From 07d4558f5e8e02c0d3d3ca48cfdfe1b2a24594a1 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Sat, 15 Jul 2023 20:14:48 +0300 Subject: [PATCH] feat(common): explicitly set the namespace on all the objects (#488) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** ⚒️ Fixes #441 - Added a function to "generate" the namespace and also validate in terms of length and format. Current blockers: Some objects added after the initial refactor use a different code style and currently is not straightforward to use the above function. Those will have to be revisited once they have some tests for themselves. And after everything else is working and have tests in place (in regards with the namespace change) TODO: - [x] adjusts regex for validation on name and namespace. - [x] Doc updates Tests: - [x] Configmap - [x] CronJob - [x] DaemonSet - [x] Deployment - [x] Endpoint - [x] EndpointSlice - [x] Job - [x] NetworkAttachmentDefinition (Due to being only used in Scale and the way the config is fetched, only global and root level namespaces are used. You just can't define the NS on the object itself.) - [x] PesistentVolumeClaim - [x] RBAC - [x] Secret - [x] Service - [x] ServiceAccount - [x] StatefulSet Objects with the implementation (but no tests): Also those objects do not have per object override and do not support TPL. The above issues will be fixed on each one after they are refactored. - [x] Certificate - [x] Cluster - [x] Pooler - [x] HorizontalPodAutoscaler - [x] Ingress - [x] NetworkPolicy - [x] PodMonitor - [x] PrometheusRule - [x] Route - [x] ServiceMonitor **⚙️ Type of change** - [x] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [x] 📄 I have made corresponding changes to the documentation - [x] ⚠️ My changes generate no new warnings - [x] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --- .github/workflows/common_library_tests.yaml | 7 +- library/common-test/Chart.yaml | 2 +- library/common-test/ci/ingress-values.yaml | 1 + library/common-test/ci/portal-values.yaml | 6 +- library/common-test/ci/route-values.yaml | 1 + .../tests/addons/autoperms_test.yaml | 6 +- .../tests/configmap/metadata_test.yaml | 59 ++++- .../tests/configmap/validation_test.yaml | 27 +++ .../tests/container/envFixed_test .yaml | 1 + .../tests/container/resources_test.yaml | 5 + .../tests/cronjob/metadata_test.yaml | 81 +++++++ .../tests/cronjob/validation_test.yaml | 31 +++ .../tests/daemonset/metadata_test.yaml | 77 +++++++ .../tests/daemonset/validation_test.yaml | 29 +++ .../tests/deployment/metadata_test.yaml | 77 +++++++ .../tests/deployment/validation_test.yaml | 29 +++ .../externalInterface/metadata_test.yaml | 62 ++++++ .../tests/externalInterface/name_test.yaml | 8 + .../externalInterface/validation_test.yaml | 36 ++- .../tests/imagePullSecret/metadata_test.yaml | 85 +++++++ .../imagePullSecret/validation_test.yaml | 33 +++ .../tests/initContainer/data_test.yaml | 1 + .../initContainer/data_upgrade_test.yaml | 1 + .../common-test/tests/job/metadata_test.yaml | 77 +++++++ .../tests/job/validation_test.yaml | 29 +++ .../tests/persistence/metadata_test.yaml | 70 ++++++ .../tests/persistence/pvc_data_test.yaml | 2 + .../tests/persistence/validation_test.yaml | 27 +++ .../tests/pod/runtime_class_name_test.yaml | 4 + .../common-test/tests/rbac/metadata_test.yaml | 138 ++++++++++++ .../tests/rbac/validation_test.yaml | 48 ++++ .../tests/secret/metadata_test.yaml | 59 ++++- .../tests/secret/validation_test.yaml | 27 +++ .../tests/service/external_ip_test.yaml | 207 ++++++++++++++++++ .../tests/service/metadata_test.yaml | 97 ++++++++ .../tests/service/validation_test.yaml | 35 +++ .../tests/serviceAccount/metadata_test.yaml | 82 +++++++ .../tests/serviceAccount/validation_test.yaml | 25 +++ .../tests/statefulset/metadata_test.yaml | 77 +++++++ .../tests/statefulset/validation_test.yaml | 29 +++ .../volumeClaimTemplate/validation_test.yaml | 2 + .../volumeClaimTemplate/vct_data_test.yaml | 4 +- library/common/Chart.yaml | 2 +- .../common/templates/class/_certificate.tpl | 1 + .../common/templates/class/_cnpgCluster.tpl | 1 + .../common/templates/class/_cnpgPooler.tpl | 1 + library/common/templates/class/_configmap.tpl | 4 +- library/common/templates/class/_cronjob.tpl | 1 + library/common/templates/class/_daemonset.tpl | 1 + .../common/templates/class/_deployment.tpl | 1 + library/common/templates/class/_endpoint.tpl | 1 + .../common/templates/class/_endpointSlice.tpl | 1 + .../class/_horizontalPodAutoscaler.tpl | 1 + library/common/templates/class/_ingress.tpl | 3 +- library/common/templates/class/_job.tpl | 1 + .../class/_networkAttachmentDefinition.tpl | 1 + .../common/templates/class/_networkPolicy.tpl | 1 + .../common/templates/class/_podMonitor.tpl | 1 + .../templates/class/_prometheusRule.tpl | 1 + library/common/templates/class/_pvc.tpl | 1 + library/common/templates/class/_rbac.tpl | 2 +- library/common/templates/class/_route.tpl | 11 +- library/common/templates/class/_secret.tpl | 4 +- library/common/templates/class/_service.tpl | 1 + .../templates/class/_serviceAccount.tpl | 1 + .../templates/class/_serviceMonitor.tpl | 1 + .../common/templates/class/_statefulset.tpl | 1 + library/common/templates/lib/chart/_names.tpl | 2 +- .../templates/lib/metadata/_namespace.tpl | 35 +++ .../common/templates/lib/util/_autoperms.tpl | 2 +- .../templates/lib/util/_chartcontext.tpl | 10 +- library/common/templates/spawner/_portal.tpl | 2 +- library/common/values.yaml | 5 + 73 files changed, 1766 insertions(+), 39 deletions(-) create mode 100644 library/common/templates/lib/metadata/_namespace.tpl diff --git a/.github/workflows/common_library_tests.yaml b/.github/workflows/common_library_tests.yaml index 988a32fd..00822d05 100644 --- a/.github/workflows/common_library_tests.yaml +++ b/.github/workflows/common_library_tests.yaml @@ -198,14 +198,14 @@ jobs: wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz chmod +x kail - + # Install some manifests to enable us to allow for testing cnpg, metrics and such - name: Install manifests run: | kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest" kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.20/releases/cnpg-1.20.0.yaml --server-side --force-conflicts || echo "error fetching cnpg manifest" kubectl apply -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest" - + - name: Run chart-testing (install) run: | @@ -280,6 +280,9 @@ jobs: cd library/common-test helm dependency update cd - + - name: Add namespace + run: | + echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }} - name: Run Security Scan uses: datreeio/action-datree@main diff --git a/library/common-test/Chart.yaml b/library/common-test/Chart.yaml index bcaf2a54..3c22ff5a 100644 --- a/library/common-test/Chart.yaml +++ b/library/common-test/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "" dependencies: - name: common repository: file://../common - version: ~12.14.0 + version: ~12.15.0 deprecated: false description: Helper chart to test different use cases of the common library home: https://github.com/truecharts/apps/tree/master/charts/library/common-test diff --git a/library/common-test/ci/ingress-values.yaml b/library/common-test/ci/ingress-values.yaml index 8072645f..ac6f17ef 100644 --- a/library/common-test/ci/ingress-values.yaml +++ b/library/common-test/ci/ingress-values.yaml @@ -1,5 +1,6 @@ global: ixChartContext: + ci: true something: something workload: diff --git a/library/common-test/ci/portal-values.yaml b/library/common-test/ci/portal-values.yaml index dfbbd113..8c9fd6a3 100644 --- a/library/common-test/ci/portal-values.yaml +++ b/library/common-test/ci/portal-values.yaml @@ -1,5 +1,7 @@ -ixChartContext: - something: something +global: + ixChartContext: + ci: true + something: something workload: main: diff --git a/library/common-test/ci/route-values.yaml b/library/common-test/ci/route-values.yaml index 18040596..5bdbaf7d 100644 --- a/library/common-test/ci/route-values.yaml +++ b/library/common-test/ci/route-values.yaml @@ -1,5 +1,6 @@ global: ixChartContext: + ci: true something: something workload: diff --git a/library/common-test/tests/addons/autoperms_test.yaml b/library/common-test/tests/addons/autoperms_test.yaml index 501a0939..6ca31848 100644 --- a/library/common-test/tests/addons/autoperms_test.yaml +++ b/library/common-test/tests/addons/autoperms_test.yaml @@ -327,8 +327,10 @@ tests: primary: true type: Deployment podSpec: {} - ixChartContext: - some: context + global: + namespace: ix-namespace + ixChartContext: + some: context ixVolumes: - hostPath: /mnt/pool/ix-applications/test persistence: diff --git a/library/common-test/tests/configmap/metadata_test.yaml b/library/common-test/tests/configmap/metadata_test.yaml index d3687250..0ba8fc1d 100644 --- a/library/common-test/tests/configmap/metadata_test.yaml +++ b/library/common-test/tests/configmap/metadata_test.yaml @@ -60,8 +60,9 @@ tests: label1: label1 label2: label2 - documentIndex: *configMapDoc - isNull: + equal: path: metadata.namespace + value: test-release-namespace - it: should pass with configmap created with namespace set: @@ -77,13 +78,13 @@ tests: path: metadata.namespace value: some-namespace - - it: should pass with configmap created with namespace from tpl + - it: should pass with configmap created with object namespace from tpl set: - namespace: some-namespace + key: some-namespace configmap: my-configmap1: enabled: true - namespace: "{{ .Values.namespace }}" + namespace: "{{ .Values.key }}" data: foo: bar asserts: @@ -91,3 +92,53 @@ tests: equal: path: metadata.namespace value: some-namespace + + - it: should pass with configmap created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with configmap created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with configmap created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + configmap: + my-configmap1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *configMapDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/configmap/validation_test.yaml b/library/common-test/tests/configmap/validation_test.yaml index 8091d13d..07190ff9 100644 --- a/library/common-test/tests/configmap/validation_test.yaml +++ b/library/common-test/tests/configmap/validation_test.yaml @@ -27,6 +27,33 @@ tests: - failedTemplate: errorMessage: Name [test-release-name-common-test-_my-configmap] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + - it: should fail with namespace longer than 63 characters + set: + configmap: + my-configmap: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Configmap - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + configmap: + my-configmap: + enabled: true + namespace: my-namespace + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Configmap - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE + - it: should fail with labels not a dict set: configmap: diff --git a/library/common-test/tests/container/envFixed_test .yaml b/library/common-test/tests/container/envFixed_test .yaml index 9fe64e7c..4456608c 100644 --- a/library/common-test/tests/container/envFixed_test .yaml +++ b/library/common-test/tests/container/envFixed_test .yaml @@ -373,6 +373,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/container/resources_test.yaml b/library/common-test/tests/container/resources_test.yaml index 6d4a6c63..5c5a5b25 100644 --- a/library/common-test/tests/container/resources_test.yaml +++ b/library/common-test/tests/container/resources_test.yaml @@ -351,6 +351,7 @@ tests: - gpu: nvidia.com/gpu: 1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -441,6 +442,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -537,6 +539,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -635,6 +638,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia @@ -703,6 +707,7 @@ tests: set: image: *image global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: nvidia diff --git a/library/common-test/tests/cronjob/metadata_test.yaml b/library/common-test/tests/cronjob/metadata_test.yaml index d948c40e..fe64ed70 100644 --- a/library/common-test/tests/cronjob/metadata_test.yaml +++ b/library/common-test/tests/cronjob/metadata_test.yaml @@ -88,3 +88,84 @@ tests: matchRegex: path: spec.jobTemplate.spec.template.metadata.annotations.rollme pattern: '^[0-9a-zA-Z]{5}$' + - documentIndex: *cronJobDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with CronJob created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + namespace: "{{ .Values.key }}" + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with CronJob created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with CronJob created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with CronJob created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "*/1 * * * *" + podSpec: {} + asserts: + - documentIndex: *cronJobDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/cronjob/validation_test.yaml b/library/common-test/tests/cronjob/validation_test.yaml index 18f90c1b..3ee46a2b 100644 --- a/library/common-test/tests/cronjob/validation_test.yaml +++ b/library/common-test/tests/cronjob/validation_test.yaml @@ -44,3 +44,34 @@ tests: asserts: - failedTemplate: errorMessage: Job - Expected to be one of [Indexed, NonIndexed], but got [not-a-mode] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "* * * * *" + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: CronJob - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: CronJob + schedule: "* * * * *" + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: CronJob - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/daemonset/metadata_test.yaml b/library/common-test/tests/daemonset/metadata_test.yaml index e9d9bc41..5603fc35 100644 --- a/library/common-test/tests/daemonset/metadata_test.yaml +++ b/library/common-test/tests/daemonset/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *daemonSetDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherDaemonSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherDaemonSetDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with DaemonSet created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with DaemonSet created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with DaemonSet created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with DaemonSet created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + podSpec: {} + asserts: + - documentIndex: *daemonSetDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/daemonset/validation_test.yaml b/library/common-test/tests/daemonset/validation_test.yaml index 92423916..0bd38225 100644 --- a/library/common-test/tests/daemonset/validation_test.yaml +++ b/library/common-test/tests/daemonset/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: DaemonSet - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: DaemonSet - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: DaemonSet + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: DaemonSet - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/deployment/metadata_test.yaml b/library/common-test/tests/deployment/metadata_test.yaml index 82ebf65c..a099fcde 100644 --- a/library/common-test/tests/deployment/metadata_test.yaml +++ b/library/common-test/tests/deployment/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *deploymentDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherDeploymentDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherDeploymentDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with deployment created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with deployment created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with deployment created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with deployment created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: {} + asserts: + - documentIndex: *deploymentDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/deployment/validation_test.yaml b/library/common-test/tests/deployment/validation_test.yaml index af04179f..cbf00453 100644 --- a/library/common-test/tests/deployment/validation_test.yaml +++ b/library/common-test/tests/deployment/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: Deployment - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Deployment - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: Deployment + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Deployment - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/externalInterface/metadata_test.yaml b/library/common-test/tests/externalInterface/metadata_test.yaml index 1f318baa..379e2df7 100644 --- a/library/common-test/tests/externalInterface/metadata_test.yaml +++ b/library/common-test/tests/externalInterface/metadata_test.yaml @@ -237,3 +237,65 @@ tests: path: spec.jobTemplate.spec.template.metadata.annotations content: k8s.v1.cni.cncf.io/networks: ix-test-release-name-0 + + - it: should pass with networkattachmentdefinition created with namespace from global with tpl + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + key: global-namespace + global: + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: &networkDoc 0 + isKind: + of: NetworkAttachmentDefinition + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with networkattachmentdefinition created with namespace from root with tpl + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + asserts: + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with networkattachmentdefinition created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + namespace: ix-namespace + asserts: + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/externalInterface/name_test.yaml b/library/common-test/tests/externalInterface/name_test.yaml index 72328eac..abc6a22d 100644 --- a/library/common-test/tests/externalInterface/name_test.yaml +++ b/library/common-test/tests/externalInterface/name_test.yaml @@ -32,6 +32,10 @@ tests: equal: path: metadata.name value: ix-test-release-name-0 + - documentIndex: *networkDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &otherNetworkDoc 1 isKind: of: NetworkAttachmentDefinition @@ -42,3 +46,7 @@ tests: equal: path: metadata.name value: ix-test-release-name-1 + - documentIndex: *otherNetworkDoc + equal: + path: metadata.namespace + value: test-release-namespace diff --git a/library/common-test/tests/externalInterface/validation_test.yaml b/library/common-test/tests/externalInterface/validation_test.yaml index c9a83cee..f4784eea 100644 --- a/library/common-test/tests/externalInterface/validation_test.yaml +++ b/library/common-test/tests/externalInterface/validation_test.yaml @@ -121,7 +121,7 @@ tests: # Simulate middleware injection ixExternalInterfacesConfiguration: - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' - ixExternalInterfaceConfigurationNames: [] + ixExternalInterfacesConfigurationNames: [] scaleExternalInterface: - hostInterface: enp0s3 ipam: @@ -136,3 +136,37 @@ tests: asserts: - failedTemplate: errorMessage: External Interface - Expected non empty + + - it: should fail with namespace longer than 63 characters + set: + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + global: + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Network Attachment Definition - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + namespace: my-namespace + ixChartContext: + iAmNotEmpty: true + # Simulate middleware injection + ixExternalInterfacesConfiguration: + - '{"cniVersion": "0.3.1", "name": "ix-test-release-name-0", "type": "macvlan", "master": "ens3s0", "ipam": {"type": "dhcp"}}' + ixExternalInterfacesConfigurationNames: [] + scaleExternalInterface: + - hostInterface: enp0s3 + ipam: + type: dhcp + asserts: + - failedTemplate: + errorMessage: Network Attachment Definition - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/imagePullSecret/metadata_test.yaml b/library/common-test/tests/imagePullSecret/metadata_test.yaml index d6a66b08..2ec4a2d4 100644 --- a/library/common-test/tests/imagePullSecret/metadata_test.yaml +++ b/library/common-test/tests/imagePullSecret/metadata_test.yaml @@ -62,3 +62,88 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *secretDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-secret1 + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with secret created with object namespace from tpl + set: + key: some-namespace + imagePullSecret: + my-secret1: + enabled: true + namespace: "{{ .Values.key }}" + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with secret created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with secret created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with secret created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + imagePullSecret: + my-secret1: + enabled: true + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/imagePullSecret/validation_test.yaml b/library/common-test/tests/imagePullSecret/validation_test.yaml index f435bae6..4e963dcb 100644 --- a/library/common-test/tests/imagePullSecret/validation_test.yaml +++ b/library/common-test/tests/imagePullSecret/validation_test.yaml @@ -130,3 +130,36 @@ tests: asserts: - failedTemplate: errorMessage: Image Pull Secret - Expected non-empty + + - it: should fail with namespace longer than 63 characters + set: + imagePullSecret: + my-secret1: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + imagePullSecret: + my-secret1: + enabled: true + namespace: my-namespace + data: + registry: reg + username: user + password: pass + email: mail + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/initContainer/data_test.yaml b/library/common-test/tests/initContainer/data_test.yaml index 7af9f49c..c8b489fe 100644 --- a/library/common-test/tests/initContainer/data_test.yaml +++ b/library/common-test/tests/initContainer/data_test.yaml @@ -237,6 +237,7 @@ tests: image: *image initImage: *initImage global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/initContainer/data_upgrade_test.yaml b/library/common-test/tests/initContainer/data_upgrade_test.yaml index b7a331f7..aafffc79 100644 --- a/library/common-test/tests/initContainer/data_upgrade_test.yaml +++ b/library/common-test/tests/initContainer/data_upgrade_test.yaml @@ -238,6 +238,7 @@ tests: image: *image initImage: *initImage global: + namespace: ix-namespace ixChartContext: some: value workload: diff --git a/library/common-test/tests/job/metadata_test.yaml b/library/common-test/tests/job/metadata_test.yaml index 5a815cc5..0afe7de7 100644 --- a/library/common-test/tests/job/metadata_test.yaml +++ b/library/common-test/tests/job/metadata_test.yaml @@ -87,3 +87,80 @@ tests: matchRegex: path: spec.template.metadata.annotations.rollme pattern: '^[0-9a-zA-Z]{5}$' + - documentIndex: *jobDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with Job created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with Job created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with Job created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with Job created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: Job + podSpec: {} + asserts: + - documentIndex: *jobDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/job/validation_test.yaml b/library/common-test/tests/job/validation_test.yaml index 0804806c..f1a288a6 100644 --- a/library/common-test/tests/job/validation_test.yaml +++ b/library/common-test/tests/job/validation_test.yaml @@ -46,3 +46,32 @@ tests: asserts: - failedTemplate: errorMessage: Job - Expected to be set when is set to [Indexed] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Job - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: Job + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: Job - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/persistence/metadata_test.yaml b/library/common-test/tests/persistence/metadata_test.yaml index 0093e11e..02d21dea 100644 --- a/library/common-test/tests/persistence/metadata_test.yaml +++ b/library/common-test/tests/persistence/metadata_test.yaml @@ -61,6 +61,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *pvcDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-volume1 + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: test-release-namespace - it: should pass with pvc created with retain set to true set: @@ -90,3 +98,65 @@ tests: app.kubernetes.io/instance: test-release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: *appVer + + - it: should pass with pvc created with object namespace from tpl + set: + key: some-namespace + persistence: + my-volume1: + enabled: true + type: pvc + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with pvc created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with pvc created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with pvc created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + storageClassName: SCALE-ZFS + namespace: ix-namespace + persistence: + my-volume1: + enabled: true + type: pvc + asserts: + - documentIndex: *pvcDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/persistence/pvc_data_test.yaml b/library/common-test/tests/persistence/pvc_data_test.yaml index e2531965..90afd330 100644 --- a/library/common-test/tests/persistence/pvc_data_test.yaml +++ b/library/common-test/tests/persistence/pvc_data_test.yaml @@ -177,6 +177,7 @@ tests: - it: should create pvc with storageClass set "SCALE-ZFS" and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" @@ -197,6 +198,7 @@ tests: - it: should create pvc with storageClass not set and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" diff --git a/library/common-test/tests/persistence/validation_test.yaml b/library/common-test/tests/persistence/validation_test.yaml index e08d5c60..8563dca4 100644 --- a/library/common-test/tests/persistence/validation_test.yaml +++ b/library/common-test/tests/persistence/validation_test.yaml @@ -59,6 +59,7 @@ tests: - it: should fail without storageClassName in ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" persistence: @@ -72,6 +73,7 @@ tests: - it: should fail without storageClassName in ixChartContext with SCALE-ZFS explicitly set set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" persistence: @@ -130,3 +132,28 @@ tests: asserts: - failedTemplate: errorMessage: Persistence - Expected secret [my-non-existent-secret] defined in to exist + + - it: should fail with namespace longer than 63 characters + set: + persistence: + volume1: + enabled: true + type: pvc + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Persistent Volume Claim - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + persistence: + volume1: + enabled: true + type: pvc + namespace: my-namespace + asserts: + - failedTemplate: + errorMessage: Persistent Volume Claim - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/pod/runtime_class_name_test.yaml b/library/common-test/tests/pod/runtime_class_name_test.yaml index 414f249f..58e79b8a 100644 --- a/library/common-test/tests/pod/runtime_class_name_test.yaml +++ b/library/common-test/tests/pod/runtime_class_name_test.yaml @@ -85,6 +85,7 @@ tests: workload-name3: - container-name1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -135,6 +136,7 @@ tests: - gpu: key: 0 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -155,6 +157,7 @@ tests: - gpu: key: value global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime @@ -194,6 +197,7 @@ tests: workload-name1: - container-name1 global: + namespace: ix-namespace ixChartContext: addNvidiaRuntimeClass: true nvidiaRuntimeClassName: ix-runtime diff --git a/library/common-test/tests/rbac/metadata_test.yaml b/library/common-test/tests/rbac/metadata_test.yaml index c5f84219..60ad81ff 100644 --- a/library/common-test/tests/rbac/metadata_test.yaml +++ b/library/common-test/tests/rbac/metadata_test.yaml @@ -91,6 +91,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *roleDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &roleBindingDoc 2 isKind: of: RoleBinding @@ -118,6 +126,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *roleBindingDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &clusterRoleDoc 3 isKind: of: ClusterRole @@ -172,3 +188,125 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + + - it: should pass with role/rolebinding created with object namespace from tpl + set: + key: some-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + rbac: + my-rbac1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: &roleDoc 1 + equal: + path: metadata.namespace + value: some-namespace + - documentIndex: &roleBindingDoc 1 + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with role/rolebinding created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: global-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with role/rolebinding created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: local-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with role/rolebinding created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + rbac: + my-rbac1: + enabled: true + primary: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - documentIndex: *roleDoc + equal: + path: metadata.namespace + value: ix-namespace + - documentIndex: *roleBindingDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/rbac/validation_test.yaml b/library/common-test/tests/rbac/validation_test.yaml index b6e9f4f4..94984963 100644 --- a/library/common-test/tests/rbac/validation_test.yaml +++ b/library/common-test/tests/rbac/validation_test.yaml @@ -251,3 +251,51 @@ tests: asserts: - failedTemplate: errorMessage: RBAC - Expected non-empty + + - it: should fail with namespace longer than 63 characters + set: + serviceAccount: + my-sa: + enabled: true + primary: true + rbac: + my-rbac: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - failedTemplate: + errorMessage: RBAC - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: ix-namespace + rbac: + my-rbac: + enabled: true + primary: true + namespace: my-namespace + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + asserts: + - failedTemplate: + errorMessage: RBAC - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/secret/metadata_test.yaml b/library/common-test/tests/secret/metadata_test.yaml index ba785cd0..835fab27 100644 --- a/library/common-test/tests/secret/metadata_test.yaml +++ b/library/common-test/tests/secret/metadata_test.yaml @@ -60,8 +60,9 @@ tests: label1: label1 label2: label2 - documentIndex: *secretDoc - isNull: + equal: path: metadata.namespace + value: test-release-namespace - it: should pass with secret created with namespace set: @@ -77,13 +78,13 @@ tests: path: metadata.namespace value: some-namespace - - it: should pass with secret created with namespace from tpl + - it: should pass with secret created with object namespace from tpl set: - namespace: some-namespace + key: some-namespace secret: my-secret1: enabled: true - namespace: "{{ .Values.namespace }}" + namespace: "{{ .Values.key }}" data: foo: bar asserts: @@ -91,3 +92,53 @@ tests: equal: path: metadata.namespace value: some-namespace + + - it: should pass with secret created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with secret created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with secret created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + secret: + my-secret1: + enabled: true + data: + foo: bar + asserts: + - documentIndex: *secretDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/secret/validation_test.yaml b/library/common-test/tests/secret/validation_test.yaml index 29335c81..1e4b3122 100644 --- a/library/common-test/tests/secret/validation_test.yaml +++ b/library/common-test/tests/secret/validation_test.yaml @@ -51,6 +51,33 @@ tests: - failedTemplate: errorMessage: Secret - Expected to be a dictionary, but got [string] + - it: should fail with namespace longer than 63 characters + set: + secret: + my-secret: + enabled: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + secret: + my-secret: + enabled: true + namespace: my-namespace + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Secret - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE + - it: should fail with data not a dict set: secret: diff --git a/library/common-test/tests/service/external_ip_test.yaml b/library/common-test/tests/service/external_ip_test.yaml index 3e14e354..4a4015bf 100644 --- a/library/common-test/tests/service/external_ip_test.yaml +++ b/library/common-test/tests/service/external_ip_test.yaml @@ -114,6 +114,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *endpointSliceDoc equal: path: metadata.labels @@ -235,6 +239,14 @@ tests: - documentIndex: *endpointDoc isAPIVersion: of: v1 + - documentIndex: *endpointDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *endpointDoc equal: path: subsets @@ -325,3 +337,198 @@ tests: port: 12346 protocol: TCP appProtocol: http + + - it: should use object namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: some-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should use global namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should use root namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should have ix namespace from tpl with type ExternalIP and https and useSlice explicitly set to true + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: true + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointSliceDoc + equal: + path: metadata.namespace + value: ix-namespace + + - it: should use object namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: some-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should use global namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should use root namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should have ix namespace from tpl with type ExternalIP and https and useSlice explicitly set to false + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service: + enabled: true + primary: true + type: ExternalIP + useSlice: false + externalIP: 1.1.1.1 + ports: + port-name: + enabled: true + primary: true + port: 443 + protocol: https + asserts: + - documentIndex: *endpointDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/service/metadata_test.yaml b/library/common-test/tests/service/metadata_test.yaml index 1f6e1014..b3af6915 100644 --- a/library/common-test/tests/service/metadata_test.yaml +++ b/library/common-test/tests/service/metadata_test.yaml @@ -78,6 +78,14 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *serviceDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: &otherServiceDoc 2 isKind: of: Service @@ -96,6 +104,14 @@ tests: helm-revision: "0" helm.sh/chart: common-test-1.0.0 release: test-release-name + - documentIndex: *otherServiceDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-service2 + - documentIndex: *otherServiceDoc + equal: + path: metadata.namespace + value: test-release-namespace - it: should pass with service type LoadBalancer, with https port and addMetalLBAnnotations/Traefik true set: @@ -193,3 +209,84 @@ tests: pod.name: my-workload app.kubernetes.io/name: common-test app.kubernetes.io/instance: test-release-name + + - it: should pass with service created with object namespace from tpl + set: + key: some-namespace + service: + my-service1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: &serviceDoc 0 + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with service created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with service created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with service created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + service: + my-service1: + enabled: true + primary: true + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - documentIndex: *serviceDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/service/validation_test.yaml b/library/common-test/tests/service/validation_test.yaml index 167a0dab..fbd5e7ed 100644 --- a/library/common-test/tests/service/validation_test.yaml +++ b/library/common-test/tests/service/validation_test.yaml @@ -497,3 +497,38 @@ tests: asserts: - failedTemplate: errorMessage: Service - Expected the defined key [expandObjectName] in to not be empty + + - it: should fail with namespace longer than 63 characters + set: + service: + my-service1: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - failedTemplate: + errorMessage: Service - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + service: + my-service1: + enabled: true + primary: true + namespace: my-namespace + ports: + port-name: + enabled: true + primary: true + port: 12345 + asserts: + - failedTemplate: + errorMessage: Service - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/serviceAccount/metadata_test.yaml b/library/common-test/tests/serviceAccount/metadata_test.yaml index 7829ed1c..2976ceee 100644 --- a/library/common-test/tests/serviceAccount/metadata_test.yaml +++ b/library/common-test/tests/serviceAccount/metadata_test.yaml @@ -58,3 +58,85 @@ tests: g_label2: global_label2 label1: label1 label2: label2 + - documentIndex: *serviceAccountDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with sa created with namespace + set: + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: some-namespace + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with sa created with object namespace from tpl + set: + key: some-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + namespace: "{{ .Values.key }}" + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with sa created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with sa created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with sa created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + serviceAccount: + my-sa1: + enabled: true + primary: true + asserts: + - documentIndex: *serviceAccountDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/serviceAccount/validation_test.yaml b/library/common-test/tests/serviceAccount/validation_test.yaml index 86c4d328..1c064444 100644 --- a/library/common-test/tests/serviceAccount/validation_test.yaml +++ b/library/common-test/tests/serviceAccount/validation_test.yaml @@ -78,3 +78,28 @@ tests: asserts: - failedTemplate: errorMessage: Service Account - At least one enabled service account must be primary + + - it: should fail with namespace longer than 63 characters + set: + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + asserts: + - failedTemplate: + errorMessage: Service Account - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + serviceAccount: + my-sa: + enabled: true + primary: true + namespace: my-namespace + asserts: + - failedTemplate: + errorMessage: Service Account - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/statefulset/metadata_test.yaml b/library/common-test/tests/statefulset/metadata_test.yaml index 4457e045..71ebd623 100644 --- a/library/common-test/tests/statefulset/metadata_test.yaml +++ b/library/common-test/tests/statefulset/metadata_test.yaml @@ -116,6 +116,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test-other-workload-name + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *statefulSetDoc equal: path: spec.selector.matchLabels @@ -137,6 +141,10 @@ tests: equal: path: metadata.name value: test-release-name-common-test + - documentIndex: *otherStatefulSetDoc + equal: + path: metadata.namespace + value: test-release-namespace - documentIndex: *otherStatefulSetDoc equal: path: spec.selector.matchLabels @@ -151,3 +159,72 @@ tests: pod.name: workload-name app.kubernetes.io/instance: test-release-name app.kubernetes.io/name: common-test + + - it: should pass with statefulset created with object namespace from tpl + set: + key: some-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: "{{ .Values.key }}" + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with deployment created with global namespace from tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with deployment created with root namespace from tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: local-namespace + + - it: should pass with deployment created with namespace in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + namespace: ix-namespace + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + podSpec: {} + asserts: + - documentIndex: *statefulSetDoc + equal: + path: metadata.namespace + value: ix-namespace diff --git a/library/common-test/tests/statefulset/validation_test.yaml b/library/common-test/tests/statefulset/validation_test.yaml index 00609892..2e46f391 100644 --- a/library/common-test/tests/statefulset/validation_test.yaml +++ b/library/common-test/tests/statefulset/validation_test.yaml @@ -31,3 +31,32 @@ tests: asserts: - failedTemplate: errorMessage: StatefulSet - Expected to be a dictionary, but got [string] + + - it: should fail with namespace longer than 63 characters + set: + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + podSpec: {} + asserts: + - failedTemplate: + errorMessage: StatefulSet - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with namespace not starting with [ix-] in TrueNAS SCALE + set: + global: + ixChartContext: + iAmNotEmpty: true + workload: + workload-name: + enabled: true + primary: true + type: StatefulSet + namespace: my-namespace + podSpec: {} + asserts: + - failedTemplate: + errorMessage: StatefulSet - Namespace [my-namespace] expected to have [ix-] prefix when installed in TrueNAS SCALE diff --git a/library/common-test/tests/volumeClaimTemplate/validation_test.yaml b/library/common-test/tests/volumeClaimTemplate/validation_test.yaml index cc47f925..a837c53f 100644 --- a/library/common-test/tests/volumeClaimTemplate/validation_test.yaml +++ b/library/common-test/tests/volumeClaimTemplate/validation_test.yaml @@ -56,6 +56,7 @@ tests: - it: should fail without storageClassName in ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" volumeClaimTemplates: @@ -74,6 +75,7 @@ tests: - it: should fail without storageClassName in ixChartContext with SCALE-ZFS explicitly set set: global: + namespace: ix-namespace ixChartContext: storageClassName: "" volumeClaimTemplates: diff --git a/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml b/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml index 2ccf6f5b..89cf37d4 100644 --- a/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml +++ b/library/common-test/tests/volumeClaimTemplate/vct_data_test.yaml @@ -1,4 +1,4 @@ -suite: volumeClaimTemplates data name test +suite: volumeClaimTemplates data test templates: - common.yaml release: @@ -186,6 +186,7 @@ tests: - it: should create vct with storageClass set "SCALE-ZFS" and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" @@ -212,6 +213,7 @@ tests: - it: should create pvc with storageClass not set and within ixChartContext set: global: + namespace: ix-namespace ixChartContext: storageClassName: ix-storage-class-releasename some_storage_class: "SCALE-ZFS" diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index 6741d24e..5b3e3aee 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 12.14.8 +version: 12.15.0 diff --git a/library/common/templates/class/_certificate.tpl b/library/common/templates/class/_certificate.tpl index b1675c2b..e2ec1c59 100644 --- a/library/common/templates/class/_certificate.tpl +++ b/library/common/templates/class/_certificate.tpl @@ -12,6 +12,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVe kind: Certificate metadata: name: {{ $name }} + namespace: {{ $root.Values.namespace | default $root.Values.global.namespace | default $root.Release.Namespace }} spec: secretName: {{ $name }} dnsNames: diff --git a/library/common/templates/class/_cnpgCluster.tpl b/library/common/templates/class/_cnpgCluster.tpl index 11cdc811..fc42e584 100644 --- a/library/common/templates/class/_cnpgCluster.tpl +++ b/library/common/templates/class/_cnpgCluster.tpl @@ -18,6 +18,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cnpg.cluster.apiVersion" $ }} kind: Cluster metadata: name: {{ $cnpgClusterName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($cnpgClusterLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) }} labels: cnpg.io/reload: "on" diff --git a/library/common/templates/class/_cnpgPooler.tpl b/library/common/templates/class/_cnpgPooler.tpl index 6b459a75..6a2dee2d 100644 --- a/library/common/templates/class/_cnpgPooler.tpl +++ b/library/common/templates/class/_cnpgPooler.tpl @@ -20,6 +20,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }} kind: Pooler metadata: name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} spec: cluster: name: {{ $cnpgClusterName }} diff --git a/library/common/templates/class/_configmap.tpl b/library/common/templates/class/_configmap.tpl index cd96ff8a..0d40e1d8 100644 --- a/library/common/templates/class/_configmap.tpl +++ b/library/common/templates/class/_configmap.tpl @@ -20,6 +20,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Configmap") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: @@ -29,9 +30,6 @@ metadata: {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} annotations: {{- . | nindent 4 }} - {{- end -}} - {{- with $objectData.namespace }} - namespace: {{ tpl . $rootCtx }} {{- end }} data: {{- tpl (toYaml $objectData.data) $rootCtx | nindent 2 }} diff --git a/library/common/templates/class/_cronjob.tpl b/library/common/templates/class/_cronjob.tpl index f0a5197a..3efcc584 100644 --- a/library/common/templates/class/_cronjob.tpl +++ b/library/common/templates/class/_cronjob.tpl @@ -16,6 +16,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "CronJob") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_daemonset.tpl b/library/common/templates/class/_daemonset.tpl index 645cdd54..4bfd2af6 100644 --- a/library/common/templates/class/_daemonset.tpl +++ b/library/common/templates/class/_daemonset.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "DaemonSet") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_deployment.tpl b/library/common/templates/class/_deployment.tpl index 73163218..3238a5c1 100644 --- a/library/common/templates/class/_deployment.tpl +++ b/library/common/templates/class/_deployment.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Deployment") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_endpoint.tpl b/library/common/templates/class/_endpoint.tpl index f0f0fc9a..29862e9f 100644 --- a/library/common/templates/class/_endpoint.tpl +++ b/library/common/templates/class/_endpoint.tpl @@ -14,6 +14,7 @@ apiVersion: v1 kind: Endpoints metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_endpointSlice.tpl b/library/common/templates/class/_endpointSlice.tpl index 9d7429c2..0a29dce7 100644 --- a/library/common/templates/class/_endpointSlice.tpl +++ b/library/common/templates/class/_endpointSlice.tpl @@ -21,6 +21,7 @@ apiVersion: discovery.k8s.io/v1 kind: EndpointSlice metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Endpoint Slice") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- $_ := set $labels "kubernetes.io/service-name" $objectData.name -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_horizontalPodAutoscaler.tpl b/library/common/templates/class/_horizontalPodAutoscaler.tpl index 208e7400..92abf3ff 100644 --- a/library/common/templates/class/_horizontalPodAutoscaler.tpl +++ b/library/common/templates/class/_horizontalPodAutoscaler.tpl @@ -24,6 +24,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.hpa.apiVersion" $ }} kind: HorizontalPodAutoscaler metadata: name: {{ $hpaName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($hpaLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_ingress.tpl b/library/common/templates/class/_ingress.tpl index 9e84b064..502111b1 100644 --- a/library/common/templates/class/_ingress.tpl +++ b/library/common/templates/class/_ingress.tpl @@ -36,7 +36,7 @@ within the common library. {{- end -}} {{- if $values.ingressClassName -}} - + {{- if $.Values.global.ixChartContext -}} {{- $mddwrNamespace = (printf "ix-%s" $values.ingressClassName) -}} {{- else -}} @@ -74,6 +74,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.ingress.apiVersion" $ }} kind: Ingress metadata: name: {{ $ingressName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($ingressLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_job.tpl b/library/common/templates/class/_job.tpl index c94f193d..e6630cf3 100644 --- a/library/common/templates/class/_job.tpl +++ b/library/common/templates/class/_job.tpl @@ -16,6 +16,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Job") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_networkAttachmentDefinition.tpl b/library/common/templates/class/_networkAttachmentDefinition.tpl index 97de0fa2..1c0364d9 100644 --- a/library/common/templates/class/_networkAttachmentDefinition.tpl +++ b/library/common/templates/class/_networkAttachmentDefinition.tpl @@ -19,6 +19,7 @@ apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Network Attachment Definition") }} {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) | default dict -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_networkPolicy.tpl b/library/common/templates/class/_networkPolicy.tpl index a8f7c25d..735ea2be 100644 --- a/library/common/templates/class/_networkPolicy.tpl +++ b/library/common/templates/class/_networkPolicy.tpl @@ -22,6 +22,7 @@ kind: NetworkPolicy apiVersion: {{ include "tc.v1.common.capabilities.networkpolicy.apiVersion" $ }} metadata: name: {{ $networkPolicyName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($networkpolicyLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_podMonitor.tpl b/library/common/templates/class/_podMonitor.tpl index 8eaa73f1..907bb3b2 100644 --- a/library/common/templates/class/_podMonitor.tpl +++ b/library/common/templates/class/_podMonitor.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.podmonitor.apiVersion" $ }} kind: PodMonitor metadata: name: {{ $podmonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($podmonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_prometheusRule.tpl b/library/common/templates/class/_prometheusRule.tpl index e1036315..34b0b47a 100644 --- a/library/common/templates/class/_prometheusRule.tpl +++ b/library/common/templates/class/_prometheusRule.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.prometheusrule.apiVersion" $ } kind: PrometheusRule metadata: name: {{ $prometheusruleName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($prometheusruleLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_pvc.tpl b/library/common/templates/class/_pvc.tpl index 34e2929b..b1451018 100644 --- a/library/common/templates/class/_pvc.tpl +++ b/library/common/templates/class/_pvc.tpl @@ -28,6 +28,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Persistent Volume Claim") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_rbac.tpl b/library/common/templates/class/_rbac.tpl index ef15e28d..d5f94a75 100644 --- a/library/common/templates/class/_rbac.tpl +++ b/library/common/templates/class/_rbac.tpl @@ -22,7 +22,7 @@ kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }} metadata: name: {{ $objectData.name }} {{- if not $objectData.clusterWide }} - namespace: {{ $rootCtx.Release.Namespace }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "RBAC") }} {{- end }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_route.tpl b/library/common/templates/class/_route.tpl index 7770c90e..e9ef7e01 100644 --- a/library/common/templates/class/_route.tpl +++ b/library/common/templates/class/_route.tpl @@ -8,7 +8,7 @@ within the common library. {{- with .ObjectValues.route -}} {{- $values = . -}} {{- end -}} -{{ end -}} +{{- end -}} {{- $routeLabels := $values.labels -}} {{- $routeAnnotations := $values.annotations -}} @@ -16,7 +16,7 @@ within the common library. {{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}} -{{ end -}} +{{- end -}} {{- $routeKind := $values.kind | default "HTTPRoute" -}} {{/* Get the name of the primary service, if any */}} @@ -28,16 +28,17 @@ within the common library. {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} {{- end -}} -{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) -}} +{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primaryServiceName )) }} --- apiVersion: gateway.networking.k8s.io/v1alpha2 -{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") }} - {{- fail (printf "Not a valid route kind (%s)" $routeKind) }} +{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") -}} + {{- fail (printf "Not a valid route kind (%s)" $routeKind) -}} {{- end }} kind: {{ $routeKind }} metadata: name: {{ $fullName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_secret.tpl b/library/common/templates/class/_secret.tpl index b35173fa..14b2f2a4 100644 --- a/library/common/templates/class/_secret.tpl +++ b/library/common/templates/class/_secret.tpl @@ -31,6 +31,7 @@ kind: Secret type: {{ $secretType }} metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Secret") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: @@ -41,9 +42,6 @@ metadata: annotations: {{- . | nindent 4 }} {{- end -}} - {{- with $objectData.namespace }} - namespace: {{ tpl . $rootCtx }} - {{- end -}} {{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }} data: {{- if eq $objectData.type "certificate" }} diff --git a/library/common/templates/class/_service.tpl b/library/common/templates/class/_service.tpl index 35c6084a..e1fd3d4b 100644 --- a/library/common/templates/class/_service.tpl +++ b/library/common/templates/class/_service.tpl @@ -58,6 +58,7 @@ apiVersion: v1 kind: Service metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml) (include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $rootCtx "objectType" "service" "objectName" $objectData.shortName) | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} diff --git a/library/common/templates/class/_serviceAccount.tpl b/library/common/templates/class/_serviceAccount.tpl index 9a8264b6..209bf0b0 100644 --- a/library/common/templates/class/_serviceAccount.tpl +++ b/library/common/templates/class/_serviceAccount.tpl @@ -19,6 +19,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Service Account") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_serviceMonitor.tpl b/library/common/templates/class/_serviceMonitor.tpl index b5ae095b..17c2020e 100644 --- a/library/common/templates/class/_serviceMonitor.tpl +++ b/library/common/templates/class/_serviceMonitor.tpl @@ -19,6 +19,7 @@ apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ } kind: ServiceMonitor metadata: name: {{ $servicemonitorName }} + namespace: {{ $.Values.namespace | default $.Values.global.namespace | default $.Release.Namespace }} {{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/class/_statefulset.tpl b/library/common/templates/class/_statefulset.tpl index cb098421..289ba824 100644 --- a/library/common/templates/class/_statefulset.tpl +++ b/library/common/templates/class/_statefulset.tpl @@ -16,6 +16,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "StatefulSet") }} {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} labels: diff --git a/library/common/templates/lib/chart/_names.tpl b/library/common/templates/lib/chart/_names.tpl index fcba93bd..9241b0ca 100644 --- a/library/common/templates/lib/chart/_names.tpl +++ b/library/common/templates/lib/chart/_names.tpl @@ -34,7 +34,7 @@ {{- $name := .name -}} - {{- if not (mustRegexMatch "^[a-z0-9]([a-z0-9]-?|-?[a-z0-9]){0,61}[a-z0-9]$" $name) -}} + {{- if not (and (mustRegexMatch "^[a-z0-9](-?[a-z0-9]-?)+[a-z0-9]$" $name) (le (len $name) 63)) -}} {{- fail (printf "Name [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $name) -}} {{- end -}} diff --git a/library/common/templates/lib/metadata/_namespace.tpl b/library/common/templates/lib/metadata/_namespace.tpl new file mode 100644 index 00000000..10b048db --- /dev/null +++ b/library/common/templates/lib/metadata/_namespace.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.lib.metadata.namespace" -}} + {{- $caller := .caller -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $namespace := $rootCtx.Release.Namespace -}} + + {{- with $rootCtx.Values.global.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $rootCtx.Values.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- with $objectData.namespace -}} + {{- $namespace = tpl . $rootCtx -}} + {{- end -}} + + {{- if not (and (mustRegexMatch "^[a-z0-9](-?[a-z0-9]-?)+[a-z0-9]$" $namespace) (le (len $namespace) 63)) -}} + {{- fail (printf "%s - Namespace [%s] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters." $caller $namespace) -}} + {{- end -}} + + {{- if $rootCtx.Values.global.ixChartContext -}} + {{- if not (hasPrefix "ix-" $namespace) -}} + {{/* This is only to be used on CI that do not run in SCALE so we can skip the failure */}} + {{- if not $rootCtx.Values.global.ixChartContext.ci -}} + {{- fail (printf "%s - Namespace [%v] expected to have [ix-] prefix when installed in TrueNAS SCALE" $caller $namespace) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- $namespace -}} + +{{- end -}} diff --git a/library/common/templates/lib/util/_autoperms.tpl b/library/common/templates/lib/util/_autoperms.tpl index 3c46fe85..773b45c3 100644 --- a/library/common/templates/lib/util/_autoperms.tpl +++ b/library/common/templates/lib/util/_autoperms.tpl @@ -120,7 +120,7 @@ podSpec: {{- if $vol.chown }} echo "Automatically correcting ownership for {{ $mountPath }}..." before=$(stat -c "%u:%g" {{ $mountPath }}) - {{- if $.Values.ixChartContext }}{{/* TODO: Add user here too? */}} + {{- if $.Values.global.ixChartContext }}{{/* TODO: Add user here too? */}} /usr/sbin/nfs4xdr_winacl -a chown -G {{ $group }} {{ $r | lower }} -c "{{ $mountPath }}" -p "{{ $mountPath }}" || echo "Failed setting ownership using winacl..." {{- else }} chown {{ $r }} -f {{ $user }}:{{ $group }} {{ $mountPath }} || echo "Failed setting ownership using chown..." diff --git a/library/common/templates/lib/util/_chartcontext.tpl b/library/common/templates/lib/util/_chartcontext.tpl index 214d7309..2d18d286 100644 --- a/library/common/templates/lib/util/_chartcontext.tpl +++ b/library/common/templates/lib/util/_chartcontext.tpl @@ -56,7 +56,7 @@ {{- else -}} {{- $namespace = $selectedIngress.ingressClassName -}} {{- end -}} - + {{- end -}} {{- $traefikportalhook := lookup "v1" "ConfigMap" $namespace "portalhook" -}} @@ -95,10 +95,10 @@ {{- end -}} {{/* TrueNAS SCALE specific code */}} - {{- if $.Values.ixChartContext -}} - {{- if $.Values.ixChartContext.kubernetes_config -}} - {{- $podCIDR = $.Values.ixChartContext.kubernetes_config.cluster_cidr -}} - {{- $svcCIDR = $.Values.ixChartContext.kubernetes_config.service_cidr -}} + {{- if $.Values.global.ixChartContext -}} + {{- if $.Values.global.ixChartContext.kubernetes_config -}} + {{- $podCIDR = $.Values.global.ixChartContext.kubernetes_config.cluster_cidr -}} + {{- $svcCIDR = $.Values.global.ixChartContext.kubernetes_config.service_cidr -}} {{- end -}} {{- else -}} {{/* TODO: Find ways to implement CIDR detection */}} diff --git a/library/common/templates/spawner/_portal.tpl b/library/common/templates/spawner/_portal.tpl index 88ca1a24..fd141b7c 100644 --- a/library/common/templates/spawner/_portal.tpl +++ b/library/common/templates/spawner/_portal.tpl @@ -156,7 +156,7 @@ {{- include "tc.v1.common.lib.configmap.validation" (dict "objectData" $configMap) -}} {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $configMap "caller" "ConfigMap") -}} - {{- if $.Values.ixChartContext -}} + {{- if $.Values.global.ixChartContext -}} {{/* Call class to create the object */}} {{- include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $configMap) -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 2d43cd73..3b2fee9e 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -4,6 +4,9 @@ global: labels: {} # -- Set additional global annotations annotations: {} + # -- Set a global namespace + # TODO: Currently some objects do not support this + namespace: "" # -- Adds metalLB annotations to services addMetalLBAnnotations: true # -- Adds traefik annotations to services @@ -56,6 +59,8 @@ fallbackDefaults: failureThreshold: 60 successThreshold: 1 +# -- Explicitly set a namespace for this chart only +namespace: "" # -- Image values image: