From 12e5447fb0e620bcf2b2b15047674772c85bb0e0 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Fri, 13 Jan 2023 17:42:35 +0200 Subject: [PATCH] add some extra tests + inherit option on volumeMounts --- .../fixedEnv_test.yaml | 28 +++++++ ...itional_containers_in_deployment_test.yaml | 81 +++++++++++++++++++ ...containers_in_deployment_install_test.yaml | 81 +++++++++++++++++++ ...containers_in_deployment_upgrade_test.yaml | 81 +++++++++++++++++++ ...install_containers_in_deployment_test.yaml | 81 +++++++++++++++++++ ...containers_in_deployment_install_copy.yaml | 81 +++++++++++++++++++ ...upgrade_containers_in_deployment_test.yaml | 81 +++++++++++++++++++ .../templates/lib/container/_volumeMounts.tpl | 67 ++++++++++----- .../templates/lib/pod/_extraContainers.tpl | 9 +-- 9 files changed, 563 insertions(+), 27 deletions(-) diff --git a/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml b/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml index 4377bec63d..7532f2b2a6 100644 --- a/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml +++ b/library/common-test/tests/container_in_deployment/fixedEnv_test.yaml @@ -75,6 +75,34 @@ tests: - name: S6_READ_ONLY_ROOT value: "1" + - it: should pass with an env referencing TZ and PUID + documentIndex: *deploymentDoc + set: + securityContext: + runAsUser: 0 + runAsNonRoot: false + env: + TIMEZONE: "{{ .Values.TZ }}" + APP_USER_ID: "{{ .Values.security.PUID }}" + asserts: + - equal: + path: spec.template.spec.containers[0].env + value: + - name: TZ + value: ETC + - name: UMASK + value: "003" + - name: UMASK_SET + value: "003" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: TIMEZONE + value: ETC + - name: APP_USER_ID + value: "568" + - it: should pass without S6_READ_ONLY_ROOT documentIndex: *deploymentDoc set: diff --git a/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml index a42f84a084..909848f72f 100644 --- a/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/additional_containers_in_deployment_test.yaml @@ -297,6 +297,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -333,6 +337,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1133,6 +1142,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in additional container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + additionalContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.containers[1] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in additional container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + additionalContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.containers[1] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in additional container documentIndex: *deploymentDoc set: @@ -1193,3 +1263,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled additional container from tpl + documentIndex: *deploymentDoc + set: + flag: false + additionalContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml index 3fae70265b..e8259e4fbb 100644 --- a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml @@ -297,6 +297,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -333,6 +337,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1024,6 +1033,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + initContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + initContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in init container documentIndex: *deploymentDoc set: @@ -1084,3 +1154,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled init container from tpl + documentIndex: *deploymentDoc + set: + flag: false + initContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml index c6023585ae..47dd9d9bd4 100644 --- a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml @@ -299,6 +299,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -335,6 +339,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1026,6 +1035,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + initContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in init container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + initContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in init container documentIndex: *deploymentDoc set: @@ -1086,3 +1156,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled init container from tpl + documentIndex: *deploymentDoc + set: + flag: false + initContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml index e148b4f3eb..80ad2422f6 100644 --- a/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment_test.yaml @@ -311,6 +311,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -347,6 +351,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1038,6 +1047,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in install container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + installContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in install container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + installContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in install container documentIndex: *deploymentDoc set: @@ -1098,3 +1168,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled install container from tpl + documentIndex: *deploymentDoc + set: + flag: false + installContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml b/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml index 24daff5a64..9b8b9a7217 100644 --- a/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/system_containers_in_deployment_install_copy.yaml @@ -297,6 +297,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -333,6 +337,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1024,6 +1033,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in system container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + systemContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in system container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + systemContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in system container documentIndex: *deploymentDoc set: @@ -1084,3 +1154,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled system container from tpl + documentIndex: *deploymentDoc + set: + flag: false + systemContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml index a174d2db50..bd4d895858 100644 --- a/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment_test.yaml @@ -313,6 +313,10 @@ tests: env: var1: "{{ .Values.some_value }}" var2: "{{ .Values.some_value2 }}" + var5: + secretKeyRef: + key: key + name: name envList: - name: var3 value: "{{ .Values.some_value3 }}" @@ -349,6 +353,11 @@ tests: value: value - name: var2 value: value2 + - name: var5 + valueFrom: + secretKeyRef: + name: name + key: key - name: var3 value: value3 - name: var4 @@ -1040,6 +1049,67 @@ tests: readOnly: false subPath: /some/other/sub/path + - it: should pass with volumeMounts inherit all in upgrade container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + noMount: true + mountPath: /some/other/path + type: emptyDir + upgradeContainers: + some-name: + volumeMounts: + - inherit: all + asserts: + - isNull: + path: spec.template.spec.containers[0].volumeMounts + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - name: some-volume + mountPath: /some/path + + - it: should pass with volumeMounts inherit skipNoMount in upgrade container + documentIndex: *deploymentDoc + set: + persistence: + some-volume: + enabled: true + noMount: true + mountPath: /some/path + type: emptyDir + some-other-volume: + enabled: true + type: emptyDir + mountPath: /some/other/path + upgradeContainers: + some-name: + volumeMounts: + - inherit: skipNoMount + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + volumeMounts: + - mountPath: /some/other/path + name: some-other-volume + - isSubset: + path: spec.template.spec.initContainers[0] + content: + volumeMounts: + - name: some-other-volume + mountPath: /some/other/path + - it: should pass with deviceList and volumeMounts defined in upgrade container documentIndex: *deploymentDoc set: @@ -1100,3 +1170,14 @@ tests: mountPath: /host/dev/usb - name: device-some-name-1 mountPath: /host/dev/serial + + - it: should pass with disabled upgrade container from tpl + documentIndex: *deploymentDoc + set: + flag: false + upgradeContainers: + some-name: + enabled: "{{ .Values.flag }}" + asserts: + - isNull: + path: spec.template.spec.initContainers diff --git a/library/common/1.0.0/templates/lib/container/_volumeMounts.tpl b/library/common/1.0.0/templates/lib/container/_volumeMounts.tpl index 497aa11f0d..890483ac32 100644 --- a/library/common/1.0.0/templates/lib/container/_volumeMounts.tpl +++ b/library/common/1.0.0/templates/lib/container/_volumeMounts.tpl @@ -29,32 +29,55 @@ {{- range $name, $item := $root.Values.persistence -}} {{- $volNames = mustAppend $volNames $name -}} {{- end -}} - {{- range $index, $volMount := $extraContainerVolMounts }} - {{- if not $volMount.name -}} - {{- fail " is required in volumeMounts in init/system/install/upgrade/additional containers." -}} - {{- end -}} - {{- if not (mustHas $volMount.name $volNames) -}} - {{- fail (printf "You are trying to mount a volume that does not exist (%s). Please define the volume in ." $volMount.name) -}} - {{- end -}} + {{- range $index, $volMount := $extraContainerVolMounts -}} + {{- if hasKey $volMount "inherit" -}} {{/* If has Key "inherit" */}} + {{- if eq $volMount.inherit "all" -}} {{/* Inherit all volumeMounts */}} + {{- range $name, $item := $root.Values.persistence -}} + {{- if $item.enabled -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $name) | indent 0 -}} + {{- end -}} + {{- end -}} + {{- else if eq $volMount.inherit "skipNoMount" -}} {{/* Inherit all volumeMounts but skip the "noMount" volumeMounts */}} + {{- range $name, $item := $root.Values.persistence -}} + {{- if $item.enabled -}} + {{- if not $item.noMount -}} + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $name) | indent 0 -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}}{{/* Here we can add other inherit cases */}} + {{- else -}} + {{- if not $volMount.name -}} + {{- fail " is required in volumeMounts in init/system/install/upgrade/additional containers." -}} + {{- end -}} - {{- $item := dict -}} + {{- if not (mustHas $volMount.name $volNames) -}} + {{- fail (printf "You are trying to mount a volume that does not exist (%s). Please define the volume in ." $volMount.name) -}} + {{- end -}} - {{- $_ := set $item "mountPath" $volMount.mountPath -}} - {{- if hasKey $volMount "subPath" -}} - {{- $_ := set $item "subPath" $volMount.subPath -}} - {{- end -}} - {{- if hasKey $volMount "mountPropagation" -}} - {{- $_ := set $item "mountPropagation" $volMount.mountPropagation -}} - {{- end -}} - {{- if hasKey $volMount "readOnly" -}} - {{- $_ := set $item "readOnly" $volMount.readOnly -}} - {{- end -}} + {{- $item := dict -}} - {{- include "ix.v1.common.container.volumeMount" (dict "root" $root - "item" $item - "name" $volMount.name) | nindent 0 -}} - {{- end }} + {{- $_ := set $item "mountPath" $volMount.mountPath -}} + {{- if hasKey $volMount "subPath" -}} + {{- $_ := set $item "subPath" $volMount.subPath -}} + {{- end -}} + {{- if hasKey $volMount "mountPropagation" -}} + {{- $_ := set $item "mountPropagation" $volMount.mountPropagation -}} + {{- end -}} + {{- if hasKey $volMount "readOnly" -}} + {{- $_ := set $item "readOnly" $volMount.readOnly -}} + {{- end -}} + + {{- include "ix.v1.common.container.volumeMount" (dict "root" $root + "item" $item + "name" $volMount.name) | indent 0 -}} + {{- end -}} + {{- end -}} {{- end -}} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl b/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl index 309e1ac37a..b657ae2602 100644 --- a/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl +++ b/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl @@ -14,15 +14,14 @@ {{- $sortedContainers := list -}} {{/* Sort containers */}} - {{- range $index, $name := (keys $containerList | uniq | sortAlpha) -}} + {{- range $index, $name := (keys $containerList | mustUniq | sortAlpha) -}} {{- $container := get $containerList $name -}} {{- $enabled := true -}} {{/* Default to enable */}} {{- if hasKey $container "enabled" -}} {{/* If has enabled key */}} - {{- if (kindIs "bool" (tpl $container.enabled $root)) -}} {{/* And its kind of bool */}} - {{- if not (tpl $container.enabled $root) -}} {{/* And it's false */}} - {{- $enabled = false -}} {{/* Disable the container */}} - {{- end -}} + {{- $flag := (tpl $container.enabled $root) -}} + {{- if eq "false" $flag -}} {{/* And its kind of bool */}} + {{- $enabled = false -}} {{/* Disable the container */}} {{- end -}} {{- end -}}