service type and externalTrafficPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + externalTrafficPolicy: Cluster + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + externalTrafficPolicy: Cluster + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and sessionAffinity set to None + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + sessionAffinity: None + sessionAffinityConfig: + ClientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + sessionAffinity: None + - isNull: + path: spec.sessionAffinityConfig + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and sessionAffinity set to ClientIP + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and sessionAffinity set to ClientIP from tpl + documentIndex: *serviceDoc + set: + timeout: 1000 + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and externalIPs + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and externalIPs from tpl + documentIndex: *serviceDoc + set: + ip1: 192.168.1.20 + ip2: 192.168.1.21 + ip3: 192.168.1.22 + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + externalIPs: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + - "{{ .Values.ip3 }}" + asserts: + - equal: + path: spec + value: + publishNotReadyAddresses: false + ports: *defaultPort + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + - isNull: + path: spec.selector + - isNull: + path: spec.type + + - it: should pass with ExternalIP service type and publishNotReadyAddresses + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalIP + externalIP: 10.10.10.100 + publishNotReadyAddresses: true + asserts: + - equal: + path: spec + value: + ports: *defaultPort + publishNotReadyAddresses: true + - isNull: + path: spec.selector + - isNull: + path: spec.type diff --git a/library/common-test/tests/service/service_test_ExternalName.yaml b/library/common-test/tests/service/service_test_ExternalName.yaml new file mode 100644 index 00000000..24581015 --- /dev/null +++ b/library/common-test/tests/service/service_test_ExternalName.yaml @@ -0,0 +1,247 @@ +suite: service test ExternalName +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with ExternalName service type + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalName: some_hostname + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + publishNotReadyAddresses: false + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and externalTrafficPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalTrafficPolicy: Cluster + externalName: some_hostname + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + externalTrafficPolicy: Cluster + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and sessionAffinity set to None + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalName: some_hostname + sessionAffinity: None + sessionAffinityConfig: + ClientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + sessionAffinity: None + - isNull: + path: spec.sessionAffinityConfig + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and sessionAffinity set to ClientIP + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalName: some_hostname + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and sessionAffinity set to ClientIP from tpl + documentIndex: *serviceDoc + set: + timeout: 1000 + service: + main: + type: ExternalName + externalName: some_hostname + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and externalIPs + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalName: some_hostname + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and externalIPs from tpl + documentIndex: *serviceDoc + set: + ip1: 192.168.1.20 + ip2: 192.168.1.21 + ip3: 192.168.1.22 + service: + main: + type: ExternalName + externalName: some_hostname + externalIPs: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + - "{{ .Values.ip3 }}" + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: false + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy + + - it: should pass with ExternalName service type and publishNotReadyAddresses + documentIndex: *serviceDoc + set: + service: + main: + type: ExternalName + externalName: some_hostname + publishNotReadyAddresses: true + asserts: + - equal: + path: spec + value: + type: ExternalName + externalName: some_hostname + ports: *defaultPort + publishNotReadyAddresses: true + - isNull: + path: spec.selector + - isNull: + path: spec.ipFamilies + - isNull: + path: spec.ipFamilyPolicy diff --git a/library/common-test/tests/service/service_test_LoadBalancer.yaml b/library/common-test/tests/service/service_test_LoadBalancer.yaml new file mode 100644 index 00000000..326a6c11 --- /dev/null +++ b/library/common-test/tests/service/service_test_LoadBalancer.yaml @@ -0,0 +1,378 @@ +suite: service test LoadBalancer +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with LoadBalancer service type + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + publishNotReadyAddresses: false + selector: &defaultSelector + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + + - it: should pass with LoadBalancer service type and loadBalancerIP set + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + loadBalancerIP: 10.16.0.12 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + loadBalancerIP: 10.16.0.12 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with LoadBalancer service type and loadBalancerSourceRanges set + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + loadBalancerSourceRanges: + - 10.16.0.14 + - 10.16.0.15 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + loadBalancerSourceRanges: + - 10.16.0.14 + - 10.16.0.15 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with LoadBalancer service type and loadBalancerSourceRanges set from tpl + documentIndex: *serviceDoc + set: + ip1: 10.16.0.14 + ip2: 10.16.0.15 + service: + main: + type: LoadBalancer + loadBalancerSourceRanges: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + asserts: + - equal: + path: spec + value: + type: LoadBalancer + loadBalancerSourceRanges: + - 10.16.0.14 + - 10.16.0.15 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with LoadBalancer service type, loadBalancerIP and loadBalancerSourceRanges set from tpl + documentIndex: *serviceDoc + set: + ip1: 10.16.0.14 + ip2: 10.16.0.15 + service: + main: + type: LoadBalancer + loadBalancerIP: 10.16.0.12 + loadBalancerSourceRanges: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + asserts: + - equal: + path: spec + value: + type: LoadBalancer + loadBalancerIP: 10.16.0.12 + loadBalancerSourceRanges: + - 10.16.0.14 + - 10.16.0.15 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with LoadBalancer service type and clusterIP set + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + clusterIP: 172.16.0.12 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + clusterIP: 172.16.0.12 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with LoadBalancer service type and externalTrafficPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + externalTrafficPolicy: Cluster + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalTrafficPolicy: Cluster + + - it: should pass with LoadBalancer service type and sessionAffinity set to None + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + sessionAffinity: None + sessionAffinityConfig: + ClientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: None + - isNull: + path: spec.sessionAffinityConfig + + - it: should pass with LoadBalancer service type and sessionAffinity set to ClientIP + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with LoadBalancer service type and sessionAffinity set to ClientIP from tpl + documentIndex: *serviceDoc + set: + timeout: 1000 + service: + main: + type: LoadBalancer + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with LoadBalancer service type and externalIPs + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with LoadBalancer service type and externalIPs from tpl + documentIndex: *serviceDoc + set: + ip1: 192.168.1.20 + ip2: 192.168.1.21 + ip3: 192.168.1.22 + service: + main: + type: LoadBalancer + externalIPs: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + - "{{ .Values.ip3 }}" + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with LoadBalancer service type and publishNotReadyAddresses + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + publishNotReadyAddresses: true + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + selector: *defaultSelector + publishNotReadyAddresses: true + + - it: should pass with LoadBalancer service type and ipFamilyPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + ipFamilyPolicy: SingleStack + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilyPolicy: SingleStack + + - it: should pass with LoadBalancer service type and ipFamilies + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + ipFamilies: + - IPv6 + - IPv4 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilies: + - IPv6 + - IPv4 + + - it: should pass with LoadBalancer service type and custom selector + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + selector: + some_key: some_value + some_key1: some_value1 + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 + + - it: should pass with LoadBalancer service type and custom selector from tpl + documentIndex: *serviceDoc + set: + k1: some_value + k2: some_value1 + service: + main: + type: LoadBalancer + selector: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + asserts: + - equal: + path: spec + value: + type: LoadBalancer + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 diff --git a/library/common-test/tests/service/service_test_NodePort.yaml b/library/common-test/tests/service/service_test_NodePort.yaml new file mode 100644 index 00000000..5d4ff76a --- /dev/null +++ b/library/common-test/tests/service/service_test_NodePort.yaml @@ -0,0 +1,344 @@ +suite: service test NodePort +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with nodePort less than the minimum allowed + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 8999 + asserts: + - failedTemplate: + errorMessage: Port number (8999) for (main) is too low. The minimum port for Node Port is (9000) + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with NodePort service type + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + nodePort: 35000 + publishNotReadyAddresses: false + selector: &defaultSelector + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + + - it: should pass with NodePort service type and clusterIP set + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + clusterIP: 172.16.0.12 + asserts: + - equal: + path: spec + value: + type: NodePort + clusterIP: 172.16.0.12 + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + + - it: should pass with NodePort service type and externalTrafficPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + externalTrafficPolicy: Cluster + ports: + main: + nodePort: 35000 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalTrafficPolicy: Cluster + + - it: should pass with NodePort service type and sessionAffinity set to None + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + sessionAffinity: None + sessionAffinityConfig: + ClientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: None + - isNull: + path: spec.sessionAffinityConfig + + - it: should pass with NodePort service type and sessionAffinity set to ClientIP + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with NodePort service type and sessionAffinity set to ClientIP from tpl + documentIndex: *serviceDoc + set: + timeout: 1000 + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 1000 + + - it: should pass with NodePort service type and externalIPs + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with NodePort service type and externalIPs from tpl + documentIndex: *serviceDoc + set: + ip1: 192.168.1.20 + ip2: 192.168.1.21 + ip3: 192.168.1.22 + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + externalIPs: + - "{{ .Values.ip1 }}" + - "{{ .Values.ip2 }}" + - "{{ .Values.ip3 }}" + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + externalIPs: + - 192.168.1.20 + - 192.168.1.21 + - 192.168.1.22 + + - it: should pass with NodePort service type and publishNotReadyAddresses + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + publishNotReadyAddresses: true + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + selector: *defaultSelector + publishNotReadyAddresses: true + + - it: should pass with NodePort service type and ipFamilyPolicy + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + ipFamilyPolicy: SingleStack + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilyPolicy: SingleStack + + - it: should pass with NodePort service type and ipFamilies + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + ipFamilies: + - IPv6 + - IPv4 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: *defaultSelector + ipFamilies: + - IPv6 + - IPv4 + + - it: should pass with NodePort service type and custom selector + documentIndex: *serviceDoc + set: + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + selector: + some_key: some_value + some_key1: some_value1 + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 + + - it: should pass with NodePort service type and custom selector from tpl + documentIndex: *serviceDoc + set: + k1: some_value + k2: some_value1 + service: + main: + type: NodePort + ports: + main: + nodePort: 35000 + selector: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + asserts: + - equal: + path: spec + value: + type: NodePort + ports: *defaultPort + publishNotReadyAddresses: false + selector: + some_key: some_value + some_key1: some_value1 diff --git a/library/common-test/tests/service/service_test_hostNet.yaml b/library/common-test/tests/service/service_test_hostNet.yaml new file mode 100644 index 00000000..489ff857 --- /dev/null +++ b/library/common-test/tests/service/service_test_hostNet.yaml @@ -0,0 +1,73 @@ + +suite: service test hostNetwork +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with correct apiVersion + documentIndex: &serviceDoc 1 + asserts: + - isKind: + of: Service + - isAPIVersion: + of: v1 + + - it: should pass with hostNetwork enabled + documentIndex: *serviceDoc + set: + hostNetwork: true + service: + main: + type: LoadBalancer + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + publishNotReadyAddresses: false + selector: &defaultSelector + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME + + - it: should pass with hostPort defined, should be forced to ClusterIP + documentIndex: *serviceDoc + set: + service: + main: + type: LoadBalancer + ports: + main: + port: 65535 + hostPort: 12345 + asserts: + - equal: + path: spec + value: + type: ClusterIP + ports: &defaultPort + - name: main + port: 65535 + protocol: TCP + targetPort: main + publishNotReadyAddresses: false + selector: &defaultSelector + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: common-test + release: RELEASE-NAME diff --git a/library/common-test/tests/serviceAccount/serviceAccount_test.yaml b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml new file mode 100644 index 00000000..7a363a53 --- /dev/null +++ b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml @@ -0,0 +1,146 @@ + +suite: service account test +templates: + - common.yaml +chart: + appVersion: &appVer v1.2.3 +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail with multiple service accounts, without any set as primary + set: + serviceAccount: + main: + enabled: true + primary: false + main2: + enabled: true + primary: false + asserts: + - failedTemplate: + errorMessage: At least one Service Account must be set as primary + + - it: should pass with service account enabled + documentIndex: &serviceAccountDoc 0 + set: + serviceAccount: + main: + enabled: true + asserts: + - isKind: + of: ServiceAccount + - isAPIVersion: + of: v1 + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with primary service account enabled and nameOverride defined + documentIndex: *serviceAccountDoc + set: + serviceAccount: + main: + enabled: true + nameOverride: some-name + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name + + - it: should pass with primary service account enabled annotations and labels added + documentIndex: *serviceAccountDoc + set: + serviceAccount: + main: + enabled: true + annotations: + key1: value1 + key2: value2 + labels: + key3: value3 + key4: value4 + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + + - it: should pass with primary service account enabled annotations and labels added from tpl + documentIndex: *serviceAccountDoc + set: + k1: value1 + k2: value2 + k3: value3 + k4: value4 + serviceAccount: + main: + enabled: true + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + labels: + key3: "{{ .Values.k3 }}" + key4: "{{ .Values.k4 }}" + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key3: value3 + key4: value4 + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with non-primary service account enabled and nameOverride defined + documentIndex: &serviceAccountDocExtra 1 + set: + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: false + nameOverride: some-name + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-some-name diff --git a/library/common-test/tests/utils/utils_primary_port_test.yaml b/library/common-test/tests/utils/utils_primary_port_test.yaml new file mode 100644 index 00000000..d661f0e3 --- /dev/null +++ b/library/common-test/tests/utils/utils_primary_port_test.yaml @@ -0,0 +1,116 @@ + +suite: primary port utils test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + port: 65535 + scheme: HTTP + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + - it: should pass with no port set as primary + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + primary: false + protocol: TCP + port: 12345 + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with main port set as primary and other not + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + primary: true + protocol: TCP + port: 12345 + other: + primary: false + protocol: TCP + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with different port set as primary + documentIndex: *deploymentDoc + set: + service: + main: + ports: + main: + primary: false + other: + enabled: true + primary: true + protocol: TCP + port: 12345 + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should fail with more than 1 primary ports + set: + service: + main: + ports: + main: + primary: true + other_port: + enabled: true + primary: true + port: 1234 + asserts: + - failedTemplate: + errorMessage: More than one ports are set as primary in the primary service. This is not supported. diff --git a/library/common-test/tests/utils/utils_primary_rbac_test.yaml b/library/common-test/tests/utils/utils_primary_rbac_test.yaml new file mode 100644 index 00000000..3ed0215e --- /dev/null +++ b/library/common-test/tests/utils/utils_primary_rbac_test.yaml @@ -0,0 +1,485 @@ + +suite: primary rbac utils test +templates: + - common.yaml +tests: + - it: should pass with default values + asserts: + - hasDocuments: + count: 3 + + - it: should fail with more than 1 primary rbac + set: + rbac: + main: + enabled: true + primary: true + rules: &rules + - apiGroups: + - something + resources: + - something + verbs: + - something + subjects: &subjects + - kind: something + name: something + apiGroup: something + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - failedTemplate: + errorMessage: More than one RBACS are set as primary. This is not supported. + + - it: should pass with no rbac set as primary (Role) + documentIndex: &roleDoc 0 + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with no rbac set as primary (RoleBinding) + documentIndex: &roleBindingDoc 1 + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 5 + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with no rbac set as primary (ClusterRole) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with no rbac set as primary (ClusterRoleBinding) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main rbac set as primary and other not (Role - main) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main rbac set as primary and other not (Role - other) + documentIndex: &otherRoleDoc 2 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other + + - it: should pass with main rbac set as primary and other not (RoleBinding - main) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main rbac set as primary and other not (RoleBinding - other) + documentIndex: &otherRoleBindingDoc 3 + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other + + - it: should pass with main rbac set as primary and other not (ClusterRole - main) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main rbac set as primary and other not (ClusterRole - other) + documentIndex: *otherRoleDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other + + - it: should pass with main rbac set as primary and other not (ClusterRoleBinding - main) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main rbac set as primary and other not (ClusterRoleBinding - other) + documentIndex: *otherRoleBindingDoc + set: + rbac: + main: + enabled: true + primary: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other + + - it: should pass with other rbac set as primary and main not (Role - main) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-main + + - it: should pass with other rbac set as primary and main not (Role - other) + documentIndex: &otherRoleDoc 2 + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: Role + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with other rbac set as primary and main not (RoleBinding - main) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-main + + - it: should pass with other rbac set as primary and main not (RoleBinding - other) + documentIndex: &otherRoleBindingDoc 3 + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: RoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with other rbac set as primary and main not (ClusterRole - main) + documentIndex: *roleDoc + set: + rbac: + main: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-main + + - it: should pass with other rbac set as primary and main not (ClusterRole - other) + documentIndex: *otherRoleDoc + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with other rbac set as primary and main not (ClusterRoleBinding - main) + documentIndex: *roleBindingDoc + set: + rbac: + main: + enabled: true + primary: false + clusterWide: true + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-main + + - it: should pass with other rbac set as primary and main not (ClusterRoleBinding - other) + documentIndex: *otherRoleBindingDoc + set: + rbac: + main: + enabled: true + primary: false + rules: *rules + subjects: *subjects + other: + enabled: true + primary: true + clusterWide: true + rules: *rules + subjects: *subjects + asserts: + - hasDocuments: + count: 7 + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: RELEASE-NAME-common-test diff --git a/library/common-test/tests/utils/utils_primary_serviceAccount_test.yaml b/library/common-test/tests/utils/utils_primary_serviceAccount_test.yaml new file mode 100644 index 00000000..0a653960 --- /dev/null +++ b/library/common-test/tests/utils/utils_primary_serviceAccount_test.yaml @@ -0,0 +1,114 @@ + +suite: primary serviceAccount utils test +templates: + - common.yaml +tests: + - it: should pass with default values + asserts: + - hasDocuments: + count: 3 + + - it: should fail with more than 1 primary serviceAccounts + set: + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: true + asserts: + - failedTemplate: + errorMessage: More than one serviceAccounts are set as primary. This is not supported. + + - it: should pass with no serviceAccount set as primary + documentIndex: &serviceAccountDoc 0 + set: + serviceAccount: + main: + enabled: true + primary: false + asserts: + - hasDocuments: + count: 4 + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main serviceAccount set as primary and other not (check name on main) + documentIndex: *serviceAccountDoc + set: + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: false + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test + + - it: should pass with main serviceAccount set as primary and other not (check name on other) + documentIndex: &otherServiceAccountDoc 1 + set: + serviceAccount: + main: + enabled: true + primary: true + other: + enabled: true + primary: false + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-other + + - it: should pass with different serviceAccount set as primary (check name on main) + documentIndex: *serviceAccountDoc + set: + serviceAccount: + main: + enabled: true + primary: false + other: + enabled: true + primary: true + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-main + + - it: should pass with different serviceAccount set as primary (check name on other) + documentIndex: *otherServiceAccountDoc + set: + serviceAccount: + main: + enabled: true + primary: false + other: + enabled: true + primary: true + asserts: + - hasDocuments: + count: 5 + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: RELEASE-NAME-common-test diff --git a/library/common-test/tests/utils/utils_primary_service_test.yaml b/library/common-test/tests/utils/utils_primary_service_test.yaml new file mode 100644 index 00000000..290d99c4 --- /dev/null +++ b/library/common-test/tests/utils/utils_primary_service_test.yaml @@ -0,0 +1,121 @@ + +suite: primary service utils test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: / + port: 65535 + scheme: HTTP + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + - it: should fail with more than 1 primary services + set: + service: + main: + primary: true + other: + enabled: true + primary: true + ports: + other: + enabled: true + port: 80 + asserts: + - failedTemplate: + errorMessage: More than one services are set as primary. This is not supported. + + + - it: should pass with main service set as primary and other not + documentIndex: *deploymentDoc + set: + service: + main: + primary: true + ports: + main: + protocol: TCP + port: 12345 + other: + primary: false + ports: + main: + protocol: TCP + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with no service set as primary + documentIndex: *deploymentDoc + set: + service: + main: + primary: false + ports: + main: + protocol: TCP + port: 12345 + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 + + - it: should pass with different service set as primary + documentIndex: *deploymentDoc + set: + service: + main: + primary: false + other: + enabled: true + primary: true + ports: + other: + enabled: true + protocol: TCP + port: 12345 + probes: + liveness: + type: auto + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + tcpSocket: + port: 12345 + initialDelaySeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + periodSeconds: 10 diff --git a/library/common-test/values.yaml b/library/common-test/values.yaml new file mode 100644 index 00000000..67cebbb6 --- /dev/null +++ b/library/common-test/values.yaml @@ -0,0 +1,5 @@ +service: + main: + ports: + main: + port: 65535 diff --git a/charts/common/.helmignore b/library/common/.helmignore similarity index 100% rename from charts/common/.helmignore rename to library/common/.helmignore diff --git a/charts/common/Chart.yaml b/library/common/Chart.yaml similarity index 96% rename from charts/common/Chart.yaml rename to library/common/Chart.yaml index 2c7eb49c..36a70af9 100644 --- a/charts/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 11.1.2 +version: 12.0.0 diff --git a/charts/common/README.md b/library/common/README.md similarity index 100% rename from charts/common/README.md rename to library/common/README.md diff --git a/charts/common/crds/cnpg-1.18.0.yaml b/library/common/crds/cnpg-1.18.0.yaml similarity index 100% rename from charts/common/crds/cnpg-1.18.0.yaml rename to library/common/crds/cnpg-1.18.0.yaml diff --git a/charts/common/crds/ingressroute.yaml b/library/common/crds/ingressroute.yaml similarity index 100% rename from charts/common/crds/ingressroute.yaml rename to library/common/crds/ingressroute.yaml diff --git a/charts/common/crds/ingressroutetcp.yaml b/library/common/crds/ingressroutetcp.yaml similarity index 100% rename from charts/common/crds/ingressroutetcp.yaml rename to library/common/crds/ingressroutetcp.yaml diff --git a/charts/common/crds/ingressrouteudp.yaml b/library/common/crds/ingressrouteudp.yaml similarity index 100% rename from charts/common/crds/ingressrouteudp.yaml rename to library/common/crds/ingressrouteudp.yaml diff --git a/charts/common/crds/metallb-native.yaml b/library/common/crds/metallb-native.yaml similarity index 100% rename from charts/common/crds/metallb-native.yaml rename to library/common/crds/metallb-native.yaml diff --git a/charts/common/crds/middlewares.yaml b/library/common/crds/middlewares.yaml similarity index 100% rename from charts/common/crds/middlewares.yaml rename to library/common/crds/middlewares.yaml diff --git a/charts/common/crds/middlewarestcp.yaml b/library/common/crds/middlewarestcp.yaml similarity index 100% rename from charts/common/crds/middlewarestcp.yaml rename to library/common/crds/middlewarestcp.yaml diff --git a/charts/common/crds/prometheus-crds.yaml b/library/common/crds/prometheus-crds.yaml similarity index 100% rename from charts/common/crds/prometheus-crds.yaml rename to library/common/crds/prometheus-crds.yaml diff --git a/charts/common/crds/serverstransports.yaml b/library/common/crds/serverstransports.yaml similarity index 100% rename from charts/common/crds/serverstransports.yaml rename to library/common/crds/serverstransports.yaml diff --git a/charts/common/crds/tlsoptions.yaml b/library/common/crds/tlsoptions.yaml similarity index 100% rename from charts/common/crds/tlsoptions.yaml rename to library/common/crds/tlsoptions.yaml diff --git a/charts/common/crds/tlsstores.yaml b/library/common/crds/tlsstores.yaml similarity index 100% rename from charts/common/crds/tlsstores.yaml rename to library/common/crds/tlsstores.yaml diff --git a/charts/common/crds/traefikservices.yaml b/library/common/crds/traefikservices.yaml similarity index 100% rename from charts/common/crds/traefikservices.yaml rename to library/common/crds/traefikservices.yaml diff --git a/library/common/templates/class/_configmap.tpl b/library/common/templates/class/_configmap.tpl new file mode 100644 index 00000000..be91e9c3 --- /dev/null +++ b/library/common/templates/class/_configmap.tpl @@ -0,0 +1,30 @@ +{{- define "ix.v1.common.class.configmap" -}} + {{- $configName := .configName -}} + {{- $data := .data -}} + {{- $contentType := .contentType -}} + {{- $configLabels := .labels -}} + {{- $configAnnotations := .annotations -}} + {{- $root := .root }} + +--- +apiVersion: {{ include "ix.v1.common.capabilities.configMap.apiVersion" $root }} +kind: ConfigMap +metadata: + name: {{ $configName }} + {{- $labels := (mustMerge ($configLabels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($configAnnotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +data: + {{- if eq $contentType "yaml" }} + {{- $data | nindent 2 }} + {{- else -}} {{/* This should never happen, unless there is a mistake in the caller of this class */}} + {{- fail (printf "Invalid content type (%s) for configmap. Valid types are scalar and key_value" $contentType) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/class/_cronjob.tpl b/library/common/templates/class/_cronjob.tpl new file mode 100644 index 00000000..6af82f49 --- /dev/null +++ b/library/common/templates/class/_cronjob.tpl @@ -0,0 +1,45 @@ +{{- define "ix.v1.common.class.cronJob" -}} + {{- $job := .job -}} + {{- $root := .root -}} + + {{- $default := $root.Values.global.defaults.job.cron -}} + {{- $jobName := include "ix.v1.common.names.jobAndCronJob" (dict "root" $root "jobValues" $job) -}} + {{- include "ix.v1.common.validate.cronJob" (dict "root" $root "job" $job) -}} + + {{- $failLimit := $default.failedJobsHistoryLimit -}} + {{- if (mustHas (kindOf $job.cron.failedJobsHistoryLimit) (list "int" "float64")) -}} + {{- $failLimit = $job.cron.failedJobsHistoryLimit -}} + {{- end -}} + + {{- $successLimit := $default.successfulJobsHistoryLimit -}} + {{- if (mustHas (kindOf $job.cron.successfulJobsHistoryLimit) (list "int" "float64")) -}} + {{- $successLimit = $job.cron.successfulJobsHistoryLimit -}} + {{- end }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.cronJob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ $jobName }} + {{- $labels := (mustMerge ($job.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($job.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + schedule: {{ $job.cron.schedule | quote }} + timeZone: {{ $job.cron.timezone | default $root.Values.TZ }} + concurrencyPolicy: {{ $job.cron.concurrencyPolicy | default $default.concurrencyPolicy }} + failedJobsHistoryLimit: {{ $failLimit }} + successfulJobsHistoryLimit: {{ $successLimit }} + {{- with $job.cron.startingDeadLineSeconds }} + startingDeadLineSeconds: {{ . }} + {{- end }} + jobTemplate: + spec: + {{- include "ix.v1.common.lib.job" (dict "root" $root "job" $job) | indent 6 -}} +{{- end -}} diff --git a/library/common/templates/class/_externalInterfaces.tpl b/library/common/templates/class/_externalInterfaces.tpl new file mode 100644 index 00000000..e3b48a07 --- /dev/null +++ b/library/common/templates/class/_externalInterfaces.tpl @@ -0,0 +1,22 @@ +{{- define "ix.v1.common.class.externalInterface" -}} + {{- $iface := .iface -}} + {{- $index := .index -}} + {{- $root := .root }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.externalInterfaces.apiVersion" . }} +kind: NetworkAttachmentDefinition +metadata: + name: ix-{{ $root.Release.Name }}-{{ $index }} + {{- $labels := (include "ix.v1.common.labels" $root | fromYaml) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (include "ix.v1.common.annotations" $root | fromYaml) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + config: {{ $iface | squote }} +{{- end -}} diff --git a/library/common/templates/class/_job.tpl b/library/common/templates/class/_job.tpl new file mode 100644 index 00000000..8b06bb59 --- /dev/null +++ b/library/common/templates/class/_job.tpl @@ -0,0 +1,23 @@ +{{- define "ix.v1.common.class.job" -}} + {{- $job := .job -}} + {{- $root := .root -}} + {{- $jobName := include "ix.v1.common.names.jobAndCronJob" (dict "root" $root "jobValues" $job) }} + +--- +apiVersion: {{ include "ix.v1.common.capabilities.job.apiVersion" . }} +kind: Job +metadata: + name: {{ $jobName }} + {{- $labels := (mustMerge ($job.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($job.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- include "ix.v1.common.lib.job" (dict "root" $root "job" $job) | indent 2 -}} +{{- end -}} diff --git a/library/common/templates/class/_pvc.tpl b/library/common/templates/class/_pvc.tpl new file mode 100644 index 00000000..5fc9f610 --- /dev/null +++ b/library/common/templates/class/_pvc.tpl @@ -0,0 +1,62 @@ +{{/* Template for pvc object, can only be called by the spawner */}} +{{/* An "pvc" object and "root" is passed from the spawner */}} +{{- define "ix.v1.common.class.pvc" -}} + {{- $pvcValues := .pvc -}} + {{- $root := .root -}} + {{- $defaultSize := $root.Values.global.defaults.PVCSize -}} + {{- $defaultAccessMode := $root.Values.global.defaults.accessMode -}} + {{- $defaultRetain := $root.Values.global.defaults.PVCRetain -}} + + {{- $pvcName := include "ix.v1.common.names.pvc" (dict "root" $root "pvcValues" $pvcValues) -}} + + {{- $accessMode := (tpl (default $defaultAccessMode $pvcValues.accessMode) $root) -}} + {{- if not (mustHas $accessMode (list "ReadWriteOnce" "ReadOnlyMany" "ReadWriteMany" "ReadWriteOncePod")) -}} + {{- fail (printf "Invalid option (%s). Valid options are ReadWriteOnce, ReadOnlyMany, ReadWriteMany and ReadWriteOncePod" $accessMode) -}} + {{- end -}} + + {{- $size := (tpl (default $defaultSize $pvcValues.size) $root) -}} + + {{- if hasKey $pvcValues "retain" -}} + {{- $defaultRetain = $pvcValues.retain -}} + {{- end }} + +--- +apiVersion: {{ include "ix.v1.common.capabilities.pvc.apiVersion" $root }} +kind: PersistentVolumeClaim +metadata: + name: {{ $pvcName }} + {{- $labels := (mustMerge ($pvcValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $additionalAnnotations := dict -}} + {{- if $defaultRetain -}} + {{- $_ := set $additionalAnnotations "\"helm.sh/resource-policy\"" "keep" -}} + {{- end -}} + {{- $annotations := (mustMerge ($pvcValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml) $additionalAnnotations) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + accessModes: + - {{ $accessMode }} + resources: + requests: + storage: {{ $size }} + {{- with $pvcValues.volumeName }} + volumeName: {{ tpl . $root | quote }} + {{- end -}} + {{/* + If no storageClassName is defined, either in global or in the persistence object, + do not define storageClassName, which means use the default storageClass of the node + */}} + {{- with (include "ix.v1.common.storage.storageClassName" (dict "persistence" $pvcValues "root" $root)) | trim }} + storageClassName: {{ . }} + {{- end -}} + {{/* Pass custom spec if defined */}} + {{- with $pvcValues.spec }} + {{- tpl (toYaml .) $root | nindent 2 }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/class/_rbac.tpl b/library/common/templates/class/_rbac.tpl new file mode 100644 index 00000000..8d0f88c4 --- /dev/null +++ b/library/common/templates/class/_rbac.tpl @@ -0,0 +1,112 @@ +{{/* Template for RBAC object ((Cluster)Role, (Cluster)RoleBinding), can only be called by the spawner */}} +{{/* An rbac object, an SA object and "root" is passed from the spawner */}} +{{- define "ix.v1.common.class.rbac" -}} + {{- $rbacValues := .rbac -}} + {{- $root := .root -}} + + {{- $saName := include "ix.v1.common.names.serviceAccountName" $root -}} + {{- $rbacName := include "ix.v1.common.names.rbac" (dict "root" $root "rbacValues" $rbacValues) -}} + + {{/* Prepare values for either cluster rbac or namespaced rbac */}} + {{- $roleAPI := include "ix.v1.common.capabilities.role.apiVersion" $root -}} + {{- $roleBindingAPI := include "ix.v1.common.capabilities.roleBinding.apiVersion" $root -}} + {{- $roleKind := "Role" -}} + {{- $roleBindingKind := "RoleBinding" -}} + {{- $clusterWide := false -}} + + {{- if hasKey $rbacValues "clusterWide" -}} + {{- if $rbacValues.clusterWide -}} + {{- $roleKind = "ClusterRole" -}} + {{- $roleBindingKind = "ClusterRoleBinding" -}} + {{- $clusterWide = true -}} + {{- $roleAPI = include "ix.v1.common.capabilities.clusterRole.apiVersion" $root -}} + {{- $roleBindingAPI = include "ix.v1.common.capabilities.clusterRoleBinding.apiVersion" $root -}} + {{- end -}} + {{- end }} + +--- +apiVersion: {{ $roleAPI }} +kind: {{ $roleKind }} +metadata: + name: {{ $rbacName }} + {{- if not $clusterWide }} + namespace: {{ $root.Release.Namespace }} + {{- end }} + {{- $labels := (mustMerge ($rbacValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($rbacValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +{{- if not $rbacValues.rules -}} + {{- fail " cannot be empty in RBAC." -}} +{{- end -}} +{{- with $rbacValues.rules }} +rules: + {{- range . }} + {{- if not .apiGroups -}} + {{- fail " cannot be empty in RBAC rules." -}} + {{- end -}} + {{- if not .resources -}} + {{- fail " cannot be empty in RBAC rules." -}} + {{- end -}} + {{- if not .verbs -}} + {{- fail " cannot be empty in RBAC rules." -}} + {{- end }} + - apiGroups: + {{- range .apiGroups }} + {{- if eq . "" }} + - "" + {{- else }} + - {{ tpl . $root | quote }} + {{- end }} + {{- end }} + resources: + {{- range .resources }} + - {{ tpl . $root | quote }} + {{- end }} + verbs: + {{- range .verbs }} + - {{ tpl . $root | quote }} + {{- end }} + {{- end }} +{{- end }} + +--- +apiVersion: {{ $roleBindingAPI }} +kind: {{ $roleBindingKind }} +metadata: + name: {{ $rbacName }} + {{- if not $clusterWide }} + namespace: {{ $root.Release.Namespace }} + {{- end }} + {{- $labels := (mustMerge ($rbacValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($rbacValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: {{ include "ix.v1.common.capabilities.roleRef.apiGroup.apiVersion" $root }} + kind: {{ $roleKind }} + name: {{ $rbacName }} +subjects: + - kind: ServiceAccount + name: {{ $saName }} + namespace: {{ $root.Release.Namespace }} + {{- with $rbacValues.subjects -}} + {{- range . }} + - kind: {{ tpl (required " cannot be empty in RBAC subjects." .kind) $root | quote }} + name: {{ tpl (required " cannot be empty in RBAC subjects." .name) $root | quote }} + apiGroup: {{ tpl (required " cannot be empty in RBAC subjects." .apiGroup) $root | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/class/_secret.tpl b/library/common/templates/class/_secret.tpl new file mode 100644 index 00000000..1466240b --- /dev/null +++ b/library/common/templates/class/_secret.tpl @@ -0,0 +1,51 @@ +{{- define "ix.v1.common.class.secret" -}} + {{- $secretName := .secretName -}} + {{- $data := .data -}} + {{- $contentType := .contentType -}} + {{- $secretType := .secretType -}} {{/* Optional */}} + {{- $secretLabels := .labels -}} + {{- $secretAnnotations := .annotations -}} + {{- $root := .root -}} + + {{- $typeClass := "Opaque" -}} {{/* Default to Opaque */}} + {{- if eq $contentType "certificate" -}} {{/* Certificate content has specific type */}} + {{- $typeClass = (include "ix.v1.common.capabilities.secret.certificate.type" $root) -}} + {{- else if eq $contentType "pullSecret" -}} {{/* imagePullSecrets content has specific type */}} + {{- $typeClass = (include "ix.v1.common.capabilities.secret.imagePullSecret.type" $root) -}} + {{- end -}} + + {{- if $secretType -}} {{/* If custom type is defined */}} + {{- $typeClass = $secretType -}} + {{- end }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.secret.apiVersion" $root }} +kind: Secret +type: {{ $typeClass }} +metadata: + name: {{ $secretName }} + {{- $labels := (mustMerge ($secretLabels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($secretAnnotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end -}} + {{- if (mustHas $contentType (list "pullSecret" "certificate")) }} +data: + {{- if eq $contentType "pullSecret" }} + .dockerconfigjson: {{ $data | toJson | b64enc }} + {{- else if eq $contentType "certificate" }} + {{- range $k, $v := $data }} + {{- $k | nindent 2 }}: {{ $v | b64enc }} + {{- end -}} + {{- end -}} + {{- else if eq $contentType "yaml" }} +stringData: + {{- $data | nindent 2 }} + {{- else -}} + {{- fail (printf "Invalid content type (%s) for secret. Valid types are pullSecret, certificate, scalar and key_value" $contentType) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/class/_service.tpl b/library/common/templates/class/_service.tpl new file mode 100644 index 00000000..20593cf6 --- /dev/null +++ b/library/common/templates/class/_service.tpl @@ -0,0 +1,73 @@ +{{/* Template for service object, can only be called by the spawner */}} +{{/* An "svc" object and "root" is passed from the spawner */}} +{{- define "ix.v1.common.class.service" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} + {{- $defaultServiceType := $root.Values.global.defaults.serviceType -}} + {{- $defaultPortProtocol := $root.Values.global.defaults.portProtocol -}} + {{- $svcName := include "ix.v1.common.names.service" (dict "root" $root "svcValues" $svcValues) -}} + + {{- $svcType := $svcValues.type | default $defaultServiceType -}} + {{- if $root.Values.hostNetwork -}} + {{- $svcType = "ClusterIP" -}} {{/* When hostNetwork is enabled, force ClusterIP as service type */}} + {{- end -}} + + {{/* When hostPort is used, this port can only be assiged to a ClusterIP Service */}} + {{/* If at least one port in a service has hostPort this service will be forced to ClusterIP */}} + {{- range $name, $port := $svcValues.ports -}} + {{- if $port.enabled -}} + {{- if $port.hostPort -}} + {{- $svcType = "ClusterIP" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $primaryPort := get $svcValues.ports (include "ix.v1.common.lib.util.service.ports.primary" (dict "svcValues" $svcValues "svcName" $svcName)) }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.service.apiVersion" $root }} +kind: Service +metadata: + name: {{ $svcName }} + {{- $labels := (mustMerge ($svcValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $additionalAnnotations := dict -}} + {{- if and $root.Values.addAnnotations.traefik (eq ($primaryPort.protocol | default "") "HTTPS") -}} + {{- $_ := set $additionalAnnotations "traefik.ingress.kubernetes.io/service.serversscheme" "https" -}} + {{- end -}} + {{- if and $root.Values.addAnnotations.metallb (eq $svcType "LoadBalancer") -}} + {{- $sharedLBKey := include "ix.v1.common.names.fullname" $root -}} + {{- with $svcValues.metalLBSharedKey -}} + {{- $sharedLBKey = tpl . $root -}} + {{- end -}} + {{- $_ := set $additionalAnnotations "metallb.universe.tf/allow-shared-ip" $sharedLBKey -}} + {{- end -}} + {{- $annotations := (mustMerge ($svcValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml) $additionalAnnotations) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- if eq $svcType "ClusterIP" -}} + {{- include "ix.v1.common.class.serivce.clusterIP.spec" (dict "svc" $svcValues "root" $root) | nindent 2 -}} + {{- else if eq $svcType "LoadBalancer" -}} + {{- include "ix.v1.common.class.serivce.loadBalancer.spec" (dict "svc" $svcValues "root" $root)| nindent 2 -}} + {{- else if eq $svcType "NodePort" -}} + {{- include "ix.v1.common.class.serivce.nodePort.spec" (dict "svc" $svcValues "root" $root) | nindent 2 -}} + {{- else if eq $svcType "ExternalName" -}} + {{- include "ix.v1.common.class.serivce.externalName.spec" (dict "svc" $svcValues "root" $root) | nindent 2 -}} + {{- end -}} + {{- include "ix.v1.common.class.serivce.sessionAffinity" (dict "svc" $svcValues "root" $root) | indent 2 -}} + {{- include "ix.v1.common.class.serivce.externalIPs" (dict "svc" $svcValues "root" $root) | indent 2 -}} + {{- include "ix.v1.common.class.serivce.publishNotReadyAddresses" (dict "publishNotReadyAddresses" $svcValues.publishNotReadyAddresses) | indent 2 -}} + {{- include "ix.v1.common.class.serivce.ports" (dict "ports" $svcValues.ports "svcType" $svcType "defaultPortProtocol" $defaultPortProtocol "root" $root) | indent 2 -}} + {{- if not (mustHas $svcType (list "ExternalName" "ExternalIP")) -}} + {{- include "ix.v1.common.class.serivce.selector" (dict "svc" $svcValues "root" $root) | nindent 2 -}} + {{- end -}} + {{- if eq $svcType "ExternalIP" -}} + {{- include "ix.v1.common.class.serivce.externalTrafficPolicy" (dict "svc" $svcValues "root" $root) | nindent 2 -}} + {{- include "ix.v1.common.class.serivce.endpoints" (dict "svc" $svcValues "svcName" $svcName "root" $root) | nindent 0 -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/class/_serviceAccount.tpl b/library/common/templates/class/_serviceAccount.tpl new file mode 100644 index 00000000..ecbf279d --- /dev/null +++ b/library/common/templates/class/_serviceAccount.tpl @@ -0,0 +1,23 @@ +{{/* Template for a ServiceAccount object, can only be called by the spawner */}} +{{/* A serviceAccount object and "root" is passed from the spawner */}} +{{- define "ix.v1.common.class.serviceAccount" -}} + {{- $saValues := .serviceAccount -}} + {{- $root := .root -}} + + {{- $saName := include "ix.v1.common.names.serviceAccount" (dict "root" $root "saValues" $saValues) }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.serviceAccount.apiVersion" $root }} +kind: ServiceAccount +metadata: + name: {{ $saName }} + {{- $labels := (mustMerge ($saValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($saValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end -}} +{{- end }} diff --git a/library/common/templates/lib/certificate/_certGet.tpl b/library/common/templates/lib/certificate/_certGet.tpl new file mode 100644 index 00000000..6ac1caea --- /dev/null +++ b/library/common/templates/lib/certificate/_certGet.tpl @@ -0,0 +1,73 @@ +{{/* +When a cert is selected in the GUI, +middleware adds it as dict in ixCertificates. +This checks that the certID exists as a key/dict. + */}} +{{- define "ix.v1.common.certificate.exists" -}} + {{- $certID := .certID -}} + {{- $root := .root -}} + + {{- if hasKey $root.Values "ixCertificates" -}} + {{- if $root.Values.ixCertificates -}} + {{- hasKey $root.Values.ixCertificates (toString $certID) -}} + {{- else -}} + {{- fail "Key is empty" -}} + {{- end -}} + {{- else -}} + {{- fail "Key does not exist" -}} + {{- end -}} +{{- end -}} + +{{/* +Returns any key (based on the .key value) +Example keys (certificate, privatekey, expired, revoked) +*/}} +{{- define "ix.v1.common.certificate.get" -}} + {{- $cert := .cert -}} + {{- $root := .root -}} + {{- $key := .key -}} + {{- $certID := (toString $cert.id) -}} + {{- $useRevoked := $root.Values.global.defaults.useRevokedCerts -}} + {{- $useExpired := $root.Values.global.defaults.useExpiredCerts -}} + + {{- if not $key -}} {{/* This is something that should not happen when using this library */}} + {{- fail "You need to provide a when calling this template (certificate.get)" -}} + {{- end -}} {{/* It can only happen when consuing this function within this library */}} + + {{- if eq (include "ix.v1.common.certificate.exists" (dict "root" $root "certID" $certID)) "true" -}} + {{- $certificate := (get $root.Values.ixCertificates (toString $certID)) -}} + + {{- if (hasKey $cert "useRevoked") -}} + {{- $useRevoked = $cert.useRevoked -}} + {{- end -}} + + {{- if (hasKey $cert "useExpired") -}} + {{- $useExpired = $cert.useExpired -}} + {{- end -}} + + {{- if (hasKey $certificate "revoked") -}} + {{- if (eq (get $certificate "revoked") true) -}} + {{- if not $useRevoked -}} + {{- fail (printf "Certificate (%s) has been revoked" $certID) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $certificate "expired") -}} + {{- if (eq (get $certificate "expired") true) -}} + {{- if not $useExpired -}} + {{- fail (printf "Certificate (%s) is expired" $certID) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (hasKey $certificate $key) -}} + {{- get $certificate $key -}} + {{- else -}} {{/* This is something that should not happen when using this library */}} + {{- fail (printf "Key (%s) does not exist in certificate (%s)" $key $certID) -}} + {{- end -}} {{/* It can only happen when consuing this function within this library */}} + + {{- else -}} + {{- fail (printf "Certificate (%s) was not found." $certID) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/certificate/_certPersistence.tpl b/library/common/templates/lib/certificate/_certPersistence.tpl new file mode 100644 index 00000000..76587555 --- /dev/null +++ b/library/common/templates/lib/certificate/_certPersistence.tpl @@ -0,0 +1,37 @@ +{{- define "ix.v1.common.certificate.persistence" -}} + {{- $secretName := .secretName -}} + {{- $root := .root -}} + {{- $tlsKey := .tlsKey -}} + {{- $type := .type -}} + {{- $cert := .cert -}} + {{- $certID := .certID -}} + + {{/* Create the dict */}} + {{- $persistenceDict := (dict "enabled" true "type" "secret" "objectName" $secretName) -}} + + {{- $currCert := (get $cert $type) -}} + {{- if $currCert -}} + {{/* If cert is enabled */}} + {{- if $currCert.enabled -}} + {{/* And has a path... */}} + {{- if $currCert.path -}} + {{/* Append mountPath and subPath */}} + {{- $_ := set $persistenceDict "mountPath" (tpl $currCert.path $root) -}} + {{- $_ := set $persistenceDict "subPath" $tlsKey -}} + + {{/* Append readOnly if defined. Actual content validation will be done when volume(Mount) is created */}} + {{- if (hasKey $currCert "readOnly") -}} + {{- $_ := set $persistenceDict "readOnly" $currCert.readOnly -}} + {{- end -}} + + {{/* Append defaultMode. Actual content validation will be done when volume(Mount) is created */}} + {{- if (hasKey $currCert "defaultMode") -}} + {{- $_ := set $persistenceDict "defaultMode" $currCert.defaultMode -}} + {{- end -}} + + {{/* Append into persistence, so it will create the volume and volumeMount. randAlhaNum is to avoid dupes */}} + {{- $_ := set $root.Values.persistence (printf "ix-certificate-%s-%s-%s" $type $certID (randAlphaNum 5 | lower)) $persistenceDict -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/certificate/_certSecret.tpl b/library/common/templates/lib/certificate/_certSecret.tpl new file mode 100644 index 00000000..4b9efb39 --- /dev/null +++ b/library/common/templates/lib/certificate/_certSecret.tpl @@ -0,0 +1,27 @@ +{{- define "ix.v1.common.certificate.secret" -}} + {{- $name := .name -}} + {{- $cert := .cert -}} + {{- $root := .root -}} + {{- $tlsCrtKey := "tls.crt" -}} + {{- $tlsPrivateKey := "tls.key" -}} + + {{- if not (hasKey $cert "id") -}} {{/* This is something that should not happen when using this library */}} + {{- fail (printf "Certificate (%s) has no key" $cert.nameOverride) -}} + {{- end -}} {{/* It can only happen when consuing this function within this library */}} + {{- $certID := (toString $cert.id) -}} + + {{- if (include "ix.v1.common.certificate.exists" (dict "root" $root "certID" $certID)) -}} + {{/* Generate secret name here so we can pass it to persistenc */}} + {{- $secretName := include "ix.v1.common.names.certificateSecret" (dict "root" $root "certValues" $cert "certName" $name "certID" $certID) -}} + + {{- include "ix.v1.common.certificate.persistence" (dict "root" $root "secretName" $secretName "cert" $cert "certID" $certID "tlsKey" $tlsCrtKey "type" "cert") -}} + {{- include "ix.v1.common.certificate.persistence" (dict "root" $root "secretName" $secretName "cert" $cert "certID" $certID "tlsKey" $tlsPrivateKey "type" "key") -}} + + {{- $certData := dict -}} + {{- $_ := set $certData $tlsCrtKey (include "ix.v1.common.certificate.get" (dict "root" $root "cert" $cert "key" "certificate")) -}} + {{- $_ := set $certData $tlsPrivateKey (include "ix.v1.common.certificate.get" (dict "root" $root "cert" $cert "key" "privatekey")) -}} + + {{/* Create the Secret */}} + {{- include "ix.v1.common.class.secret" (dict "root" $root "secretName" $secretName "data" $certData "contentType" "certificate") -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_args.tpl b/library/common/templates/lib/container/_args.tpl new file mode 100644 index 00000000..fb714f29 --- /dev/null +++ b/library/common/templates/lib/container/_args.tpl @@ -0,0 +1,27 @@ +{{/* +A custom dict is expected with args, extraArgs and root. +It's designed to work for mainContainer AND initContainers. +Calling this from an initContainer, wouldn't work, as it would have a different "root" context, +and "tpl" on "$" would cause erors. +That's why the custom dict is expected. +*/}} +{{/* Args included by the container */}} +{{- define "ix.v1.common.container.args" -}} +{{- $args := .args -}} +{{- $extraArgs := .extraArgs -}} +{{- $root := .root -}} +{{- with $args -}} {{/* args usually defined while developing the chart */}} + {{- if kindIs "string" . -}} +- {{ tpl . $root }} + {{- else }} + {{- tpl (toYaml .) $root }} + {{- end }} +{{- end }} +{{- with $extraArgs }} {{/* extraArgs used in cases that users wants to APPEND to args */}} + {{- if kindIs "string" . }} +- {{ tpl . $root }} + {{- else }} + {{- tpl (toYaml .) $root | nindent 0 }} {{/* This nindent is here beacause... Well I've no idea why, but it works only with this here. Sorry */}} + {{- end }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/lib/container/_command.tpl b/library/common/templates/lib/container/_command.tpl new file mode 100644 index 00000000..0123e366 --- /dev/null +++ b/library/common/templates/lib/container/_command.tpl @@ -0,0 +1,19 @@ +{{/* +A custom dict is expected with commands and root. +It's designed to work for mainContainer AND initContainers. +Calling this from an initContainer, wouldn't work, as it would have a different "root" context, +and "tpl" on "$" would cause erors. +That's why the custom dict is expected. +*/}} +{{/* Command included by the container */}} +{{- define "ix.v1.common.container.command" -}} +{{- $commands := .commands -}} +{{- $root := .root -}} +{{- if $commands }} +{{- if kindIs "string" $commands -}} +- {{ tpl $commands $root }} +{{- else }} + {{- tpl (toYaml $commands) $root }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/library/common/templates/lib/container/_env_from.tpl b/library/common/templates/lib/container/_env_from.tpl new file mode 100644 index 00000000..7e8d7504 --- /dev/null +++ b/library/common/templates/lib/container/_env_from.tpl @@ -0,0 +1,33 @@ +{{/* +A custom dict is expected with envList and root. +It's designed to work for mainContainer AND initContainers. +Calling this from an initContainer, wouldn't work, as it would have a different "root" context, +and "tpl" on "$" would cause erors. +That's why the custom dict is expected. +*/}} + +{{/* Environment Variables From included by the container */}} +{{- define "ix.v1.common.container.envFrom" -}} + {{- $envFrom := .envFrom -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- range $envFrom -}} + {{- if and .secretRef .configMapRef -}} + {{- fail "You can't define both secretRef and configMapRef on the same item." -}} + {{- end -}} + {{- if .secretRef }} + {{- $secretName := (tpl (required "Name is required for secretRef in envFrom." .secretRef.name) $root) }} +- secretRef: + name: {{ $secretName | quote }} + {{- include "ix.v1.common.util.storeEnvFromVarsForCheck" (dict "root" $root "containerName" $containerName "source" (printf "%s-%s" "secret" $secretName)) -}} + {{- else if .configMapRef }} + {{- $configName := (tpl (required "Name is required for configMapRef in envFrom." .configMapRef.name) $root) }} +- configMapRef: + name: {{ $configName | quote }} + {{- include "ix.v1.common.util.storeEnvFromVarsForCheck" (dict "root" $root "containerName" $containerName "source" (printf "%s-%s" "configmap" $configName)) -}} + {{- else -}} + {{- fail "Not valid Ref or key is missing in envFrom." -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_env_vars.tpl b/library/common/templates/lib/container/_env_vars.tpl new file mode 100644 index 00000000..c759533f --- /dev/null +++ b/library/common/templates/lib/container/_env_vars.tpl @@ -0,0 +1,53 @@ +{{/* +A custom dict is expected with envs and root. +It's designed to work for mainContainer AND initContainers. +Calling this from an initContainer, wouldn't work, as it would have a different "root" context, +and "tpl" on "$" would cause erors. +That's why the custom dict is expected. +*/}} +{{/* Environment Variables included by the container */}} +{{- define "ix.v1.common.container.envVars" -}} + {{- $envs := .envs -}} + {{- $envList := .envList -}} + {{- $containerName := .containerName -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $injectFixedEnvs := .injectFixedEnvs -}} + {{- $secCont := .secCont -}} + {{- $secEnvs := .secEnvs -}} + {{- $scaleGPU := .scaleGPU -}} + {{- $nvidiaCaps := .nvidiaCaps -}} + {{- $root := .root -}} + {{- $fixedEnv := list -}} + + {{- $inject := $root.Values.global.defaults.injectFixedEnvs -}} + {{- if (mustHas (toString $injectFixedEnvs) (list "true" "false")) -}} + {{- $inject = $injectFixedEnvs -}} + {{- end -}} + + {{- if $inject -}} + {{- $fixedEnv = (include "ix.v1.common.container.fixedEnvs" (dict "root" $root + "fixedEnv" $fixedEnv + "containerName" $containerName + "isMainContainer" $isMainContainer + "scaleGPU" $scaleGPU + "nvidiaCaps" $nvidiaCaps + "secCont" $secCont + "secEnvs" $secEnvs)) -}} + {{- end -}} {{/* Finish fixedEnv */}} + {{- with $fixedEnv -}} + {{- range $fixedEnv | fromJsonArray }} {{/* "fromJsonArray" parses stringified output and convet to list */}} +- name: {{ .name | quote }} + value: {{ .value | quote }} + {{- end -}} + {{- end -}} + {{- include "ix.v1.common.container.env" (dict "envs" $envs + "root" $root + "fixedEnv" $fixedEnv + "containerName" $containerName) -}} + + {{- include "ix.v1.common.container.envList" (dict "envList" $envList + "envs" $envs + "root" $root + "fixedEnv" $fixedEnv + "containerName" $containerName) -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_images.tpl b/library/common/templates/lib/container/_images.tpl new file mode 100644 index 00000000..de890522 --- /dev/null +++ b/library/common/templates/lib/container/_images.tpl @@ -0,0 +1,52 @@ +{{/* Return the proper image name */}} +{{- define "ix.v1.common.images.image" -}} + {{- $repo := (required "Image is required" .imageRoot.repository) -}} + {{- $tag := ((required "Image is required" .imageRoot.tag) | toString) -}} + {{- printf "%s:%s" $repo $tag -}} +{{- end -}} + +{{- define "ix.v1.common.images.selector" -}} + {{- $root := .root -}} + {{- $selectedImage := .selectedImage -}} + + {{- if not $selectedImage -}} + {{- $selectedImage = "image" -}} + {{- end -}} + + {{- $image := "" -}} + + {{- if hasKey $root.Values $selectedImage -}} + {{- $image = get $root.Values $selectedImage -}} + {{- else if $selectedImage -}} {{/* If selectedImage does not exist in Values */}} + {{- fail (printf "Selected image (%s) does not exist in values" $selectedImage) -}} + {{- end -}} + {{- include "ix.v1.common.images.image" (dict "imageRoot" $image) -}} +{{- end -}} + +{{- define "ix.v1.common.images.pullPolicy" -}} + {{- $root := .root -}} + {{- $selectedImage := .selectedImage -}} + + {{- if not $selectedImage -}} + {{- $selectedImage = "image" -}} + {{- end -}} + + {{- $pullPolicy := "IfNotPresent" -}} + {{- $image := "" -}} + + {{- if hasKey $root.Values $selectedImage -}} + {{- $image = get $root.Values $selectedImage -}} + {{- else if $selectedImage -}} {{/* If selectedImage does not exist in Values */}} + {{- fail (printf "Selected image (%s) does not exist in values" $selectedImage) -}} + {{- end -}} + + {{- with $image -}} + {{- with .pullPolicy -}} + {{- if not (mustHas . (list "IfNotPresent" "Always" "Never")) -}} + {{- fail (printf "Invalid option (%s). Valid options are IfNotPresent, Always, Never" .) -}} + {{- end -}} + {{- $pullPolicy = . -}} + {{- end -}} + {{- end -}} + {{- print $pullPolicy -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_lifecycle.tpl b/library/common/templates/lib/container/_lifecycle.tpl new file mode 100644 index 00000000..4857f8f5 --- /dev/null +++ b/library/common/templates/lib/container/_lifecycle.tpl @@ -0,0 +1,33 @@ +{{/* Returns the lifecycle for the container */}} +{{- define "ix.v1.common.container.lifecycle" -}} + {{- $root := .root -}} + {{- $lifecycle := .lifecycle -}} + + {{- with $lifecycle -}} + {{- range $k, $v := . -}} + {{- if not (mustHas $k (list "preStop" "postStart")) -}} + {{- fail (printf "Invalid key (%s) in lifecycle. Valid keys are preStop and postStart" $k) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if (hasKey $lifecycle "preStop") -}} + {{- with $lifecycle.preStop.command }} + {{- print "preStop:" | nindent 0 }} + {{- print "exec:" | nindent 2 }} + {{- print "command:" | nindent 4 }} + {{- include "ix.v1.common.container.command" (dict "commands" . "root" $root) | trim | nindent 6 }} + {{- else -}} + {{- fail "No commands were given for preStop lifecycle hook" -}} + {{- end -}} + {{- end -}} + {{- if (hasKey $lifecycle "postStart") -}} + {{- with $lifecycle.postStart.command }} + {{- print "postStart:" | nindent 0 }} + {{- print "exec:" | nindent 2 }} + {{- print "command:" | nindent 4 }} + {{- include "ix.v1.common.container.command" (dict "commands" . "root" $root) | trim | nindent 6 }} + {{- else -}} + {{- fail "No commands were given for postStart lifecycle hook" -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_ports.tpl b/library/common/templates/lib/container/_ports.tpl new file mode 100644 index 00000000..a717e318 --- /dev/null +++ b/library/common/templates/lib/container/_ports.tpl @@ -0,0 +1,90 @@ +{{/* +If no targetPort is given, default to port. +This is for cases where port (that container listens) +can be dynamically configured via an env var. +*/}} +{{/* Ports included by the container. */}} +{{- define "ix.v1.common.container.ports" -}} + {{- $root := .root -}} + {{- $services := .services -}} + {{- $defaultPortProtocol := $root.Values.global.defaults.portProtocol -}} + {{- $ports := list -}} + + {{- range $svcName, $svc := $services -}} + {{- if $svc.enabled -}} + {{- if not $svc.ports -}} + {{- fail (printf "At least one port is required in an enabled service (%s)" $svcName) -}} + {{- end -}} + {{- range $name, $port := $svc.ports -}} + {{- $_ := set $port "name" $name -}} + {{- $ports = mustAppend $ports $port -}} + {{- end -}} + {{- end -}} + {{- end -}} + +{{/* Render the list of ports */}} + {{- if $ports -}} + {{- range $ports -}} + {{- if .enabled -}} + {{- if not .port -}} + {{- fail (printf "Port is required on enabled services. Service (%s)" .name) -}} + {{- end -}} + {{- if and .targetPort (kindIs "string" .targetPort) -}} + {{- fail (printf "This common library does not support named ports for targetPort. port name (%s), targetPort (%s)" .name .targetPort) -}} + {{- end -}} + {{- $protocol := $defaultPortProtocol -}} + {{- with .protocol -}} + {{- if mustHas . (list "HTTP" "HTTPS" "TCP") -}} + {{- $protocol = "TCP" -}} + {{- else if (eq . "UDP") -}} + {{- $protocol = "UDP" -}} + {{- else -}} + {{- fail (printf "Not valid (%s)" .) -}} + {{- end -}} + {{- end }} +- name: {{ tpl .name $root }} + containerPort: {{ default .port .targetPort }} + protocol: {{ $protocol }} + {{- with .hostPort }} + hostPort: {{ . }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* This is called by init/install/upgrade/additional containers only */}} +{{- define "ix.v1.common.container.extraContainerPorts" -}} + {{- $containerName := .containerName -}} + {{- $ports := .ports -}} + {{- $root := .root -}} + + {{- range $port := $ports -}} + {{- if not $port.name -}} + {{- fail (printf " is required in all in (%s) container." $containerName) -}} + {{- end -}} + {{- if not $port.protocol -}} + {{- $_ := set $port "protocol" "TCP" -}} + {{- end -}} + {{- if not (mustHas $port.protocol (list "TCP" "UDP")) -}} + {{- fail (printf "Invalid (%s) in port (%s) in (%s) container. Valid protocols are TCP and UDP." $port.protocol $port.name $containerName) -}} + {{- end -}} + {{- if not $port.containerPort -}} + {{- fail (printf " is required in port (%s) in (%s) container." $port.name $containerName) -}} + {{- end -}} + {{- if not (mustHas (kindOf $port.containerPort) (list "int" "float64")) -}} + {{- fail (printf "Invalid (%s) in port (%s) in (%s) container. Must be an int." $port.containerPort $port.name $containerName) -}} + {{- end -}} + {{- if $port.hostPort -}} + {{- if not (mustHas (kindOf $port.hostPort) (list "int" "float64")) -}} + {{- fail (printf "Invalid (%s) in port (%s) in (%s) container. Must be an int." $port.hostPort $port.name $containerName) -}} + {{- end -}} + {{- end }} +- name: {{ tpl $port.name $root }} + containerPort: {{ $port.containerPort }} + protocol: {{ $port.protocol }} + {{- with $port.hostPort }} + hostPort: {{ . }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_probes.tpl b/library/common/templates/lib/container/_probes.tpl new file mode 100644 index 00000000..f5164692 --- /dev/null +++ b/library/common/templates/lib/container/_probes.tpl @@ -0,0 +1,112 @@ +{{/* Probes selection logic included by the container. */}} +{{- define "ix.v1.common.container.probes" -}} + {{- $root := .root -}} + {{- $probes := .probes -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $services := .services -}} {{/* Only passed from main container, not init/install/upgrade/additional */}} + {{- $containerName := .containerName -}} + + {{- $defaultProbeType := $root.Values.global.defaults.probeType -}} + {{- $defaultProbePath := $root.Values.global.defaults.probePath -}} + {{- $defaultPortProtocol := $root.Values.global.defaults.portProtocol -}} + + {{- $primaryPort := "" -}} + {{- if and $isMainContainer $services -}} {{/* If no services exist don't try to guess a port, but do only in main container */}} + {{/* Get the name of the primary service, if any */}} + {{- $primarySeriviceName := (include "ix.v1.common.lib.util.service.primary" (dict "services" $services "root" $root)) -}} + {{/* Get service values of the primary service, if any */}} + {{- $primaryService := get $root.Values.service $primarySeriviceName -}} + + {{- if $primaryService -}} + {{/* Get primaryPort, if any */}} + {{- $primaryPort = get $primaryService.ports (include "ix.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primarySeriviceName)) -}} + {{- end -}} + {{- end -}} + + {{- range $probeName, $probe := $probes -}} + {{- if not (mustHas $probeName (list "liveness" "readiness" "startup")) -}} + {{- fail (printf "Invalid probe name (%s) in (%s) container. Valid options are (liveness, readiness, startup)" $probeName $containerName) -}} + {{- end -}} + + {{- if $probe.enabled -}} + {{/* Initialize probe type to the default */}} + {{- $probeType := $defaultProbeType -}} + + {{/* If type defined, use this */}} + {{- if $probe.type -}} + {{- $probeType = $probe.type -}} + {{- end -}} + + {{- if and (or (not $services) (not $primaryPort)) (eq $probeType "auto") -}} + {{- fail (printf " probe type in probe (%s) in (%s) container, is only supported for the main container and only if there is at least 1 port enabled" $probeName $containerName) -}} + {{- end -}} + + {{- if not (mustHas $probeType (list "tcp" "http" "https" "grpc" "exec" "custom" "auto")) -}} + {{- fail (printf "Invalid probe type (%s) on probe (%s) in (%s) container. Valid types are tcp, http, https, grpc, exec, auto" $probe.type $probeName $containerName) -}} + {{- end -}} + + {{/* Get the probeType from primaryPort protocol */}} + {{- if eq $probeType "auto" -}} + {{- with $primaryPort -}} + {{- with $primaryPort.protocol -}} + {{- if eq . "HTTPS" -}} + {{- $probeType = "https" -}} + {{- else if eq . "HTTP" -}} + {{- $probeType = "http" -}} + {{- else if eq . "TCP" -}} + {{- $probeType = "tcp" -}} + {{- else if eq . "UDP" -}} {{/* This will fail shortly after by another check */}} + {{- $probeType = "udp" -}} {{/* It's mainly to have probeType have a value */}} + {{- end -}} + {{- else -}} {{/* If no protcol is given, failback to defaultPortProtocol */}} + {{- $probeType = $defaultPortProtocol -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $probePort := "" -}} + {{- if $primaryPort -}} + {{/* If targetPort is defined to primaryPort use this */}} + {{- if $primaryPort.targetPort -}} + {{- $probePort = $primaryPort.targetPort -}} + {{/* Else If port is defined to primaryPort use this */}} + {{- else if $primaryPort.port -}} + {{- $probePort = $primaryPort.port -}} + {{- end -}} + {{- end -}} + {{/* If a port is set on probe, use this always */}} + {{- if $probe.port -}} + {{- $probePort = (tpl ($probe.port | toString) $root) -}} + {{- end -}} + + {{- $tmpProbe := dict -}}{{/* Prepare a temp Probe to pass in the probe definition function */}} + {{- $_ := set $tmpProbe "name" $probeName -}} + {{- $_ := set $tmpProbe "spec" $probe.spec -}} + {{- $_ := set $tmpProbe "type" $probeType -}} + {{- $_ := set $tmpProbe "port" $probePort -}} + + {{ printf "%sProbe:" $probeName | nindent 0 }} + {{- if mustHas $probeType (list "https" "http") -}} + {{- if $probe.path -}} + {{- $_ := set $tmpProbe "path" $probe.path -}} + {{- else -}} + {{- $_ := set $tmpProbe "path" $defaultProbePath -}} + {{- end -}} + {{- $_ := set $tmpProbe "httpHeaders" $probe.httpHeaders -}} + {{- include "ix.v1.common.container.probes.httpGet" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- else if (eq $probeType "tcp") -}} + {{- include "ix.v1.common.container.probes.tcp" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- else if (eq $probeType "grpc") -}} + {{- include "ix.v1.common.container.probes.grpc" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- else if (eq $probeType "exec") -}} + {{- $_ := set $tmpProbe "command" $probe.command -}} + {{- include "ix.v1.common.container.probes.exec" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- else if (eq $probeType "custom") -}} + {{- include "ix.v1.common.container.probes.custom" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- else if (eq $probeType "udp") -}} {{/* This just contains a fail message. */}} + {{- include "ix.v1.common.container.probes.udp" (dict "probe" $tmpProbe "root" $root "containerName" $containerName) | trim | nindent 2 }} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_resources.tpl b/library/common/templates/lib/container/_resources.tpl new file mode 100644 index 00000000..39f5eda1 --- /dev/null +++ b/library/common/templates/lib/container/_resources.tpl @@ -0,0 +1,109 @@ +{{/* Returns the resources for the container */}} +{{- define "ix.v1.common.container.resources" -}} + {{- $resources := .resources -}} + {{- $gpu := .gpu -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $root := .root -}} + + {{- if and (hasKey $resources "inherit") $isMainContainer -}} + {{- fail " key is only available for additional/init/install/upgrade containers." -}} + {{- end -}} + + {{/* Get defaults from global */}} + {{- $defautlResources := $root.Values.global.defaults.resources -}} + {{- $newResources := (mustDeepCopy $defautlResources) -}} + + {{- if and $resources.inherit (not $isMainContainer) -}} {{/* if inherit is set, overwrite defaults with values from mainContainer */}} + {{- if (hasKey $root.Values "resources") -}} + {{- $newResources = mustMergeOverwrite $newResources $root.Values.resources -}} + {{- end -}} + {{- end -}} + + {{/* Overwrite from values that user/dev passed on this container */}} + {{- $newResources = mustMergeOverwrite $newResources $resources -}} + + {{/* Validate Values */}} + {{- include "ix.v1.common.lib.resources.validate" (dict "key" "cpu" + "object" "requests" + "required" true + "value" $newResources.requests.cpu) -}} + {{- include "ix.v1.common.lib.resources.validate" (dict "key" "memory" + "object" "requests" + "required" true + "value" $newResources.requests.memory) -}} + {{- include "ix.v1.common.lib.resources.validate" (dict "key" "cpu" + "object" "limits" + "required" false + "value" $newResources.limits.cpu) -}} + {{- include "ix.v1.common.lib.resources.validate" (dict "key" "memory" + "object" "limits" + "required" false + "value" $newResources.limits.memory) -}} + + {{- with (include "ix.v1.common.container.resources.cpuAndMemory" (dict "cpu" $newResources.requests.cpu "memory" $newResources.requests.memory)) }} +requests: + {{- . | indent 2 -}} + {{- end -}} + {{- if or $newResources.limits.cpu $newResources.limits.memory $gpu }} +limits: + {{- include "ix.v1.common.container.resources.cpuAndMemory" (dict "cpu" $newResources.limits.cpu "memory" $newResources.limits.memory) | indent 2 -}} + {{- include "ix.v1.common.container.resources.gpu" (dict "gpu" $gpu) | indent 2 -}} + {{- end -}} +{{- end -}} + +{{/* Returns CPU and Memory if applicable */}} +{{- define "ix.v1.common.container.resources.cpuAndMemory" -}} + {{- $cpu := .cpu -}} + {{- $memory := .memory -}} + + {{- with $cpu }} +cpu: {{ . }} + {{- end -}} + {{- with $memory }} +memory: {{ . }} + {{- end -}} +{{- end -}} + +{{/* Returns GPU if applicable */}} +{{- define "ix.v1.common.container.resources.gpu" -}} + {{- $gpu := .gpu -}} + + {{- range $k, $v := $gpu -}} + {{- if not $v -}} + {{- fail (printf "Value is not provided for GPU ( %s)" $k) -}} + {{- else }} + {{- $k | nindent 0 }}: {{ $v | quote }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Validates resources to match a pattern */}} +{{- define "ix.v1.common.lib.resources.validate" -}} + {{- $key := .key -}} + {{- $object := .object -}} + {{- $value := .value -}} + {{- $required := .required -}} + + {{- if $required -}} {{/* If requred and it's empty fail (requests are requried) */}} + {{- if kindIs "invalid" $value -}} + {{- fail (printf " cannot be empty." $object $key) -}} + {{- end -}} + {{- end -}} + + {{/* If it's not null validate input */}} + {{- if not (kindIs "invalid" $value) -}} {{/* Limits can be null, means "no limit" */}} + {{- if eq $key "cpu" -}} + {{/* https://regex101.com/r/D4HouI/1 */}} + {{- if not (mustRegexMatch "^(0\\.[1-9]|[1-9][0-9]*)(\\.[0-9]|m?)$" (toString $value)) -}} + {{- fail (printf " has invalid format in value (%v). Valid formats are (Plain Integer eg. 1) (Float eg. 0.5) (Milicpu 500m)." $object $key $value) -}} + {{- end -}} + + {{- else if eq $key "memory" -}} + {{/* https://regex101.com/r/NNPV2D/1 */}} + {{- if not (mustRegexMatch "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" (toString $value)) -}} + {{- fail (printf " has invalid format in value (%v). Valid formats are (Suffixed with EPTGMK eg. 1G) (Suffixed with EPTGMK + i eg. 1Gi) (Plain integer (in bytes) eg. 1024) (Exponent eg. 134e6)." $object $key $value) -}} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/library/common/templates/lib/container/_security.tpl b/library/common/templates/lib/container/_security.tpl new file mode 100644 index 00000000..3a60dbc0 --- /dev/null +++ b/library/common/templates/lib/container/_security.tpl @@ -0,0 +1,237 @@ +{{/* +Bellow function calculates security values, based on defaults, +inherit or not, or overrides. +This function is used if few places, on each place it only requires +a subset of the actual output. Depending on the input (secCont, podSecCont, secEnvs), +it returns an object with the calculated values and default values for the rest. +The reason is not splitted, is that on one of the places needs a combo of all values calculated. +*/}} +{{- define "ix.v1.common.lib.securityContext" -}} + {{- $root := .root -}} + {{- $secCont := .secCont -}} + {{- $deviceList := .deviceList -}} + {{- $ports := .ports -}} + {{- $isMainContainer := .isMainContainer -}} + + {{/* Initialiaze Values */}} + {{- $defaultSecCont := $root.Values.global.defaults.securityContext -}} + {{- $returnValue := (mustDeepCopy $defaultSecCont) -}} + + {{- if and (hasKey $secCont "inherit") $isMainContainer -}} + {{- fail " key is only available for additional/init/install/upgrade containers." -}} + {{- end -}} + + {{- if and $secCont.inherit (not $isMainContainer) -}} {{/* if inherit is set, overwrite values from mainContainer */}} + {{- if (hasKey $root.Values "securityContext") -}} + {{- $returnValue = mustMergeOverwrite $returnValue $root.Values.securityContext -}} + {{- end -}} + {{- end -}} + + {{/* Overwrite from values that user/dev passed on this container */}} + {{- if $secCont -}} {{/* If secCont is empty don't try to merge */}} + {{- $returnValue = mustMergeOverwrite $returnValue $secCont -}} + {{- end -}} + + {{- $isPrivilegedPort := false -}} + + {{- if $isMainContainer -}} + {{- range $svcName, $svc := $root.Values.service -}} + {{- if $svc.enabled -}} + {{- range $portName, $port := $svc.ports -}} + {{- if $port.enabled -}} {{/* We failback to port if no targetPort is given */}} + {{- $portNumber := ($port.targetPort | default $port.port) -}} + {{- if le (int $portNumber) 1024 -}} + {{- $isPrivilegedPort = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $port := $ports -}} + {{- if le (int $port.containerPort) 1024 -}} + {{- $isPrivilegedPort = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* If at least on port is the specific container uses a port <=1024, add the NET_BIND_SERVICE capability */}} + {{- if $isPrivilegedPort -}} + {{- $_ := set $returnValue.capabilities "add" (mustAppend $returnValue.capabilities.add "NET_BIND_SERVICE") -}} + {{- end -}} + + {{/* Devices need privileged container */}} + {{- if $deviceList -}} {{/* TODO: Check if devices actually need privileged */}} + {{- $_ := set $returnValue "privileged" true -}} + {{- $_ := set $returnValue "allowPrivilegeEscalation" true -}} + {{- end -}} + + {{/* Validate values, as mergeOverwrite also passes null values */}} + {{- if not (kindIs "bool" $returnValue.runAsNonRoot) -}} + {{- fail (printf " key has value (%v). But it must be boolean." $returnValue.runAsNonRoot) -}} + {{- end -}} + + {{- if not (kindIs "bool" $returnValue.readOnlyRootFilesystem) -}} + {{- fail (printf " key has value (%v). But it must be boolean." $returnValue.readOnlyRootFilesystem) -}} + {{- end -}} + + {{- if not (kindIs "bool" $returnValue.allowPrivilegeEscalation) -}} + {{- fail (printf " key has value (%v). But it must be boolean." $returnValue.allowPrivilegeEscalation) -}} + {{- end -}} + + {{- if not (kindIs "bool" $returnValue.privileged) -}} + {{- fail (printf " key has value (%v). But it must be boolean." $returnValue.privileged) -}} + {{- end -}} + + {{- if kindIs "invalid" $returnValue.runAsUser -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%v) to take effect." $defaultSecCont.runAsUser) -}} + {{- else if not (mustHas (kindOf $returnValue.runAsUser) (list "int" "float64")) -}} + {{- fail (printf " key has value of (%q). But must be an int." $returnValue.runAsUser) -}} + {{- end -}} + + {{- if kindIs "invalid" $returnValue.runAsGroup -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%v) to take effect." $defaultSecCont.runAsGroup) -}} + {{- else if not (mustHas (kindOf $returnValue.runAsGroup) (list "int" "float64")) -}} + {{- fail (printf " key has value of (%q). But must be an int." $returnValue.runAsGroup) -}} + {{- end -}} + + {{- if not (kindIs "slice" $returnValue.capabilities.add) -}} + {{- fail (printf " key has value (%v). But it must be a list. Set a list value or remove the key for the default (%v) to take effect." $returnValue.capabilities.add $defaultSecCont.capabilities.add) -}} + {{- end -}} + + {{- if not (kindIs "slice" $returnValue.capabilities.drop) -}} + {{- fail (printf " key has value (%v). But it must be a list. Set a list value or remove the key for the default (%v) to take effect." $returnValue.capabilities.drop $defaultSecCont.capabilities.drop) -}} + {{- end -}} + + {{- $returnValue | toJson -}} +{{- end -}} + +{{- define "ix.v1.common.lib.podSecurityContext" -}} + {{- $root := .root -}} + {{- $isJob := .isJob -}} + {{- $podSecCont := .podSecCont -}} + + {{/* Initialiaze Values */}} + {{- $defaultPodSecCont := $root.Values.global.defaults.podSecurityContext -}} + {{- $returnValue := (mustDeepCopy $defaultPodSecCont) -}} + + {{/* Overwrite from values that user/dev passed */}} + {{- $returnValue = mustMergeOverwrite $returnValue $podSecCont -}} + + {{- $appendGPUGroup := false -}} + {{- $appendDeviceGroups := false -}} + + {{- if $root.Values.scaleGPU -}} + {{- $appendGPUGroup = true -}} + {{- end -}} + + {{- if $root.Values.deviceList -}} + {{- $appendDeviceGroups = true -}} + {{- end -}} + + {{/* If at least one of those is not true, lets make sure it's not needed by any other container */}} + {{- if or (not $appendDeviceGroups) (not $appendGPUGroup) -}} + {{- if not $isJob -}} + {{- range $key := (list "initContainers" "systemContainers" "installContainers" "upgradeContainers" "additionalContainers") -}} + {{/* If they have containers defined... */}} + {{- if (get $root.Values $key) -}} + + {{/* Go over the containers */}} + {{- range $containerName, $container := (get $root.Values $key) -}} + {{/* If at least 1 container has deviceList... */}} + {{- if hasKey $container "deviceList" -}} + {{- if $container.deviceList -}} + {{- $appendDeviceGroups = true -}} + {{- end -}} + {{- end -}} + {{/* If at least 1 container has GPU... */}} + {{- if hasKey $container "scaleGPU" -}} + {{- if $container.scaleGPU -}} + {{- $appendGPUGroup = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $jobName, $job := $root.Values.jobs -}} + {{- if $job.enabled -}} + {{- range $name, $container := $job.podSpec.containers -}} + {{/* If at least 1 container has deviceList... */}} + {{- if hasKey $container "deviceList" -}} + {{- if $container.deviceList -}} + {{- $appendDeviceGroups = true -}} + {{- end -}} + {{- end -}} + {{/* If at least 1 container has GPU... */}} + {{- if hasKey $container "scaleGPU" -}} + {{- if $container.scaleGPU -}} + {{- $appendGPUGroup = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $appendDeviceGroups -}} + {{/* Append the "tty" Group */}} {{/* TODO: Check groups */}} + {{- $_ := set $returnValue "supplementalGroups" (mustAppend $returnValue.supplementalGroups 5) -}} + {{/* Append the "uucp" Group (used for USB/TTY/RS232) */}} + {{- $_ := set $returnValue "supplementalGroups" (mustAppend $returnValue.supplementalGroups 10) -}} + {{/* Append the "dialout" Group */}} + {{- $_ := set $returnValue "supplementalGroups" (mustAppend $returnValue.supplementalGroups 20) -}} + {{/* Append "cdrom" Group */}} + {{- $_ := set $returnValue "supplementalGroups" (mustAppend $returnValue.supplementalGroups 24) -}} + {{- end -}} + + {{- if $appendGPUGroup -}} + {{/* Append "video" Group */}} + {{- $_ := set $returnValue "supplementalGroups" (mustAppend $returnValue.supplementalGroups 44) -}} + {{- end -}} + + {{/* Validate values, as mergeOverwrite also passes null values */}} + {{- if (kindIs "invalid" $returnValue.fsGroup) -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%v) to take effect." $defaultPodSecCont.fsGroup) -}} + {{- else if not (mustHas (kindOf $returnValue.fsGroup) (list "int" "float64")) -}} + {{- fail (printf " key has value of (%q). But must be an int." $returnValue.fsGroup) -}} + {{- end -}} + + {{- if not $returnValue.fsGroupChangePolicy -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%s) to take effect." $defaultPodSecCont.fsGroupChangePolicy) -}} + {{- end -}} + + {{- if not (kindIs "slice" $returnValue.supplementalGroups) -}} + {{- fail (printf " key has a value (%v). But it must be a list. Set a list value or remove the key for the default (%v) to take effect." $returnValue.supplementalGroups $defaultPodSecCont.supplementalGroups) -}} + {{- end -}} + + {{- $returnValue | toJson -}} +{{- end -}} + +{{- define "ix.v1.common.lib.securityEnvs" -}} + {{- $root := .root -}} + {{- $secEnvs := .secEnvs -}} + + {{/* Initialiaze Values */}} + {{- $defaultSecEnvs := $root.Values.global.defaults.security -}} + {{- $returnValue := (mustDeepCopy $defaultSecEnvs) -}} + + {{/* Overwrite from values that user/dev passed */}} + {{- $returnValue = mustMergeOverwrite $returnValue $secEnvs -}} + + {{/* Validate values, as mergeOverwrite also passes null values */}} + {{- if not $returnValue.UMASK -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%v) to take effect." $defaultSecEnvs.UMASK) -}} + {{- else if not (kindIs "string" $returnValue.UMASK) -}} + {{- fail (printf " key must be a string, so the format is kept intact.") -}} + {{- end -}} + + {{- if kindIs "invalid" $returnValue.PUID -}} + {{- fail (printf " key cannot be empty. Set a value or remove the key for the default (%v) to take effect." $defaultSecEnvs.PUID) -}} + {{- else if not (mustHas (kindOf $returnValue.PUID) (list "int" "float64")) -}} + {{- fail (printf " key has value of (%q). But must be an int." $returnValue.PUID) -}} + {{- end -}} + + {{- $returnValue | toJson -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_securityContext.tpl b/library/common/templates/lib/container/_securityContext.tpl new file mode 100644 index 00000000..9e9f6680 --- /dev/null +++ b/library/common/templates/lib/container/_securityContext.tpl @@ -0,0 +1,46 @@ +{{/* Security Context included by the container */}} +{{- define "ix.v1.common.container.securityContext" -}} + {{- $secCont := .secCont -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $deviceList := .deviceList -}} + {{- $scaleGPU := .scaleGPU -}} + {{- $ports := .ports -}} + {{- $root := .root -}} + + {{/* Calculate all security values */}} + {{- $security := (include "ix.v1.common.lib.securityContext" (dict "root" $root + "secCont" $secCont + "deviceList" $deviceList + "isMainContainer" $isMainContainer + "ports" $ports) | fromJson) -}} + + {{/* Only run as root if it's explicitly defined */}} + {{- if or (eq (int $security.runAsUser) 0) (eq (int $security.runAsGroup) 0) -}} + {{- if $security.runAsNonRoot -}} + {{- fail (printf "You are trying to run as root (user or group), but runAsNonRoot is set to %v" $security.runAsNonRoot) -}} + {{- end -}} + {{- end }} +runAsNonRoot: {{ $security.runAsNonRoot }} +runAsUser: {{ $security.runAsUser }} +runAsGroup: {{ $security.runAsGroup }} +readOnlyRootFilesystem: {{ $security.readOnlyRootFilesystem }} +allowPrivilegeEscalation: {{ $security.allowPrivilegeEscalation }} +privileged: {{ $security.privileged }} +capabilities: + {{- with $security.capabilities.add }} + add: + {{- range . }} + - {{ tpl . $root | quote }} + {{- end -}} + {{- else }} + add: [] + {{- end -}} + {{- with $security.capabilities.drop }} + drop: + {{- range . }} + - {{ tpl . $root | quote }} + {{- end -}} + {{- else }} + drop: [] + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_termination.tpl b/library/common/templates/lib/container/_termination.tpl new file mode 100644 index 00000000..b75fbef4 --- /dev/null +++ b/library/common/templates/lib/container/_termination.tpl @@ -0,0 +1,26 @@ +{{/* Returns the terminationMessagePath for the container */}} +{{- define "ix.v1.common.container.termination.messagePath" -}} + {{- $msgPath := .msgPath -}} + {{- $root := .root -}} + {{- if $msgPath -}} + {{- tpl $msgPath $root -}} + {{- end -}} +{{- end -}} + +{{/* Returns the terminationMessagePolicy for the container */}} +{{- define "ix.v1.common.container.termination.messagePolicy" -}} + {{- $msgPolicy := .msgPolicy -}} + {{- $root := .root -}} + + {{- $policy := "" -}} + {{- if $msgPolicy -}} + {{- $policy = (tpl $msgPolicy $root) -}} + {{- end -}} + + {{- with $policy -}} + {{- if not (mustHas . (list "File" "FallbackToLogsOnError")) }} + {{- fail (printf "Not valid option for messagePolicy (%s). Valid options are FallbackToLogsOnError and File" $policy) -}} + {{- end }} + {{- $policy }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/_volumeMounts.tpl b/library/common/templates/lib/container/_volumeMounts.tpl new file mode 100644 index 00000000..fbb88e0d --- /dev/null +++ b/library/common/templates/lib/container/_volumeMounts.tpl @@ -0,0 +1,128 @@ +{{/* Volume Mounts included by the container. */}} +{{- define "ix.v1.common.container.volumeMounts" -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $root := .root -}} + {{- $extraContainerVolMounts := .extraContainerVolMounts -}} + + {{- if $isMainContainer -}} + {{- range $name, $item := $root.Values.persistence -}} + {{- if $item.enabled -}} + {{- if not $item.noMount -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $name) | nindent 0 -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* TODO: write tests when statefulset is ready */}} + {{- if eq $root.Values.controller.type "statefulset" -}} + {{- range $index, $vct := $root.Values.volumeClaimTemplates -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $vct + "name" (toString $index)) | nindent 0 -}} + {{- end -}} + {{- end -}} + {{- else if not $isMainContainer -}} + {{/* Create a list of volume names, so we can run checks against it */}} + {{- $volNames := list -}} + {{- range $name, $item := $root.Values.persistence -}} + {{- $volNames = mustAppend $volNames $name -}} + {{- end -}} + + {{/* Create a list of extraContainerVolMounts names, so we can run checks against it */}} + {{- $extraContainerVolNames := list -}} + {{- range $index, $item := $extraContainerVolMounts -}} + {{- if $item.name -}} + {{- $extraContainerVolNames = mustAppend $extraContainerVolNames $item.name -}} + {{- end -}} + {{- end -}} + + {{- range $index, $volMount := $extraContainerVolMounts -}} + {{- if hasKey $volMount "inherit" -}} {{/* If has Key "inherit" */}} + {{- if eq $volMount.inherit "all" -}} {{/* Inherit all volumeMounts */}} + {{- range $name, $item := $root.Values.persistence -}} + {{- if $item.enabled -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $name) | indent 0 -}} + {{- if (mustHas $name $extraContainerVolNames) -}} {{/* Remove it from the volNames so it does not get re-added */}} + {{- $extraContainerVolNames = mustWithout $extraContainerVolNames $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- else if eq $volMount.inherit "skipNoMount" -}} {{/* Inherit all volumeMounts but skip the "noMount" volumeMounts */}} + {{- range $name, $item := $root.Values.persistence -}} + {{- if $item.enabled -}} + {{- if not $item.noMount -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $name) | indent 0 -}} + + {{- if (mustHas $name $extraContainerVolNames) -}} {{/* Remove it from the volNames so it does not get re-added */}} + {{- $extraContainerVolNames = mustWithout $extraContainerVolNames $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}}{{/* Here we can add other inherit cases */}} + {{- else -}} + {{- if not $volMount.name -}} + {{- fail " is required in volumeMounts in init/system/install/upgrade/additional containers." -}} + {{- end -}} + + {{- if mustHas $volMount.name $extraContainerVolNames -}} + + {{- if not (mustHas $volMount.name $volNames) -}} + {{- fail (printf "You are trying to mount a volume that does not exist (%s). Please define the volume in ." $volMount.name) -}} + {{- end -}} + + {{- $item := dict -}} + + {{- $_ := set $item "mountPath" $volMount.mountPath -}} + {{- if hasKey $volMount "subPath" -}} + {{- $_ := set $item "subPath" $volMount.subPath -}} + {{- end -}} + {{- if hasKey $volMount "mountPropagation" -}} + {{- $_ := set $item "mountPropagation" $volMount.mountPropagation -}} + {{- end -}} + {{- if hasKey $volMount "readOnly" -}} + {{- $_ := set $item "readOnly" $volMount.readOnly -}} + {{- end -}} + + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $volMount.name) | indent 0 -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "ix.v1.common.container.volumeMount" -}} + {{- $root := .root -}} + {{- $item := .item -}} + {{- $name := .name -}} + {{- if not $item.mountPath -}} {{/* Make sure that we have a mountPath */}} + {{- fail " must be defined, alternatively use the flag." -}} + {{- end -}} + {{- $mountPath := (tpl $item.mountPath $root) -}} + {{- if not (hasPrefix "/" $mountPath) -}} + {{- fail (printf "Mount path (%s), must start with a forward slash -> / <-" $mountPath) -}} + {{- end }} +- name: {{ tpl $name $root }} + mountPath: {{ $mountPath }} + {{- with $item.subPath }} + subPath: {{ tpl . $root }} + {{- end -}} + {{- if (hasKey $item "readOnly") -}} + {{- if or (eq $item.readOnly true) (eq $item.readOnly false) }} + readOnly: {{ $item.readOnly }} + {{- else -}} + {{- fail (printf " cannot be empty on item (%s)" $name) -}} + {{- end -}} + {{- end -}} + {{- with $item.mountPropagation }} + mountPropagation: {{ tpl . $root }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/env/_checkDuplicates.tpl b/library/common/templates/lib/container/env/_checkDuplicates.tpl new file mode 100644 index 00000000..5e1fd8e3 --- /dev/null +++ b/library/common/templates/lib/container/env/_checkDuplicates.tpl @@ -0,0 +1,77 @@ +{{- define "ix.v1.common.util.envCheckDupes" -}} + {{- $root := .root -}} + + {{- range $kOut, $vOut := $root.Values.envsForDupeCheck -}} + {{- range $kIn, $vIn := $root.Values.envsForDupeCheck -}} + {{- if and (ne $vOut.source $vIn.source) (eq $vOut.key $vIn.key) -}} + {{- range $containerName := $vOut.containers -}} + {{- if (mustHas $containerName $vIn.containers) -}} + {{- fail (printf "Environment Variable (%s) on container (%s) is set more than once. [to (%s) on (%s)] and [to (%s) on (%s)]" $vOut.key $containerName $vOut.value $vOut.source $vIn.value $vIn.source) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- include "ix.v1.common.util.cleanupEnvsForCheck" (dict "root" $root) -}} + + {{- if $root.Values.envsForDupeCheck -}} {{/* Just for piece of mind. Check we cleanup when finished */}} + {{- fail "Failed to cleanup key." -}} + {{- end -}} +{{- end -}} + +{{/* Stores envs for dupe checking later */}} +{{- define "ix.v1.common.util.storeEnvsForDupeCheck" -}} + {{- $root := .root -}} + {{- $source := .source -}} + {{- $containers := .containers -}} + {{- $data := .data -}} + + {{/* If there is no key already, create it now */}} + {{- if not (hasKey $root.Values "envsForDupeCheck") -}} + {{- $_ := set $root.Values "envsForDupeCheck" list -}} + {{- end -}} + + {{/* Lists are passed as stringified arrays, convert them to a real list */}} + {{- if or (eq $source "fixedEnv") -}} + {{- $data = $data | fromJsonArray -}} + {{- end -}} + + {{- $tmpList := $root.Values.envsForDupeCheck -}} + {{- range $k, $v := $data -}} + {{- if kindIs "map" $v -}} + {{- $k = $v.name -}} + {{- $v = $v.value -}} + {{- end -}} + {{- if not (kindIs "slice" $containers) -}} + {{- fail "Something went wront $containers are not a list." -}} + {{- end -}} + {{- $tmpList = mustAppend $tmpList (dict "key" $k "value" $v "source" $source "containers" $containers) -}} + {{- end -}} + {{- $_ := set $root.Values "envsForDupeCheck" $tmpList -}} +{{- end -}} + +{{- define "ix.v1.common.util.storeEnvFromVarsForCheck" -}} + {{- $root := .root -}} + {{- $source := .source -}} + {{- $containerName := .containerName -}} + + {{- $dupes := $root.Values.envsForDupeCheck -}} + {{- range $item := $dupes -}} + {{- if eq $item.source $source -}} + {{- if not (mustHas $containerName $item.containers) -}} + {{- $dupes = mustWithout $dupes $item -}} + {{- $_ := set $item "containers" (mustAppend $item.containers $containerName) -}} + {{- $dupes = mustAppend $dupes $item -}} + {{- $_ := set $root.Values "envsForDupeCheck" $dupes -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "ix.v1.common.util.cleanupEnvsForCheck" -}} + {{- $root := .root -}} + + {{- if hasKey $root.Values "envsForDupeCheck" -}} + {{- $_ := unset $root.Values "envsForDupeCheck" -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/container/env/_env.tpl b/library/common/templates/lib/container/env/_env.tpl new file mode 100644 index 00000000..ac701c8c --- /dev/null +++ b/library/common/templates/lib/container/env/_env.tpl @@ -0,0 +1,56 @@ +{{- define "ix.v1.common.container.env" -}} + {{- $envs := .envs -}} + {{- $root := .root -}} + {{- $containerName := .containerName -}} + {{- $fixedEnv := .fixedEnv -}} + + {{- $dupeCheck := dict -}} + + {{- with $envs -}} + {{- range $k, $v := . -}} + {{- $name := $k -}} + {{- $value := $v -}} + + {{- if kindIs "int" $name -}} + {{- fail "Environment Variables as a list is not supported. Use key-value format." -}} + {{- end }} +- name: {{ $name | quote }} + {{- if not (kindIs "map" $value) -}} + {{- if kindIs "string" $value -}} {{/* Single values are parsed as string (eg. int, bool) */}} + {{- $value = tpl $value $root -}} {{/* Expand Value */}} + {{- end }} + value: {{ $value | quote }} + {{- $_ := set $dupeCheck $name $value -}} + {{- else if kindIs "map" $value -}} {{/* If value is a dict... */}} + {{- if hasKey $value "valueFrom" -}} + {{- fail "Please remove and use directly configMapKeyRef or secretKeyRef" -}} + {{- end }} + valueFrom: + {{- if hasKey $value "configMapKeyRef" }} {{/* And contains configMapRef... */}} + configMapKeyRef: + {{- $_ := set $value "name" $value.configMapKeyRef.name -}} {{/* Extract name and key */}} + {{- $_ := set $value "key" $value.configMapKeyRef.key -}} + {{- if hasKey $value.configMapKeyRef "optional" -}} + {{- fail " is not supported in configMapRefKey" -}} + {{- end -}} + {{- else if hasKey $value "secretKeyRef" }} {{/* And contains secretRef... */}} + secretKeyRef: + {{- $_ := set $value "name" $value.secretKeyRef.name -}} {{/* Extract name and key */}} + {{- $_ := set $value "key" $value.secretKeyRef.key -}} + {{- if (hasKey $value.secretKeyRef "optional") -}} + {{- if (kindIs "bool" $value.secretKeyRef.optional) }} + optional: {{ $value.secretKeyRef.optional }} + {{- else -}} + {{- fail (printf " in secretKeyRef must be a boolean on Environment Variable (%s)" $name) -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- fail "Not a valid valueFrom reference. Valid options are (configMapKeyRef and secretKeyRef)" -}} + {{- end }} + name: {{ tpl (required (printf " for the keyRef is not defined in (%s)" $name) $value.name) $root }} {{/* Expand name and key */}} + key: {{ tpl (required (printf " for the keyRef is not defined in (%s)" $name) $value.key) $root }} + {{- end -}} + {{- end -}} + {{- include "ix.v1.common.util.storeEnvsForDupeCheck" (dict "root" $root "source" "env" "data" $dupeCheck "containers" (list $containerName)) -}} + {{- end -}} {{/* Finish env */}} +{{- end -}} diff --git a/library/common/templates/lib/container/env/_envList.tpl b/library/common/templates/lib/container/env/_envList.tpl new file mode 100644 index 00000000..70cf7f7a --- /dev/null +++ b/library/common/templates/lib/container/env/_envList.tpl @@ -0,0 +1,29 @@ +{{- define "ix.v1.common.container.envList" -}} + {{- $envList := .envList -}} + {{- $envs := .envs -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + {{- $fixedEnv := .fixedEnv -}} + + {{- $dupeCheck := dict -}} + {{- with $envList -}} + {{- range $envList -}} + {{- if and .name .value -}} + {{- if mustHas (kindOf .name) (list "map" "slice") -}} + {{- fail "Name in envList cannot be a map or slice" -}} + {{- end -}} + {{- if mustHas (kindOf .value) (list "map" "slice") -}} + {{- fail "Value in envList cannot be a map or slice" -}} + {{- end -}} + {{- $name := tpl .name $root -}} + {{- $value := tpl .value $root }} +- name: {{ $name }} + value: {{ $value | quote }} + {{- $_ := set $dupeCheck $name $value -}} + {{- else -}} + {{- fail "Please specify both name and value for environment variable" -}} + {{- end -}} + {{- end -}} + {{- include "ix.v1.common.util.storeEnvsForDupeCheck" (dict "root" $root "source" "envList" "data" $dupeCheck "containers" (list $containerName)) -}} + {{- end -}} {{/* Finish envList */}} +{{- end -}} diff --git a/library/common/templates/lib/container/env/_fixedEnvs.tpl b/library/common/templates/lib/container/env/_fixedEnvs.tpl new file mode 100644 index 00000000..892c155d --- /dev/null +++ b/library/common/templates/lib/container/env/_fixedEnvs.tpl @@ -0,0 +1,70 @@ +{{/* +"toYaml" makes sure that any type of data (int/float/strin) +will be parsed correctly without causing errors. +*/}} +{{- define "ix.v1.common.container.fixedEnvs" -}} + {{- $root := .root -}} + {{- $containerName := .containerName -}} + {{- $isMainContainer := .isMainContainer -}} + {{- $secEnvs := .secEnvs -}} + {{- $secCont := .secCont -}} + {{- $scaleGPU := .scaleGPU -}} + {{- $nvidiaCaps := .nvidiaCaps -}} + + {{- $nvidiaCaps = $nvidiaCaps | default $root.Values.global.defaults.nvidiaCaps -}} + + {{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}} + {{- fail (printf " (%s) are must have unique values only" $nvidiaCaps) -}} + {{- end -}} + + {{- range $cap := $nvidiaCaps -}} + {{- if not (mustHas $cap (list "compute" "utility" "all" "graphics" "video")) -}} + {{- fail (printf "Invalid options in (%s). Valid options are compute, utility, all, graphics, video" $cap) -}} + {{- end -}} + {{- end -}} + + {{- $podSecCont := $root.Values.podSecurityContext -}} + + {{/* Calculate all security values */}} + {{- $securityContext := (include "ix.v1.common.lib.securityContext" (dict "root" $root + "secCont" $secCont + "isMainContainer" $isMainContainer) | fromJson) -}} + {{- $podSecurityContext := (include "ix.v1.common.lib.podSecurityContext" (dict "root" $root + "podSecCont" $podSecCont) | fromJson) -}} + {{- $securityEnvs := (include "ix.v1.common.lib.securityEnvs" (dict "root" $root + "secEnvs" $secEnvs) | fromJson) -}} + + {{- $vars := list -}} + {{- $vars = mustAppend $vars (dict "name" "TZ" "value" (tpl (toYaml $root.Values.TZ) $root)) -}} + {{- $vars = mustAppend $vars (dict "name" "UMASK" "value" $securityEnvs.UMASK) -}} + {{- $vars = mustAppend $vars (dict "name" "UMASK_SET" "value" $securityEnvs.UMASK) -}} + {{- if not $scaleGPU -}} + {{- $vars = mustAppend $vars (dict "name" "NVIDIA_VISIBLE_DEVICES" "value" "void") -}} + {{- else -}} + {{- $vars = mustAppend $vars (dict "name" "NVIDIA_DRIVER_CAPABILITIES" "value" (join "," $nvidiaCaps)) -}} + {{- end -}} + {{- if and + (or + (eq ($securityContext.runAsUser | int) 0) + (eq ($securityContext.runAsGroup | int) 0) + ) + (ge ($securityEnvs.PUID | int) 0) -}} {{/* If root user or root group and a PUID is set, set PUID and related envs */}} + {{- $vars = mustAppend $vars (dict "name" "PUID" "value" $securityEnvs.PUID) -}} + {{- $vars = mustAppend $vars (dict "name" "USER_ID" "value" $securityEnvs.PUID) -}} + {{- $vars = mustAppend $vars (dict "name" "UID" "value" $securityEnvs.PUID) -}} + {{- $vars = mustAppend $vars (dict "name" "PGID" "value" $podSecurityContext.fsGroup) -}} + {{- $vars = mustAppend $vars (dict "name" "GROUP_ID" "value" $podSecurityContext.fsGroup) -}} + {{- $vars = mustAppend $vars (dict "name" "GID" "value" $podSecurityContext.fsGroup) -}} + {{- end -}} + {{- if or + ($securityContext.readOnlyRootFilesystem) + ($securityContext.runAsNonRoot) + -}} {{/* Mainly for LSIO containers, tell S6 to avoid using rootfs */}} + {{- $vars = mustAppend $vars (dict "name" "S6_READ_ONLY_ROOT" "value" "1") -}} + {{- end -}} + {{- include "ix.v1.common.util.storeEnvsForDupeCheck" (dict "root" $root + "source" "fixedEnv" + "data" (toJson $vars) + "containers" (list $containerName)) -}} + {{- toJson $vars -}} {{/* Helm can only return "string", so we stringify the output */}} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_custom.tpl b/library/common/templates/lib/container/probes/_custom.tpl new file mode 100644 index 00000000..e55e6cdc --- /dev/null +++ b/library/common/templates/lib/container/probes/_custom.tpl @@ -0,0 +1,11 @@ +{{/* Returns a custom defined for the probe */}} +{{- define "ix.v1.common.container.probes.custom" -}} + {{- $probe := .probe -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- if not $probe.spec -}} + {{- fail (printf " must be defined for probe types in probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end }} +{{- $probe.spec | toYaml }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_exec.tpl b/library/common/templates/lib/container/probes/_exec.tpl new file mode 100644 index 00000000..274544b1 --- /dev/null +++ b/library/common/templates/lib/container/probes/_exec.tpl @@ -0,0 +1,18 @@ +{{/* Returns exec for the probe */}} +{{- define "ix.v1.common.container.probes.exec" -}} + {{- $probe := .probe -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- if not $probe.command -}} + {{- fail (printf "No commands were defined for type on probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end }} + +exec: + command: + {{- include "ix.v1.common.container.command" (dict "commands" $probe.command "root" $root) | trim | nindent 4 }} + {{- include "ix.v1.common.container.probes.timeouts" (dict "probeSpec" $probe.spec + "probeName" $probe.name + "root" $root + "containerName" $containerName) }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_grpc.tpl b/library/common/templates/lib/container/probes/_grpc.tpl new file mode 100644 index 00000000..79e2d3ec --- /dev/null +++ b/library/common/templates/lib/container/probes/_grpc.tpl @@ -0,0 +1,18 @@ +{{/* Returns grpc for the probe */}} +{{- define "ix.v1.common.container.probes.grpc" -}} + {{- $probe := .probe -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- if not $probe.port -}} + {{- fail (printf " must be defined for probe types in probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end }} + +grpc: + port: {{ $probe.port }} + + {{- include "ix.v1.common.container.probes.timeouts" (dict "probeSpec" $probe.spec + "probeName" $probe.name + "root" $root + "containerName" $containerName) }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_httpGet.tpl b/library/common/templates/lib/container/probes/_httpGet.tpl new file mode 100644 index 00000000..d78b3ccc --- /dev/null +++ b/library/common/templates/lib/container/probes/_httpGet.tpl @@ -0,0 +1,37 @@ +{{/* Returns http for the probe */}} +{{- define "ix.v1.common.container.probes.httpGet" -}} + {{- $probe := .probe -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- if not $probe.port -}} + {{- fail (printf " must be defined for / probe types in probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end -}} + {{- if not $probe.path -}} + {{- fail (printf " must be defined for / probe types in probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end -}} + {{- $probePath := tpl $probe.path $root -}} + {{- if not (hasPrefix "/" $probePath) -}} + {{- fail (printf "Probe in container (%s) with path (%s), must start with a forward slash -> / <-" $containerName $probePath) -}} + {{- end -}} + +httpGet: + path: {{ $probePath }} + scheme: {{ $probe.type | upper }} + port: {{ $probe.port }} + {{- with $probe.httpHeaders }} + httpHeaders: + {{- range $k, $v := . }} + {{- if or (kindIs "slice" $v) (kindIs "map" $v) -}} + {{- fail (printf "Lists or Dicts are not allowed in httpHeaders on probe (%s)" $probe.name) -}} + {{- end }} + - name: {{ $k }} + value: {{ tpl (toString $v) $root }} + {{- end }} + {{- end }} + + {{- include "ix.v1.common.container.probes.timeouts" (dict "probeSpec" $probe.spec + "probeName" $probe.name + "root" $root + "containerName" $containerName) }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_tcp.tpl b/library/common/templates/lib/container/probes/_tcp.tpl new file mode 100644 index 00000000..5ee9b288 --- /dev/null +++ b/library/common/templates/lib/container/probes/_tcp.tpl @@ -0,0 +1,18 @@ +{{/* Returns tcp for the probe */}} +{{- define "ix.v1.common.container.probes.tcp" -}} + {{- $probe := .probe -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{- if not $probe.port -}} + {{- fail (printf " must be defined for probe types in probe (%s) in (%s) container." $probe.name $containerName) -}} + {{- end }} + +tcpSocket: + port: {{ $probe.port }} + + {{- include "ix.v1.common.container.probes.timeouts" (dict "probeSpec" $probe.spec + "probeName" $probe.name + "root" $root + "containerName" $containerName) }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_timeouts.tpl b/library/common/templates/lib/container/probes/_timeouts.tpl new file mode 100644 index 00000000..352f7986 --- /dev/null +++ b/library/common/templates/lib/container/probes/_timeouts.tpl @@ -0,0 +1,30 @@ +{{/* Returns the timeouts for the probe */}} +{{- define "ix.v1.common.container.probes.timeouts" -}} + {{- $probeSpec := .probeSpec -}} + {{- $probeName := .probeName -}} + {{- $containerName := .containerName -}} + {{- $root := .root -}} + + {{/* Init default probe from global defaults */}} + {{- $defaultProbeSpec := (get $root.Values.global.defaults.probes $probeName).spec -}} + {{/* Overwrite with any values defined by the user/dev */}} + {{- $probeSpec = mustMergeOverwrite $defaultProbeSpec $probeSpec -}} + + {{/* Validate values */}} + {{- if not (mustHas (kindOf $probeSpec.initialDelaySeconds) (list "float64" "int")) -}} + {{- fail (printf " cannot be empty in probe (%s) in (%s) container" $probeName $containerName) -}} + {{- end -}} + {{- if not (mustHas (kindOf $probeSpec.failureThreshold) (list "float64" "int")) -}} + {{- fail (printf " cannot be empty in probe (%s) in (%s) container" $probeName $containerName) -}} + {{- end -}} + {{- if not (mustHas (kindOf $probeSpec.timeoutSeconds) (list "float64" "int")) -}} + {{- fail (printf " cannot be empty in probe (%s) in (%s) container" $probeName $containerName) -}} + {{- end -}} + {{- if not (mustHas (kindOf $probeSpec.periodSeconds) (list "float64" "int")) -}} + {{- fail (printf " cannot be empty in probe (%s) in (%s) container" $probeName $containerName) -}} + {{- end }} +initialDelaySeconds: {{ $probeSpec.initialDelaySeconds }} +failureThreshold: {{ $probeSpec.failureThreshold }} +timeoutSeconds: {{ $probeSpec.timeoutSeconds }} +periodSeconds: {{ $probeSpec.periodSeconds }} +{{- end -}} diff --git a/library/common/templates/lib/container/probes/_udp.tpl b/library/common/templates/lib/container/probes/_udp.tpl new file mode 100644 index 00000000..e6f71294 --- /dev/null +++ b/library/common/templates/lib/container/probes/_udp.tpl @@ -0,0 +1,5 @@ +{{/* Returns udp for the probe */}} +{{- define "ix.v1.common.container.probes.udp" -}} + {{- $containerName := .containerName -}} + {{- fail (printf "UDP Probes are not supported. Please use a different probe type or disable probes in (%s) container." $containerName) -}} +{{- end -}} diff --git a/library/common/templates/lib/externalInterface/_iface.tpl b/library/common/templates/lib/externalInterface/_iface.tpl new file mode 100644 index 00000000..c2c82329 --- /dev/null +++ b/library/common/templates/lib/externalInterface/_iface.tpl @@ -0,0 +1,28 @@ +{{- define "ix.v1.common.externalInterface" -}} + {{- $iface := .iface -}} + {{- if not $iface.hostInterface -}} + {{- fail " is required when configuring External Interfaces." -}} + {{- end -}} + {{- if not $iface.ipam.type -}} + {{- fail (printf " is required. Interface (%s)" $iface.hostInterface) -}} + {{- else if not (mustHas $iface.ipam.type (list "static" "dhcp")) -}} + {{- fail (printf "Invalid option for (%s). Valid options are static and dhcp. Interface (%s)" $iface.ipam.type $iface.hostInterface) -}} + {{- end -}} + + {{- if and (or $iface.staticIPConfigurations $iface.staticRoutes) (ne $iface.ipam.type "static") -}} + {{- fail (printf " and cannot be used with of (%s). Interface (%s)" $iface.ipam.type $iface.hostInterface) -}} + {{- end -}} + + {{- if eq $iface.ipam.type "static" -}} + {{- if not $iface.staticIPConfigurations -}} + {{- fail (printf "Static IP is required when is static. Interface (%s)" $iface.hostInterface) -}} + {{- end -}} + {{- with $iface.staticRoutes -}} + {{- range . -}} + {{- if or (not .destination) (not .gateway) -}} + {{- fail (printf " and are required when are defined. Interface (%s)" $iface.hostInterface) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/general/_annotations.tpl b/library/common/templates/lib/general/_annotations.tpl new file mode 100644 index 00000000..2b90a090 --- /dev/null +++ b/library/common/templates/lib/general/_annotations.tpl @@ -0,0 +1,31 @@ +{{/* Workloads = Deployment, ReplicaSet, StatefulSet, DaemonSet, Job, CronJob, etc */}} + +{{/* +These annotations will be shared on all objects +Rendered under ".metadata.annotations" +*/}} +{{- define "ix.v1.common.annotations" -}} + {{- include "ix.v1.common.util.annotations.render" (dict "root" . "annotations" .Values.global.annotations) -}} +{{- end -}} + +{{/* +These annotations will be applied to all "workload" "spec" objects +Rendered under ".spec.template.metadata.annotations" +*/}} +{{- define "ix.v1.common.annotations.workload.spec" -}} + {{- if .Values.ixExternalInterfacesConfiguration -}} + {{- if .Values.ixExternalInterfacesConfigurationNames }} +k8s.v1.cni.cncf.io/networks: {{ join ", " .Values.ixExternalInterfacesConfigurationNames }} + {{- else -}} + {{- fail "There are externalInterfaces defined, but key is empty." -}} + {{- end }} + {{- end -}} +{{- end -}} + +{{/* +These annotations will be applied to all "workload" objects +Rendered under ".metadata.annotations" +*/}} +{{- define "ix.v1.common.annotations.workload" -}} +rollme: {{ randAlphaNum 5 | quote }} +{{- end -}} diff --git a/library/common/templates/lib/general/_capabilities.tpl b/library/common/templates/lib/general/_capabilities.tpl new file mode 100644 index 00000000..e277ee43 --- /dev/null +++ b/library/common/templates/lib/general/_capabilities.tpl @@ -0,0 +1,94 @@ +{{/* Return the appropriate apiVersion for Deployment */}} +{{- define "ix.v1.common.capabilities.deployment.apiVersion" -}} + {{- print "apps/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Statefulset */}} +{{- define "ix.v1.common.capabilities.statefulset.apiVersion" -}} + {{- print "apps/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Daemonset */}} +{{- define "ix.v1.common.capabilities.daemonset.apiVersion" -}} + {{- print "apps/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for CronJob */}} +{{- define "ix.v1.common.capabilities.cronJob.apiVersion" -}} + {{- print "batch/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Job */}} +{{- define "ix.v1.common.capabilities.job.apiVersion" -}} + {{- print "batch/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Job */}} +{{- define "ix.v1.common.capabilities.serviceAccount.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for ClusterRole */}} +{{- define "ix.v1.common.capabilities.roleRef.apiGroup.apiVersion" -}} + {{- print "rbac.authorization.k8s.io" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for ClusterRole */}} +{{- define "ix.v1.common.capabilities.clusterRole.apiVersion" -}} + {{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Role */}} +{{- define "ix.v1.common.capabilities.role.apiVersion" -}} + {{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for RoleBinding */}} +{{- define "ix.v1.common.capabilities.roleBinding.apiVersion" -}} + {{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for ClusterRoleBinding */}} +{{- define "ix.v1.common.capabilities.clusterRoleBinding.apiVersion" -}} + {{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Service */}} +{{- define "ix.v1.common.capabilities.service.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Endpoints */}} +{{- define "ix.v1.common.capabilities.endpoints.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for PersistentVolumeClaim */}} +{{- define "ix.v1.common.capabilities.pvc.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for ConfigMap */}} +{{- define "ix.v1.common.capabilities.configMap.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate apiVersion for Secret */}} +{{- define "ix.v1.common.capabilities.secret.apiVersion" -}} + {{- print "v1" -}} +{{- end -}} + +{{/* Return the appropriate annotation for NetworkAttachmentDefinition */}} +{{- define "ix.v1.common.capabilities.externalInterfaces.apiVersion" -}} + {{- print "k8s.cni.cncf.io/v1" | quote -}} +{{- end -}} + +{{/* Return the appropriate type for ImagePullSecrets Secret */}} +{{- define "ix.v1.common.capabilities.secret.imagePullSecret.type" -}} + {{- print "kubernetes.io/dockerconfigjson" | quote -}} +{{- end -}} + +{{/* Return the appropriate type for Certificate Secret */}} +{{- define "ix.v1.common.capabilities.secret.certificate.type" -}} + {{- print "kubernetes.io/tls" | quote -}} +{{- end -}} diff --git a/library/common/templates/lib/general/_labels.tpl b/library/common/templates/lib/general/_labels.tpl new file mode 100644 index 00000000..17972084 --- /dev/null +++ b/library/common/templates/lib/general/_labels.tpl @@ -0,0 +1,20 @@ +{{/* Common labels shared across objects */}} +{{- define "ix.v1.common.labels" -}} +helm.sh/chart: {{ include "ix.v1.common.names.chart" . }} +{{ include "ix.v1.common.labels.selectorLabels" . }} + {{- if .Chart.AppVersion }} +helm-revision: {{ .Release.Revision | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + {{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "ix.v1.common.util.labels.render" (dict "root" . "labels" .Values.global.labels) -}} +{{- end -}} + +{{/* Selector labels shared across objects */}} +{{/* TODO: Check why "app" and "release" are needed (ported from the current common) */}} +{{- define "ix.v1.common.labels.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ix.v1.common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app: {{ include "ix.v1.common.names.name" . }} +release: {{ .Release.Name }} +{{- end -}} diff --git a/library/common/templates/lib/general/_names.tpl b/library/common/templates/lib/general/_names.tpl new file mode 100644 index 00000000..1867abcb --- /dev/null +++ b/library/common/templates/lib/general/_names.tpl @@ -0,0 +1,310 @@ +{{/* +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +global.nameOverride applies to the current chart and all sub-charts +nameOverride applies only to the current chart +*/}} + +{{/* Expand ther name of the chart */}} +{{- define "ix.v1.common.names.name" -}} + {{- $globalNameOverride := "" -}} + + {{- if hasKey .Values "global" -}} + {{/* Set to global.nameOverride if set, else set to empty */}} + {{- $globalNameOverride = (.Values.global.nameOverride | default $globalNameOverride) -}} + {{- end -}} + + {{/* Order of preference: global.nameOverride -> nameOverride -> Chart.Name */}} + {{- ($globalNameOverride | default .Values.nameOverride) | default .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Create a default fully qualified app name. */}} +{{- define "ix.v1.common.names.fullname" -}} + {{- $name := include "ix.v1.common.names.name" . -}} + {{- $globalFullNameOverride := "" -}} + + {{- if hasKey .Values "global" -}} + {{- $globalFullNameOverride = (default $globalFullNameOverride .Values.global.fullnameOverride) -}} + {{- end -}} + + {{- if or .Values.fullnameOverride $globalFullNameOverride -}} + {{- $name = $globalFullNameOverride | default .Values.fullnameOverride -}} + {{- else -}} + {{- if contains $name .Release.Name -}} + {{- $name = .Release.Name -}} + {{- else -}} + {{- $name = printf "%s-%s" .Release.Name $name -}} + {{- end -}} + {{- end -}} + + {{- $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label */}} +{{- define "ix.v1.common.names.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Create the "name" + "." + "namespace" fqdn */}} +{{- define "ix.v1.common.names.fqdn" -}} + {{- printf "%s.%s" (include "ix.v1.common.names.fullname" .) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Create the "fqdn" + "." + "svc.cluster.local" */}} +{{- define "ix.v1.common.names.fqdn.cluster" -}} + {{- printf "%s.%s" (include "ix.v1.common.names.fqdn" .) "svc.cluster.local" -}} +{{- end -}} + +{{/* Return the properly cased version of the controller type */}} +{{- define "ix.v1.common.names.controllerType" -}} + {{- if eq .Values.controller.type "deployment" -}} + {{- print "Deployment" -}} + {{- else if eq .Values.controller.type "daemonset" -}} + {{- print "DaemonSet" -}} + {{- else if eq .Values.controller.type "statefulset" -}} + {{- print "StatefulSet" -}} + {{- else -}} + {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) -}} + {{- end -}} +{{- end -}} + +{{/* Returns the serviceAccoutName. The name of the primary, if any, otherwise "default" */}} +{{- define "ix.v1.common.names.serviceAccountName" -}} + {{- $serviceAccountName := "default" -}} + + {{- range $name, $serviceAccount := .Values.serviceAccount -}} + {{- if $serviceAccount.enabled -}} + {{- if hasKey $serviceAccount "primary" -}} + {{- if $serviceAccount.primary -}} + {{- if $serviceAccount.nameOverride -}} + {{- $serviceAccountName = (printf "%v-%v" (include "ix.v1.common.names.fullname" $) $serviceAccount.nameOverride) -}} + {{- else -}} + {{- $serviceAccountName = (include "ix.v1.common.names.fullname" $) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $serviceAccountName -}} +{{- end -}} + +{{/* Returns the service name */}} +{{- define "ix.v1.common.names.serviceAccount" -}} + {{- $root := .root -}} + {{- $saValues := .saValues -}} + + {{- if or (not $root) (not $saValues) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $saName := include "ix.v1.common.names.fullname" $root -}} + + {{- if and (hasKey $saValues "nameOverride") $saValues.nameOverride -}} + {{- $saName = (printf "%v-%v" $saName $saValues.nameOverride) -}} + {{- end -}} + + {{- $saName -}} +{{- end -}} + +{{/* Returns the RBAC name */}} +{{- define "ix.v1.common.names.rbac" -}} + {{- $root := .root -}} + {{- $rbacValues := .rbacValues -}} + + {{- if or (not $root) (not $rbacValues) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $rbacName := include "ix.v1.common.names.fullname" $root -}} + + {{- if and (hasKey $rbacValues "nameOverride") $rbacValues.nameOverride -}} + {{- $rbacName = (printf "%v-%v" $rbacName $rbacValues.nameOverride) -}} + {{- end -}} + + {{- $rbacName -}} +{{- end -}} + +{{/* Returns the pvc name. */}} +{{- define "ix.v1.common.names.pvc" -}} + {{- $root := .root -}} + {{- $pvcValues := .pvcValues -}} + + {{- if or (not $root) (not $pvcValues) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $pvcName := include "ix.v1.common.names.fullname" $root -}} + + {{- if and (hasKey $pvcValues "nameOverride") $pvcValues.nameOverride -}} + {{- if not (eq $pvcValues.nameOverride "-") -}} + {{- $pvcName = printf "%v-%v" $pvcName $pvcValues.nameOverride -}} + {{- end -}} + {{- end -}} + + {{- with $pvcValues.forceName -}} + {{- $pvcName = tpl . $root -}} + {{- end -}} + + {{- $pvcName -}} +{{- end -}} + +{{/* Retursn the pvc name for volume */}} +{{- define "ix.v1.common.names.volume.pvc" -}} + {{- $root := .root -}} + {{- $pvcVolValues := .pvcVolValues -}} + {{- $index := .index -}} + + {{- if or (not $root) (not $pvcVolValues) (not $index) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $pvcVolName := (include "ix.v1.common.names.fullname" $root) -}} + + {{- if $pvcVolValues.existingClaim -}} {{/* Always prefer existingClaim if it set */}} + {{- $pvcVolName = $pvcVolValues.existingClaim -}} + {{- else -}} {{/* Else use nameOverride */}} + {{- if $pvcVolValues.nameOverride -}} + {{- if not (eq $pvcVolValues.nameOverride "-") -}} + {{- $pvcVolName = (printf "%s-%s" (include "ix.v1.common.names.fullname" $root) $pvcVolValues.nameOverride) -}} + {{- end -}} + {{- else -}} {{/* Else generate the PVC name from fullname + volume name */}} + {{- $pvcVolName = (printf "%s-%s" (include "ix.v1.common.names.fullname" $root) $index) -}} + {{- end -}} + {{- with $pvcVolValues.forceName -}} + {{- $pvcVolName = . -}} + {{- end -}} + {{- end -}} + + {{- $pvcVolName -}} +{{- end -}} + +{{/* Returns the container name. */}} +{{- define "ix.v1.common.names.container" -}} + {{- $root := .root -}} + {{- $containerName := .containerName -}} + + {{- if or (not $root) (not $containerName) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- if ne $containerName ($containerName | lower) -}} + {{- fail (printf "Name (%s) of Init Container must be all lowercase" $containerName) -}} + {{- end -}} + {{- $name := (printf "%s-%s" (include "ix.v1.common.names.fullname" $root) $containerName) -}} + + {{- $name -}} +{{- end -}} + +{{/* Returns secretName for imagePullSecrets */}} +{{- define "ix.v1.common.names.imagePullSecret" -}} + {{- $root := .root -}} + {{- $imgPullCredsName := .imgPullCredsName -}} + + {{- if or (not $root) (not $imgPullCredsName) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $secretName := printf "%v-%v" (include "ix.v1.common.names.fullname" $root) ($imgPullCredsName | lower) | trunc 63 -}} + + {{- $secretName -}} +{{- end -}} + +{{/* Returns the name for configmap and secrets */}} +{{- define "ix.v1.common.names.configmapAndSecret" -}} + {{- $root := .root -}} + {{- $objName := .objName -}} + {{- $objData := .objData -}} + {{- $objType := .objType -}} + + {{- if or (not $root) (not $objName) (not $objData) (not $objType) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- if ne $objName ($objName | lower) -}} + {{- fail (printf "%s has invalid name (%s). Name must be lowercase." (camelcase $objType) $objName) -}} + {{- end -}} + {{- if contains "_" $objName -}} + {{- fail (printf "%s has invalid name (%s). Name cannot contain underscores (_)." (camelcase $objType) $objName) -}} + {{- end -}} + + {{- $generatedName := include "ix.v1.common.names.fullname" $root -}} + {{- if and (hasKey $objData "nameOverride") $objData.nameOverride -}} + {{- $generatedName = printf "%v-%v" $generatedName $objData.nameOverride -}} + {{- else -}} + {{- $generatedName = printf "%v-%v" $generatedName $objName -}} + {{- end -}} + + {{- $generatedName -}} +{{- end -}} + +{{/* Returns the name for certificate secret */}} +{{- define "ix.v1.common.names.certificateSecret" -}} + {{- $root := .root -}} + {{- $certName := .certName -}} + {{- $certValues := .certValues -}} + {{- $certID := .certID -}} + + {{- if or (not $root) (not $certName) (not $certValues) (not $certID) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- if ne $certName ($certName | lower) -}} + {{- fail (printf "Certificate has invalid name (%s). Name must be lowercase." $certName) -}} + {{- end -}} + {{- if contains "_" $certName -}} + {{- fail (printf "Certificate has invalid name (%s). Name cannot contain underscores (_)" $certName) -}} + {{- end -}} + + {{/* Default to $name if there is not a nameOverride given */}} + {{- if not $certValues.nameOverride -}} + {{- $_ := set $certValues "nameOverride" $certName -}} + {{- end -}} + + {{- $secretName := include "ix.v1.common.names.fullname" $root -}} + {{- if $certValues.nameOverride -}} + {{- $secretName = (printf "%v-%v-%v-%v" $secretName $certValues.nameOverride "ixcert" $certID) -}} + {{- else -}} + {{- $secretName = (printf "%v-%v-%v" $secretName "ixcert" $certID) -}} + {{- end -}} + {{- $secretName = (printf "%v-%v" $secretName $root.Release.Revision) -}} + + {{- $secretName -}} +{{- end -}} + +{{/* Returns the serviceName. */}} +{{- define "ix.v1.common.names.service" -}} + {{- $root := .root -}} + {{- $svcValues := .svcValues -}} + + {{- if or (not $root) (not $svcValues) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $svcName := include "ix.v1.common.names.fullname" $root -}} + + {{- if and (hasKey $svcValues "nameOverride") $svcValues.nameOverride -}} + {{- $svcName = (printf "%v-%v" $svcName $svcValues.nameOverride) -}} + {{- end -}} + + {{- $svcName -}} +{{- end -}} + +{{/* Returns the pvc name. */}} +{{- define "ix.v1.common.names.jobAndCronJob" -}} + {{- $root := .root -}} + {{- $jobValues := .jobValues -}} + + {{- if or (not $root) (not $jobValues) -}} + {{- fail "Named function did not receive required values" -}} + {{- end -}} + + {{- $jobName := include "ix.v1.common.names.fullname" $root -}} + + {{- if and (hasKey $jobValues "nameOverride") $jobValues.nameOverride -}} + {{- if not (eq $jobValues.nameOverride "-") -}} + {{- $jobName = printf "%v-%v" $jobName $jobValues.nameOverride -}} + {{- end -}} + {{- end -}} + + {{- $jobName -}} +{{- end -}} diff --git a/library/common/templates/lib/job/_jobPod.tpl b/library/common/templates/lib/job/_jobPod.tpl new file mode 100644 index 00000000..e7cf5f91 --- /dev/null +++ b/library/common/templates/lib/job/_jobPod.tpl @@ -0,0 +1,278 @@ +{{/* This will be used when the (cron)job pod is deployed along with a "main" pod */}} +{{- define "ix.v1.common.job.pod" -}} +{{- $root := .root -}} +{{- $values := .values -}} +{{- $inherit := "inherit" -}} + +{{/* Prepare values */}} +{{- $saName := "" -}} +{{- with $values.serviceAccountName -}} + {{- if eq . $inherit -}} + {{- $saName = (include "ix.v1.common.names.serviceAccountName" $root) -}} + {{- else -}} + {{- $saName = tpl . $root -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $schedulerName := "" -}} +{{- with $values.schedulerName -}} + {{- if eq . $inherit -}} + {{- $schedulerName = (tpl $root.Values.schedulerName $root) -}} + {{- else -}} + {{- $schedulerName = tpl . $root -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $priorityClassName := "" -}} +{{- with $values.priorityClassName -}} + {{- if eq . $inherit -}} + {{- $priorityClassName = (tpl $root.Values.priorityClassName $root) -}} + {{- else -}} + {{- $priorityClassName = tpl . $root -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $hostname := "" -}} +{{- with $values.hostname -}} + {{- if eq . $inherit -}} + {{- $hostname = (tpl $root.Values.hostname $root) -}} + {{- else -}} + {{- $hostname = tpl . $root -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $dnsPolicy := "" -}} +{{- with $values.dnsPolicy -}} + {{- if eq . $inherit -}} + {{- with (include "ix.v1.common.dnsPolicy" (dict "dnsPolicy" $root.Values.dnsPolicy "hostNetwork" $root.Values.hostNetwork "root" $root) | trim ) -}} + {{- $dnsPolicy = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.dnsPolicy" (dict "dnsPolicy" $values.dnsPolicy "hostNetwork" ($values.hostNetwork | default $root.Values.hostNetwork) "root" $root) | trim ) -}} + {{- $dnsPolicy = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $dnsConfig := dict -}} +{{- with $values.dnsConfig -}} + {{- if eq (toString .) $inherit -}} + {{- with (include "ix.v1.common.dnsConfig" (dict "dnsPolicy" $root.Values.dnsPolicy "dnsConfig" $root.Values.dnsConfig "root" $root) | trim ) -}} + {{- $dnsConfig = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.dnsConfig" (dict "dnsPolicy" ($dnsPolicy | default $root.Values.dnsPolicy) "dnsConfig" $values.dnsConfig "root" $root) | trim ) -}} + {{- $dnsConfig = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $hostAliases := dict -}} +{{- with $values.hostAliases -}} + {{- if eq (toString .) $inherit -}} + {{- with (include "ix.v1.common.hostAliases" (dict "hostAliases" $root.Values.hostAliases "root" $root) | trim) -}} + {{- $hostAliases = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.hostAliases" (dict "hostAliases" $values.hostAliases "root" $root) | trim) -}} + {{- $hostAliases = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $nodeSelector := "" -}} +{{- with $values.nodeSelector -}} + {{- if eq (toString .) $inherit -}} + {{- with (include "ix.v1.common.nodeSelector" (dict "nodeSelector" $root.Values.nodeSelector "root" $root) | trim) -}} + {{- $nodeSelector = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.nodeSelector" (dict "nodeSelector" $values.nodeSelector "root" $root) | trim) -}} + {{- $nodeSelector = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $tolerations := dict -}} +{{- with $values.tolerations -}} + {{- if eq (toString .) $inherit -}} + {{- with (include "ix.v1.common.tolerations" (dict "tolerations" $root.Values.tolerations "root" $root) | trim) -}} + {{- $tolerations = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.tolerations" (dict "tolerations" $values.tolerations "root" $root) | trim) -}} + {{- $tolerations = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $imagePullSecrets := dict -}} +{{- with $values.imagePullSecrets -}} + {{- if eq (toString .) $inherit -}} + {{- with (include "ix.v1.common.imagePullSecrets" (dict "imagePullCredentials" $root.Values.imagePullCredentials "root" $root) | trim) -}} + {{- $imagePullSecrets = . -}} + {{- end -}} + {{- else -}} + {{- with (include "ix.v1.common.imagePullSecrets" (dict "imagePullCredentials" $values.imagePullCredentials "root" $root) | trim) -}} + {{- $imagePullSecrets = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $runtimeClassName := "" -}} +{{- with $values.runtimeClassName -}} + {{- if eq . $inherit -}} + {{- with (include "ix.v1.common.runtimeClassName" (dict "root" $root "runtime" $root.Values.runtimeClassName) | trim) -}} + {{- $runtimeClassName = . -}} + {{- end -}} + {{- else -}} + {{- $runtimeClassName = . -}} + {{- end -}} +{{- else -}} + {{- with (include "ix.v1.common.runtimeClassName" (dict "root" $root "runtime" $root.Values.runtimeClassName "isJob" true) | trim) -}} + {{- $runtimeClassName = . -}} + {{- end -}} +{{- end -}} + +{{- $termSeconds := "" -}} +{{- with $values.termination -}} + {{- if eq (toString .) $inherit -}} + {{- with $root.Values.termination.gracePeriodSeconds -}} + {{- $termSeconds = . -}} + {{- end -}} + {{- else -}} + {{- with $values.termination.gracePeriodSeconds -}} + {{- $termSeconds = . -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{/* If we ever have value in global.defaults */}} +{{- end -}} + +{{- $secCont := dict -}} +{{- with $values.podSecurityContext -}} + {{- if eq (toString .) $inherit -}} {{/* If inherti is set, use the main podSecCont */}} + {{- with (include "ix.v1.common.container.podSecurityContext" (dict "podSecCont" $root.Values.podSecurityContext "root" $root "isJob" true) | trim) -}} + {{- $secCont = . -}} + {{- end -}} + {{- else -}} {{/* Otherwise use the job's podpodSecCont values */}} + {{- with (include "ix.v1.common.container.podSecurityContext" (dict "podSecCont" $values.podSecurityContext "root" $root "isJob" true) | trim) -}} + {{- $secCont = . -}} + {{- end -}} + {{- end -}} +{{- else -}} {{/* Otherwise use the job's podSecCont values (if empty, will use the global defaults) */}} + {{- with (include "ix.v1.common.container.podSecurityContext" (dict "podSecCont" $values.podSecurityContext "root" $root "isJob" true) | trim) -}} + {{- $secCont = . -}} + {{- end -}} +{{- end -}} + +{{/* Now render the actual values */}} +{{- if hasKey $values "hostNetwork" -}} + {{- if eq (toString $values.hostNetwork) $inherit }} +hostNetwork: {{ $root.Values.hostNetwork }} + {{- else if (kindIs "bool" $values.hostNetwork) }} +hostNetwork: {{ $values.hostNetwork }} + {{- end -}} +{{- else }} +hostNetwork: false +{{- end -}} + +{{- if hasKey $values "enableServiceLinks" -}} + {{- if eq (toString $values.enableServiceLinks) $inherit }} +enableServiceLinks: {{ $root.Values.enableServiceLinks }} + {{- else if (kindIs "bool" $values.enableServiceLinks) }} +enableServiceLinks: {{ $values.enableServiceLinks }} + {{- end -}} +{{- else }} +enableServiceLinks: false +{{- end -}} + +{{- with $saName }} +serviceAccountName: {{ . }} +{{- end -}} + +{{- with (include "ix.v1.common.restartPolicy" (dict "restartPolicy" $values.restartPolicy "isJob" true "root" $root) | trim) }} +restartPolicy: {{ . }} +{{- end -}} + +{{- with $schedulerName }} +schedulerName: {{ . }} +{{- end -}} + +{{- with $priorityClassName }} +priorityClassName: {{ . }} +{{- end -}} + +{{- with $hostname }} +hostname: {{ . }} +{{- end -}} + +{{- with $dnsPolicy }} +dnsPolicy: {{ . }} +{{- end -}} + +{{- with $dnsConfig }} +dnsConfig: + {{- . | nindent 2 }} +{{- end -}} + +{{- with $hostAliases }} +hostAliases: + {{- . | nindent 2 }} +{{- end -}} + +{{- with $nodeSelector }} +nodeSelector: + {{- . | nindent 2 }} +{{- end -}} + +{{- with $tolerations }} +tolerations: + {{- . | nindent 2 }} +{{- end -}} + +{{- with $imagePullSecrets }} +imagePullSecrets: + {{- . | nindent 2 }} +{{- end -}} + +{{- with $runtimeClassName }} +runtimeClassName: {{ . }} +{{- end -}} + +{{- with $termSeconds }} +terminationGracePeriodSeconds: {{ . }} +{{- end }} +securityContext: + {{- $secCont | nindent 2 }} + +{{- with (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $values.containers "type" "job") | trim) }} +containers: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.controller.volumes" (dict "persistence" $root.Values.persistence "root" $root) | trim) }} +volumes: + {{- . | nindent 2 }} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/job/_jobTemplate.tpl b/library/common/templates/lib/job/_jobTemplate.tpl new file mode 100644 index 00000000..be4c1f3d --- /dev/null +++ b/library/common/templates/lib/job/_jobTemplate.tpl @@ -0,0 +1,37 @@ +{{/* Returns the job spec, used in both job and cronJob */}} +{{- define "ix.v1.common.lib.job" -}} + {{- $root := .root -}} + {{- $job := .job -}} + + {{- $default := $root.Values.global.defaults.job -}} + {{- $controllerType := $root.Values.controller.type -}} + + {{- include "ix.v1.common.validate.job" (dict "root" $root "job" $job) -}} + + {{- $backoffLimit := $default.backoffLimit -}} + {{- if mustHas (kindOf $job.backoffLimit) (list "int" "float64") -}} + {{- $backoffLimit = $job.backoffLimit -}} + {{- end }} +backoffLimit: {{ $backoffLimit }} +{{- with $job.ttlSecondsAfterFinished }} +ttlSecondsAfterFinished: {{ . }} +{{- end }} +{{- with $job.activeDeadlineSeconds }} +activeDeadlineSeconds: {{ . }} +{{- end }} +{{- with $job.parallelism }} +parallelism: {{ . }} +{{- end }} +{{- with $job.completions }} +completions: {{ . }} +{{- end }} +completionMode: {{ $job.completionMode | default $default.completionMode }} +template: + spec: +{{- if not (mustHas $controllerType (list "job" "cronjob")) -}} + {{- include "ix.v1.common.job.pod" (dict "values" $job.podSpec "root" $root) | trim | nindent 4 -}} +{{- else -}} + {{/* TODO: Call different template when run as standalone here? Or handle it hgiher pods/_job.tpl */}} +{{- end -}} + +{{- end -}} diff --git a/library/common/templates/lib/job/_validateCron.tpl b/library/common/templates/lib/job/_validateCron.tpl new file mode 100644 index 00000000..6ad1c2d7 --- /dev/null +++ b/library/common/templates/lib/job/_validateCron.tpl @@ -0,0 +1,50 @@ +{{- define "ix.v1.common.validate.cronJob" -}} + {{- $root := .root -}} + {{- $job := .job -}} + + {{- $default := $root.Values.global.defaults.job.cron -}} + {{- $cron := $job.cron -}} + {{- $name := $job.nameOverride -}} + + {{- if not $cron.schedule -}} + {{- fail (printf " is required in (%s)" $name) -}} + {{- end -}} + + {{- if not (kindIs "string" $cron.schedule) -}} + {{- fail (printf " must be a string in (%s)" $name) -}} + {{- end -}} + + {{- with $cron.timezone -}} + {{- if not (kindIs "string" .) -}} + {{- fail (printf " must be a string in (%s). Leave empty to use the default (%s)" $name $root.Values.TZ) -}} + {{- end -}} + {{- end -}} + + {{- with $cron.concurrencyPolicy -}} + {{- if not (mustHas . (list "Allow" "Forbid" "Replace")) -}} + {{- fail (printf "Invalid option (%s) for in (%s). Valid options are Allow, Forbid, Replace. Leave empty to use the default (%s)" . $name $default.concurrencyPolicy) -}} + {{- end -}} + {{- end -}} + + {{- with $cron.failedJobsHistoryLimit -}} + {{- if or (not (mustHas (kindOf .) (list "int" "float64"))) (lt (int .) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer. Leave empty to use (%d)" (int .) $name (int $default.failedJobsHistoryLimit)) -}} + {{- end -}} + {{- end -}} + + {{- with $cron.successfulJobsHistoryLimit -}} + {{- if or (not (mustHas (kindOf .) (list "int" "float64"))) (lt (int .) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer. Leave empty to use (%d)" (int .) $name (int $default.successfulJobsHistoryLimit)) -}} + {{- end -}} + {{- end -}} + + {{- if hasKey $cron "startingDeadlineSeconds" -}} + {{- if $cron.startingDeadlineSeconds -}} + {{- if or (not (mustHas (kindOf $cron.startingDeadlineSeconds) (list "int" "float64"))) (lt (int $cron.startingDeadlineSeconds) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer." (int $cron.startingDeadlineSeconds) $name) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $cron.startingDeadlineSeconds) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed." (int $cron.startingDeadlineSeconds) $name) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/job/_validateJob.tpl b/library/common/templates/lib/job/_validateJob.tpl new file mode 100644 index 00000000..986d4052 --- /dev/null +++ b/library/common/templates/lib/job/_validateJob.tpl @@ -0,0 +1,71 @@ +{{- define "ix.v1.common.validate.job" -}} + {{- $root := .root -}} + {{- $job := .job -}} + + {{- $default := $root.Values.global.defaults.job -}} + {{- $name := $job.nameOverride -}} + + {{- if hasKey $job "backoffLimit" -}} + {{- if $job.backoffLimit -}} + {{- if or (not (mustHas (kindOf $job.backoffLimit) (list "int" "float64"))) (lt (int $job.backoffLimit) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer. Leave empty to use the default (%d)" (int $job.backoffLimit) $name (int $default.backoffLimit)) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $job.backoffLimit) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed. Leave empty to use the default (%d)" (int $job.backoffLimit) $name (int $default.backoffLimit)) -}} + {{- end -}} + {{- end -}} + + {{- if hasKey $job "ttlSecondsAfterFinished" -}} + {{- if $job.ttlSecondsAfterFinished -}} + {{- if or (not (mustHas (kindOf $job.ttlSecondsAfterFinished ) (list "int" "float64"))) (lt (int $job.ttlSecondsAfterFinished) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer." (int $job.ttlSecondsAfterFinished) $name) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $job.ttlSecondsAfterFinished) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed." (int $job.ttlSecondsAfterFinished) $name) -}} + {{- end -}} + {{- end -}} + + {{- if hasKey $job "activeDeadlineSeconds" -}} + {{- if $job.activeDeadlineSeconds -}} + {{- if or (not (mustHas (kindOf $job.activeDeadlineSeconds) (list "int" "float64"))) (lt (int $job.activeDeadlineSeconds) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer." (int $job.activeDeadlineSeconds) $name) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $job.activeDeadlineSeconds) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed." (int $job.activeDeadlineSeconds) $name) -}} + {{- end -}} + {{- end -}} + + {{- if hasKey $job "parallelism" -}} + {{- if $job.parallelism -}} + {{- if or (not (mustHas (kindOf $job.parallelism) (list "int" "float64"))) (lt (int $job.parallelism) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer." (int $job.parallelism) $name) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $job.parallelism) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed." (int $job.parallelism) $name) -}} + {{- end -}} + {{- end -}} + + {{- if hasKey $job "completions" -}} + {{- if $job.completions -}} + {{- if or (not (mustHas (kindOf $job.completions) (list "int" "float64"))) (lt (int $job.completions) 0) -}} + {{- fail (printf " (%d) in (%s) must be a positive integer." (int $job.completions) $name) -}} + {{- end -}} + {{- else if not (kindIs "invalid" $job.completions) -}} {{/* Don't fail when type is "invalid". Just skip it */}} + {{- fail (printf "Zero value in (%d) in (%s) is not allowed." (int $job.completions) $name) -}} + {{- end -}} + {{- end -}} + + {{- with $job.completionMode -}} + {{- if not (mustHas . (list "NonIndexed" "Indexed")) -}} + {{- fail (printf "Invalid option (%s) for in (%s). Valid options are NonIndexed and Indexed. Leave empty to use the default (%s)" . $name $default.completionMode) -}} + {{- end -}} + {{- end -}} + + {{- if not $job.podSpec -}} + {{ fail (printf "A pod in is required in (%s)." $name) }} + {{- end -}} + + {{- if not $job.podSpec.containers -}} + {{ fail (printf "At least one container in is required in (%s)." $name) }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_dns.tpl b/library/common/templates/lib/pod/_dns.tpl new file mode 100644 index 00000000..4ba325d2 --- /dev/null +++ b/library/common/templates/lib/pod/_dns.tpl @@ -0,0 +1,58 @@ +{{/* Returns dnsPolicy */}} +{{- define "ix.v1.common.dnsPolicy" -}} + {{- $dnsPolicy := .dnsPolicy -}} + {{- $hostNetwork := .hostNetwork -}} + {{- $root := .root -}} + + {{- $policy := $root.Values.global.defaults.dnsPolicy -}} + {{- if $dnsPolicy -}} + {{- if not (mustHas $dnsPolicy (list "Default" "ClusterFirst" "ClusterFirstWithHostNet" "None")) -}} + {{- fail (printf "Not valid dnsPolicy (%s). Valid options are ClusterFirst, Default, ClusterFirstWithHostNet, None" $dnsPolicy) -}} + {{- end -}} + {{- $policy = $dnsPolicy -}} + {{- else if $hostNetwork -}} + {{- $policy = "ClusterFirstWithHostNet" -}} + {{- end -}} +{{- $policy -}} +{{- end -}} + +{{/* Returns dnsConfig */}} +{{- define "ix.v1.common.dnsConfig" -}} + {{- $values := .values -}} + {{- $dnsPolicy := .dnsPolicy -}} + {{- $dnsConfig := .dnsConfig -}} + {{- $root := .root -}} + + {{- if and (eq $dnsPolicy "None") (not $dnsConfig.nameservers) -}} + {{- fail "With dnsPolicy set to None, you must specify at least 1 nameservers on dnsConfig" -}} + {{- end -}} + {{- if or $dnsConfig.nameservers $dnsConfig.searches $dnsConfig.options -}} + {{- with $dnsConfig.nameservers -}} + {{- if gt (len .) 3 -}} + {{- fail "There can be at most 3 nameservers specified in dnsConfig" -}} + {{- end -}} +nameservers: + {{- range . }} + - {{ tpl . $root }} + {{- end }} + {{- end -}} + {{- with $dnsConfig.searches -}} + {{- if gt (len .) 6 -}} + {{- fail "There can be at most 6 search domains specified in dnsConfig" -}} + {{- end }} +searches: + {{- range . }} + - {{ tpl . $root }} + {{- end }} + {{- end -}} + {{- with $dnsConfig.options }} +options: + {{- range . }} + - name: {{ tpl .name $root }} + {{- with .value }} + value: {{ tpl (toString .) $root | quote }} + {{- end }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_extraContainers.tpl b/library/common/templates/lib/pod/_extraContainers.tpl new file mode 100644 index 00000000..b657ae26 --- /dev/null +++ b/library/common/templates/lib/pod/_extraContainers.tpl @@ -0,0 +1,126 @@ +{{- define "ix.v1.common.controller.extraContainers" -}} + {{- $containerList := .containerList -}} + {{- $type := .type -}} + {{- $root := .root -}} + + {{- if not $type -}} {{/* This can only be triggered while developing the common library */}} + {{- fail "You have to specify the type of the container" -}} + {{- end -}} + + {{- if not (mustHas $type (list "init" "system" "install" "upgrade" "job" "additional")) -}} + {{- fail (printf "Type (%s) is not valid. Valid types are init, system, install, upgrade, job, additional" $type) -}} + {{- end -}} + + {{- $sortedContainers := list -}} + + {{/* Sort containers */}} + {{- range $index, $name := (keys $containerList | mustUniq | sortAlpha) -}} + {{- $container := get $containerList $name -}} + {{- $enabled := true -}} {{/* Default to enable */}} + + {{- if hasKey $container "enabled" -}} {{/* If has enabled key */}} + {{- $flag := (tpl $container.enabled $root) -}} + {{- if eq "false" $flag -}} {{/* And its kind of bool */}} + {{- $enabled = false -}} {{/* Disable the container */}} + {{- end -}} + {{- end -}} + + {{- if $enabled -}} + {{- $_ := set $container "name" (printf "%s-%s" $type $name) -}} + {{- $sortedContainers = mustAppend $sortedContainers $container -}} + {{- end -}} + {{- end -}} + + {{/* Empty the list if the phase does not match the container type */}} + {{- if and (eq $type "install") (not $root.Release.IsInstall) -}} + {{- $sortedContainers = list -}} + {{- else if and (eq $type "upgrade") (not $root.Release.IsUpgrade) -}} + {{- $sortedContainers = list -}} + {{- end -}} + + {{- range $index, $container := $sortedContainers }} + {{- $name := include "ix.v1.common.names.container" (dict "root" $root "containerName" $container.name) }} +- name: {{ $name }} + image: {{ include "ix.v1.common.images.selector" (dict "root" $root "selectedImage" $container.imageSelector ) }} + imagePullPolicy: {{ include "ix.v1.common.images.pullPolicy" (dict "root" $root "selectedImage" $container.imageSelector) }} + tty: {{ $container.tty | default false }} + stdin: {{ $container.stdin | default false }} + {{- with (include "ix.v1.common.container.command" (dict "commands" $container.command "root" $root)) | trim }} + command: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.args" (dict "args" $container.args "extraArgs" $container.extraArgs "root" $root)) | trim }} + args: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.envVars" (dict "envs" $container.env + "envList" $container.envList + "containerName" $name + "isMainContainer" false + "scaleGPU" $container.scaleGPU + "nvidiaCaps" $container.nvidiaCaps + "secCont" $container.securityContext + "secEnvs" $container.security + "injectFixedEnvs" $container.injectFixedEnvs + "root" $root) | trim) }} + env: + {{- . | nindent 4 }} {{/* env, fixedEnvs and envList */}} + {{- end -}} + {{- with (include "ix.v1.common.container.envFrom" (dict "envFrom" $container.envFrom "containerName" $name "root" $root) | trim) }} + envFrom: + {{- . | nindent 4 }} + {{- end -}} + {{- if and (hasKey $container "probes") (mustHas $type (list "init" "system" "install" "upgrade" "job")) -}} {{/* Init/(Cron)Job containers do not have probes... */}} + {{- fail (printf "Init/System/Install/Upgrade/(Cron)Job Container (%s) do not support probes" $name) -}} + {{- end -}} + {{- with (include "ix.v1.common.container.probes" (dict "probes" $container.probes + "containerName" $name + "isMainContainer" false + "root" $root) | trim) }} + {{- . | nindent 2 }} + {{- end -}} + {{- if and (hasKey $container "lifecycle") (mustHas $type (list "init" "system" "install" "upgrade" "job")) -}} {{/* Init/(Cron)Job containers do not have lifecycle... */}} + {{- fail (printf "Init/System/Install/Upgrade/(Cron)Job Container (%s) do not support lifecycle hooks" $name) -}} + {{- end -}} + {{- with (include "ix.v1.common.container.lifecycle" (dict "lifecycle" $container.lifecycle "root" $root)) | trim }} + lifecycle: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.securityContext" (dict "secCont" $container.securityContext + "isMainContainer" false + "ports" $container.ports + "deviceList" $container.deviceList + "scaleGPU" $container.scaleGPU + "root" $root)) | trim }} + securityContext: + {{- . | nindent 4 }} + {{- end -}} + {{- if $container.termination -}} + {{- with (include "ix.v1.common.container.termination.messagePath" (dict "msgPath" $container.termination.messagePath "root" $root)) | trim }} + terminationMessagePath: {{ . }} + {{- end -}} + {{- with (include "ix.v1.common.container.termination.messagePolicy" (dict "msgPolicy" $container.termination.messagePolicy "root" $root)) | trim }} + terminationMessagePolicy: {{ . }} + {{- end -}} + {{- end -}} + {{- with (include "ix.v1.common.container.extraContainerPorts" (dict "root" $root + "containerName" $name + "ports" $container.ports ) | trim) }} + ports: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.volumeMounts" (dict "root" $root + "extraContainerVolMounts" $container.volumeMounts + "isMainContainer" false) | trim) }} + volumeMounts: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.resources" (dict "resources" $container.resources + "gpu" $container.scaleGPU + "isMainContainer" false + "root" $root) | trim) }} + resources: + {{- . | nindent 4 }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_hostAliases.tpl b/library/common/templates/lib/pod/_hostAliases.tpl new file mode 100644 index 00000000..2dd58a0a --- /dev/null +++ b/library/common/templates/lib/pod/_hostAliases.tpl @@ -0,0 +1,17 @@ +{{/* Returns host aliases */}} +{{- define "ix.v1.common.hostAliases" -}} + {{- $hostAliases := .hostAliases -}} + {{- $root := .root -}} + + {{- range $hostAliases }} +- ip: {{ (tpl (required " field is required in hostAliases" .ip) $root | quote) }} + {{- if .hostnames }} + hostnames: + {{- range .hostnames }} + - {{ tpl . $root }} + {{- end}} + {{- else -}} + {{- fail "At least one is required in hostAliases" -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_imagePullSecrets.tpl b/library/common/templates/lib/pod/_imagePullSecrets.tpl new file mode 100644 index 00000000..fc083e6c --- /dev/null +++ b/library/common/templates/lib/pod/_imagePullSecrets.tpl @@ -0,0 +1,11 @@ +{{- define "ix.v1.common.imagePullSecrets" -}} + {{- $imagePullCredentials := .imagePullCredentials -}} + {{- $root := .root -}} + + {{- range $idx, $imgPullCreds := $imagePullCredentials -}} + {{- if $imgPullCreds.enabled -}} + {{- $secretName := include "ix.v1.common.names.imagePullSecret" (dict "root" $root "imgPullCredsName" $imgPullCreds.name) }} +- name: {{ $secretName }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_mainContainer.tpl b/library/common/templates/lib/pod/_mainContainer.tpl new file mode 100644 index 00000000..ea95efa3 --- /dev/null +++ b/library/common/templates/lib/pod/_mainContainer.tpl @@ -0,0 +1,83 @@ +{{/* The main container included in the controller */}} +{{/* +On some includes we pass a dict with the "root" and some other values. +This is because this named function relies on those two, to specify it's context. +So it can work on multiple places, like additional containers and not only the main container. +*/}} +{{- define "ix.v1.common.controller.mainContainer" -}} + {{- $values := .values -}} + {{- $root := .root -}} + + {{- $name := include "ix.v1.common.names.fullname" $root -}} +- name: {{ $name }} + image: {{ include "ix.v1.common.images.selector" (dict "root" $root "selectedImage" $values.imageSelector) }} + imagePullPolicy: {{ include "ix.v1.common.images.pullPolicy" (dict "root" $root "selectedImage" $values.imageSelector) }} + tty: {{ $values.tty }} + stdin: {{ $values.stdin }} + {{- with (include "ix.v1.common.container.command" (dict "commands" $values.command "root" $root)) | trim }} + command: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.args" (dict "args" $values.args "extraArgs" $values.extraArgs "root" $root)) | trim }} + args: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.securityContext" (dict "secCont" $values.securityContext + "isMainContainer" true + "deviceList" $values.deviceList + "scaleGPU" $values.scaleGPU + "root" $root)) | trim }} + securityContext: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.lifecycle" (dict "lifecycle" $values.lifecycle "root" $root)) | trim }} + lifecycle: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.termination.messagePath" (dict "msgPath" $values.termination.messagePath "root" $root)) | trim }} + terminationMessagePath: {{ . }} + {{- end -}} + {{- with (include "ix.v1.common.container.termination.messagePolicy" (dict "msgPolicy" $values.termination.messagePolicy "root" $root)) | trim }} + terminationMessagePolicy: {{ . }} + {{- end -}} + {{- with (include "ix.v1.common.container.envVars" (dict "envs" $values.env + "envList" $values.envList + "containerName" $name + "isMainContainer" true + "scaleGPU" $values.scaleGPU + "nvidiaCaps" $values.nvidiaCaps + "secCont" $values.securityContext + "secEnvs" $values.security + "injectFixedEnvs" $values.injectFixedEnvs + "root" $root) | trim) }} + env: + {{- . | nindent 4 }} {{/* env, fixedEnvs and envList */}} + {{- end -}} + {{- with (include "ix.v1.common.container.envFrom" (dict "envFrom" $values.envFrom "containerName" $name "root" $root) | trim) }} + envFrom: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.ports" (dict "services" $values.service "root" $root) | trim) }} + ports: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.volumeMounts" (dict "root" $root + "isMainContainer" true) | trim) }} + volumeMounts: + {{- . | nindent 4 }} + {{- end -}} + {{- with (include "ix.v1.common.container.probes" (dict "probes" $values.probes + "services" $values.service + "containerName" $name + "isMainContainer" true + "root" $root) | trim) }} + {{- . | nindent 2 }} + {{- end -}} + {{- with (include "ix.v1.common.container.resources" (dict "resources" $values.resources + "gpu" $values.scaleGPU + "isMainContainer" true + "root" $root) | trim) }} + resources: + {{- . | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_nodeSelector.tpl b/library/common/templates/lib/pod/_nodeSelector.tpl new file mode 100644 index 00000000..ace1c820 --- /dev/null +++ b/library/common/templates/lib/pod/_nodeSelector.tpl @@ -0,0 +1,14 @@ +{{/* Returns node selector */}} +{{- define "ix.v1.common.nodeSelector" -}} + {{- $nodeSelector := .nodeSelector -}} + {{- $root := .root -}} + + {{- with $nodeSelector -}} + {{- range $k, $v := . }} + {{- if (not $v) -}} + {{- fail "Value is required on every key in " -}} + {{- end }} +{{ $k }}: {{ tpl $v $root }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_pod.tpl b/library/common/templates/lib/pod/_pod.tpl new file mode 100644 index 00000000..9ebd371f --- /dev/null +++ b/library/common/templates/lib/pod/_pod.tpl @@ -0,0 +1,101 @@ +{{/* The pod definition included in the controller. */}} +{{- define "ix.v1.common.controller.pod" -}} +{{- $root := . }} +serviceAccountName: {{ (include "ix.v1.common.names.serviceAccountName" $root) }} +hostNetwork: {{ $root.Values.hostNetwork }} +enableServiceLinks: {{ $root.Values.enableServiceLinks }} +{{- with (include "ix.v1.common.restartPolicy" (dict "restartPolicy" $root.Values.restartPolicy "root" $root) | trim) }} +restartPolicy: {{ . }} +{{- end -}} + +{{- with (tpl $root.Values.schedulerName $root) }} +schedulerName: {{ . }} +{{- end -}} + +{{- with (tpl $root.Values.priorityClassName $root) }} +priorityClassName: {{ . }} +{{- end }} + +{{- with (tpl $root.Values.hostname $root) }} +hostname: {{ . }} +{{- end -}} + +{{- with (include "ix.v1.common.dnsPolicy" (dict "dnsPolicy" $root.Values.dnsPolicy "hostNetwork" $root.Values.hostNetwork "root" $root) | trim ) }} +dnsPolicy: {{ . }} +{{- end -}} + +{{- with (include "ix.v1.common.dnsConfig" (dict "dnsPolicy" $root.Values.dnsPolicy "dnsConfig" $root.Values.dnsConfig "root" $root) | trim ) }} +dnsConfig: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.hostAliases" (dict "hostAliases" $root.Values.hostAliases "root" $root) | trim) }} +hostAliases: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.nodeSelector" (dict "nodeSelector" $root.Values.nodeSelector "root" $root) | trim) }} +nodeSelector: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.tolerations" (dict "tolerations" $root.Values.tolerations "root" $root) | trim) }} +tolerations: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.imagePullSecrets" (dict "imagePullCredentials" $root.Values.imagePullCredentials "root" $root) | trim) }} +imagePullSecrets: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.runtimeClassName" (dict "root" $root "runtime" $root.Values.runtimeClassName) | trim) }} +runtimeClassName: {{ . }} +{{- end -}} + +{{/* TODO: affinity, topologySpreadConstraints, not something critical as of now. */}} +{{- with $root.Values.termination.gracePeriodSeconds }} +terminationGracePeriodSeconds: {{ . }} +{{- end -}} + +{{- with (include "ix.v1.common.container.podSecurityContext" (dict "podSecCont" $root.Values.podSecurityContext "root" $root) | trim) }} +securityContext: + {{- . | nindent 2 }} +{{- end -}} + +{{- with (include "ix.v1.common.controller.mainContainer" (dict "values" $root.Values "root" $root) | trim) }} +containers: + {{- . | nindent 2 }} + {{- (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $root.Values.additionalContainers "type" "additional") | trim) | nindent 2 }} +{{- end -}} + +{{- $installContainers := (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $root.Values.installContainers "type" "install") | trim) -}} +{{- $upgradeContainers := (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $root.Values.upgradeContainers "type" "upgrade") | trim) -}} +{{- $systemContainers := (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $root.Values.systemContainers "type" "system") | trim) -}} +{{- $initContainers := (include "ix.v1.common.controller.extraContainers" (dict "root" $root "containerList" $root.Values.initContainers "type" "init") | trim) -}} + +{{- if or $initContainers $systemContainers $installContainers $upgradeContainers }} +initContainers: + {{- with $installContainers -}} + {{- . | nindent 2 }} + {{- end -}} + + {{- with $upgradeContainers -}} + {{- . | nindent 2 }} + {{- end -}} + + {{- with $systemContainers -}} + {{- . | nindent 2 }} + {{- end -}} + + {{- with $initContainers -}} + {{- . | nindent 2 }} + {{- end -}} +{{- end -}} + +{{- with (include "ix.v1.common.controller.volumes" (dict "persistence" $root.Values.persistence "root" $root) | trim) }} +volumes: + {{- . | nindent 2 }} +{{- end -}} + +{{- end -}} diff --git a/library/common/templates/lib/pod/_podAnnotations.tpl b/library/common/templates/lib/pod/_podAnnotations.tpl new file mode 100644 index 00000000..cf3a881d --- /dev/null +++ b/library/common/templates/lib/pod/_podAnnotations.tpl @@ -0,0 +1,8 @@ +{{/* Returns Pod annotations */}} +{{- define "ix.v1.common.podAnnotations" -}} + {{- with .Values.podAnnotations -}} + {{- range $k, $v := . }} +{{ $k }}: {{ tpl $v $ }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_podLabels.tpl b/library/common/templates/lib/pod/_podLabels.tpl new file mode 100644 index 00000000..edc792b0 --- /dev/null +++ b/library/common/templates/lib/pod/_podLabels.tpl @@ -0,0 +1,8 @@ +{{/* Returns Pod labels */}} +{{- define "ix.v1.common.podLabels" -}} + {{- with .Values.podLabels -}} + {{- range $k, $v := . }} +{{ $k }}: {{ tpl $v $ }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_podSecurityContext.tpl b/library/common/templates/lib/pod/_podSecurityContext.tpl new file mode 100644 index 00000000..d7cda26d --- /dev/null +++ b/library/common/templates/lib/pod/_podSecurityContext.tpl @@ -0,0 +1,24 @@ +{{/* A dict podSecContext is expected with keys like fsGroup */}} +{{- define "ix.v1.common.container.podSecurityContext" -}} + {{- $podSecCont := .podSecCont -}} + {{- $isJob := .isJob -}} + {{- $root := .root -}} + + {{/* Calculate all security values */}} + {{- $security := (include "ix.v1.common.lib.podSecurityContext" (dict "root" $root "podSecCont" $podSecCont "isJob" $isJob) | fromJson) }} +fsGroup: {{ $security.fsGroup }} + {{- with $security.supplementalGroups }} +supplementalGroups: + {{- range . }} + - {{ . }} + {{- end -}} + {{- else }} +supplementalGroups: [] + {{- end -}} + {{- with $security.fsGroupChangePolicy -}} + {{- if not (mustHas . (list "Always" "OnRootMismatch")) -}} + {{- fail "Invalid option for fsGroupChangePolicy. Valid options are and ." -}} + {{- end }} +fsGroupChangePolicy: {{ . }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_restartPolicy.tpl b/library/common/templates/lib/pod/_restartPolicy.tpl new file mode 100644 index 00000000..401f8456 --- /dev/null +++ b/library/common/templates/lib/pod/_restartPolicy.tpl @@ -0,0 +1,26 @@ +{{- define "ix.v1.common.restartPolicy" -}} + {{- $root := .root -}} + {{- $restartPolicy := .restartPolicy -}} + {{- $isJob := .isJob | default false -}} + {{- $policy := $root.Values.global.defaults.restartPolicy -}} + + {{- if $isJob -}} + {{- $policy = $root.Values.global.defaults.jobRestartPolicy -}} + {{- end -}} + + {{- with $restartPolicy -}} + {{- $policy = . -}} + {{- end -}} + + {{- if not (mustHas $policy (list "Always" "Never" "OnFailure")) -}} + {{- fail (printf "Invalid (%s). Valid options are Always, Never, OnFailure" $policy) -}} + {{- end -}} + + {{- if and (not $isJob) (mustHas $root.Values.controller.type (list "Deployment" "ReplicaSet" "DaemonSet" "StatefulSet")) -}} + {{- if and (ne $policy "Always") -}} + {{- fail (printf "Invalid . Valid options are Exists, Equal." -}} + {{- end -}} + + {{- $key := (tpl (default "" .key) $root) -}} {{/* Empty key matches all keys */}} + {{- if and (eq $operator "Equal") (not $key) -}} + {{- fail " is required when is set to " -}} + {{- end -}} + + {{- $value := (tpl (default "" .value) $root) -}} + {{- if and (eq $operator "Exists") $value -}} + {{- fail "When is set to , you cannot define a " -}} + {{- end -}} + + {{- $effect := (tpl (default "" .effect) $root) -}} {{/* Empty effect matches all effects with the key */}} + {{- if and $effect (not (mustHas $effect (list "NoExecute" "NoSchedule" "PreferNoSchedule"))) -}} + {{- fail (printf "Invalid (%s). Valid options are NoExecute, NoSchedule, PreferNoSchedule" $effect) -}} + {{- end -}} + + {{- $tolSeconds := (default "" .tolerationSeconds) -}} + {{- if and $tolSeconds (not (mustHas (kindOf $tolSeconds) (list "float64" "int"))) -}} + {{- fail " must result to an integer." -}} + {{- end }} +- operator: {{ $operator }} + {{- with $key }} + key: {{ . }} + {{- end }} + {{- with $effect }} + effect: {{ . }} + {{- end }} + {{- with $value }} + value: {{ . }} + {{- end -}} + {{- with $tolSeconds }} + tolerationSeconds: {{ . }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/_volumes.tpl b/library/common/templates/lib/pod/_volumes.tpl new file mode 100644 index 00000000..d47fb5a8 --- /dev/null +++ b/library/common/templates/lib/pod/_volumes.tpl @@ -0,0 +1,34 @@ + +{{/* Volumes included by the controller. */}} +{{- define "ix.v1.common.controller.volumes" -}} + {{- $root := .root -}} + {{- $persistence := .persistence -}} + {{- $persistenceDefault := $root.Values.global.defaults.persistenceType -}} + + {{- range $index, $persistence := $persistence -}} + {{- if $persistence.enabled -}} + {{- if not $persistence.type -}} {{/* If persistence type is not defined, fallback to $persistenceDefault */}} + {{- $_ := set $persistence "type" $persistenceDefault -}} + {{- end -}} + {{- if eq $persistence.type "pvc" -}} {{/* PVC */}} + {{- include "ix.v1.common.controller.volumes.pvc" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "emptyDir" -}} {{/* emptyDir */}} + {{- include "ix.v1.common.controller.volumes.emptyDir" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "configMap" -}} {{/* configMap */}} + {{- include "ix.v1.common.controller.volumes.configMap" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "secret" -}} {{/* secret */}} + {{- include "ix.v1.common.controller.volumes.secret" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "hostPath" -}} {{/* hostPath */}} + {{- include "ix.v1.common.controller.volumes.hostPath" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "nfs" -}} {{/* NFS */}} + {{- include "ix.v1.common.controller.volumes.nfs" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "ixVolume" -}} {{/* ix-volumes */}} + {{- include "ix.v1.common.controller.volumes.ixVols" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else if eq $persistence.type "custom" -}} {{/* Custom, in case we want to add something once */}} + {{- include "ix.v1.common.controller.volumes.custom" (dict "index" $index "volume" $persistence "root" $root) -}} + {{- else -}} + {{- fail (printf "Not a valid persistence.type (%s)" $persistence.type) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_configMap.tpl b/library/common/templates/lib/pod/volumes/_configMap.tpl new file mode 100644 index 00000000..35d0672e --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_configMap.tpl @@ -0,0 +1,24 @@ +{{- define "ix.v1.common.controller.volumes.configMap" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- $objectName := tpl (required (printf "objectName not set for persistence item %s" (toString $index)) $vol.objectName) $root }} +- name: {{ tpl (toString $index) $root }} + configMap: + name: {{ $objectName }} + {{- with $vol.defaultMode }} + {{- $defMode := tpl (toString .) $root -}} + {{- if (mustRegexMatch "^[0-9]{4}$" $defMode) }} + defaultMode: {{ $defMode }} + {{- else -}} + {{- fail (printf " (%s, converted to octal) is not valid format. Valid format is string with 4 digits <0777>." $defMode) -}} + {{- end -}} + {{- end -}} + {{- with $vol.items }} + items: + {{- range . }} + - key: {{ tpl (required (printf "No key was given for persistence item %s" (toString $index)) .key) $root }} + path: {{ tpl (required (printf "No path was given for persistence item %s" (toString $index)) .path) $root }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_custom.tpl b/library/common/templates/lib/pod/volumes/_custom.tpl new file mode 100644 index 00000000..8b839913 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_custom.tpl @@ -0,0 +1,10 @@ +{{- define "ix.v1.common.controller.volumes.custom" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- if not $vol.volumeSpec -}} + {{- fail (printf "You have defined custom persistence type but no was given on item (%s)" $index) -}} + {{- end }} +- name: {{ $index }} + {{- tpl ( toYaml $vol.volumeSpec ) $root | nindent 2 -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_emptyDir.tpl b/library/common/templates/lib/pod/volumes/_emptyDir.tpl new file mode 100644 index 00000000..d27f45d7 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_emptyDir.tpl @@ -0,0 +1,25 @@ +{{/* +If the `SizeMemoryBackedVolumes` feature gate is enabled, +you can specify a size for memory backed volumes. +*/}} +{{- define "ix.v1.common.controller.volumes.emptyDir" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root }} +- name: {{ $index }} + {{- if not (or $vol.medium $vol.sizeLimit) }} + emptyDir: {} + {{- else }} + emptyDir: + {{- with $vol.medium -}} + {{- if eq (tpl . $root) "Memory" }} + medium: Memory + {{- else -}} + {{- fail (printf "You can only set as Memory on item (%s)" $index) -}} + {{- end -}} + {{- end -}} + {{- with $vol.sizeLimit }} + sizeLimit: {{ tpl . $root }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_hostPath.tpl b/library/common/templates/lib/pod/volumes/_hostPath.tpl new file mode 100644 index 00000000..28c3ad80 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_hostPath.tpl @@ -0,0 +1,20 @@ +{{- define "ix.v1.common.controller.volumes.hostPath" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + + {{- include "ix.v1.common.controller.volumes.hostPath.validation" (dict "volume" $vol "root" $root) -}} {{/* hostPath validation (if enabled) */}} + {{- if not $vol.hostPath -}} + {{- fail (printf "hostPath not set on item (%s)" $index) -}} + {{- else if not (hasPrefix "/" $vol.hostPath) -}} + {{- fail (printf "Host path (%s) on item (%s) must start with a forward slash -> / <-" $vol.hostPath $index) -}} + {{- end }} +- name: {{ $index }} + hostPath: + path: {{ $vol.hostPath }} + {{- with $vol.hostPathType -}} + {{- $type := (tpl . $root) -}} + {{- include "ix.v1.common.controller.hostPathType.validation" (dict "index" $index "type" $type) }} + type: {{ $type }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_hostPathValidation.tpl b/library/common/templates/lib/pod/volumes/_hostPathValidation.tpl new file mode 100644 index 00000000..6958b136 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_hostPathValidation.tpl @@ -0,0 +1,37 @@ +{{- define "ix.v1.common.controller.volumes.hostPath.validation" -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- $validate := $root.Values.global.defaults.validateHostPath -}} + + {{- if (hasKey $vol "validateHostPath") -}} + {{- $validate = $vol.validateHostPath -}} + {{- end -}} + {{- if $validate -}} + {{- $allowed_paths := (list "mnt" "sys" "dev" "cluster") -}} + {{- $errorMessage := (printf "Invalid hostPath (%s). Allowed hostPaths are valid paths under a given pool. e.g. /mnt/POOL/DATASET, /mnt/POOL/DATASET/DIRECTORY" $vol.hostPath) -}} + {{- $hostPath := splitList "/" $vol.hostPath -}} {{/* Split the path into a list */}} + {{- $hostPath := (mustWithout $hostPath "") -}} {{/* Drop any list items with empty strings */}} + {{- $pathStart := (index $hostPath 0) -}} + {{- if not (mustHas $pathStart $allowed_paths) -}} + {{- fail $errorMessage -}} + {{- else if eq $pathStart "mnt" -}} + {{- if lt (len $hostPath) 3 -}} + {{- fail $errorMessage -}} + {{- end -}} + {{- else if eq $pathStart "cluster" -}} + {{- if lt (len $hostPath) 2 -}} + {{- fail $errorMessage -}} + {{- else if eq (index $hostPath 1) "ctdb_shared_vol" -}} + {{- fail $errorMessage -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "ix.v1.common.controller.hostPathType.validation" -}} + {{- $type := .type -}} + {{- $index := .index -}} + {{- if not (mustHas $type (list "DirectoryOrCreate" "Directory" "FileOrCreate" "File" "Socket" "CharDevice" "BlockDevice")) -}} + {{- fail (printf "Invalid option (%s) on item (%s). Valid options are DirectoryOrCreate, Directory, FileOrCreate, File, Socket, CharDevice and BlockDevice" $type $index) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_ixVols.tpl b/library/common/templates/lib/pod/volumes/_ixVols.tpl new file mode 100644 index 00000000..c39abcd7 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_ixVols.tpl @@ -0,0 +1,30 @@ +{{- define "ix.v1.common.controller.volumes.ixVols" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- if not $vol.datasetName -}} + {{- fail (printf "Item (%s) is set as ixVolume type, but has no defined" $index) -}} + {{- end -}} + {{- $hostPath := "" -}} + {{- if not $root.Values.ixVolumes -}} + {{- fail "Key is empty. But persistence volumes of type ixVolumes is defined." -}} + {{- end -}} + {{- if $vol.hostPath -}} + {{- fail (printf "Item (%s), is set as ixVolume but has hostPath defined. This is automatically calculated." $index) -}} + {{- end -}} + {{- range $idx, $normalizedHostPath := $root.Values.ixVolumes -}} + {{- if eq $vol.datasetName (base $normalizedHostPath) -}} {{/* Make sure the resolved datasetName is included in ixVolumes */}} + {{- $hostPath = $normalizedHostPath -}} + {{- else -}} + {{- fail (printf "Dataset Name (%s) on item (%s) does not exist in ixVolumes list" $vol.datasetName $index) -}} + {{- end -}} + {{- end }} +- name: {{ $index }} + hostPath: + path: {{ $hostPath }} + {{- with $vol.hostPathType -}} + {{- $type := (tpl . $root) -}} + {{- include "ix.v1.common.controller.hostPathType.validation" (dict "index" $index "type" $type) }} + type: {{ $type }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_nfs.tpl b/library/common/templates/lib/pod/volumes/_nfs.tpl new file mode 100644 index 00000000..805afd03 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_nfs.tpl @@ -0,0 +1,14 @@ +{{- define "ix.v1.common.controller.volumes.nfs" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- if not $vol.path -}} + {{- fail (printf "NFS Path not set on item %s" $index) -}} + {{- else if not (hasPrefix "/" $vol.path ) -}} + {{- fail (printf "NFS path (%s) on (%s) must start with a forward slash -> / <-" $vol.path $index) -}} + {{- end }} +- name: {{ $index }} + nfs: + server: {{ required (printf "NFS Server not set on item %s" $index) $vol.server }} + path: {{ $vol.path }} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_pvc.tpl b/library/common/templates/lib/pod/volumes/_pvc.tpl new file mode 100644 index 00000000..5c9cdf9c --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_pvc.tpl @@ -0,0 +1,9 @@ +{{- define "ix.v1.common.controller.volumes.pvc" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- $pvcName := include "ix.v1.common.names.volume.pvc" (dict "index" $index "root" $root "pvcVolValues" $vol) }} +- name: {{ $index }} + persistentVolumeClaim: + claimName: {{ tpl $pvcName $root }} +{{- end -}} diff --git a/library/common/templates/lib/pod/volumes/_secret.tpl b/library/common/templates/lib/pod/volumes/_secret.tpl new file mode 100644 index 00000000..ae647572 --- /dev/null +++ b/library/common/templates/lib/pod/volumes/_secret.tpl @@ -0,0 +1,24 @@ +{{- define "ix.v1.common.controller.volumes.secret" -}} + {{- $index := .index -}} + {{- $vol := .volume -}} + {{- $root := .root -}} + {{- $objectName := tpl (required (printf "objectName not set for persistence item %s" (toString $index)) $vol.objectName) $root }} +- name: {{ $index }} + secret: + secretName: {{ $objectName }} + {{- with $vol.defaultMode }} + {{- $defMode := tpl (toString .) $root -}} + {{- if (mustRegexMatch "^[0-9]{4}$" $defMode) }} {{/* TODO: Document that "0700" equals to 448 in octal, k8s accepts both */}} + defaultMode: {{ $defMode }} {{/* TODO: But because when octal values pass from go variables they covert to octal, we require them as string to avoid confusion */}} + {{- else -}} + {{- fail (printf " (%s, converted to octal) is not valid format. Valid format is string with 4 digits <0777>." $defMode) -}} + {{- end -}} + {{- end -}} + {{- with $vol.items }} + items: + {{- range . }} + - key: {{ tpl (required (printf "No key was given for persistence item %s" (toString $index)) .key) $root }} + path: {{ tpl (required (printf "No path was given for persistence item %s" (toString $index)) .path) $root }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/portal/_host.tpl b/library/common/templates/lib/portal/_host.tpl new file mode 100644 index 00000000..8efac96c --- /dev/null +++ b/library/common/templates/lib/portal/_host.tpl @@ -0,0 +1,33 @@ +{{- define "ix.v1.common.portal.host" -}} + {{- $svcName := .svcName -}} + {{- $portName := .portName -}} + {{- $port := .port -}} + {{- $root := .root -}} + + {{- $portalHost := "$node_ip" -}} + + {{- $svc := (get $root.Values.service $svcName) -}} + {{- if eq $svc.type "LoadBalancer" -}} + {{- with $svc.loadBalancerIP -}} + {{- $portalHost = toString . -}} + {{- end -}} + {{- end -}} + + {{/* If ingress is added at any point, here is the place to implement */}} + + {{/* Check if there are any overrides in .Values.portal */}} + {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} + {{- if $tmpSVCPortal -}} + {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} + {{- if $tmpPortPortal -}} + {{- if (hasKey $tmpPortPortal "host") -}} + {{- if or (kindIs "invalid" $tmpPortPortal.host) (not $tmpPortPortal.host) -}} + {{- fail "You have defined empty in . Define a host or remove the key." -}} + {{- end -}} + {{- $portalHost = (tpl (toString $tmpPortPortal.host) $root) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $portalHost -}} +{{- end -}} diff --git a/library/common/templates/lib/portal/_path.tpl b/library/common/templates/lib/portal/_path.tpl new file mode 100644 index 00000000..6d748457 --- /dev/null +++ b/library/common/templates/lib/portal/_path.tpl @@ -0,0 +1,29 @@ +{{- define "ix.v1.common.portal.path" -}} + {{- $svcName := .svcName -}} + {{- $portName := .portName -}} + {{- $port := .port -}} + {{- $root := .root -}} + + {{- $portalPath := "/" -}} + + {{/* If ingress is added at any point, here is the place to implement */}} + + {{/* Check if there are any overrides in .Values.portal */}} + {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} + {{- if $tmpSVCPortal -}} + {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} + {{- if $tmpPortPortal -}} + {{- if (hasKey $tmpPortPortal "path") -}} + {{- if or (kindIs "invalid" $tmpPortPortal.path) (not $tmpPortPortal.path) -}} + {{- fail "You have defined empty in . Define a path or remove the key." -}} + {{- end -}} + {{- $portalPath = (tpl (toString $tmpPortPortal.path) $root) -}} + {{- if not (hasPrefix "/" $portalPath) -}} + {{- fail (printf "Portal path (%s) must start with a forward slash -> / <-" $portalPath) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $portalPath -}} +{{- end -}} diff --git a/library/common/templates/lib/portal/_port.tpl b/library/common/templates/lib/portal/_port.tpl new file mode 100644 index 00000000..e51a265d --- /dev/null +++ b/library/common/templates/lib/portal/_port.tpl @@ -0,0 +1,37 @@ +{{- define "ix.v1.common.portal.port" -}} + {{- $svcType := .svcType -}} + {{- $svcName := .svcName -}} + {{- $portName := .portName -}} + {{- $port := .port -}} + {{- $root := .root -}} + + {{- $portalPort := 443 -}} + + {{- if $root.Values.hostNetwork -}} + {{- $portalPort = $port.port -}} + {{- else if (hasKey $port "hostPort") -}} + {{- $portalPort = $port.hostPort -}} + {{- else if eq $svcType "NodePort" -}} + {{- $portalPort = $port.nodePort -}} + {{- else if eq $svcType "LoadBalancer" -}} + {{- $portalPort = $port.port -}} + {{- end -}} + + {{/* If ingress is added at any point, here is the place to implement */}} + + {{/* Check if there are any overrides in .Values.portal */}} + {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} + {{- if $tmpSVCPortal -}} + {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} + {{- if $tmpPortPortal -}} + {{- if (hasKey $tmpPortPortal "port") -}} + {{- $portalPort = (tpl (toString $tmpPortPortal.port) $root) -}} + {{- if or (lt (int $portalPort) 1) (gt (int $portalPort) 65535) (eq (int $portalPort) 0) -}} + {{- fail (printf "Port (%s) in is out of range. Range is 1-65535" $portalPort) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $portalPort -}} +{{- end -}} diff --git a/library/common/templates/lib/portal/_protocol.tpl b/library/common/templates/lib/portal/_protocol.tpl new file mode 100644 index 00000000..d1057077 --- /dev/null +++ b/library/common/templates/lib/portal/_protocol.tpl @@ -0,0 +1,33 @@ +{{- define "ix.v1.common.portal.protocol" -}} + {{- $svcType := .svcType -}} + {{- $svcName := .svcName -}} + {{- $portName := .portName -}} + {{- $port := .port -}} + {{- $root := .root -}} + + {{- $portalProtocol := "http" -}} + + {{- if $port.protocol -}} + {{- if (mustHas $port.protocol (list "HTTP" "HTTPS")) -}} + {{ $portalProtocol = ($port.protocol | lower) }} + {{- end -}} + {{- end -}} + + {{/* If ingress is added at any point, here is the place to implement */}} + + {{/* Check if there are any overrides in .Values.portal */}} + {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} + {{- if $tmpSVCPortal -}} + {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} + {{- if $tmpPortPortal -}} + {{- if (hasKey $tmpPortPortal "protocol") -}} + {{- $portalProtocol = ((tpl (toString $tmpPortPortal.protocol) $root) | lower) -}} + {{- if not (has $portalProtocol (list "http" "https")) -}} + {{- fail (printf "Invalid protocol (%s). Only HTTP/HTTPS protocols are allowed for " $portalProtocol) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $portalProtocol -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_clusterIP.tpl b/library/common/templates/lib/service/_clusterIP.tpl new file mode 100644 index 00000000..54bda60d --- /dev/null +++ b/library/common/templates/lib/service/_clusterIP.tpl @@ -0,0 +1,7 @@ +{{- define "ix.v1.common.class.serivce.clusterIP" -}} + {{- $svcValues := .svc -}} + + {{- with $svcValues.clusterIP }} +clusterIP: {{ . }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_clusterIPSpec.tpl b/library/common/templates/lib/service/_clusterIPSpec.tpl new file mode 100644 index 00000000..e5c1a791 --- /dev/null +++ b/library/common/templates/lib/service/_clusterIPSpec.tpl @@ -0,0 +1,7 @@ +{{- define "ix.v1.common.class.serivce.clusterIP.spec" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} +type: ClusterIP + {{- include "ix.v1.common.class.serivce.clusterIP" (dict "svc" $svcValues) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.ipFamily" (dict "svc" $svcValues "root" $root) | indent 0 -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_endpoints.tpl b/library/common/templates/lib/service/_endpoints.tpl new file mode 100644 index 00000000..8d3668e8 --- /dev/null +++ b/library/common/templates/lib/service/_endpoints.tpl @@ -0,0 +1,35 @@ +{{- define "ix.v1.common.class.serivce.endpoints" -}} + {{- $root := .root -}} + {{- $svcName := .svcName -}} + {{- $svcValues := .svc }} + +--- +apiVersion: {{ include "ix.v1.common.capabilities.endpoints.apiVersion" $root }} +kind: Endpoints +metadata: + name: {{ $svcName }} + {{- $labels := (mustMerge ($svcValues.labels | default dict) (include "ix.v1.common.labels" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $root "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($svcValues.annotations | default dict) (include "ix.v1.common.annotations" $root | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} + {{- with $svcValues.externalIP }} +subsets: + - addresses: + - {{ tpl . $root }} + {{- else -}} + {{- fail "Service type is set to ExternalIP, but no externalIP is defined." -}} + {{- end }} + ports: + {{- range $name, $port := $svcValues.ports }} + {{- if $port.enabled }} + - port: {{ $port.port }} + name: {{ $name }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/library/common/templates/lib/service/_externalIPs.tpl b/library/common/templates/lib/service/_externalIPs.tpl new file mode 100644 index 00000000..eb19ff21 --- /dev/null +++ b/library/common/templates/lib/service/_externalIPs.tpl @@ -0,0 +1,11 @@ +{{- define "ix.v1.common.class.serivce.externalIPs" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} + + {{- with $svcValues.externalIPs }} +externalIPs: + {{- range . }} + - {{ tpl . $root }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_externalNameSpec.tpl b/library/common/templates/lib/service/_externalNameSpec.tpl new file mode 100644 index 00000000..a5fe7dda --- /dev/null +++ b/library/common/templates/lib/service/_externalNameSpec.tpl @@ -0,0 +1,8 @@ +{{- define "ix.v1.common.class.serivce.externalName.spec" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} +type: ExternalName +externalName: {{ required " is required when service type is set to ExternalName" $svcValues.externalName }} + {{- include "ix.v1.common.class.serivce.clusterIP" (dict "svc" $svcValues) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.externalTrafficPolicy" (dict "svc" $svcValues "root" $root) | indent 0 -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_externalTrafficPolicy.tpl b/library/common/templates/lib/service/_externalTrafficPolicy.tpl new file mode 100644 index 00000000..1dcdcdfb --- /dev/null +++ b/library/common/templates/lib/service/_externalTrafficPolicy.tpl @@ -0,0 +1,13 @@ +{{- define "ix.v1.common.class.serivce.externalTrafficPolicy" -}} + {{- $svcType := .svcType -}} + {{- $svcValues := .svc -}} + + {{- with $svcValues.externalTrafficPolicy -}} + {{- if not (mustHas . (list "Cluster" "Local")) -}} + {{- fail (printf "Invalid option (%s) for . Valid options are Cluster and Local" .) -}} + {{- end }} +externalTrafficPolicy: {{ . }} + {{- end -}} +{{- if ne $svcType "ClusterIP" -}} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_ipFamily.tpl b/library/common/templates/lib/service/_ipFamily.tpl new file mode 100644 index 00000000..6278fda9 --- /dev/null +++ b/library/common/templates/lib/service/_ipFamily.tpl @@ -0,0 +1,21 @@ +{{- define "ix.v1.common.class.serivce.ipFamily" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} + + {{- with $svcValues.ipFamilyPolicy -}} + {{- if not (mustHas . (list "SingleStack" "PreferDualStack" "RequireDualStack")) -}} + {{- fail (printf "Invalid option (%s) for . Valid options are SingleStack, PreferDualStack, RequireDualStack" .) -}} + {{- end }} +ipFamilyPolicy: {{ . }} + {{- end -}} + {{- with $svcValues.ipFamilies }} +ipFamilies: + {{- range . }} + {{- $ipFam := tpl . $root -}} + {{- if not (mustHas $ipFam (list "IPv4" "IPv6")) -}} + {{- fail (printf "Invalid option (%s) for . Valid options are IPv4 and IPv6" $ipFam) -}} + {{- end }} + - {{ $ipFam }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_loadBalancerSpec.tpl b/library/common/templates/lib/service/_loadBalancerSpec.tpl new file mode 100644 index 00000000..cfaa991f --- /dev/null +++ b/library/common/templates/lib/service/_loadBalancerSpec.tpl @@ -0,0 +1,17 @@ +{{- define "ix.v1.common.class.serivce.loadBalancer.spec" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} +type: LoadBalancer + {{- with $svcValues.loadBalancerIP }} +loadBalancerIP: {{ . }} + {{- end -}} + {{- with $svcValues.loadBalancerSourceRanges }} +loadBalancerSourceRanges: + {{- range . }} + - {{ tpl . $root }} + {{- end }} + {{- end -}} + {{- include "ix.v1.common.class.serivce.clusterIP" (dict "svc" $svcValues) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.ipFamily" (dict "svc" $svcValues "root" $root) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.externalTrafficPolicy" (dict "svc" $svcValues "root" $root) | indent 0 -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_nodePortSpec.tpl b/library/common/templates/lib/service/_nodePortSpec.tpl new file mode 100644 index 00000000..2c4bb2ae --- /dev/null +++ b/library/common/templates/lib/service/_nodePortSpec.tpl @@ -0,0 +1,8 @@ +{{- define "ix.v1.common.class.serivce.nodePort.spec" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} +type: NodePort + {{- include "ix.v1.common.class.serivce.clusterIP" (dict "svc" $svcValues) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.ipFamily" (dict "svc" $svcValues "root" $root) | indent 0 -}} + {{- include "ix.v1.common.class.serivce.externalTrafficPolicy" (dict "svc" $svcValues "root" $root) | indent 0 -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_ports.tpl b/library/common/templates/lib/service/_ports.tpl new file mode 100644 index 00000000..5a133a68 --- /dev/null +++ b/library/common/templates/lib/service/_ports.tpl @@ -0,0 +1,29 @@ +{{- define "ix.v1.common.class.serivce.ports" -}} + {{- $defaultPortProtocol := .defaultPortProtocol -}} + {{- $svcType := .svcType -}} + {{- $root := .root -}} + {{- $ports := .ports }} +ports: + {{- range $name, $port := $ports -}} + {{- if $port.enabled -}} + {{- $protocol := $defaultPortProtocol -}} {{/* Default to TCP if no protocol is specified */}} + {{- with $port.protocol -}} + {{- if mustHas . (list "TCP" "HTTP" "HTTPS") -}} + {{- $protocol = "TCP" -}} + {{- else -}} + {{- $protocol = . -}} + {{- end -}} + {{- end }} + - port: {{ $port.port }} + name: {{ $name }} + protocol: {{ $protocol }} + targetPort: {{ $port.targetPort | default $name }} + {{- if and (eq $svcType "NodePort") $port.nodePort -}} + {{- if lt $port.nodePort $root.Values.global.defaults.minimumNodePort -}} + {{- fail (printf "Port number (%s) for (%s) is too low. The minimum port for Node Port is (%s)" ($port.nodePort | toString) $name ($root.Values.global.defaults.minimumNodePort | toString)) -}} + {{- end }} + nodePort: {{ $port.nodePort }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_publishNotReadyAddresses.tpl b/library/common/templates/lib/service/_publishNotReadyAddresses.tpl new file mode 100644 index 00000000..f133a3c7 --- /dev/null +++ b/library/common/templates/lib/service/_publishNotReadyAddresses.tpl @@ -0,0 +1,8 @@ +{{- define "ix.v1.common.class.serivce.publishNotReadyAddresses" -}} + {{- $pubNotReadyAddr := false -}} + + {{- if .publishNotReadyAddresses -}} + {{- $pubNotReadyAddr = true -}} + {{- end }} +publishNotReadyAddresses: {{ $pubNotReadyAddr }} +{{- end -}} diff --git a/library/common/templates/lib/service/_selector.tpl b/library/common/templates/lib/service/_selector.tpl new file mode 100644 index 00000000..b1a09877 --- /dev/null +++ b/library/common/templates/lib/service/_selector.tpl @@ -0,0 +1,12 @@ +{{- define "ix.v1.common.class.serivce.selector" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} +selector: + {{- with $svcValues.selector -}} {{/* If custom selector defined */}} + {{- range $k, $v := . }} + {{ $k }}: {{ tpl $v $root }} + {{- end -}} + {{- else -}} {{/* else use the generated selectors */}} + {{- include "ix.v1.common.labels.selectorLabels" $root | nindent 2 -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/service/_sessionAffinity.tpl b/library/common/templates/lib/service/_sessionAffinity.tpl new file mode 100644 index 00000000..2b3b66cb --- /dev/null +++ b/library/common/templates/lib/service/_sessionAffinity.tpl @@ -0,0 +1,26 @@ +{{- define "ix.v1.common.class.serivce.sessionAffinity" -}} + {{- $svcValues := .svc -}} + {{- $root := .root -}} + + {{- with $svcValues.sessionAffinity -}} + {{- if not (mustHas . (list "ClientIP" "None")) -}} + {{- fail (printf "Invalid option (%s) for . Valid options are ClientIP and None" .) -}} + {{- end }} +sessionAffinity: {{ . }} + {{- end -}} + {{- if eq $svcValues.sessionAffinity "ClientIP" -}} + {{- with $svcValues.sessionAffinityConfig -}} + {{- with .clientIP -}} + {{- if hasKey . "timeoutSeconds" -}} + {{- $timeout := tpl (toString .timeoutSeconds) $root -}} + {{- if or (lt (int $timeout) 0) (gt (int $timeout) 86400) -}} + {{- fail (printf "Invalid value (%s) for . Valid values must be with 0 and 86400" $timeout) -}} + {{- end }} +sessionAffinityConfig: + clientIP: + timeoutSeconds: {{ $timeout }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_annotation_render.tpl b/library/common/templates/lib/util/_annotation_render.tpl new file mode 100644 index 00000000..14647391 --- /dev/null +++ b/library/common/templates/lib/util/_annotation_render.tpl @@ -0,0 +1,11 @@ +{{/* Takes a "root" object and a "annotations" object */}} +{{/* Returns rendered annotations */}} +{{- define "ix.v1.common.util.annotations.render" -}} + {{- $root := .root -}} + {{- $annotations := .annotations -}} + {{- if $annotations }} + {{- range $k, $v := $annotations }} +{{ $k }}: {{ tpl $v $root | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/library/common/templates/lib/util/_label_render.tpl b/library/common/templates/lib/util/_label_render.tpl new file mode 100644 index 00000000..d151dfcc --- /dev/null +++ b/library/common/templates/lib/util/_label_render.tpl @@ -0,0 +1,11 @@ +{{/* Takes a "root" object and a "labels" object */}} +{{/* Returns rendered labels */}} +{{- define "ix.v1.common.util.labels.render" -}} + {{- $root := .root -}} + {{- $labels := .labels -}} + {{- if $labels -}} + {{- range $k, $v := $labels }} +{{ $k }}: {{ tpl $v $root | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_primary_port.tpl b/library/common/templates/lib/util/_primary_port.tpl new file mode 100644 index 00000000..6eee6256 --- /dev/null +++ b/library/common/templates/lib/util/_primary_port.tpl @@ -0,0 +1,42 @@ +{{/* A dict containing .values and .serviceName is passed when this function is called */}} +{{/* Return the primary port for a given Service object. */}} +{{- define "ix.v1.common.lib.util.service.ports.primary" -}} + {{- $svcName := .svcName -}} + {{- $svcValues := .svcValues -}} + + {{- $enabledPorts := dict -}} + + {{- range $name, $port := $svcValues.ports -}} + {{- if $port.enabled -}} + {{- $_ := set $enabledPorts $name $port -}} + {{- end -}} + {{- end -}} + + {{- if not $enabledPorts -}} + {{- fail (printf "No ports are enabled for the service") -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $port := $enabledPorts -}} + {{- if (hasKey $port "primary") -}} + {{- if $port.primary -}} + {{- if $result -}} + {{- fail "More than one ports are set as primary in the primary service. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledPorts) 1 -}} + {{- $result = keys $enabledPorts | mustFirst -}} + {{- else -}} + {{- if $enabledPorts -}} + {{- fail (printf "At least one port must be set as primary in service (%s)" $svcName) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_primary_rbac.tpl b/library/common/templates/lib/util/_primary_rbac.tpl new file mode 100644 index 00000000..67ce2f2b --- /dev/null +++ b/library/common/templates/lib/util/_primary_rbac.tpl @@ -0,0 +1,33 @@ +{{/* Returns the primary rbac object */}} +{{- define "ix.v1.common.lib.util.rbac.primary" -}} + {{- $enabledrbacs := dict -}} + {{- range $name, $rbac := .Values.rbac -}} + {{- if $rbac.enabled -}} + {{- $_ := set $enabledrbacs $name $rbac -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $rbac := $enabledrbacs -}} + {{- if (hasKey $rbac "primary") -}} + {{- if $rbac.primary -}} + {{- if $result -}} + {{- fail "More than one RBACS are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledrbacs) 1 -}} + {{- $result = keys $enabledrbacs | mustFirst -}} + {{- else -}} + {{- if $enabledrbacs -}} + {{- fail "At least one RBAC must be set as primary" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_primary_service.tpl b/library/common/templates/lib/util/_primary_service.tpl new file mode 100644 index 00000000..a24f2259 --- /dev/null +++ b/library/common/templates/lib/util/_primary_service.tpl @@ -0,0 +1,35 @@ +{{/* Returns the primary service object */}} +{{- define "ix.v1.common.lib.util.service.primary" -}} + {{- $services := .services -}} + + {{- $enabledServices := dict -}} + {{- range $name, $service := $services -}} + {{- if $service.enabled -}} + {{- $_ := set $enabledServices $name $service -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $service := $enabledServices -}} + {{- if (hasKey $service "primary") -}} + {{- if $service.primary -}} + {{- if $result -}} + {{- fail "More than one services are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledServices) 1 -}} + {{- $result = keys $enabledServices | mustFirst -}} + {{- else -}} + {{- if $enabledServices -}} + {{- fail "At least one Service must be set as primary" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_primary_serviceAccount.tpl b/library/common/templates/lib/util/_primary_serviceAccount.tpl new file mode 100644 index 00000000..e98ad75e --- /dev/null +++ b/library/common/templates/lib/util/_primary_serviceAccount.tpl @@ -0,0 +1,33 @@ +{{/* Returns the primary service object */}} +{{- define "ix.v1.common.lib.util.serviceAccount.primary" -}} + {{- $enabledServiceAccounts := dict -}} + {{- range $name, $serviceAccount := .Values.serviceAccount -}} + {{- if $serviceAccount.enabled -}} + {{- $_ := set $enabledServiceAccounts $name $serviceAccount -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $serviceAccount := $enabledServiceAccounts -}} + {{- if (hasKey $serviceAccount "primary") -}} + {{- if $serviceAccount.primary -}} + {{- if $result -}} + {{- fail "More than one serviceAccounts are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- if eq (len $enabledServiceAccounts) 1 -}} + {{- $result = keys $enabledServiceAccounts | mustFirst -}} + {{- else -}} + {{- if $enabledServiceAccounts -}} + {{- fail "At least one Service Account must be set as primary" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $result -}} +{{- end -}} diff --git a/library/common/templates/lib/util/_storageClassName.tpl b/library/common/templates/lib/util/_storageClassName.tpl new file mode 100644 index 00000000..74737ce5 --- /dev/null +++ b/library/common/templates/lib/util/_storageClassName.tpl @@ -0,0 +1,30 @@ +{{/* Returns the storageClassname */}} +{{- define "ix.v1.common.storage.storageClassName" -}} + {{- $persistence := .persistence -}} + {{- $root := .root -}} + + {{/* + If a storage class is defined on a persistence object: + "-" returns "", which means requesting a PV without class + "SCALE-ZFS" returns the value set on Values.global.defaults.scaleZFSStorageClass + else return the defined storageClass + Else if there is a storageClass defined in Values.global.defaults.storageClass, return this + In any other case, return nothing + */}} + + {{- if $persistence.storageClass -}} + {{- $className := tpl $persistence.storageClass $root -}} + {{- if eq "-" $className -}} + {{- print "\"\"" -}} + {{- else if eq "SCALE-ZFS" $className -}} {{/* Later, if we have more storage classes we add another else if (eg SCALE-SMB) */}} + {{- if not $root.Values.global.defaults.scaleZFSStorageClass -}} + {{- fail "A storageClass must be defined in global.defaults.scaleZFSStorageClass" -}} + {{- end -}} + {{- print (tpl $root.Values.global.defaults.scaleZFSStorageClass $root) -}} + {{- else -}} + {{- print $className -}} + {{- end -}} + {{- else if $root.Values.global.defaults.storageClass -}} + {{- print $root.Values.global.defaults.storageClass -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/values/_values.tpl b/library/common/templates/lib/values/_values.tpl new file mode 100644 index 00000000..0a102d7c --- /dev/null +++ b/library/common/templates/lib/values/_values.tpl @@ -0,0 +1,10 @@ +{{/* Merge the local chart values and the common chart defaults */}} +{{/* The .common part comes from the name of this library */}} +{{- define "ix.v1.common.values.init" -}} + {{- if .Values.common -}} + {{- $defaultValues := mustDeepCopy .Values.common -}} + {{- $userValues := mustDeepCopy (omit .Values "common") -}} + {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}} + {{- $_ := set . "Values" (mustDeepCopy $mergedValues) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/values/lists/_deviceList.tpl b/library/common/templates/lib/values/lists/_deviceList.tpl new file mode 100644 index 00000000..2d13d04d --- /dev/null +++ b/library/common/templates/lib/values/lists/_deviceList.tpl @@ -0,0 +1,90 @@ +{{- define "ix.v1.common.lib.values.deviceList" -}} + {{- $root := . -}} + + {{/* Go over the device list on the main container */}} + {{- range $index, $device := $root.Values.deviceList -}} + {{/* Generate the name */}} + {{- $name := (printf "device-%s" (toString $index)) -}} + + {{- with $device.name -}} + {{- $name = . -}} + {{- end -}} + + {{/* Make sure a persistence dict exists before trying to add items */}} + {{- if not (hasKey $root.Values "persistence") -}} + {{- $_ := set $root.Values "persistence" dict -}} + {{- end -}} + + {{/* Add the device as a persistence dict, + other templates will take care of the + volume and volumeMounts */}} + {{- $_ := set $root.Values.persistence $name $device -}} + {{- end -}} + + {{/* Go over all types of containers */}} + {{- range $key := (list "initContainers" "systemContainers" "installContainers" "upgradeContainers" "additionalContainers") -}} + {{/* If they have containers defined... */}} + {{- if (get $root.Values $key) -}} + {{- include "ix.v1.common.lib.values.deviceList.containers" (dict "root" $root "containers" (get $root.Values $key)) -}} + {{- end -}} + {{- end -}} + {{/* Go over all jobs */}} + {{- range $name, $job := $root.Values.jobs -}} + {{- if $job.enabled -}} + {{- if and $job.podSpec $job.podSpec.containers -}} + {{- include "ix.v1.common.lib.values.deviceList.containers" (dict "root" $root "isJob" true "containers" ($job.podSpec.containers)) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "ix.v1.common.lib.values.deviceList.containers" -}} + {{- $containers := .containers -}} + {{- $root := .root -}} + {{- $isJob := .isJob -}} + {{/* Go over the containers */}} + {{- range $containerName, $container := $containers -}} + {{/* If the container has deviceList */}} + {{- if hasKey $container "deviceList" -}} + + {{/* Go over the devices */}} + {{- range $index, $device := $container.deviceList -}} + {{/* Generate the name */}} + {{- $name := $containerName -}} + {{- if $isJob -}} + {{- $name = (printf "job-%s" $containerName) -}} + {{- end -}} + {{- $deviceName := (printf "device-%s-%s" $name (toString $index)) -}} + + {{- if $device.name -}} + {{- $deviceName = (printf "%s-%s" $name (toString $device.name)) -}} + {{- end -}} + + {{/* Add the name on the device item */}} + {{- $_ := set $device "name" $deviceName -}} + {{/* Note that "set" mutates the actual item and not a copy */}} + + {{/* Make sure a volumeMount list exists */}} + {{- if not (hasKey $container "volumeMounts") -}} + {{- $_ := set $container "volumeMounts" list -}} + {{- end -}} + + {{/* Append a volumeMount item, so other templates + take care of the mounting of the device */}} + {{- $_ := set $container "volumeMounts" (mustAppend $container.volumeMounts $device) -}} + + {{/* Make sure a persistence dict exists */}} + {{- if not (hasKey $root.Values "persistence") -}} + {{- $_ := set $root.Values "persistence" dict -}} + {{- end -}} + + {{/* Add a noMount flag so it won't get mounted in the main container */}} + {{- $_ := set $device "noMount" true -}} + {{- $_ := set $device "type" "hostPath" -}} + {{/* Add the device on persistence, + so other templates take care of the volume creation */}} + {{- $_ := set $root.Values.persistence $deviceName $device -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/values/lists/_persistenceList.tpl b/library/common/templates/lib/values/lists/_persistenceList.tpl new file mode 100644 index 00000000..e77c236f --- /dev/null +++ b/library/common/templates/lib/values/lists/_persistenceList.tpl @@ -0,0 +1,23 @@ +{{- define "ix.v1.common.lib.values.persistenceList" -}} + {{- $root := . -}} + + {{/* Go over the persistence list */}} + {{- range $index, $persistence := $root.Values.persistenceList -}} + {{/* Generate the name */}} + {{- $name := (printf "persist-list-%s" (toString $index)) -}} + + {{- with $persistence.name -}} + {{- $name = . -}} + {{- end -}} + + {{/* Make sure a persistence dict exists before trying to add items */}} + {{- if not (hasKey $root.Values "persistence") -}} + {{- $_ := set $root.Values "persistence" dict -}} + {{- end -}} + + {{/* Add the device as a persistence dict, + other templates will take care of the + volume and volumeMounts */}} + {{- $_ := set $root.Values.persistence $name $persistence -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/lib/values/lists/_serviceList.tpl b/library/common/templates/lib/values/lists/_serviceList.tpl new file mode 100644 index 00000000..c61b3392 --- /dev/null +++ b/library/common/templates/lib/values/lists/_serviceList.tpl @@ -0,0 +1,50 @@ +{{- define "ix.v1.common.lib.values.serviceList" -}} + {{- $root := . -}} + + {{/* Go over the service list */}} + {{- range $svcIndex, $service := $root.Values.serviceList -}} + + {{/* Used to track if the service is complete with at least one port */}} + {{- $complete := false -}} + + {{- if $service.enabled -}} + {{/* Generate the name */}} + {{- $svcName := (printf "svc-list-%s" (toString $svcIndex)) -}} + + {{- with $service.name -}} + {{- $svcName = . -}} + {{- end -}} + + {{- range $portIndex, $port := $service.portsList -}} + {{- if $port.enabled -}} + {{/* Generate the name */}} + {{- $portName := (printf "port-list-%s-%s" (toString $svcIndex) (toString $portIndex)) -}} + + {{- with $port.name -}} + {{- $portName = . -}} + {{- end -}} + + {{- if not (hasKey $service "ports") -}} + {{- $_ := set $service "ports" dict -}} + {{- end -}} + + {{- $_ := set $service.ports $portName $port -}} + {{- $complete = true -}} + {{- end -}} + {{- end -}} + + {{/* Make sure a service dict exists before trying to add items */}} + {{- if not (hasKey $root.Values "service") -}} + {{- $_ := set $root.Values "service" dict -}} + {{- end -}} + + {{/* Add the device as a service dict, + other templates will take care of the + service and ports */}} + {{- if $complete -}} + {{- $_ := set $root.Values.service $svcName $service -}} + {{- end -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/library/common/templates/loader/_all.tpl b/library/common/templates/loader/_all.tpl new file mode 100644 index 00000000..83013805 --- /dev/null +++ b/library/common/templates/loader/_all.tpl @@ -0,0 +1,10 @@ +{{/* +Main entrypoint for the common library chart. It will render all underlying templates based on the provided values. +*/}} +{{- define "ix.v1.common.loader.all" -}} + {{- /* Generate chart and dependency values */ -}} + {{- include "ix.v1.common.loader.init" . }} + + {{- /* Generate remaining objects */ -}} + {{- include "ix.v1.common.loader.apply" . }} +{{- end -}} diff --git a/library/common/templates/loader/_apply.tpl b/library/common/templates/loader/_apply.tpl new file mode 100644 index 00000000..b6a1ed5d --- /dev/null +++ b/library/common/templates/loader/_apply.tpl @@ -0,0 +1,37 @@ +{{- define "ix.v1.common.loader.apply" -}} + + {{- include "ix.v1.common.spawner.externalInterface" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.certificate" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.imagePullSecret" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.serviceAccount" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.rbac" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.configmapAndSecret" . | nindent 0 -}} + + {{- if .Values.controller.enabled -}} + {{- if eq .Values.controller.type "Deployment" -}} + {{- include "ix.v1.common.deployment" . | nindent 0 -}} + {{- else if eq .Values.controller.type "DaemonSet" -}} + {{- include "ix.v1.common.daemonset" . | nindent 0 -}} + {{- else if eq .Values.controller.type "StatefulSet" -}} + {{- include "ix.v1.common.statefulset" . | nindent 0 -}} + {{- else -}} + {{- fail (printf "Not a valid controller.type (%s). Valid options are Deployment, DaemonSet, StatefulSet" .Values.controller.type) -}} + {{- end -}} + {{- end -}} + + {{- include "ix.v1.common.spawner.service" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.pvc" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.portal" . | nindent 0 -}} + + {{- include "ix.v1.common.spawner.jobAndCronJob" . | nindent 0 -}} + + {{- include "ix.v1.common.util.envCheckDupes" (dict "root" .) -}} + +{{- end -}} diff --git a/library/common/templates/loader/_init.tpl b/library/common/templates/loader/_init.tpl new file mode 100644 index 00000000..417a65ce --- /dev/null +++ b/library/common/templates/loader/_init.tpl @@ -0,0 +1,6 @@ +{{- define "ix.v1.common.loader.init" -}} + {{- /* Merge the local chart values and the common chart defaults */ -}} + {{- include "ix.v1.common.values.init" . -}} + + {{- include "ix.v1.common.loader.lists" . -}} +{{- end -}} diff --git a/library/common/templates/loader/_lists.tpl b/library/common/templates/loader/_lists.tpl new file mode 100644 index 00000000..1c1efc5c --- /dev/null +++ b/library/common/templates/loader/_lists.tpl @@ -0,0 +1,9 @@ +{{- define "ix.v1.common.loader.lists" -}} + + {{- include "ix.v1.common.lib.values.persistenceList" . -}} + + {{- include "ix.v1.common.lib.values.deviceList" . -}} + + {{- include "ix.v1.common.lib.values.serviceList" . -}} + +{{- end -}} diff --git a/library/common/templates/pods/_daemonset.tpl b/library/common/templates/pods/_daemonset.tpl new file mode 100644 index 00000000..7ff6444c --- /dev/null +++ b/library/common/templates/pods/_daemonset.tpl @@ -0,0 +1,47 @@ +{{/* +This template serves as the blueprint for the DaemonSet objects that are created +within the common library. +*/}} +{{- define "ix.v1.common.daemonset" }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.daemonset.apiVersion" $ }} +kind: DaemonSet +metadata: + name: {{ include "ix.v1.common.names.fullname" . }} + labels: + annotations: +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + {{- $strategy := default "RollingUpdate" .Values.controller.strategy -}} + {{- if not (mustHas $strategy (list "OnDelete" "RollingUpdate")) -}} + {{- fail (printf "Not a valid strategy type for Daemonset (%s)" $strategy) -}} + {{- end }} + updateStrategy: + type: {{ $strategy }} + {{- $rollingUpdate := .Values.controller.rollingUpdate -}} + {{- if and (eq $strategy "RollingUpdate") (or $rollingUpdate.surge $rollingUpdate.unavailable) }} + rollingUpdate: + {{- with $rollingUpdate.unavailable }} + maxUnavailable: {{ . }} + {{- end -}} + {{- with $rollingUpdate.surge }} + maxSurge: {{ . }} + {{- end -}} + {{- end }} + selector: + matchLabels: + {{- include "ix.v1.common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with (mustMerge (include "ix.v1.common.labels.selectorLabels" . | fromYaml) (include "ix.v1.common.annotations.workload" . | fromYaml) (include "ix.v1.common.podAnnotations" . | fromYaml)) }} + annotations: + {{- . | toYaml | trim | nindent 8 }} + {{- end -}} + {{- with (mustMerge (include "ix.v1.common.labels.selectorLabels" . | fromYaml) (include "ix.v1.common.podLabels" . | fromYaml)) }} + labels: + {{- . | toYaml | trim | nindent 8 }} + {{- end }} + spec: + {{- include "ix.v1.common.controller.pod" $ | trim | nindent 6 }} +{{- end }} +{{/*TODO: unittests*/}} diff --git a/library/common/templates/pods/_deployment.tpl b/library/common/templates/pods/_deployment.tpl new file mode 100644 index 00000000..1176d646 --- /dev/null +++ b/library/common/templates/pods/_deployment.tpl @@ -0,0 +1,55 @@ +{{/* +This template serves as the blueprint for the Deployment objects that are created +within the common library. +*/}} +{{- define "ix.v1.common.deployment" }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.deployment.apiVersion" $ }} +kind: Deployment +metadata: + name: {{ include "ix.v1.common.names.fullname" . }} + {{- $labels := (mustMerge (default dict .Values.controller.labels) (include "ix.v1.common.labels" $ | fromYaml)) -}} + {{- with (include "ix.v1.common.util.labels.render" (dict "root" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge (default dict .Values.controller.annotations) (include "ix.v1.common.annotations" $ | fromYaml) (include "ix.v1.common.annotations.workload.spec" $ | fromYaml)) -}} + {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + replicas: {{ .Values.controller.replicas }} + {{- $strategy := default "Recreate" .Values.controller.strategy -}} + {{- if not (mustHas $strategy (list "Recreate" "RollingUpdate")) -}} + {{- fail (printf "Not a valid strategy type for Deployment (%s)" $strategy) -}} + {{- end }} + strategy: + type: {{ $strategy }} + {{- $rollingUpdate := .Values.controller.rollingUpdate -}} + {{- if and (eq $strategy "RollingUpdate") (or $rollingUpdate.surge $rollingUpdate.unavailable) }} + rollingUpdate: + {{- with $rollingUpdate.unavailable }} + maxUnavailable: {{ . }} + {{- end -}} + {{- with $rollingUpdate.surge }} + maxSurge: {{ . }} + {{- end -}} + {{- end }} + selector: + matchLabels: + {{- include "ix.v1.common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with (mustMerge (include "ix.v1.common.labels.selectorLabels" . | fromYaml) (include "ix.v1.common.annotations.workload" . | fromYaml) (include "ix.v1.common.podAnnotations" . | fromYaml)) }} + annotations: + {{- . | toYaml | trim | nindent 8 }} + {{- end -}} + {{- with (mustMerge (include "ix.v1.common.labels.selectorLabels" . | fromYaml) (include "ix.v1.common.podLabels" . | fromYaml)) }} + labels: + {{- . | toYaml | trim | nindent 8 }} + {{- end }} + spec: + {{- include "ix.v1.common.controller.pod" $ | trim | nindent 6 }} +{{- end }} diff --git a/library/common/templates/pods/_statefulset.tpl b/library/common/templates/pods/_statefulset.tpl new file mode 100644 index 00000000..e0510a47 --- /dev/null +++ b/library/common/templates/pods/_statefulset.tpl @@ -0,0 +1,53 @@ +{{/* +This template serves as the blueprint for the StatefulSet objects that are created +within the common library. +*/}} +{{- define "ix.v1.common.statefulset" }} +--- +apiVersion: {{ include "ix.v1.common.capabilities.statefulset.apiVersion" $ }} +kind: StatefulSet +metadata: + name: {{ include "ix.v1.common.names.fullname" . }} + labels: + annotations: +spec: + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + {{- include "ix.v1.common.labels.selectorLabels" . | nindent 6 }} + serviceName: {{ include "ix.v1.common.names.fullname" . }} + {{- $strategy := default "RollingUpdate" .Values.controller.strategy -}} + {{- if not (mustHas $strategy (list "OnDelete" "RollingUpdate")) -}} + {{- fail (printf "Not a valid strategy type for Deployment (%s)" $strategy) -}} + {{- end }} + updateStrategy: + type: {{ $strategy }} + {{- $rollingUpdate := .Values.controller.rollingUpdate -}} + {{- if and (eq $strategy "RollingUpdate") (or $rollingUpdate.partition $rollingUpdate.unavailable) }} + rollingUpdate: + {{- with $rollingUpdate.unavailable }} + maxUnavailable: {{ . }} + {{- end -}} + {{- with $rollingUpdate.partition }} + partition: {{ . }} + {{- end -}} + {{- end -}} + {{- if .Values.volumeClaimTemplates }} + volumeClaimTemplates: + {{- range $index, $vct := .Values.volumeClaimTemplates }} + - metadata: + name: {{ tpl (toString $index) $ }} + spec: + {{- with (include "ix.v1.common.storage.storageClassName" (dict "persistence" $vct "root" $)) | trim }} + storageClassName: {{ . }} + {{- end }} + accessModes: + - {{ tpl ($vct.accessMode | default $.Values.global.defaults.accessMode) $ }} + resources: + requests: + storage: {{ tpl ($vct.size | default $.Values.global.defaults.VCTSize) $ | quote }} + {{- end -}} + {{- end -}} +{{- end }} +{{/*TODO: unittests*/}} diff --git a/library/common/templates/spawner/_certificate.tpl b/library/common/templates/spawner/_certificate.tpl new file mode 100644 index 00000000..3e47330a --- /dev/null +++ b/library/common/templates/spawner/_certificate.tpl @@ -0,0 +1,11 @@ +{{- define "ix.v1.common.spawner.certificate" -}} + {{- $root := . -}} + + {{- range $name, $cert := .Values.scaleCerts -}} + {{- include "ix.v1.common.certificate.secret" (dict "cert" $cert "name" $name "root" $root) -}} + {{- end -}} + + {{- range $id, $cert := .Values.scaleCertsList -}} + {{- include "ix.v1.common.certificate.secret" (dict "cert" $cert "name" (required "Name is required in scaleCertList" $cert.name) "root" $root) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_configmapAndSecret.tpl b/library/common/templates/spawner/_configmapAndSecret.tpl new file mode 100644 index 00000000..5ff55fc6 --- /dev/null +++ b/library/common/templates/spawner/_configmapAndSecret.tpl @@ -0,0 +1,67 @@ +{{- define "ix.v1.common.spawner.configmapAndSecret" -}} + {{- $root := . -}} + + {{- range $name, $objectData := .Values.configmap -}} + {{- if ne (kindOf $objectData) "map" -}} + {{- fail (printf " key must have at least one dict. Found (%s)" (kindOf $objectData)) -}} + {{- end -}} + {{- include "ix.v1.common.configmapAndSecret.process" (dict "root" $root "name" $name "objectData" $objectData "objectType" "configmap") -}} + {{- end -}} + {{- range $name, $objectData := .Values.secret -}} + {{- if ne (kindOf $objectData) "map" -}} + {{- fail (printf " key must have at least one dict. Found (%s)" (kindOf $objectData)) -}} + {{- end -}} + {{- include "ix.v1.common.configmapAndSecret.process" (dict "root" $root "name" $name "objectData" $objectData "objectType" "secret") -}} + {{- end -}} +{{- end -}} + +{{- define "ix.v1.common.configmapAndSecret.process" -}} + {{- $root := .root -}} + {{- $name := .name -}} + {{- $objectData := .objectData -}} + {{- $objectType := .objectType -}} + + {{/* Generate the name */}} + {{- $objectName := include "ix.v1.common.names.configmapAndSecret" (dict "root" $root "objName" $name "objData" $objectData "objType" $objectType) -}} + + {{- if $objectData.enabled -}} {{/* If it's enabled... */}} + {{/* Do some checks */}} + {{- if not $objectData.content -}} + {{- fail (printf "Content of %s (%s) are empty. Please disable or add content." (camelcase $objectType) $name) -}} + {{- end -}} + + {{- if eq (kindOf $objectData.content) "string" -}} + {{- fail (printf "Content of %s (%s) are string. Must be in key/value format. Value can be scalar too." (camelcase $objectType) $name) -}} + {{- end -}} + + {{- $parseAsEnv := false -}} + {{- if hasKey $objectData "parseAsEnv" -}} + {{- $parseAsEnv = $objectData.parseAsEnv -}} + {{- end -}} + + {{- $classData := dict -}} {{/* Store expanded data that will be passed to the class */}} + {{- $dupeCheck := dict -}} {{/* Store expanded data that will be checked for dupes */}} + + {{- range $k, $v := $objectData.content -}} + {{- $value := tpl ($v | toString) $root -}} {{/* Convert to string so safely handle ints, falsy values and scalars. Also expand values */}} + {{- if $parseAsEnv -}} + {{- $_ := set $dupeCheck $k $value -}} + {{- end -}} + {{- $_ := set $classData $k $value -}} + {{- end -}} + + {{/* Add the to the list for dupeCheck */}} + {{- include "ix.v1.common.util.storeEnvsForDupeCheck" (dict "root" $root "source" (printf "%s-%s" $objectType $objectName) "containers" list "data" $dupeCheck) -}} + {{/* Convert to Yaml before sending to classes */}} + {{- $classData = toYaml $classData -}} + + {{- $contentType := "yaml" -}} + {{/* Create ConfigMap or Secret */}} + {{- if eq $objectType "configmap" -}} + {{- include "ix.v1.common.class.configmap" (dict "root" $root "configName" $objectName "contentType" $contentType "data" $classData "labels" $objectData.labels "annotations" $objectData.annotations) -}} + {{- else if eq $objectType "secret" -}} + {{- include "ix.v1.common.class.secret" (dict "root" $root "secretName" $objectName "secretType" $objectData.secretType "contentType" $contentType "data" $classData "labels" $objectData.labels "annotations" $objectData.annotations) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_externalInterfaces.tpl b/library/common/templates/spawner/_externalInterfaces.tpl new file mode 100644 index 00000000..66e30c64 --- /dev/null +++ b/library/common/templates/spawner/_externalInterfaces.tpl @@ -0,0 +1,11 @@ +{{- define "ix.v1.common.spawner.externalInterface" -}} + {{/* Validate that data from externalInterfaces are correct before start creating objects */}} + {{- range $iface := .Values.externalInterfaces -}} + {{- include "ix.v1.common.externalInterface" (dict "iface" $iface) -}} + {{- end -}} + + {{/* Now we are sure data is validated, spawn the objects */}} + {{- range $index, $iface := .Values.ixExternalInterfacesConfiguration -}} + {{- include "ix.v1.common.class.externalInterface" (dict "iface" $iface "index" $index "root" $) -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_imagePullSecret.tpl b/library/common/templates/spawner/_imagePullSecret.tpl new file mode 100644 index 00000000..29f4a807 --- /dev/null +++ b/library/common/templates/spawner/_imagePullSecret.tpl @@ -0,0 +1,46 @@ +{{- define "ix.v1.common.spawner.imagePullSecret" -}} + {{- $root := . -}} + {{- range $idx, $imgPullCreds := .Values.imagePullCredentials -}} + {{- if $imgPullCreds.enabled -}} + + {{- if not $imgPullCreds.name -}} + {{- fail " is required for Image Pull Secrets Credentials" -}} + {{- end -}} + + {{- if not (mustRegexMatch "^[a-zA-Z0-9-]*$" $imgPullCreds.name) -}} + {{- fail (printf " (%s) can only container this alphanumerical characters (- a-z A-Z 0-9)" $imgPullCreds.name) -}} + {{- end -}} + + {{- $secretName := include "ix.v1.common.names.imagePullSecret" (dict "root" $root "imgPullCredsName" $imgPullCreds.name) -}} + {{- $registrySecret := dict -}} + + {{- if not $imgPullCreds.content -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + + {{- with $imgPullCreds.content -}} + {{- if not .username -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .password -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .registry -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .email -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + + {{/* Auth is b64encoded and then the whole secret is b64encoded */}} + {{- $auth := printf "%s:%s" .username .password | b64enc -}} + {{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}} + + {{- $_ := set $registrySecret "auths" dict -}} + {{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry -}} + + {{- include "ix.v1.common.class.secret" (dict "root" $root "secretName" $secretName "data" $registrySecret "contentType" "pullSecret") -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_jobAndCronJob.tpl b/library/common/templates/spawner/_jobAndCronJob.tpl new file mode 100644 index 00000000..325a3452 --- /dev/null +++ b/library/common/templates/spawner/_jobAndCronJob.tpl @@ -0,0 +1,18 @@ +{{- define "ix.v1.common.spawner.jobAndCronJob" -}} + {{- range $jobName, $job := .Values.jobs -}} + {{- if $job.enabled -}} + + {{- $jobValues := $job -}} + {{- if not $jobValues.nameOverride -}} + {{- $_ := set $jobValues "nameOverride" $jobName -}} + {{- end -}} + + {{- if and (hasKey $job "cron") ($job.cron.enabled) -}} + {{- include "ix.v1.common.class.cronJob" (dict "root" $ "job" $jobValues) -}} + {{- else -}} + {{- include "ix.v1.common.class.job" (dict "root" $ "job" $jobValues) -}} + {{- end -}} + + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_portal.tpl b/library/common/templates/spawner/_portal.tpl new file mode 100644 index 00000000..138800ce --- /dev/null +++ b/library/common/templates/spawner/_portal.tpl @@ -0,0 +1,31 @@ +{{- define "ix.v1.common.spawner.portal" -}} + {{- $data := dict -}} + {{- $root := . -}} + + {{- if .Values.portal -}} + {{- if .Values.portal.enabled -}} + {{- range $svcName, $svc := $root.Values.service -}} + {{- if $svc.enabled -}} + {{- $svcValues := $svc -}} + {{- range $portName, $port := $svc.ports -}} + {{- $portalProtocol := include "ix.v1.common.portal.protocol" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalHost := include "ix.v1.common.portal.host" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalPort := include "ix.v1.common.portal.port" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalPath := include "ix.v1.common.portal.path" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $_ := set $data (printf "protocol-%v-%v" $svcName $portName) ($portalProtocol) -}} + {{- $_ := set $data (printf "host-%v-%v" $svcName $portName) ($portalHost) -}} + {{- $_ := set $data (printf "path-%v-%v" $svcName $portName) ($portalPath) -}} + {{- $_ := set $data (printf "port-%v-%v" $svcName $portName) ($portalPort) -}} + {{- $_ := set $data (printf "url-%v-%v" $svcName $portName) (printf "%v://%v:%v%v" $portalProtocol $portalHost $portalPort $portalPath) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $data -}} + {{/* Create the ConfigMap */}} + {{- $data := toYaml $data -}} + {{- include "ix.v1.common.class.configmap" (dict "root" $root "configName" "portal" "contentType" "yaml" "data" $data) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_pvc.tpl b/library/common/templates/spawner/_pvc.tpl new file mode 100644 index 00000000..d74e70a9 --- /dev/null +++ b/library/common/templates/spawner/_pvc.tpl @@ -0,0 +1,16 @@ +{{/* Renders the PVC objects */}} +{{- define "ix.v1.common.spawner.pvc" -}} + {{- $defaultType := .Values.global.defaults.persistenceType -}} + {{- range $name, $pvc := .Values.persistence -}} + {{- if and $pvc.enabled (eq (default $defaultType $pvc.type) "pvc") (not ($pvc.existingClaim)) -}} + {{- $pvcValues := $pvc -}} + + {{/* Default to $name if there is not a nameOverride given */}} + {{- if not $pvcValues.nameOverride -}} + {{- $_ := set $pvcValues "nameOverride" $name -}} + {{- end -}} + + {{- include "ix.v1.common.class.pvc" (dict "pvc" $pvcValues "root" $) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_rbac.tpl b/library/common/templates/spawner/_rbac.tpl new file mode 100644 index 00000000..465ed38d --- /dev/null +++ b/library/common/templates/spawner/_rbac.tpl @@ -0,0 +1,23 @@ +{{/* Renders the RBAC object(s) */}} +{{- define "ix.v1.common.spawner.rbac" -}} + {{- range $name, $rbac := .Values.rbac -}} + {{- if $rbac.enabled -}} + {{- $rbacValues := $rbac -}} + + {{/* + If it's not the primary RBAC, and no name override is defined, make sure + we have a unique name passed to the RBAC class. + Primary RBAC cannot have it's nameOverride + */}} + {{- if and (not $rbacValues.nameOverride) (ne $name (include "ix.v1.common.lib.util.rbac.primary" $)) -}} + {{- $_ := set $rbacValues "nameOverride" $name -}} + {{- end -}} + + {{/* + Pass a RBAC object containing this single RBAC to the class, + in order to create the object. Also pass "root" for includes to work. + */}} + {{- include "ix.v1.common.class.rbac" (dict "rbac" $rbacValues "root" $) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_service.tpl b/library/common/templates/spawner/_service.tpl new file mode 100644 index 00000000..ac5371ac --- /dev/null +++ b/library/common/templates/spawner/_service.tpl @@ -0,0 +1,25 @@ +{{/* Renders the service object(s) */}} +{{- define "ix.v1.common.spawner.service" -}} + {{- $services := .Values.service -}} + + {{- range $name, $svc := $services -}} + {{- if $svc.enabled -}} + {{- $svcValues := $svc -}} + + {{/* + If it's not the primary service, and no name override is defined, make sure + we have a unique name passed to the service class. + Primary service cannot have it's nameOverride + */}} + {{- if and (not $svcValues.nameOverride) (ne $name (include "ix.v1.common.lib.util.service.primary" (dict "services" $services))) -}} + {{- $_ := set $svcValues "nameOverride" $name -}} + {{- end -}} + + {{/* + Pass a service object containing this single service to the class, + in order to create the object. Also pass "root" for includes to work. + */}} + {{- include "ix.v1.common.class.service" (dict "svc" $svcValues "root" $) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/templates/spawner/_serviceAccount.tpl b/library/common/templates/spawner/_serviceAccount.tpl new file mode 100644 index 00000000..d75937c0 --- /dev/null +++ b/library/common/templates/spawner/_serviceAccount.tpl @@ -0,0 +1,23 @@ +{{/* Renders a ServiceAccount object */}} +{{- define "ix.v1.common.spawner.serviceAccount" -}} + {{- range $name, $serviceAccount := .Values.serviceAccount -}} + {{- if $serviceAccount.enabled -}} + {{- $saValues := $serviceAccount -}} + + {{/* + If it's not the primary SA, and no name override is defined, make sure + we have a unique name passed to the serviceAccount class. + Primary SA cannot have it's nameOverride + */}} + {{- if and (not $saValues.nameOverride) (ne $name (include "ix.v1.common.lib.util.serviceAccount.primary" $)) -}} + {{- $_ := set $saValues "nameOverride" $name -}} + {{- end -}} + + {{/* + Pass a serviceAccount object containing this single SA to the class, + in order to create the object. Also pass "root" for includes to work. + */}} + {{- include "ix.v1.common.class.serviceAccount" (dict "serviceAccount" $saValues "root" $) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml new file mode 100644 index 00000000..47bfc5f5 --- /dev/null +++ b/library/common/values.yaml @@ -0,0 +1,378 @@ +# This file only includes the default values that are applied. +# All values can be overridden per chart, in their values.yaml +# For Examples and Explanation view the "Values.yaml Explained" markdown file + +image: + repository: repo + tag: tag + pullPolicy: IfNotPresent + +imageSelector: "" + +imagePullCredentials: [] + +command: [] + +args: [] + +extraArgs: [] + +env: {} + +envList: [] + +envFrom: [] + +configmap: {} + +secret: {} + +TZ: UTC + +lifecycle: {} + +rbac: + main: + enabled: false + primary: true + clusterWide: false + +serviceAccount: + main: + enabled: false + primary: true + +addAnnotations: + traefik: true + metallb: true + +hostAliases: [] + +hostNetwork: false + +hostname: "" + +tty: false + +stdin: false + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + +# Used for SCALE / GUI Focused +scaleGPU: {} + +# Used for SCALE / GUI Focused +externalInterfaces: [] + +# Used for SCALE +scaleCerts: {} + +# Used for SCALE / GUI Focused +scaleCertsList: [] + +# Injected from middleware +ixExternalInterfacesConfiguration: [] +# Injected from middleware +ixExternalInterfacesConfigurationNames: [] +# Injected from middleware +ixCertificates: [] +# Injected from middleware +ixVolumes: [] + +portal: + enabled: true + +# - Everything bellow needs documentation + +global: + nameOverride: "" + fullnameOverride: "" + annotations: {} + labels: {} + defaults: + # If not defined on per pod or in ixChartContext, assume this. + # Empty means NO runtimeClassName + runtimeClassName: "" + # If not defined on the the cert item, assume this + useRevokedCerts: false + # If not defined on the the cert item, assume this + useExpiredCerts: false + # If not defined on the pod, assume this + dnsPolicy: ClusterFirst + # If no restart Policy is defined, assume this + restartPolicy: Always + # If no restart Policy for job is defined, assume this + jobRestartPolicy: Never + # If no port Protocol is defined, assume this + portProtocol: TCP + # Define the minimum NodePort + minimumNodePort: 9000 + # If no service Type is defined, assume this + serviceType: ClusterIP + # If no PVC Size is defined, assume this + PVCSize: 1Gi + # If no VCT Size is defined, assume this + VCTSize: 999Gi + # If no PVC type is defined, assume this + persistenceType: pvc + # If no validateHostPath key exists in the persistence item, assume this + validateHostPath: false + # If no PVC accessMode is defined, assume this + accessMode: ReadWriteOnce + # If no PVC retain key is defined, assume this + # Note, that this adds an annotation for helm whether to delete + # the resource on uninstall, manually deleting the namespace it will delete + # the resource no matter what this is set. + PVCRetain: false + # Define a storageClassName that will be used for all PVCs by default + # Leave empty to rely on the node's default storageClass + storageClass: + # When SCALE-ZFS is set for storageClass, return this name + scaleZFSStorageClass: + # Default security context used for all + # init/install/upgrade/additional + # and main containers if not specified + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + add: [] + drop: + - ALL + # Default podSecurityContext, used if + # no other is specified + podSecurityContext: + fsGroup: 568 + supplementalGroups: [] + fsGroupChangePolicy: OnRootMismatch + # Default Security values, if no others + # are specified + security: + PUID: 568 + UMASK: "002" + # Whether to inject fixedEnvs on containers + # Can be overruled per container + injectFixedEnvs: true + # Default nvidia Caps will be assigned via + # environment variable (requires injectFixedEnvs) + nvidiaCaps: + - all + # Default Resources values, if no others + # are specified, use those + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + # If no probe Type is defined, assume this + probeType: auto + # If no probe Path is defined, assume this + probePath: / + # Default probe timeouts, if no others + # are specified, use those + probes: + liveness: + spec: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + readiness: + spec: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + startup: + spec: + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + failureThreshold: 60 + # Default job/cronjob values + job: + cron: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + backoffLimit: 6 + completionMode: NonIndexed + +# - Bellow values are needed (in addition to the default global) +# as those are being referenced on other values in values.yaml sometimes + +# Default podSecurityContext for main pod +podSecurityContext: + fsGroup: 568 + supplementalGroups: [] + fsGroupChangePolicy: OnRootMismatch +# Default Security values for main container +security: + PUID: 568 + UMASK: "002" +# Default securityContext for main container +securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + add: [] + drop: + - ALL +# Default resources for main container +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + +nameOverride: "" + +fullnameOverride: "" + +podAnnotations: {} + +podLabels: {} + +enableServiceLinks: false + +schedulerName: "" + +priorityClassName: "" + +dnsPolicy: "" + +dnsConfig: {} + +nodeSelector: {} + +runtimeClassName: "" + +tolerations: [] + +# podSecurityContext: +# fsGroup: 568 +# fsGroupChangePolicy: OnRootMismatch + +# securityContext: +# runAsUser: 568 +# runAsGroup: 568 +# privileged: false +# readOnlyRootFilesystem: true +# allowPrivilegeEscalation: false +# runAsNonRoot: true + +termination: + messagePath: "" + messagePolicy: "" + gracePeriodSeconds: 10 + +controller: + # -- Enable the controller. + enabled: true + # -- Set the controller type. + # Valid options are: deployment | daemonset | statefulset + type: Deployment + # -- Set labels on the deployment/statefulset/daemonset. Helm templates can be used. + labels: {} + # -- Set annotations on the deployment/statefulset/daemonset. Helm templates can be used. + annotations: {} + # -- Revision history limit + revisionHistoryLimit: 3 + # -- Number of desired pods + replicas: 1 + # -- Set the controller upgrade strategy + # For Deployments, valid values are Recreate (default) and RollingUpdate. + # For StatefulSets, valid values are OnDelete and RollingUpdate (default). + # DaemonSets ignore this. + strategy: "" + # -- Set rollingUpdate strategies + rollingUpdate: + # -- Set deployment RollingUpdate max unavailable + unavailable: + # -- Set deployment RollingUpdate max surge + surge: + # -- Set statefulset RollingUpdate partition + partition: + +# -- Configure the services for the chart here. +# Additional services can be added by adding a dictionary key similar to the 'main' service. +# @default -- See below +service: + main: + # -- Enables or disables the service + enabled: true + # enabled: false + # -- Configure the Service port information here. + # Additional ports can be added by adding a dictionary key similar to the 'main' port. + # @default -- See below + primary: true + ports: + main: + # -- Enables or disables the port + enabled: true + # enabled: false + # -- Make this the primary port (used in probes, notes, etc...) + # If there is more than 1 service, make sure that only 1 port is marked as primary. + primary: true + # -- The port number (Default port is required if enabled: true) + port: + # -- Port protocol. + # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. + # HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation + protocol: HTTP + # -- Specify a service targetPort if you wish to differ the service port from the application port. + # If `targetPort` is specified, this port number is used in the container definition instead of + # the `port` value. Therefore named ports are not supported for this field. + targetPort: + # -- Specify the nodePort value NodePort service types. + # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) + nodePort: + +# TODO: Discuss if we are going to add defaults like: + # - /dev/shm +persistence: + # -- Create an emptyDir volume dedicated to be shared between all containers + # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) + shared: + enabled: true + type: emptyDir + mountPath: /shared + + # -- Create an emptyDir volume to share between all containers + # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) + varlogs: + enabled: true + type: emptyDir + mountPath: /var/logs + + # -- Create an emptyDir volume (shared between all containers) for temporary storage + # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) + tmp: + enabled: true + type: emptyDir + mountPath: /tmp + +# -- Used in conjunction with `controller.type: StatefulSet` to create individual disks for each instance. +volumeClaimTemplates: {} +# data: +# mountPath: /data +# accessMode: "ReadWriteOnce" +# size: 1Gi