290 lines
8.4 KiB
YAML
290 lines
8.4 KiB
YAML
suite: Updater Deployment
|
|
templates:
|
|
- updater/deployment.yaml
|
|
tests:
|
|
#
|
|
# Basic tests
|
|
#
|
|
- it: does not create a Deployment when updater.enabled is false (default)
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 0
|
|
- it: creates a Deployment when updater.enabled is true
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
asserts:
|
|
- containsDocument:
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
name: RELEASE-NAME-updater
|
|
namespace: NAMESPACE
|
|
#
|
|
# Testing the agent configuration
|
|
#
|
|
- it: sets the updater base image
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
set:
|
|
image: repo.example.com/gravitational/teleport-distroless
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--base-image=repo.example.com/gravitational/teleport-distroless"
|
|
- it: sets the updater base entreprise image
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
set:
|
|
enterprise: true
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--base-image=public.ecr.aws/gravitational/teleport-ent-distroless"
|
|
- it: sets the updater agent name
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
release:
|
|
name: my-release
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--agent-name=my-release"
|
|
- it: sets the updater agent namespace
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
release:
|
|
namespace: my-namespace
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--agent-namespace=my-namespace"
|
|
- it: defaults the updater version server to the proxy address
|
|
set:
|
|
proxyAddr: proxy.teleport.example.com:443
|
|
roles: "custom"
|
|
updater:
|
|
enabled: true
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--version-server=https://proxy.teleport.example.com:443/v1/webapi/automaticupgrades/channel"
|
|
- it: sets the updater version server
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--version-server=https://my-custom-version-server/v1"
|
|
- it: sets the updater release channel
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--version-channel=custom/preview"
|
|
#
|
|
# Kubernetes-related tests
|
|
#
|
|
- it: sets the deployment annotations
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/annotations.yaml
|
|
asserts:
|
|
- equal:
|
|
path: metadata.annotations.kubernetes\.io/deployment
|
|
value: test-annotation
|
|
- equal:
|
|
path: metadata.annotations.kubernetes\.io/deployment-different
|
|
value: 3
|
|
- it: sets the pod annotations
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/annotations.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.metadata.annotations.kubernetes\.io/pod
|
|
value: test-annotation
|
|
- equal:
|
|
path: spec.template.metadata.annotations.kubernetes\.io/pod-different
|
|
value: 4
|
|
- it: sets the affinity
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/affinity.yaml
|
|
asserts:
|
|
- isNotNull:
|
|
path: spec.template.spec.affinity
|
|
- matchSnapshot:
|
|
path: spec.template.spec
|
|
- it: sets the tolerations
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/tolerations.yaml
|
|
asserts:
|
|
- isNotNull:
|
|
path: spec.template.spec.tolerations
|
|
- matchSnapshot:
|
|
path: spec.template.spec
|
|
- it: sets the imagePullSecrets
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/imagepullsecrets.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.imagePullSecrets[0].name
|
|
value: myRegistryKeySecretName
|
|
- it: sets the nodeSelector
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/node-selector.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.nodeSelector
|
|
value:
|
|
gravitational.io/k8s-role: node
|
|
- it: sets the updater container image and version
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
set:
|
|
teleportVersionOverride: 12.2.1
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.containers[0].image
|
|
value: public.ecr.aws/gravitational/teleport-kube-agent-updater:12.2.1
|
|
- it: sets the updater container imagePullPolicy
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/image-pull-policy.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.containers[0].imagePullPolicy
|
|
value: Always
|
|
- it: mounts the tls CA if provided and set the env var
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/existing-tls-secret-with-ca.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.volumes
|
|
content:
|
|
name: teleport-tls-ca
|
|
secret:
|
|
secretName: helm-lint-existing-tls-secret-ca
|
|
- contains:
|
|
path: spec.template.spec.containers[0].volumeMounts
|
|
content:
|
|
mountPath: /etc/teleport-tls-ca
|
|
name: teleport-tls-ca
|
|
readOnly: true
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: SSL_CERT_FILE
|
|
value: /etc/teleport-tls-ca/ca.pem
|
|
- it: sets the updater container extraEnv
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/extra-env.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: HTTPS_PROXY
|
|
value: http://username:password@my.proxy.host:3128
|
|
- it: sets the pod resources
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/resources.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.containers[0].resources.limits.cpu
|
|
value: 2
|
|
- equal:
|
|
path: spec.template.spec.containers[0].resources.limits.memory
|
|
value: 4Gi
|
|
- equal:
|
|
path: spec.template.spec.containers[0].resources.requests.cpu
|
|
value: 1
|
|
- equal:
|
|
path: spec.template.spec.containers[0].resources.requests.memory
|
|
value: 2Gi
|
|
- it: sets the pod priorityClass
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/priority-class-name.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.priorityClassName
|
|
value: teleport-kube-agent
|
|
- it: sets the pod service-account
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/service-account-name.yaml
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.serviceAccountName
|
|
value: teleport-kube-agent-sa-updater
|
|
- it: sets the pod service-account (override)
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
- ../.lint/service-account-name.yaml
|
|
set:
|
|
updater:
|
|
serviceAccount:
|
|
name: distinct-updater-sa
|
|
asserts:
|
|
- equal:
|
|
path: spec.template.spec.serviceAccountName
|
|
value: distinct-updater-sa
|
|
|
|
- it: sets extraArgs when set
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
set:
|
|
updater:
|
|
extraArgs:
|
|
- "--foo=bar"
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--foo=bar"
|
|
|
|
- it: sets the pull credentials when specified
|
|
values:
|
|
- ../.lint/updater.yaml
|
|
set:
|
|
updater:
|
|
pullCredentials: "amazon"
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].args
|
|
content: "--pull-credentials=amazon"
|
|
|
|
- it: sets extraVolumes when specified
|
|
values:
|
|
- ../.lint/updater-secret-docker.yaml
|
|
- ../.lint/existing-tls-secret-with-ca.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.volumes
|
|
content:
|
|
name: docker-config
|
|
projected:
|
|
sources:
|
|
- secret:
|
|
name: my-pull-secret
|
|
items:
|
|
- key: .dockerconfigjson
|
|
path: config.json
|
|
|
|
- it: sets extraVolumeMounts when specified
|
|
values:
|
|
- ../.lint/updater-secret-docker.yaml
|
|
- ../.lint/existing-tls-secret-with-ca.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].volumeMounts
|
|
content:
|
|
name: docker-config
|
|
mountPath: "/mnt/docker"
|
|
readOnly: true
|