diff --git a/library/common-test/tests/configmap/configmap_test.yaml b/library/common-test/tests/configmap/configmap_test.yaml index 3db5c2afbb..904200a4ed 100644 --- a/library/common-test/tests/configmap/configmap_test.yaml +++ b/library/common-test/tests/configmap/configmap_test.yaml @@ -12,6 +12,16 @@ tests: - isKind: of: Deployment + - it: should fail without a dict in configmap + set: + configmap: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: key must have at least one dict. Found (bool) + - it: should fail with uppercase in name in configmap set: configmap: diff --git a/library/common-test/tests/container_in_deployment/env_test.yaml b/library/common-test/tests/container_in_deployment/env_test.yaml index ed6f5bfdd3..cdbe90144d 100644 --- a/library/common-test/tests/container_in_deployment/env_test.yaml +++ b/library/common-test/tests/container_in_deployment/env_test.yaml @@ -127,7 +127,7 @@ tests: ENVVAR: ABC envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (ENVVAR) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (env)] and [to (ABC) on (configmap-RELEASE-NAME-common-test-somename)] @@ -193,7 +193,7 @@ tests: POSTGRES_HOST: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (envList)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] @@ -226,7 +226,7 @@ tests: TZ: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] @@ -243,7 +243,7 @@ tests: POSTGRES_HOST: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (env)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] @@ -261,7 +261,7 @@ tests: POSTGRES_HOST: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (postgres.svc.cluster.local) on (envList)] and [to (something) on (configmap-RELEASE-NAME-common-test-somename)] @@ -282,9 +282,9 @@ tests: POSTGRES_HOST: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' - secretRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something) on (configmap-RELEASE-NAME-common-test-somename)] and [to (something123) on (secret-RELEASE-NAME-common-test-somename)] @@ -355,9 +355,9 @@ tests: POSTGRES_HOST: something envFrom: - configMapRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' - secretRef: - name: RELEASE-NAME-common-test-somename + name: '{{ include "ix.v1.common.names.fullname" . }}-somename' asserts: - failedTemplate: errorMessage: Environment Variable (POSTGRES_HOST) on container (RELEASE-NAME-common-test) is set more than once. [to (something123) on (configmap-RELEASE-NAME-common-test-somename)] and [to (something) on (secret-RELEASE-NAME-common-test-somename)] diff --git a/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment.yaml b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment.yaml new file mode 100644 index 0000000000..b8fccd2623 --- /dev/null +++ b/library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment.yaml @@ -0,0 +1,416 @@ + +suite: initContainer in deployment test (on Upgrade) +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with image defined in multiple init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initImage2: + repository: some-repo-init2 + tag: some-tag-init2 + pullPolicy: IfNotPresent + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + some-name2: + imageSelector: initImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-init2:some-tag-init2 + imagePullPolicy: IfNotPresent + +--- +suite: initContainer in deployment test (onInstall) +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should pass with image defined in init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with image defined in multiple init container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + initImage2: + repository: some-repo-init2 + tag: some-tag-init2 + pullPolicy: IfNotPresent + initContainers: + some-name: + imageSelector: initImage + pullPolicy: Never + some-name2: + imageSelector: initImage2 + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-init2:some-tag-init2 + imagePullPolicy: IfNotPresent + + - it: should pass with tty and stdin defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in init container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + initContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + + - it: should pass with envFrom defined in init container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + initContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in init container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + initContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "2" + - name: UMASK_SET + value: "2" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should fail with lifecycle defined in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/Install/Upgrade Container (RELEASE-NAME-common-test-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in init container + documentIndex: *deploymentDoc + set: + initContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in init container + documentIndex: *deploymentDoc + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in init container + documentIndex: *deploymentDoc + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + initContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] diff --git a/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment.yaml b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment.yaml index 1f580c1991..f9930f4de0 100644 --- a/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/install_containers_in_deployment.yaml @@ -27,15 +27,324 @@ tests: imageSelector: installImage pullPolicy: Never asserts: - - equal: - path: spec.template.spec.containers[0].image - value: some-repo:some-tag - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: Always - - equal: - path: spec.template.spec.initContainers[0].image - value: some-repo-install:some-tag-install - - equal: - path: spec.template.spec.initContainers[0].imagePullPolicy - value: Never + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-install:some-tag-install + imagePullPolicy: Never + + - it: should pass with image defined in multiple install container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + installImage: + repository: some-repo-install + tag: some-tag-install + pullPolicy: Never + installImage2: + repository: some-repo-install2 + tag: some-tag-install2 + pullPolicy: IfNotPresent + installContainers: + some-name: + imageSelector: installImage + pullPolicy: Never + some-name2: + imageSelector: installImage2 + pullPolicy: Never + initContainers: + some-name3: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-install:some-tag-install + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-install2:some-tag-install2 + imagePullPolicy: IfNotPresent + - isSubset: + path: spec.template.spec.initContainers[2] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + tty: false + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in install container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + installContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + + - it: should pass with envFrom defined in install container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + installContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in install container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + installContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "2" + - name: UMASK_SET + value: "2" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should fail with lifecycle defined in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/Install/Upgrade Container (RELEASE-NAME-common-test-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in install container + documentIndex: *deploymentDoc + set: + installContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in install container + documentIndex: *deploymentDoc + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + installContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in install container + documentIndex: *deploymentDoc + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + installContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] diff --git a/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment.yaml b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment.yaml index c2eff4ec1c..3e353f3c2a 100644 --- a/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment.yaml +++ b/library/common-test/tests/initcontainers_in_deployment/upgrade_containers_in_deployment.yaml @@ -12,60 +12,187 @@ tests: count: 3 - isKind: of: Deployment -# TODO: expand tests - - it: should pass with image defined in install container + + - it: should pass with image defined in upgrade container documentIndex: *deploymentDoc set: image: repository: some-repo tag: some-tag pullPolicy: Always - someImage: - repository: some-other-repo - tag: some-other-tag + upgradeImage: + repository: some-repo-upgrade + tag: some-tag-upgrade pullPolicy: Never - installContainers: - some-name: - imageSelector: someImage - pullPolicy: Never upgradeContainers: - some-name-upgrade: - imageSelector: someImage + some-name: + imageSelector: upgradeImage pullPolicy: Never asserts: - - equal: - path: spec.template.spec.containers[0].image - value: some-repo:some-tag - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: Always - - contains: - path: spec.template.spec.initContainers + - isSubset: + path: spec.template.spec.containers[0] content: - name: RELEASE-NAME-common-test-some-name-upgrade - image: some-other-repo:some-other-tag + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-upgrade:some-tag-upgrade imagePullPolicy: Never - stdin: false + + - it: should pass with image defined in multiple upgrade container + documentIndex: *deploymentDoc + set: + image: + repository: some-repo + tag: some-tag + pullPolicy: Always + initImage: + repository: some-repo-init + tag: some-tag-init + pullPolicy: Never + upgradeImage: + repository: some-repo-upgrade + tag: some-tag-upgrade + pullPolicy: Never + upgradeImage2: + repository: some-repo-upgrade2 + tag: some-tag-upgrade2 + pullPolicy: IfNotPresent + upgradeContainers: + some-name: + imageSelector: upgradeImage + pullPolicy: Never + some-name2: + imageSelector: upgradeImage2 + pullPolicy: Never + initContainers: + some-name3: + imageSelector: initImage + pullPolicy: Never + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + image: some-repo:some-tag + imagePullPolicy: Always + - isSubset: + path: spec.template.spec.initContainers[0] + content: + image: some-repo-upgrade:some-tag-upgrade + imagePullPolicy: Never + - isSubset: + path: spec.template.spec.initContainers[1] + content: + image: some-repo-upgrade2:some-tag-upgrade2 + imagePullPolicy: IfNotPresent + - isSubset: + path: spec.template.spec.initContainers[2] + content: + image: some-repo-init:some-tag-init + imagePullPolicy: Never + + - it: should pass with tty and stdin defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + tty: true + stdin: true + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: tty: false - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: [] - drop: [] - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - env: - - name: TZ - value: UTC - - name: UMASK - value: "2" - - name: UMASK_SET - value: "2" - - name: NVIDIA_VISIBLE_DEVICES - value: void - - name: S6_READ_ONLY_ROOT - value: "1" + stdin: false + - isSubset: + path: spec.template.spec.initContainers[0] + content: + tty: true + stdin: true + + - it: should pass with command and args defined in upgrade container + documentIndex: *deploymentDoc + set: + port: 8080 + entrypoint: ./run.sh + upgradeContainers: + some-name: + command: + - /bin/sh + - -c + - | + {{ .Values.entrypoint }} + args: + - --port + - "{{ .Values.port }}" + extraArgs: + - --data_dir + - /data + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + - isSubset: + path: spec.template.spec.initContainers[0] + content: + command: + - /bin/sh + - -c + - | + ./run.sh + args: + - --port + - "8080" + - --data_dir + - /data + + - it: should pass with termination defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + termination: + messagePath: somePath + messagePolicy: File + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + - isSubset: + path: spec.template.spec.initContainers[0] + content: + terminationMessagePath: somePath + terminationMessagePolicy: File + + - it: should pass with resources defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: resources: limits: cpu: 4000m @@ -73,3 +200,153 @@ tests: requests: cpu: 10m memory: 50Mi + - isSubset: + path: spec.template.spec.initContainers[0] + content: + resources: + limits: + cpu: 3000m + memory: 4Gi + requests: + cpu: 20m + memory: 100Mi + + - it: should pass with envFrom defined in upgrade container + documentIndex: *deploymentDoc + set: + some_name: a_name + some_name2: a_name2 + upgradeContainers: + some-name: + envFrom: + - configMapRef: + name: "{{ .Values.some_name }}" + - configMapRef: + name: "{{ .Values.some_name2 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + envFrom: + - configMapRef: + name: a_name + - configMapRef: + name: a_name2 + + - it: should pass with env and envList defined in upgrade container + documentIndex: *deploymentDoc + set: + some_value: value + some_value2: value2 + some_value3: value3 + some_value4: value4 + upgradeContainers: + some-name: + env: + var1: "{{ .Values.some_value }}" + var2: "{{ .Values.some_value2 }}" + envList: + - name: var3 + value: "{{ .Values.some_value3 }}" + - name: var4 + value: "{{ .Values.some_value4 }}" + asserts: + - isNotSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + - isSubset: + path: spec.template.spec.initContainers[0] + content: + env: + - name: TZ + value: UTC + - name: UMASK + value: "2" + - name: UMASK_SET + value: "2" + - name: NVIDIA_VISIBLE_DEVICES + value: void + - name: S6_READ_ONLY_ROOT + value: "1" + - name: var1 + value: value + - name: var2 + value: value2 + - name: var3 + value: value3 + - name: var4 + value: value4 + + - it: should fail with lifecycle defined in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + lifecycle: + asserts: + - failedTemplate: + errorMessage: Init/Install/Upgrade Container (RELEASE-NAME-common-test-some-name) do not support lifecycle hooks + + - it: should fail with env trying to override fixedEnvs in upgrade container + documentIndex: *deploymentDoc + set: + upgradeContainers: + some-name: + env: + TZ: something + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (env)] + + - it: should fail with env trying to override configmap in upgrade container + documentIndex: *deploymentDoc + set: + configmap: + some-confmap: + enabled: true + parseAsEnv: true + content: + TZ: something + upgradeContainers: + some-name: + envFrom: + - configMapRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-confmap' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (configmap-RELEASE-NAME-common-test-some-confmap)] + + - it: should fail with env trying to override secret in upgrade container + documentIndex: *deploymentDoc + set: + secret: + some-secret: + enabled: true + parseAsEnv: true + content: + TZ: something + upgradeContainers: + some-name: + envFrom: + - secretRef: + name: '{{ include "ix.v1.common.names.fullname" . }}-some-secret' + asserts: + - failedTemplate: + errorMessage: Environment Variable (TZ) on container (RELEASE-NAME-common-test-some-name) is set more than once. [to (UTC) on (fixedEnv)] and [to (something) on (secret-RELEASE-NAME-common-test-some-secret)] diff --git a/library/common-test/tests/secret/secret_test.yaml b/library/common-test/tests/secret/secret_test.yaml index c10bef75de..86e41bf485 100644 --- a/library/common-test/tests/secret/secret_test.yaml +++ b/library/common-test/tests/secret/secret_test.yaml @@ -12,6 +12,16 @@ tests: - isKind: of: Deployment + - it: should fail without a dict in secret + set: + secret: + enabled: true + content: + key: value + asserts: + - failedTemplate: + errorMessage: key must have at least one dict.dict. Found (bool) + - it: should fail with uppercase in name in secret set: secret: diff --git a/library/common/1.0.0/templates/lib/container/_images.tpl b/library/common/1.0.0/templates/lib/container/_images.tpl index 3d8c531592..de89052265 100644 --- a/library/common/1.0.0/templates/lib/container/_images.tpl +++ b/library/common/1.0.0/templates/lib/container/_images.tpl @@ -9,7 +9,12 @@ {{- $root := .root -}} {{- $selectedImage := .selectedImage -}} - {{- $image := get $root.Values "image" -}} + {{- if not $selectedImage -}} + {{- $selectedImage = "image" -}} + {{- end -}} + + {{- $image := "" -}} + {{- if hasKey $root.Values $selectedImage -}} {{- $image = get $root.Values $selectedImage -}} {{- else if $selectedImage -}} {{/* If selectedImage does not exist in Values */}} @@ -22,8 +27,12 @@ {{- $root := .root -}} {{- $selectedImage := .selectedImage -}} + {{- if not $selectedImage -}} + {{- $selectedImage = "image" -}} + {{- end -}} + {{- $pullPolicy := "IfNotPresent" -}} - {{- $image := get $root.Values "image" -}} + {{- $image := "" -}} {{- if hasKey $root.Values $selectedImage -}} {{- $image = get $root.Values $selectedImage -}} diff --git a/library/common/1.0.0/templates/lib/container/_securityContext.tpl b/library/common/1.0.0/templates/lib/container/_securityContext.tpl index d4e902d91a..5df1cb979b 100644 --- a/library/common/1.0.0/templates/lib/container/_securityContext.tpl +++ b/library/common/1.0.0/templates/lib/container/_securityContext.tpl @@ -26,6 +26,10 @@ init{{/* Security Context included by the container */}} {{- end -}} {{- end -}} + {{- if $secContext.inheritMain -}} {{/* if inheritMain is set, use the secContext from main container as default */}} + {{- $defaultSecCont = $root.Values.securityContext -}} + {{- end -}} {{/* TODO: Unittests for inherit + normal securityContext */}} + {{/* Override defaults based on user/dev input */}} {{- if and (hasKey $secContext "runAsNonRoot") (ne (toString $secContext.runAsNonRoot) (toString $runAsNonRoot)) -}} {{- $runAsNonRoot = $secContext.runAsNonRoot -}} diff --git a/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl b/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl index d8cbc73261..085c630b9d 100644 --- a/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl +++ b/library/common/1.0.0/templates/lib/pod/_extraContainers.tpl @@ -50,10 +50,10 @@ envFrom: {{- . | nindent 4 }} {{- end -}} - {{- with (include "ix.v1.common.container.lifecycle" (dict "lifecycle" $container.lifecycle "root" $root)) | trim -}} - {{- if and . (mustHas $type (list "init" "install" "upgrades")) -}} {{/* Init containers do not have lifecycle... */}} - {{- fail (printf "Init/Install/Upgrade Container (%s) do not support lifecycle hooks" $name) -}} - {{- end }} + {{- if and (hasKey $container "lifecycle") (mustHas $type (list "init" "install" "upgrade")) -}} {{/* Init containers do not have lifecycle... */}} + {{- fail (printf "Init/Install/Upgrade Container (%s) do not support lifecycle hooks" $name) -}} + {{- end -}} + {{- with (include "ix.v1.common.container.lifecycle" (dict "lifecycle" $container.lifecycle "root" $root)) | trim }} lifecycle: {{- . | nindent 4 }} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/pod/_pod.tpl b/library/common/1.0.0/templates/lib/pod/_pod.tpl index 3afc2e513a..dbbbe422c5 100644 --- a/library/common/1.0.0/templates/lib/pod/_pod.tpl +++ b/library/common/1.0.0/templates/lib/pod/_pod.tpl @@ -51,7 +51,7 @@ imagePullSecrets: runtimeClassName: {{ . }} {{- end -}} {{- with (include "ix.v1.common.controller.mainContainer" . | trim) }} -containers: +containers: {{/* TODO: Additional Containers */}} {{- . | nindent 2 }} {{- end -}} {{- if or .Values.initContainers .Values.installContainers .Values.upgradeContainers }} diff --git a/library/common/1.0.0/templates/spawner/_configmapAndSecret.tpl b/library/common/1.0.0/templates/spawner/_configmapAndSecret.tpl index dc4a302d37..5ff55fc6f7 100644 --- a/library/common/1.0.0/templates/spawner/_configmapAndSecret.tpl +++ b/library/common/1.0.0/templates/spawner/_configmapAndSecret.tpl @@ -2,9 +2,15 @@ {{- $root := . -}} {{- range $name, $objectData := .Values.configmap -}} + {{- if ne (kindOf $objectData) "map" -}} + {{- fail (printf " key must have at least one dict. Found (%s)" (kindOf $objectData)) -}} + {{- end -}} {{- include "ix.v1.common.configmapAndSecret.process" (dict "root" $root "name" $name "objectData" $objectData "objectType" "configmap") -}} {{- end -}} {{- range $name, $objectData := .Values.secret -}} + {{- if ne (kindOf $objectData) "map" -}} + {{- fail (printf " key must have at least one dict. Found (%s)" (kindOf $objectData)) -}} + {{- end -}} {{- include "ix.v1.common.configmapAndSecret.process" (dict "root" $root "name" $name "objectData" $objectData "objectType" "secret") -}} {{- end -}} {{- end -}}