diff --git a/.github/workflows/common_library_tests.yaml b/.github/workflows/common_library_tests.yaml index 988a32fd..00822d05 100644 --- a/.github/workflows/common_library_tests.yaml +++ b/.github/workflows/common_library_tests.yaml @@ -198,14 +198,14 @@ jobs: wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz chmod +x kail - + # Install some manifests to enable us to allow for testing cnpg, metrics and such - name: Install manifests run: | kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest" kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.20/releases/cnpg-1.20.0.yaml --server-side --force-conflicts || echo "error fetching cnpg manifest" kubectl apply -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest" - + - name: Run chart-testing (install) run: | @@ -280,6 +280,9 @@ jobs: cd library/common-test helm dependency update cd - + - name: Add namespace + run: | + echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }} - name: Run Security Scan uses: datreeio/action-datree@main diff --git a/library/common-test/ci/ingress-values.yaml b/library/common-test/ci/ingress-values.yaml index 8072645f..ac6f17ef 100644 --- a/library/common-test/ci/ingress-values.yaml +++ b/library/common-test/ci/ingress-values.yaml @@ -1,5 +1,6 @@ global: ixChartContext: + ci: true something: something workload: diff --git a/library/common-test/ci/portal-values.yaml b/library/common-test/ci/portal-values.yaml index dfbbd113..8c9fd6a3 100644 --- a/library/common-test/ci/portal-values.yaml +++ b/library/common-test/ci/portal-values.yaml @@ -1,5 +1,7 @@ -ixChartContext: - something: something +global: + ixChartContext: + ci: true + something: something workload: main: diff --git a/library/common-test/ci/route-values.yaml b/library/common-test/ci/route-values.yaml index 18040596..5bdbaf7d 100644 --- a/library/common-test/ci/route-values.yaml +++ b/library/common-test/ci/route-values.yaml @@ -1,5 +1,6 @@ global: ixChartContext: + ci: true something: something workload: diff --git a/library/common-test/tests/addons/autoperms_test.yaml b/library/common-test/tests/addons/autoperms_test.yaml index 501a0939..6ca31848 100644 --- a/library/common-test/tests/addons/autoperms_test.yaml +++ b/library/common-test/tests/addons/autoperms_test.yaml @@ -327,8 +327,10 @@ tests: primary: true type: Deployment podSpec: {} - ixChartContext: - some: context + global: + namespace: ix-namespace + ixChartContext: + some: context ixVolumes: - hostPath: /mnt/pool/ix-applications/test persistence: diff --git a/library/common-test/tests/configmap/metadata_test.yaml b/library/common-test/tests/configmap/metadata_test.yaml index d3687250..0ba8fc1d 100644 --- a/library/common-test/tests/configmap/metadata_test.yaml +++ b/library/common-test/tests/configmap/metadata_test.yaml @@ -60,8 +60,9 @@ tests: label1: label1 label2: label2 - documentIndex: *configMapDoc - isNull: + equal: path: metadata.namespace + value: test-release-namespace - it: should pass with configmap created with namespace set: @@ -77,13 +78,13 @@ tests: path: metadata.namespace value: some-namespace - - it: should pass with configmap created with namespace from tpl + - it: should pass with configmap created with object namespace from tpl set: - namespace: some-namespace + key: some-namespace configmap: my-configmap1: enabled: true - namespace: "{{ .Values.namespace }}" + namespace: "{{ .Values.key }}" data: foo: bar asserts: @@ -91,3 +92,53 @@ tests: equal: path: metadata.namespace value: some-namespace + + - it: should pass with configmap created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with configmap created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with configmap created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/configmap/validation_test.yaml b/library/common-test/tests/configmap/validation_test.yaml index 8091d13d..07190ff9 100644 --- a/library/common-test/tests/configmap/validation_test.yaml +++ b/library/common-test/tests/configmap/validation_test.yaml @@ -27,6 +27,33 @@ tests: - failedTemplate: errorMessage: Name [test-release-name-common-test-_my-configmap] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + - it: should fail with namespace longer than 63 characters + set: + configmap: + my-configmap: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Configmap - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + configmap: + my-configmap: + enabled: true + namespace: my-namespace + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Configmap - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE + - it: should fail with labels not a dict set: configmap: diff --git a/library/common-test/tests/container/envFixed_test .yaml b/library/common-test/tests/container/envFixed_test .yaml index 9fe64e7c..4456608c 100644 --- a/library/common-test/tests/container/envFixed_test .yaml +++ b/library/common-test/tests/container/envFixed_test .yaml @@ -373,6 +373,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/container/resources_test.yaml b/library/common-test/tests/container/resources_test.yaml index 6d4a6c63..5c5a5b25 100644 --- a/library/common-test/tests/container/resources_test.yaml +++ b/library/common-test/tests/container/resources_test.yaml @@ -351,6 +351,7 @@ tests: - gpu: nvidia.com/gpu: 1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -441,6 +442,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -537,6 +539,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -635,6 +638,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -703,6 +707,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia diff --git a/library/common-test/tests/cronjob/metadata_test.yaml b/library/common-test/tests/cronjob/metadata_test.yaml index d948c40e..fe64ed70 100644 --- a/library/common-test/tests/cronjob/metadata_test.yaml +++ b/library/common-test/tests/cronjob/metadata_test.yaml @@ -88,3 +88,84 @@ tests: matchRegex: path: spec.jobTemplate.spec.template.metadata.annotations.rollme pattern: '^[0-9a-zA-Z]{5}$' + - documentIndex: *cronJobDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with CronJob created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + namespace: "{{ .Values.key }}" + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with CronJob created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with CronJob created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with CronJob created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/cronjob/validation_test.yaml b/library/common-test/tests/cronjob/validation_test.yaml index 18f90c1b..3ee46a2b 100644 --- a/library/common-test/tests/cronjob/validation_test.yaml +++ b/library/common-test/tests/cronjob/validation_test.yaml @@ -44,3 +44,34 @@ tests: asserts: - failedTemplate: errorMessage: Job - Expected to be one of [Indexed, NonIndexed], but got [not-a-mode] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "* * * * *" + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: CronJob - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "* * * * *" + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: CronJob - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/daemonset/metadata_test.yaml b/library/common-test/tests/daemonset/metadata_test.yaml index e9d9bc41..5603fc35 100644 --- a/library/common-test/tests/daemonset/metadata_test.yaml +++ b/library/common-test/tests/daemonset/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *daemonSetDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherDaemonSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherDaemonSetDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with DaemonSet created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with DaemonSet created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with DaemonSet created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with DaemonSet created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/daemonset/validation_test.yaml b/library/common-test/tests/daemonset/validation_test.yaml index 92423916..0bd38225 100644 --- a/library/common-test/tests/daemonset/validation_test.yaml +++ b/library/common-test/tests/daemonset/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: DaemonSet - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: DaemonSet - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: DaemonSet - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/deployment/metadata_test.yaml b/library/common-test/tests/deployment/metadata_test.yaml index 82ebf65c..a099fcde 100644 --- a/library/common-test/tests/deployment/metadata_test.yaml +++ b/library/common-test/tests/deployment/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *deploymentDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherDeploymentDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherDeploymentDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with deployment created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with deployment created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with deployment created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with deployment created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/deployment/validation_test.yaml b/library/common-test/tests/deployment/validation_test.yaml index af04179f..cbf00453 100644 --- a/library/common-test/tests/deployment/validation_test.yaml +++ b/library/common-test/tests/deployment/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: Deployment - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Deployment - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Deployment - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/externalInterface/metadata_test.yaml b/library/common-test/tests/externalInterface/metadata_test.yaml index 1f318baa..379e2df7 100644 --- a/library/common-test/tests/externalInterface/metadata_test.yaml +++ b/library/common-test/tests/externalInterface/metadata_test.yaml @@ -237,3 +237,65 @@ tests: path: spec.jobTemplate.spec.template.metadata.annotations content: k8s.v1.cni.cncf.io/networks: ix-test-release-name-0 + + - it: should pass with networkattachmentdefinition created with namespace from global with tpl + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + key: global-namespace + global: + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: &networkDoc 0 + isKind: + of: NetworkAttachmentDefinition + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with networkattachmentdefinition created with namespace from root with tpl + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + asserts: + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with networkattachmentdefinition created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + namespace: ix-namespace + asserts: + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/externalInterface/name_test.yaml b/library/common-test/tests/externalInterface/name_test.yaml index 72328eac..abc6a22d 100644 --- a/library/common-test/tests/externalInterface/name_test.yaml +++ b/library/common-test/tests/externalInterface/name_test.yaml @@ -32,6 +32,10 @@ tests: equal: path: metadata.name value: ix-test-release-name-0 + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &otherNetworkDoc 1 isKind: of: NetworkAttachmentDefinition @@ -42,3 +46,7 @@ tests: equal: path: metadata.name value: ix-test-release-name-1 + - documentIndex: *otherNetworkDoc + equal: + path: metadata.namespace + value: test-release-namespace diff --git a/library/common-test/tests/externalInterface/validation_test.yaml b/library/common-test/tests/externalInterface/validation_test.yaml index c9a83cee..f4784eea 100644 --- a/library/common-test/tests/externalInterface/validation_test.yaml +++ b/library/common-test/tests/externalInterface/validation_test.yaml @@ -121,7 +121,7 @@ tests: # Simulate middleware injection ixExternalInterfacesConfiguration: - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' - ixExternalInterfaceConfigurationNames: [] + ixExternalInterfacesConfigurationNames: [] scaleExternalInterface: - hostInterface: enp0s3 ipam: @@ -136,3 +136,37 @@ tests: asserts: - failedTemplate: errorMessage: External Interface - Expected non empty + + - it: should fail with namespace longer than 63 characters + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + global: + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Network Attachment Definition - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + namespace: my-namespace + ixChartContext: + iAmNotEmpty: true + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + asserts: + - failedTemplate: + errorMessage: Network Attachment Definition - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/imagePullSecret/metadata_test.yaml b/library/common-test/tests/imagePullSecret/metadata_test.yaml index d6a66b08..2ec4a2d4 100644 --- a/library/common-test/tests/imagePullSecret/metadata_test.yaml +++ b/library/common-test/tests/imagePullSecret/metadata_test.yaml @@ -62,3 +62,88 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *secretDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-secret1 + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with secret created with object namespace from tpl + set: + key: some-namespace + imagePullSecret: + my-secret1: + enabled: true + namespace: "{{ .Values.key }}" + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with secret created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with secret created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with secret created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/imagePullSecret/validation_test.yaml b/library/common-test/tests/imagePullSecret/validation_test.yaml index f435bae6..4e963dcb 100644 --- a/library/common-test/tests/imagePullSecret/validation_test.yaml +++ b/library/common-test/tests/imagePullSecret/validation_test.yaml @@ -130,3 +130,36 @@ tests: asserts: - failedTemplate: errorMessage: Image Pull Secret - Expected non-empty + + - it: should fail with namespace longer than 63 characters + set: + imagePullSecret: + my-secret1: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + imagePullSecret: + my-secret1: + enabled: true + namespace: my-namespace + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/initContainer/data_test.yaml b/library/common-test/tests/initContainer/data_test.yaml index 7af9f49c..c8b489fe 100644 --- a/library/common-test/tests/initContainer/data_test.yaml +++ b/library/common-test/tests/initContainer/data_test.yaml @@ -237,6 +237,7 @@ tests: image: *image initImage: *initImage global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/initContainer/data_upgrade_test.yaml b/library/common-test/tests/initContainer/data_upgrade_test.yaml index b7a331f7..aafffc79 100644 --- a/library/common-test/tests/initContainer/data_upgrade_test.yaml +++ b/library/common-test/tests/initContainer/data_upgrade_test.yaml @@ -238,6 +238,7 @@ tests: image: *image initImage: *initImage global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/job/metadata_test.yaml b/library/common-test/tests/job/metadata_test.yaml index 5a815cc5..0afe7de7 100644 --- a/library/common-test/tests/job/metadata_test.yaml +++ b/library/common-test/tests/job/metadata_test.yaml @@ -87,3 +87,80 @@ tests: matchRegex: path: spec.template.metadata.annotations.rollme pattern: '^[0-9a-zA-Z]{5}$' + - documentIndex: *jobDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with Job created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with Job created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with Job created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with Job created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/job/validation_test.yaml b/library/common-test/tests/job/validation_test.yaml index 0804806c..f1a288a6 100644 --- a/library/common-test/tests/job/validation_test.yaml +++ b/library/common-test/tests/job/validation_test.yaml @@ -46,3 +46,32 @@ tests: asserts: - failedTemplate: errorMessage: Job - Expected to be set when is set to [Indexed] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Job - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Job - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/persistence/metadata_test.yaml b/library/common-test/tests/persistence/metadata_test.yaml index 0093e11e..02d21dea 100644 --- a/library/common-test/tests/persistence/metadata_test.yaml +++ b/library/common-test/tests/persistence/metadata_test.yaml @@ -61,6 +61,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *pvcDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-volume1 + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: test-release-namespace - it: should pass with pvc created with retain set to true set: @@ -90,3 +98,65 @@ tests: app.kubernetes.io/instance: test-release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: *appVer + + - it: should pass with pvc created with object namespace from tpl + set: + key: some-namespace + persistence: + my-volume1: + enabled: true + type: pvc + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with pvc created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with pvc created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with pvc created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + storageClassName: SCALE-ZFS + namespace: ix-namespace + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/persistence/pvc_data_test.yaml b/library/common-test/tests/persistence/pvc_data_test.yaml index e2531965..90afd330 100644 --- a/library/common-test/tests/persistence/pvc_data_test.yaml +++ b/library/common-test/tests/persistence/pvc_data_test.yaml @@ -177,6 +177,7 @@ tests: - it: should create pvc with storageClass set "SCALE-ZFS" and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" @@ -197,6 +198,7 @@ tests: - it: should create pvc with storageClass not set and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" diff --git a/library/common-test/tests/persistence/validation_test.yaml b/library/common-test/tests/persistence/validation_test.yaml index e08d5c60..8563dca4 100644 --- a/library/common-test/tests/persistence/validation_test.yaml +++ b/library/common-test/tests/persistence/validation_test.yaml @@ -59,6 +59,7 @@ tests: - it: should fail without storageClassName in ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" persistence: @@ -72,6 +73,7 @@ tests: - it: should fail without storageClassName in ixChartContext with SCALE-ZFS explicitly set set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" persistence: @@ -130,3 +132,28 @@ tests: asserts: - failedTemplate: errorMessage: Persistence - Expected secret [my-non-existent-secret] defined in to exist + + - it: should fail with namespace longer than 63 characters + set: + persistence: + volume1: + enabled: true + type: pvc + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Persistent Volume Claim - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + persistence: + volume1: + enabled: true + type: pvc + namespace: my-namespace + asserts: + - failedTemplate: + errorMessage: Persistent Volume Claim - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/pod/runtime_class_name_test.yaml b/library/common-test/tests/pod/runtime_class_name_test.yaml index 414f249f..58e79b8a 100644 --- a/library/common-test/tests/pod/runtime_class_name_test.yaml +++ b/library/common-test/tests/pod/runtime_class_name_test.yaml @@ -85,6 +85,7 @@ tests: workload-name3: - container-name1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -135,6 +136,7 @@ tests: - gpu: key: 0 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -155,6 +157,7 @@ tests: - gpu: key: value global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -194,6 +197,7 @@ tests: workload-name1: - container-name1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime diff --git a/library/common-test/tests/rbac/metadata_test.yaml b/library/common-test/tests/rbac/metadata_test.yaml index c5f84219..60ad81ff 100644 --- a/library/common-test/tests/rbac/metadata_test.yaml +++ b/library/common-test/tests/rbac/metadata_test.yaml @@ -91,6 +91,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *roleDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &roleBindingDoc 2 isKind: of: RoleBinding @@ -118,6 +126,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *roleBindingDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &clusterRoleDoc 3 isKind: of: ClusterRole @@ -172,3 +188,125 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + + - it: should pass with role/rolebinding created with object namespace from tpl + set: + key: some-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + rbac: + my-rbac1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: &roleDoc 1 + equal: + path: metadata.namespace + value: some-namespace + - documentIndex: &roleBindingDoc 1 + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with role/rolebinding created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: global-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with role/rolebinding created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: local-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with role/rolebinding created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: ix-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/rbac/validation_test.yaml b/library/common-test/tests/rbac/validation_test.yaml index b6e9f4f4..94984963 100644 --- a/library/common-test/tests/rbac/validation_test.yaml +++ b/library/common-test/tests/rbac/validation_test.yaml @@ -251,3 +251,51 @@ tests: asserts: - failedTemplate: errorMessage: RBAC - Expected non-empty + + - it: should fail with namespace longer than 63 characters + set: + serviceAccount: + my-sa: + enabled: true + primary: true + rbac: + my-rbac: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - failedTemplate: + errorMessage: RBAC - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: ix-namespace + rbac: + my-rbac: + enabled: true + primary: true + namespace: my-namespace + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - failedTemplate: + errorMessage: RBAC - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/secret/metadata_test.yaml b/library/common-test/tests/secret/metadata_test.yaml index ba785cd0..835fab27 100644 --- a/library/common-test/tests/secret/metadata_test.yaml +++ b/library/common-test/tests/secret/metadata_test.yaml @@ -60,8 +60,9 @@ tests: label1: label1 label2: label2 - documentIndex: *secretDoc - isNull: + equal: path: metadata.namespace + value: test-release-namespace - it: should pass with secret created with namespace set: @@ -77,13 +78,13 @@ tests: path: metadata.namespace value: some-namespace - - it: should pass with secret created with namespace from tpl + - it: should pass with secret created with object namespace from tpl set: - namespace: some-namespace + key: some-namespace secret: my-secret1: enabled: true - namespace: "{{ .Values.namespace }}" + namespace: "{{ .Values.key }}" data: foo: bar asserts: @@ -91,3 +92,53 @@ tests: equal: path: metadata.namespace value: some-namespace + + - it: should pass with secret created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with secret created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with secret created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/secret/validation_test.yaml b/library/common-test/tests/secret/validation_test.yaml index 29335c81..1e4b3122 100644 --- a/library/common-test/tests/secret/validation_test.yaml +++ b/library/common-test/tests/secret/validation_test.yaml @@ -51,6 +51,33 @@ tests: - failedTemplate: errorMessage: Secret - Expected to be a dictionary, but got [string] + - it: should fail with namespace longer than 63 characters + set: + secret: + my-secret: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + secret: + my-secret: + enabled: true + namespace: my-namespace + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE + - it: should fail with data not a dict set: secret: diff --git a/library/common-test/tests/service/external_ip_test.yaml b/library/common-test/tests/service/external_ip_test.yaml index 3e14e354..4a4015bf 100644 --- a/library/common-test/tests/service/external_ip_test.yaml +++ b/library/common-test/tests/service/external_ip_test.yaml @@ -114,6 +114,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *endpointSliceDoc equal: path: metadata.labels @@ -235,6 +239,14 @@ tests: - documentIndex: *endpointDoc isAPIVersion: of: v1 + - documentIndex: *endpointDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *endpointDoc equal: path: subsets @@ -325,3 +337,198 @@ tests: port: 12346 protocol: TCP appProtocol: http + + - it: should use object namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: some-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should use global namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should use root namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should have ix namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: ix-namespace + + - it: should use object namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: some-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should use global namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should use root namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should have ix namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/service/metadata_test.yaml b/library/common-test/tests/service/metadata_test.yaml index 1f6e1014..b3af6915 100644 --- a/library/common-test/tests/service/metadata_test.yaml +++ b/library/common-test/tests/service/metadata_test.yaml @@ -78,6 +78,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *serviceDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &otherServiceDoc 2 isKind: of: Service @@ -96,6 +104,14 @@ tests: helm-revision: "0" helm.sh/chart: common-test-1.0.0 release: test-release-name + - documentIndex: *otherServiceDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-service2 + - documentIndex: *otherServiceDoc + equal: + path: metadata.namespace + value: test-release-namespace - it: should pass with service type LoadBalancer, with https port and addMetalLBAnnotations/Traefik true set: @@ -193,3 +209,84 @@ tests: pod.name: my-workload app.kubernetes.io/name: common-test app.kubernetes.io/instance: test-release-name + + - it: should pass with service created with object namespace from tpl + set: + key: some-namespace + service: + my-service1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: &serviceDoc 0 + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with service created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with service created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with service created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/service/validation_test.yaml b/library/common-test/tests/service/validation_test.yaml index 167a0dab..fbd5e7ed 100644 --- a/library/common-test/tests/service/validation_test.yaml +++ b/library/common-test/tests/service/validation_test.yaml @@ -497,3 +497,38 @@ tests: asserts: - failedTemplate: errorMessage: Service - Expected the defined key [expandObjectName] in to not be empty + + - it: should fail with namespace longer than 63 characters + set: + service: + my-service1: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - failedTemplate: + errorMessage: Service - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + service: + my-service1: + enabled: true + primary: true + namespace: my-namespace + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - failedTemplate: + errorMessage: Service - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/serviceAccount/metadata_test.yaml b/library/common-test/tests/serviceAccount/metadata_test.yaml index 7829ed1c..2976ceee 100644 --- a/library/common-test/tests/serviceAccount/metadata_test.yaml +++ b/library/common-test/tests/serviceAccount/metadata_test.yaml @@ -58,3 +58,85 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *serviceAccountDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with sa created with namespace + set: + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: some-namespace + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with sa created with object namespace from tpl + set: + key: some-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with sa created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with sa created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with sa created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/serviceAccount/validation_test.yaml b/library/common-test/tests/serviceAccount/validation_test.yaml index 86c4d328..1c064444 100644 --- a/library/common-test/tests/serviceAccount/validation_test.yaml +++ b/library/common-test/tests/serviceAccount/validation_test.yaml @@ -78,3 +78,28 @@ tests: asserts: - failedTemplate: errorMessage: Service Account - At least one enabled service account must be primary + + - it: should fail with namespace longer than 63 characters + set: + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Service Account - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: my-namespace + asserts: + - failedTemplate: + errorMessage: Service Account - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/statefulset/metadata_test.yaml b/library/common-test/tests/statefulset/metadata_test.yaml index 4457e045..71ebd623 100644 --- a/library/common-test/tests/statefulset/metadata_test.yaml +++ b/library/common-test/tests/statefulset/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *statefulSetDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherStatefulSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherStatefulSetDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with statefulset created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with deployment created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with deployment created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with deployment created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/statefulset/validation_test.yaml b/library/common-test/tests/statefulset/validation_test.yaml index 00609892..2e46f391 100644 --- a/library/common-test/tests/statefulset/validation_test.yaml +++ b/library/common-test/tests/statefulset/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: StatefulSet - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: StatefulSet - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: StatefulSet - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/volumeClaimTemplate/validation_test.yaml b/library/common-test/tests/volumeClaimTemplate/validation_test.yaml index cc47f925..a837c53f 100644 --- a/library/common-test/tests/volumeClaimTemplate/validation_test.yaml +++ b/library/common-test/tests/volumeClaimTemplate/validation_test.yaml @@ -56,6 +56,7 @@ tests: - it: should fail without storageClassName in ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" volumeClaimTemplates: @@ -74,6 +75,7 @@ tests: - it: should fail without storageClassName in ixChartContext with SCALE-ZFS explicitly set set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" volumeClaimTemplates: diff --git a/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml b/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml index 2ccf6f5b..89cf37d4 100644 --- a/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml +++ b/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml @@ -1,4 +1,4 @@ -suite: volumeClaimTemplates data name test +suite: volumeClaimTemplates data test templates: - common.yaml release: @@ -186,6 +186,7 @@ tests: - it: should create vct with storageClass set "SCALE-ZFS" and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" @@ -212,6 +213,7 @@ tests: - it: should create pvc with storageClass not set and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" diff --git a/library/common/templates/class/_certificate.tpl b/library/common/templates/class/_certificate.tpl index b1675c2b..e2ec1c59 100644 --- a/library/common/templates/class/_certificate.tpl +++ b/library/common/templates/class/_certificate.tpl @@ -12,6 +12,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVe kind: Certificate metadata: name: {{ $name }} + namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }} spec: secretName: {{ $name }} dnsNames: diff --git a/library/common/templates/class/_cnpgCluster.tpl b/library/common/templates/class/_cnpgCluster.tpl index 11cdc811..fc42e584 100644 --- a/library/common/templates/class/_cnpgCluster.tpl +++ b/library/common/templates/class/_cnpgCluster.tpl @@ -18,6 +18,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }} kind: Cluster metadata: name: {{ $cnpgClusterName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} labels: cnpg.io/reload: "on" diff --git a/library/common/templates/class/_cnpgPooler.tpl b/library/common/templates/class/_cnpgPooler.tpl index 6b459a75..6a2dee2d 100644 --- a/library/common/templates/class/_cnpgPooler.tpl +++ b/library/common/templates/class/_cnpgPooler.tpl @@ -20,6 +20,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }} kind: Pooler metadata: name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} spec: cluster: name: {{ $cnpgClusterName }} diff --git a/library/common/templates/class/_configmap.tpl b/library/common/templates/class/_configmap.tpl index cd96ff8a..0d40e1d8 100644 --- a/library/common/templates/class/_configmap.tpl +++ b/library/common/templates/class/_configmap.tpl @@ -20,6 +20,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: @@ -29,9 +30,6 @@ metadata: {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} annotations: {{- . | nindent 4 }} - {{- end -}} - {{- with $objectData.namespace }} - namespace: {{ tpl . $rootCtx }} {{- end }} data: {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }} diff --git a/library/common/templates/class/_cronjob.tpl b/library/common/templates/class/_cronjob.tpl index f0a5197a..3efcc584 100644 --- a/library/common/templates/class/_cronjob.tpl +++ b/library/common/templates/class/_cronjob.tpl @@ -16,6 +16,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_daemonset.tpl b/library/common/templates/class/_daemonset.tpl index 645cdd54..4bfd2af6 100644 --- a/library/common/templates/class/_daemonset.tpl +++ b/library/common/templates/class/_daemonset.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_deployment.tpl b/library/common/templates/class/_deployment.tpl index 73163218..3238a5c1 100644 --- a/library/common/templates/class/_deployment.tpl +++ b/library/common/templates/class/_deployment.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_endpoint.tpl b/library/common/templates/class/_endpoint.tpl index f0f0fc9a..29862e9f 100644 --- a/library/common/templates/class/_endpoint.tpl +++ b/library/common/templates/class/_endpoint.tpl @@ -14,6 +14,7 @@ apiVersion: v1 kind: Endpoints metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_endpointSlice.tpl b/library/common/templates/class/_endpointSlice.tpl index 9d7429c2..0a29dce7 100644 --- a/library/common/templates/class/_endpointSlice.tpl +++ b/library/common/templates/class/_endpointSlice.tpl @@ -21,6 +21,7 @@ apiVersion: discovery.k8s.io/v1 kind: EndpointSlice metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_horizontalPodAutoscaler.tpl b/library/common/templates/class/_horizontalPodAutoscaler.tpl index 208e7400..92abf3ff 100644 --- a/library/common/templates/class/_horizontalPodAutoscaler.tpl +++ b/library/common/templates/class/_horizontalPodAutoscaler.tpl @@ -24,6 +24,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }} kind: HorizontalPodAutoscaler metadata: name: {{ $hpaName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_ingress.tpl b/library/common/templates/class/_ingress.tpl index 9e84b064..502111b1 100644 --- a/library/common/templates/class/_ingress.tpl +++ b/library/common/templates/class/_ingress.tpl @@ -36,7 +36,7 @@ within the common library. {{- end -}} {{- if $values.ingressClassName -}} - + {{- if $.Values.global.ixChartContext -}} {{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}} {{- else -}} @@ -74,6 +74,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }} kind: Ingress metadata: name: {{ $ingressName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_job.tpl b/library/common/templates/class/_job.tpl index c94f193d..e6630cf3 100644 --- a/library/common/templates/class/_job.tpl +++ b/library/common/templates/class/_job.tpl @@ -16,6 +16,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_networkAttachmentDefinition.tpl b/library/common/templates/class/_networkAttachmentDefinition.tpl index 97de0fa2..1c0364d9 100644 --- a/library/common/templates/class/_networkAttachmentDefinition.tpl +++ b/library/common/templates/class/_networkAttachmentDefinition.tpl @@ -19,6 +19,7 @@ apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }} {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_networkPolicy.tpl b/library/common/templates/class/_networkPolicy.tpl index a8f7c25d..735ea2be 100644 --- a/library/common/templates/class/_networkPolicy.tpl +++ b/library/common/templates/class/_networkPolicy.tpl @@ -22,6 +22,7 @@ kind: NetworkPolicy apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }} metadata: name: {{ $networkPolicyName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_podMonitor.tpl b/library/common/templates/class/_podMonitor.tpl index 8eaa73f1..907bb3b2 100644 --- a/library/common/templates/class/_podMonitor.tpl +++ b/library/common/templates/class/_podMonitor.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }} kind: PodMonitor metadata: name: {{ $podmonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_prometheusRule.tpl b/library/common/templates/class/_prometheusRule.tpl index e1036315..34b0b47a 100644 --- a/library/common/templates/class/_prometheusRule.tpl +++ b/library/common/templates/class/_prometheusRule.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ } kind: PrometheusRule metadata: name: {{ $prometheusruleName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_pvc.tpl b/library/common/templates/class/_pvc.tpl index 34e2929b..b1451018 100644 --- a/library/common/templates/class/_pvc.tpl +++ b/library/common/templates/class/_pvc.tpl @@ -28,6 +28,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_rbac.tpl b/library/common/templates/class/_rbac.tpl index ef15e28d..d5f94a75 100644 --- a/library/common/templates/class/_rbac.tpl +++ b/library/common/templates/class/_rbac.tpl @@ -22,7 +22,7 @@ kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }} metadata: name: {{ $objectData.name }} {{- if not $objectData.clusterWide }} - namespace: {{ $rootCtx.Release.Namespace }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }} {{- end }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_route.tpl b/library/common/templates/class/_route.tpl index 7770c90e..e9ef7e01 100644 --- a/library/common/templates/class/_route.tpl +++ b/library/common/templates/class/_route.tpl @@ -8,7 +8,7 @@ within the common library. {{- with .ObjectValues.route -}} {{- $values = . -}} {{- end -}} -{{ end -}} +{{- end -}} {{- $routeLabels := $values.labels -}} {{- $routeAnnotations := $values.annotations -}} @@ -16,7 +16,7 @@ within the common library. {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}} -{{ end -}} +{{- end -}} {{- $routeKind := $values.kind | default "HTTPRoute" -}} {{/* Get the name of the primary service, if any */}} @@ -28,16 +28,17 @@ within the common library. {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} {{- end -}} -{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}} +{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }} --- apiVersion: gateway.networking.k8s.io/v1alpha2 -{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") }} - {{- fail (printf "Not a valid route kind (%s)" $routeKind) }} +{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}} + {{- fail (printf "Not a valid route kind (%s)" $routeKind) -}} {{- end }} kind: {{ $routeKind }} metadata: name: {{ $fullName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_secret.tpl b/library/common/templates/class/_secret.tpl index b35173fa..14b2f2a4 100644 --- a/library/common/templates/class/_secret.tpl +++ b/library/common/templates/class/_secret.tpl @@ -31,6 +31,7 @@ kind: Secret type: {{ $secretType }} metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: @@ -41,9 +42,6 @@ metadata: annotations: {{- . | nindent 4 }} {{- end -}} - {{- with $objectData.namespace }} - namespace: {{ tpl . $rootCtx }} - {{- end -}} {{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }} data: {{- if eq $objectData.type "certificate" }} diff --git a/library/common/templates/class/_service.tpl b/library/common/templates/class/_service.tpl index 35c6084a..e1fd3d4b 100644 --- a/library/common/templates/class/_service.tpl +++ b/library/common/templates/class/_service.tpl @@ -58,6 +58,7 @@ apiVersion: v1 kind: Service metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_serviceAccount.tpl b/library/common/templates/class/_serviceAccount.tpl index 9a8264b6..209bf0b0 100644 --- a/library/common/templates/class/_serviceAccount.tpl +++ b/library/common/templates/class/_serviceAccount.tpl @@ -19,6 +19,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_serviceMonitor.tpl b/library/common/templates/class/_serviceMonitor.tpl index b5ae095b..17c2020e 100644 --- a/library/common/templates/class/_serviceMonitor.tpl +++ b/library/common/templates/class/_serviceMonitor.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ } kind: ServiceMonitor metadata: name: {{ $servicemonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_statefulset.tpl b/library/common/templates/class/_statefulset.tpl index cb098421..289ba824 100644 --- a/library/common/templates/class/_statefulset.tpl +++ b/library/common/templates/class/_statefulset.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/lib/chart/_names.tpl b/library/common/templates/lib/chart/_names.tpl index fcba93bd..9241b0ca 100644 --- a/library/common/templates/lib/chart/_names.tpl +++ b/library/common/templates/lib/chart/_names.tpl @@ -34,7 +34,7 @@ {{- $name := .name -}} - {{- if not (mustRegexMatch "^[a-z0-9]([a-z0-9]-?|-?[a-z0-9]){0,61}[a-z0-9]$" $name) -}} + {{- if not (and (mustRegexMatch "^[a-z0-9](-?[a-z0-9]-?)+[a-z0-9]$" $name) (le (len $name) 63)) -}} {{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $name) -}} {{- end -}} diff --git a/library/common/templates/lib/metadata/_namespace.tpl b/library/common/templates/lib/metadata/_namespace.tpl new file mode 100644 index 00000000..10b048db --- /dev/null +++ b/library/common/templates/lib/metadata/_namespace.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.lib.metadata.namespace" -}} + {{- $caller := .caller -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $namespace := $rootCtx.Release.Namespace -}} + + {{- with $rootCtx.Values.global.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $rootCtx.Values.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $objectData.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- if not (and (mustRegexMatch "^[a-z0-9](-?[a-z0-9]-?)+[a-z0-9]$" $namespace) (le (len $namespace) 63)) -}} + {{- fail (printf "%s - Namespace [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $caller $namespace) -}} + {{- end -}} + + {{- if $rootCtx.Values.global.ixChartContext -}} + {{- if not (hasPrefix "ix-" $namespace) -}} + {{/* This is only to be used on CI that do not run in SCALE so we can skip the failure */}} + {{- if not $rootCtx.Values.global.ixChartContext.ci -}} + {{- fail (printf "%s - Namespace [%v] expected to have [ix-] prefix when installed in TrueNAS SCALE" $caller $namespace) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $namespace -}} + +{{- end -}} diff --git a/library/common/templates/lib/util/_autoperms.tpl b/library/common/templates/lib/util/_autoperms.tpl index 3c46fe85..773b45c3 100644 --- a/library/common/templates/lib/util/_autoperms.tpl +++ b/library/common/templates/lib/util/_autoperms.tpl @@ -120,7 +120,7 @@ podSpec: {{- if $vol.chown }} echo "Automatically correcting ownership for {{ $mountPath }}..." before=$(stat -c "%u:%g" {{ $mountPath }}) - {{- if $.Values.ixChartContext }}{{/* TODO: Add user here too? */}} + {{- if $.Values.global.ixChartContext }}{{/* TODO: Add user here too? */}} /usr/sbin/nfs4xdr_winacl -a chown -G {{ $group }} {{ $r | lower }} -c "{{ $mountPath }}" -p "{{ $mountPath }}" || echo "Failed setting ownership using winacl..." {{- else }} chown {{ $r }} -f {{ $user }}:{{ $group }} {{ $mountPath }} || echo "Failed setting ownership using chown..." diff --git a/library/common/templates/lib/util/_chartcontext.tpl b/library/common/templates/lib/util/_chartcontext.tpl index 214d7309..2d18d286 100644 --- a/library/common/templates/lib/util/_chartcontext.tpl +++ b/library/common/templates/lib/util/_chartcontext.tpl @@ -56,7 +56,7 @@ {{- else -}} {{- $namespace = $selectedIngress.ingressClassName -}} {{- end -}} - + {{- end -}} {{- $traefikportalhook := lookup "v1" "ConfigMap" $namespace "portalhook" -}} @@ -95,10 +95,10 @@ {{- end -}} {{/* TrueNAS SCALE specific code */}} - {{- if $.Values.ixChartContext -}} - {{- if $.Values.ixChartContext.kubernetes_config -}} - {{- $podCIDR = $.Values.ixChartContext.kubernetes_config.cluster_cidr -}} - {{- $svcCIDR = $.Values.ixChartContext.kubernetes_config.service_cidr -}} + {{- if $.Values.global.ixChartContext -}} + {{- if $.Values.global.ixChartContext.kubernetes_config -}} + {{- $podCIDR = $.Values.global.ixChartContext.kubernetes_config.cluster_cidr -}} + {{- $svcCIDR = $.Values.global.ixChartContext.kubernetes_config.service_cidr -}} {{- end -}} {{- else -}} {{/* TODO: Find ways to implement CIDR detection */}} diff --git a/library/common/templates/spawner/_portal.tpl b/library/common/templates/spawner/_portal.tpl index 88ca1a24..fd141b7c 100644 --- a/library/common/templates/spawner/_portal.tpl +++ b/library/common/templates/spawner/_portal.tpl @@ -156,7 +156,7 @@ {{- include "tc.v1.common.lib.configmap.validation" (dict "objectData" $configMap) -}} {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $configMap "caller" "ConfigMap") -}} - {{- if $.Values.ixChartContext -}} + {{- if $.Values.global.ixChartContext -}} {{/* Call class to create the object */}} {{- include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $configMap) -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index f96ddf16..466ef006 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -4,6 +4,9 @@ global: labels: {} # -- Set additional global annotations annotations: {} + # -- Set a global namespace + # TODO: Currently some objects do not support this + namespace: "" # -- Adds metalLB annotations to services addMetalLBAnnotations: true # -- Adds traefik annotations to services @@ -56,6 +59,8 @@ fallbackDefaults: failureThreshold: 60 successThreshold: 1 +# -- Explicitly set a namespace for this chart only +namespace: "" # -- Image values image: