suite: test controller deployment templates: - deployment.yaml tests: - it: should match snapshot of default values asserts: - matchSnapshot: {} - it: should set imagePullPolicy to Always set: image.pullPolicy: Always asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - it: should imagePullPolicy to be default value IfNotPresent asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent - it: should override securityContext set: podSecurityContext: runAsUser: 2000 securityContext: runAsUser: 3000 asserts: - equal: path: spec.template.spec.securityContext value: runAsUser: 2000 - equal: path: spec.template.spec.containers[0].securityContext value: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 3000 seccompProfile: type: RuntimeDefault - it: should override hostNetwork set: hostNetwork: true asserts: - equal: path: spec.template.spec.hostNetwork value: true - it: should override metrics port set: metrics.listen.port: 8888 asserts: - contains: path: spec.template.spec.containers[0].args content: "--metrics-addr=:8888" - it: should override image flavour set: image.repository: ghcr.io/external-secrets/external-secrets image.tag: v0.9.8 image.flavour: ubi-boringssl asserts: - equal: path: spec.template.spec.containers[0].image value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl - it: should override image flavour set: image.repository: example.com/external-secrets/external-secrets image.tag: v0.9.9-ubi asserts: - equal: path: spec.template.spec.containers[0].image value: example.com/external-secrets/external-secrets:v0.9.9-ubi - it: should add a init container set: extraInitContainers: - name: foo image: example.com/external-secrets/init-image:{{ .Chart.Version }} restartPolicy: Always asserts: - equal: path: spec.template.spec.initContainers[0].name value: foo - matchRegex: path: spec.template.spec.initContainers[0].image pattern: ^example\.com/external-secrets/init-image:[0-9]+\.[0-9]+\.[0-9]+$ - equal: path: spec.template.spec.initContainers[0].restartPolicy value: Always - it: should override the deployment strategy set: strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 asserts: - equal: path: spec.strategy.rollingUpdate.maxSurge value: 1 - equal: path: spec.strategy.rollingUpdate.maxUnavailable value: 0 - it: should add livenessProbe if defined set: livenessProbe: enabled: true asserts: - equal: path: spec.template.spec.containers[0].livenessProbe value: timeoutSeconds: 5 failureThreshold: 5 periodSeconds: 10 successThreshold: 1 initialDelaySeconds: 10 httpGet: port: live path: /healthz - equal: path: spec.template.spec.containers[0].ports[1] value: containerPort: 8082 protocol: TCP name: live - it: should customize livenessProbe port under spec.port set: livenessProbe: enabled: true spec: port: 8888 asserts: - equal: path: spec.template.spec.containers[0].livenessProbe value: timeoutSeconds: 5 failureThreshold: 5 periodSeconds: 10 successThreshold: 1 initialDelaySeconds: 10 httpGet: port: live path: /healthz - equal: path: spec.template.spec.containers[0].ports[1] value: containerPort: 8888 protocol: TCP name: live - it: should customize livenessProbe port under spec.httpGet set: livenessProbe: enabled: true spec: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 10 failureThreshold: 10 successThreshold: 10 httpGet: path: /healthz port: 8080 scheme: HTTP asserts: - equal: path: spec.template.spec.containers[0].livenessProbe value: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 10 failureThreshold: 10 successThreshold: 10 httpGet: port: 8080 path: /healthz scheme: HTTP - equal: path: spec.template.spec.containers[0].ports[1] value: containerPort: 8080 protocol: TCP name: live - it: should use httpGet.port over spec.port when httpGet.port is numeric set: livenessProbe: enabled: true spec: port: 3030 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 10 failureThreshold: 10 successThreshold: 10 httpGet: path: /healthz port: 8080 scheme: HTTP asserts: - equal: path: spec.template.spec.containers[0].livenessProbe value: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 10 failureThreshold: 10 successThreshold: 10 httpGet: port: 8080 path: /healthz scheme: HTTP - equal: path: spec.template.spec.containers[0].ports[1] value: containerPort: 8080 protocol: TCP name: live - it: should update args with enableHTTP2=true set: enableHTTP2: true asserts: - contains: path: spec.template.spec.containers[0].args content: "--enable-http2=true" - it: should not have enableHTTP2 flag by default asserts: - notContains: path: spec.template.spec.containers[0].args content: "--enable-http2" - it: should default to hostUsers absent capabilities: majorVersion: '1' minorVersion: '33' asserts: - notExists: path: spec.template.spec.hostUsers - it: should permit override of hostUsers capabilities: majorVersion: '1' minorVersion: '33' set: hostUsers: false asserts: - equal: path: spec.template.spec.hostUsers value: false - it: should ignore hostUsers on older k8s capabilities: majorVersion: '1' minorVersion: '32' set: hostUsers: false asserts: - notExists: path: spec.template.spec.hostUsers