suite: test cert controller deployment templates: - cert-controller-deployment.yaml - cert-controller-service.yaml tests: - it: should match snapshot of default values templates: - cert-controller-deployment.yaml asserts: - matchSnapshot: {} - it: should set imagePullPolicy to Always set: certController.image.pullPolicy: Always templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - it: should imagePullPolicy to be default value IfNotPresent templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent - it: should override securityContext set: certController.podSecurityContext: runAsUser: 2000 certController.securityContext: runAsUser: 3000 templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.securityContext value: runAsUser: 2000 - equal: path: spec.template.spec.containers[0].securityContext value: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 3000 seccompProfile: type: RuntimeDefault - it: should override hostNetwork set: certController.hostNetwork: true templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.hostNetwork value: true - it: should override readinessProbe port set: certController.readinessProbe.port: 8082 templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].args[7] value: "--healthz-addr=:8082" - it: should override metrics port set: certController.metrics.listen.port: 8888 templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].args[6] value: "--metrics-addr=:8888" - it: should override image flavour set: certController.image.repository: ghcr.io/external-secrets/external-secrets certController.image.tag: v0.9.8 certController.image.flavour: ubi-boringssl templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].image value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl - it: should override image flavour set: certController.image.repository: example.com/external-secrets/external-secrets certController.image.tag: v0.9.9-ubi templates: - cert-controller-deployment.yaml asserts: - equal: path: spec.template.spec.containers[0].image value: example.com/external-secrets/external-secrets:v0.9.9-ubi - it: should render service without metrics label when metrics is enabled set: certController.metrics.service.enabled: true templates: - cert-controller-service.yaml asserts: - hasDocuments: count: 1 - isNull: path: metadata.labels["app.kubernetes.io/metrics"] - it: should render service with metrics label when APIVersions are present and serviceMonitor is enabled set: serviceMonitor.enabled: true capabilities: apiVersions: - "monitoring.coreos.com/v1" templates: - cert-controller-service.yaml asserts: - hasDocuments: count: 1 - equal: path: metadata.labels["app.kubernetes.io/metrics"] value: "cert-controller" - it: should not render service when APIVersions is not present but serviceMonitor is enabled set: serviceMonitor.enabled: true templates: - cert-controller-service.yaml asserts: - hasDocuments: count: 0 - it: should not render service when APIVersions is present and serviceMonitor is disabled set: serviceMonitor.enabled: false capabilities: apiVersions: - "monitoring.coreos.com/v1" templates: - cert-controller-service.yaml asserts: - hasDocuments: count: 0 - it: should not render service when APIVersions is not present and serviceMonitor is disabled set: serviceMonitor.enabled: false templates: - cert-controller-service.yaml asserts: - hasDocuments: count: 0