suite: Updater Deployment templates: - updater/deployment.yaml tests: # # Basic tests # - it: does not create a Deployment when updater.enabled is false (default) asserts: - hasDocuments: count: 0 - it: creates a Deployment when updater.enabled is true values: - ../.lint/updater.yaml asserts: - containsDocument: kind: Deployment apiVersion: apps/v1 name: RELEASE-NAME-updater namespace: NAMESPACE # # Testing the agent configuration # - it: sets the updater base image values: - ../.lint/updater.yaml set: image: repo.example.com/gravitational/teleport-distroless asserts: - contains: path: spec.template.spec.containers[0].args content: "--base-image=repo.example.com/gravitational/teleport-distroless" - it: sets the updater base entreprise image values: - ../.lint/updater.yaml set: enterprise: true asserts: - contains: path: spec.template.spec.containers[0].args content: "--base-image=public.ecr.aws/gravitational/teleport-ent-distroless" - it: sets the updater agent name values: - ../.lint/updater.yaml release: name: my-release asserts: - contains: path: spec.template.spec.containers[0].args content: "--agent-name=my-release" - it: sets the updater agent namespace values: - ../.lint/updater.yaml release: namespace: my-namespace asserts: - contains: path: spec.template.spec.containers[0].args content: "--agent-namespace=my-namespace" - it: defaults the updater version server to the proxy address set: proxyAddr: proxy.teleport.example.com:443 roles: "custom" updater: enabled: true asserts: - contains: path: spec.template.spec.containers[0].args content: "--version-server=https://proxy.teleport.example.com:443/v1/webapi/automaticupgrades/channel" - it: sets the updater version server values: - ../.lint/updater.yaml asserts: - contains: path: spec.template.spec.containers[0].args content: "--version-server=https://my-custom-version-server/v1" - it: sets the updater release channel values: - ../.lint/updater.yaml asserts: - contains: path: spec.template.spec.containers[0].args content: "--version-channel=custom/preview" # # Kubernetes-related tests # - it: sets the deployment annotations values: - ../.lint/updater.yaml - ../.lint/annotations.yaml asserts: - equal: path: metadata.annotations.kubernetes\.io/deployment value: test-annotation - equal: path: metadata.annotations.kubernetes\.io/deployment-different value: 3 - it: sets the pod annotations values: - ../.lint/updater.yaml - ../.lint/annotations.yaml asserts: - equal: path: spec.template.metadata.annotations.kubernetes\.io/pod value: test-annotation - equal: path: spec.template.metadata.annotations.kubernetes\.io/pod-different value: 4 - it: sets the affinity values: - ../.lint/updater.yaml - ../.lint/affinity.yaml asserts: - isNotNull: path: spec.template.spec.affinity - matchSnapshot: path: spec.template.spec - it: sets the tolerations values: - ../.lint/updater.yaml - ../.lint/tolerations.yaml asserts: - isNotNull: path: spec.template.spec.tolerations - matchSnapshot: path: spec.template.spec - it: sets the imagePullSecrets values: - ../.lint/updater.yaml - ../.lint/imagepullsecrets.yaml asserts: - equal: path: spec.template.spec.imagePullSecrets[0].name value: myRegistryKeySecretName - it: sets the nodeSelector values: - ../.lint/updater.yaml - ../.lint/node-selector.yaml asserts: - equal: path: spec.template.spec.nodeSelector value: gravitational.io/k8s-role: node - it: sets the updater container image and version values: - ../.lint/updater.yaml set: teleportVersionOverride: 12.2.1 asserts: - equal: path: spec.template.spec.containers[0].image value: public.ecr.aws/gravitational/teleport-kube-agent-updater:12.2.1 - it: sets the updater container imagePullPolicy values: - ../.lint/updater.yaml - ../.lint/image-pull-policy.yaml asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - it: mounts the tls CA if provided and set the env var values: - ../.lint/updater.yaml - ../.lint/existing-tls-secret-with-ca.yaml asserts: - contains: path: spec.template.spec.volumes content: name: teleport-tls-ca secret: secretName: helm-lint-existing-tls-secret-ca - contains: path: spec.template.spec.containers[0].volumeMounts content: mountPath: /etc/teleport-tls-ca name: teleport-tls-ca readOnly: true - contains: path: spec.template.spec.containers[0].env content: name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - it: sets the updater container extraEnv values: - ../.lint/updater.yaml - ../.lint/extra-env.yaml asserts: - contains: path: spec.template.spec.containers[0].env content: name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - it: sets the pod resources values: - ../.lint/updater.yaml - ../.lint/resources.yaml asserts: - equal: path: spec.template.spec.containers[0].resources.limits.cpu value: 2 - equal: path: spec.template.spec.containers[0].resources.limits.memory value: 4Gi - equal: path: spec.template.spec.containers[0].resources.requests.cpu value: 1 - equal: path: spec.template.spec.containers[0].resources.requests.memory value: 2Gi - it: sets the pod priorityClass values: - ../.lint/updater.yaml - ../.lint/priority-class-name.yaml asserts: - equal: path: spec.template.spec.priorityClassName value: teleport-kube-agent - it: sets the pod service-account values: - ../.lint/updater.yaml - ../.lint/service-account-name.yaml asserts: - equal: path: spec.template.spec.serviceAccountName value: teleport-kube-agent-sa-updater - it: sets the pod service-account (override) values: - ../.lint/updater.yaml - ../.lint/service-account-name.yaml set: updater: serviceAccount: name: distinct-updater-sa asserts: - equal: path: spec.template.spec.serviceAccountName value: distinct-updater-sa - it: sets extraArgs when set values: - ../.lint/updater.yaml set: updater: extraArgs: - "--foo=bar" asserts: - contains: path: spec.template.spec.containers[0].args content: "--foo=bar" - it: sets the pull credentials when specified values: - ../.lint/updater.yaml set: updater: pullCredentials: "amazon" asserts: - contains: path: spec.template.spec.containers[0].args content: "--pull-credentials=amazon" - it: sets extraVolumes when specified values: - ../.lint/updater-secret-docker.yaml - ../.lint/existing-tls-secret-with-ca.yaml asserts: - contains: path: spec.template.spec.volumes content: name: docker-config projected: sources: - secret: name: my-pull-secret items: - key: .dockerconfigjson path: config.json - it: sets extraVolumeMounts when specified values: - ../.lint/updater-secret-docker.yaml - ../.lint/existing-tls-secret-with-ca.yaml asserts: - contains: path: spec.template.spec.containers[0].volumeMounts content: name: docker-config mountPath: "/mnt/docker" readOnly: true