suite: Updater Deployment templates: - updater/deployment.yaml tests: # # Basic tests # - it: does not create a Deployment when updater.enabled is false (default) asserts: - hasDocuments: count: 0 - it: creates a Deployment when updater.enabled is true values: - ../.lint/updater.yaml asserts: - containsDocument: kind: Deployment apiVersion: apps/v1 name: RELEASE-NAME-updater namespace: NAMESPACE # # Testing the agent configuration # - it: sets the updater base image values: - ../.lint/updater.yaml set: image: repo.example.com/gravitational/teleport-distroless asserts: - contains: path: spec.template.spec.containers[0].args content: "--base-image=repo.example.com/gravitational/teleport-distroless" - it: sets the updater base entreprise image values: - ../.lint/updater.yaml set: enterprise: true asserts: - contains: path: spec.template.spec.containers[0].args content: "--base-image=public.ecr.aws/gravitational/teleport-ent-distroless" - it: sets the updater agent name values: - ../.lint/updater.yaml release: name: my-release asserts: - contains: path: spec.template.spec.containers[0].args content: "--agent-name=my-release" - it: sets the updater agent namespace values: - ../.lint/updater.yaml release: namespace: my-namespace asserts: - contains: path: spec.template.spec.containers[0].args content: "--agent-namespace=my-namespace" - it: sets the updater version server values: - ../.lint/updater.yaml asserts: - contains: path: spec.template.spec.containers[0].args content: "--version-server=https://my-custom-version-server/v1" - it: sets the updater release channel values: - ../.lint/updater.yaml asserts: - contains: path: spec.template.spec.containers[0].args content: "--version-channel=custom/preview" # # Kubernetes-related tests # - it: sets the deployment annotations values: - ../.lint/updater.yaml - ../.lint/annotations.yaml asserts: - equal: path: metadata.annotations.kubernetes\.io/deployment value: test-annotation - equal: path: metadata.annotations.kubernetes\.io/deployment-different value: 3 - it: sets the pod annotations values: - ../.lint/updater.yaml - ../.lint/annotations.yaml asserts: - equal: path: spec.template.metadata.annotations.kubernetes\.io/pod value: test-annotation - equal: path: spec.template.metadata.annotations.kubernetes\.io/pod-different value: 4 - it: sets the affinity values: - ../.lint/updater.yaml - ../.lint/affinity.yaml asserts: - isNotNull: path: spec.template.spec.affinity - matchSnapshot: path: spec.template.spec - it: sets the tolerations values: - ../.lint/updater.yaml - ../.lint/tolerations.yaml asserts: - isNotNull: path: spec.template.spec.tolerations - matchSnapshot: path: spec.template.spec - it: sets the imagePullSecrets values: - ../.lint/updater.yaml - ../.lint/imagepullsecrets.yaml asserts: - equal: path: spec.template.spec.imagePullSecrets[0].name value: myRegistryKeySecretName - it: sets the nodeSelector values: - ../.lint/updater.yaml - ../.lint/node-selector.yaml asserts: - equal: path: spec.template.spec.nodeSelector value: gravitational.io/k8s-role: node - it: sets the updater container image and version values: - ../.lint/updater.yaml set: teleportVersionOverride: 12.2.1 asserts: - equal: path: spec.template.spec.containers[0].image value: public.ecr.aws/gravitational/teleport-kube-agent-updater:12.2.1 - it: sets the updater container imagePullPolicy values: - ../.lint/updater.yaml - ../.lint/image-pull-policy.yaml asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - it: mounts the tls CA if provided and set the env var values: - ../.lint/updater.yaml - ../.lint/existing-tls-secret-with-ca.yaml asserts: - contains: path: spec.template.spec.volumes content: name: teleport-tls-ca secret: secretName: helm-lint-existing-tls-secret-ca - contains: path: spec.template.spec.containers[0].volumeMounts content: mountPath: /etc/teleport-tls-ca name: teleport-tls-ca readOnly: true - contains: path: spec.template.spec.containers[0].env content: name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - it: sets the updater container extraEnv values: - ../.lint/updater.yaml - ../.lint/extra-env.yaml asserts: - contains: path: spec.template.spec.containers[0].env content: name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - it: sets the pod resources values: - ../.lint/updater.yaml - ../.lint/resources.yaml asserts: - equal: path: spec.template.spec.containers[0].resources.limits.cpu value: 2 - equal: path: spec.template.spec.containers[0].resources.limits.memory value: 4Gi - equal: path: spec.template.spec.containers[0].resources.requests.cpu value: 1 - equal: path: spec.template.spec.containers[0].resources.requests.memory value: 2Gi - it: sets the pod priorityClass values: - ../.lint/updater.yaml - ../.lint/priority-class-name.yaml asserts: - equal: path: spec.template.spec.priorityClassName value: teleport-kube-agent - it: sets the pod service-account values: - ../.lint/updater.yaml - ../.lint/service-account-name.yaml asserts: - equal: path: spec.template.spec.serviceAccountName value: teleport-kube-agent-sa-updater - it: sets the pod service-account (override) values: - ../.lint/updater.yaml - ../.lint/service-account-name.yaml set: updater: serviceAccount: name: distinct-updater-sa asserts: - equal: path: spec.template.spec.serviceAccountName value: distinct-updater-sa