mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-05 20:14:17 -03:00
add env list and split tests more
This commit is contained in:
177
library/common-test/tests/pod/deployment_container_env_list.yaml
Normal file
177
library/common-test/tests/pod/deployment_container_env_list.yaml
Normal file
@@ -0,0 +1,177 @@
|
||||
suite: deployment container env test
|
||||
templates:
|
||||
- common.yaml
|
||||
tests:
|
||||
- it: should pass with default values
|
||||
asserts:
|
||||
- documentIndex: &deploymentDoc 0
|
||||
isKind:
|
||||
of: Deployment
|
||||
|
||||
- it: should fail with envList missing name
|
||||
set:
|
||||
envList:
|
||||
- value: some_value
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Please specify both name and value for environment variable
|
||||
|
||||
- it: should fail with envList missing value
|
||||
set:
|
||||
envList:
|
||||
- name: some_name
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Please specify both name and value for environment variable
|
||||
|
||||
- it: should fail with envList name as a map
|
||||
set:
|
||||
envList:
|
||||
- name:
|
||||
some_key: some_value
|
||||
value: some_value
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Name in envList cannot be a map or slice
|
||||
|
||||
- it: should fail with envList name as a slice
|
||||
set:
|
||||
envList:
|
||||
- name:
|
||||
- some_key: some_value
|
||||
value: some_value
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Name in envList cannot be a map or slice
|
||||
|
||||
- it: should fail with envList value as a map
|
||||
set:
|
||||
envList:
|
||||
- name: some_name
|
||||
value:
|
||||
some_key: some_value
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Value in envList cannot be a map or slice
|
||||
|
||||
- it: should fail with envList value as a slice
|
||||
set:
|
||||
envList:
|
||||
- name: some_name
|
||||
value:
|
||||
- some_key: some_value
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
documentIndex: *deploymentDoc
|
||||
errorMessage: Value in envList cannot be a map or slice
|
||||
|
||||
- it: should pass with envList entry added
|
||||
set:
|
||||
envList:
|
||||
- name: some_name
|
||||
value: some_value
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
- name: some_name
|
||||
value: some_value
|
||||
|
||||
- it: should pass with envList entries added
|
||||
set:
|
||||
envList:
|
||||
- name: some_name
|
||||
value: some_value
|
||||
- name: some_name2
|
||||
value: some_value2
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
- name: some_name
|
||||
value: some_value
|
||||
- name: some_name2
|
||||
value: some_value2
|
||||
|
||||
- it: should pass with envList entry added from tpl
|
||||
set:
|
||||
some_name: a_name
|
||||
some_value: a_value
|
||||
envList:
|
||||
- name: "{{ .Values.some_name }}"
|
||||
value: "{{ .Values.some_value }}"
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
- name: a_name
|
||||
value: a_value
|
||||
|
||||
- it: should pass with envList entries added
|
||||
set:
|
||||
some_name: a_name
|
||||
some_value: a_value
|
||||
some_name2: a_name2
|
||||
some_value2: a_value2
|
||||
envList:
|
||||
- name: "{{ .Values.some_name }}"
|
||||
value: "{{ .Values.some_value }}"
|
||||
- name: "{{ .Values.some_name2 }}"
|
||||
value: "{{ .Values.some_value2 }}"
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
- name: a_name
|
||||
value: a_value
|
||||
- name: a_name2
|
||||
value: a_value2
|
||||
@@ -7,249 +7,6 @@ tests:
|
||||
- documentIndex: &deploymentDoc 0
|
||||
isKind:
|
||||
of: Deployment
|
||||
- it: should pass with injectFixedEnvs false
|
||||
set:
|
||||
injectFixedEnvs: false
|
||||
asserts:
|
||||
- isNull:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
|
||||
- it: should pass with TZ and UMASK changed
|
||||
set:
|
||||
TZ: ETC
|
||||
security:
|
||||
UMASK: 3
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: ETC
|
||||
- name: UMASK
|
||||
value: "3"
|
||||
- name: UMASK_SET
|
||||
value: "3"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass without S6_READ_ONLY_ROOT
|
||||
set:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
|
||||
- it: should pass with scaleGPU set
|
||||
set:
|
||||
scaleGPU: true
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: all
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as user root
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "568"
|
||||
- name: USER_ID
|
||||
value: "568"
|
||||
- name: UID
|
||||
value: "568"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "568"
|
||||
- name: USER_ID
|
||||
value: "568"
|
||||
- name: UID
|
||||
value: "568"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as user root and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root and fsGroup 0 and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "0"
|
||||
- name: GROUP_ID
|
||||
value: "0"
|
||||
- name: GID
|
||||
value: "0"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should fail with envs defined as a list
|
||||
set:
|
||||
@@ -598,44 +355,3 @@ tests:
|
||||
optional: false
|
||||
name: some_name
|
||||
key: some_key
|
||||
|
||||
- it: should pass with envs defined with scaleGPU
|
||||
set:
|
||||
scaleGPU: true
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: "UTC"
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: "all"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs defined with scaleGPU and custom capabilities
|
||||
set:
|
||||
scaleGPU: true
|
||||
nvidiaCaps:
|
||||
- compute
|
||||
- utility
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: "UTC"
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: "compute,utility"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
@@ -0,0 +1,295 @@
|
||||
suite: deployment container env test
|
||||
templates:
|
||||
- common.yaml
|
||||
tests:
|
||||
- it: should pass with default values
|
||||
asserts:
|
||||
- documentIndex: &deploymentDoc 0
|
||||
isKind:
|
||||
of: Deployment
|
||||
|
||||
- it: should pass with injectFixedEnvs false
|
||||
set:
|
||||
injectFixedEnvs: false
|
||||
asserts:
|
||||
- isNull:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
|
||||
- it: should pass with TZ and UMASK changed
|
||||
set:
|
||||
TZ: ETC
|
||||
security:
|
||||
UMASK: 3
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: ETC
|
||||
- name: UMASK
|
||||
value: "3"
|
||||
- name: UMASK_SET
|
||||
value: "3"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass without S6_READ_ONLY_ROOT
|
||||
set:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
|
||||
- it: should pass with scaleGPU set
|
||||
set:
|
||||
scaleGPU: true
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: all
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as user root
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "568"
|
||||
- name: USER_ID
|
||||
value: "568"
|
||||
- name: UID
|
||||
value: "568"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "568"
|
||||
- name: USER_ID
|
||||
value: "568"
|
||||
- name: UID
|
||||
value: "568"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as user root and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "568"
|
||||
- name: GROUP_ID
|
||||
value: "568"
|
||||
- name: GID
|
||||
value: "568"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs changed because run as group root and fsGroup 0 and PUID 0
|
||||
set:
|
||||
podSecurityContext:
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
security:
|
||||
PUID: 0
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: UTC
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: void
|
||||
- name: PUID
|
||||
value: "0"
|
||||
- name: USER_ID
|
||||
value: "0"
|
||||
- name: UID
|
||||
value: "0"
|
||||
- name: PGID
|
||||
value: "0"
|
||||
- name: GROUP_ID
|
||||
value: "0"
|
||||
- name: GID
|
||||
value: "0"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
|
||||
- it: should pass with envs defined with scaleGPU
|
||||
set:
|
||||
scaleGPU: true
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: "UTC"
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: "all"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
|
||||
- it: should pass with envs defined with scaleGPU and custom capabilities
|
||||
set:
|
||||
scaleGPU: true
|
||||
nvidiaCaps:
|
||||
- compute
|
||||
- utility
|
||||
asserts:
|
||||
- equal:
|
||||
documentIndex: *deploymentDoc
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: TZ
|
||||
value: "UTC"
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: "compute,utility"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
29
library/common/1.0.0/templates/lib/container/_env_list.tpl
Normal file
29
library/common/1.0.0/templates/lib/container/_env_list.tpl
Normal file
@@ -0,0 +1,29 @@
|
||||
{{/* Environment Variables List included by the container */}}
|
||||
{{- define "ix.v1.common.container.envList" -}}
|
||||
{{- $envList := .envList -}}
|
||||
{{- $root := .root -}}
|
||||
{{- with $envList -}}
|
||||
{{- range $envList -}}
|
||||
{{- if and .name .value -}}
|
||||
{{- if or (kindIs "map" .name) (kindIs "slice" .name) -}}
|
||||
{{- fail "Name in envList cannot be a map or slice" -}}
|
||||
{{- end -}}
|
||||
{{- if or (kindIs "map" .value) (kindIs "slice" .value) -}}
|
||||
{{- fail "Value in envList cannot be a map or slice" -}}
|
||||
{{- end }}
|
||||
- name: {{ tpl .name $root }}
|
||||
value: {{ tpl .value $root | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify both name and value for environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
A custom dict is expected with envList and root.
|
||||
It's designed to work for mainContainer AND initContainers.
|
||||
Calling this from an initContainer, wouldn't work, as it would have a different "root" context,
|
||||
and "tpl" on "$" would cause erors.
|
||||
That's why the custom dict is expected.
|
||||
*/}}
|
||||
@@ -8,44 +8,44 @@
|
||||
{{- $value := $v -}}
|
||||
{{- if kindIs "int" $name -}}
|
||||
{{- fail "Environment Variables as a list is not supported. Use key-value format." -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
- name: {{ $name | quote }}
|
||||
{{- if not (kindIs "map" $value) }}
|
||||
{{- if or (kindIs "string" $value) }} {{/* Single values are parsed as string (eg. int, bool) */}}
|
||||
{{- $value = tpl $value $root }} {{/* Expand Value */}}
|
||||
{{- if not (kindIs "map" $value) -}}
|
||||
{{- if or (kindIs "string" $value) -}} {{/* Single values are parsed as string (eg. int, bool) */}}
|
||||
{{- $value = tpl $value $root -}} {{/* Expand Value */}}
|
||||
{{- end }}
|
||||
value: {{ quote $value }}
|
||||
{{- else if kindIs "map" $value }} {{/* If value is a dict... */}}
|
||||
{{- if hasKey $value "valueFrom" }}
|
||||
{{- fail "Please remove <valueFrom> and use directly configMapKeyRef or secretKeyRef" }}
|
||||
{{- else if kindIs "map" $value -}} {{/* If value is a dict... */}}
|
||||
{{- if hasKey $value "valueFrom" -}}
|
||||
{{- fail "Please remove <valueFrom> and use directly configMapKeyRef or secretKeyRef" -}}
|
||||
{{- end }}
|
||||
valueFrom:
|
||||
{{- if hasKey $value "configMapKeyRef" }} {{/* And contains configMapRef... */}}
|
||||
configMapKeyRef:
|
||||
{{- $_ := set $value "name" $value.configMapKeyRef.name -}} {{/* Extract name and key */}}
|
||||
{{- $_ := set $value "key" $value.configMapKeyRef.key -}}
|
||||
{{- if hasKey $value.configMapKeyRef "optional" }}
|
||||
{{- fail "<optional> is not supported in configMapRefKey" }}
|
||||
{{- end }}
|
||||
{{- if hasKey $value.configMapKeyRef "optional" -}}
|
||||
{{- fail "<optional> is not supported in configMapRefKey" -}}
|
||||
{{- end -}}
|
||||
{{- else if hasKey $value "secretKeyRef" }} {{/* And contains secretpRef... */}}
|
||||
secretKeyRef:
|
||||
{{- $_ := set $value "name" $value.secretKeyRef.name -}} {{/* Extract name and key */}}
|
||||
{{- $_ := set $value "key" $value.secretKeyRef.key -}}
|
||||
{{- if (hasKey $value.secretKeyRef "optional") }}
|
||||
{{- if (hasKey $value.secretKeyRef "optional") -}}
|
||||
{{- if (kindIs "bool" $value.secretKeyRef.optional) }}
|
||||
optional: {{ $value.secretKeyRef.optional }}
|
||||
{{- else }}
|
||||
{{- else -}}
|
||||
{{- fail (printf "<optional> in secretKeyRef must be a boolean on Environment Variable (%s)" $name) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- fail "Not a valid valueFrom reference. Valid options are (configMapKeyRef and secretKeyRef)" -}}
|
||||
{{- end }}
|
||||
name: {{ tpl (required (printf "<name> for the keyRef is not defined in (%s)" $name) $value.name) $root }} {{/* Expand name and key */}}
|
||||
key: {{ tpl (required (printf "<key> for the keyRef is not defined in (%s)" $name) $value.key) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{{- else }}
|
||||
- name: NVIDIA_DRIVER_CAPABILITIES
|
||||
value: {{ join "," .Values.nvidiaCaps | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if and (or (not .Values.podSecurityContext.runAsUser) (not .Values.podSecurityContext.runAsGroup)) (or .Values.security.PUID (eq (.Values.security.PUID | int) 0)) }} {{/* If root user or root group and a PUID is set, set PUID and related envs */}}
|
||||
- name: PUID
|
||||
value: {{ tpl (toYaml .Values.security.PUID) $ | quote }}
|
||||
@@ -25,9 +25,9 @@
|
||||
value: {{ tpl (toYaml .Values.podSecurityContext.fsGroup) $ | quote }}
|
||||
- name: GID
|
||||
value: {{ tpl (toYaml .Values.podSecurityContext.fsGroup) $ | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if or (.Values.securityContext.readOnlyRootFilesystem) (.Values.securityContext.runAsNonRoot) }} {{/* Mainly for LSIO containers, tell S6 to avoid using rootfs */}}
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -41,13 +41,17 @@
|
||||
terminationMessagePolicy: {{ tpl . $ }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.injectFixedEnvs }}
|
||||
{{- include "ix.v1.common.container.fixedEnvs" . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.injectFixedEnvs -}}
|
||||
{{- include "ix.v1.common.container.fixedEnvs" . | nindent 4 -}}
|
||||
{{- end -}}
|
||||
{{- $context := dict -}} {{/* Create a new context and pass it to envVars include, so tpl can work. */}}
|
||||
{{- $_ := set $context "envs" .Values.env -}}
|
||||
{{- $_ := set $context "root" $ -}}
|
||||
{{- include "ix.v1.common.container.envVars" $context | nindent 4 }}
|
||||
{{- include "ix.v1.common.container.envVars" $context | nindent 4 -}}
|
||||
{{- $context := dict -}} {{/* Create a new context and pass it to envList include, so tpl can work. */}}
|
||||
{{- $_ := set $context "envList" .Values.envList -}}
|
||||
{{- $_ := set $context "root" $ -}}
|
||||
{{- include "ix.v1.common.container.envList" $context | nindent 4 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
|
||||
@@ -107,6 +107,13 @@ security:
|
||||
# optional: false (ony with secretKeyRef)
|
||||
env: {}
|
||||
|
||||
# -- Mainly used in the SCALE UI. Helm Template enabled.
|
||||
envList: []
|
||||
# - name: SOME_ENV_VAR
|
||||
# value: SOME_VALUE
|
||||
# - name: SOME_ENV_VAR2
|
||||
# value: SOME_VALUE2
|
||||
|
||||
controller:
|
||||
# -- Enable the controller.
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user