| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 |
- suite: test controller deployment
- templates:
- - deployment.yaml
- tests:
- - it: should match snapshot of default values
- asserts:
- - matchSnapshot: {}
- - it: should set imagePullPolicy to Always
- set:
- image.pullPolicy: Always
- asserts:
- - equal:
- path: spec.template.spec.containers[0].imagePullPolicy
- value: Always
- - it: should imagePullPolicy to be default value IfNotPresent
- asserts:
- - equal:
- path: spec.template.spec.containers[0].imagePullPolicy
- value: IfNotPresent
- - it: should override securityContext
- set:
- podSecurityContext:
- runAsUser: 2000
- securityContext:
- runAsUser: 3000
- asserts:
- - equal:
- path: spec.template.spec.securityContext
- value:
- runAsUser: 2000
- - equal:
- path: spec.template.spec.containers[0].securityContext
- value:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 3000
- seccompProfile:
- type: RuntimeDefault
- - it: should override hostNetwork
- set:
- hostNetwork: true
- asserts:
- - equal:
- path: spec.template.spec.hostNetwork
- value: true
- - it: should override metrics port
- set:
- metrics.listen.port: 8888
- asserts:
- - contains:
- path: spec.template.spec.containers[0].args
- content: "--metrics-addr=:8888"
- - it: should override image flavour
- set:
- image.repository: ghcr.io/external-secrets/external-secrets
- image.tag: v0.9.8
- image.flavour: ubi-boringssl
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl
- - it: should override image flavour
- set:
- image.repository: example.com/external-secrets/external-secrets
- image.tag: v0.9.9-ubi
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: example.com/external-secrets/external-secrets:v0.9.9-ubi
- - it: should add a init container
- set:
- extraInitContainers:
- - name: foo
- image: example.com/external-secrets/init-image:{{ .Chart.Version }}
- restartPolicy: Always
- asserts:
- - equal:
- path: spec.template.spec.initContainers[0].name
- value: foo
- - matchRegex:
- path: spec.template.spec.initContainers[0].image
- pattern: ^example\.com/external-secrets/init-image:[0-9]+\.[0-9]+\.[0-9]+$
- - equal:
- path: spec.template.spec.initContainers[0].restartPolicy
- value: Always
- - it: should override the deployment strategy
- set:
- strategy:
- rollingUpdate:
- maxSurge: 1
- maxUnavailable: 0
- asserts:
- - equal:
- path: spec.strategy.rollingUpdate.maxSurge
- value: 1
- - equal:
- path: spec.strategy.rollingUpdate.maxUnavailable
- value: 0
- - it: should add livenessProbe if defined
- set:
- livenessProbe:
- enabled: true
- asserts:
- - equal:
- path: spec.template.spec.containers[0].livenessProbe
- value:
- timeoutSeconds: 5
- failureThreshold: 5
- periodSeconds: 10
- successThreshold: 1
- initialDelaySeconds: 10
- httpGet:
- port: live
- path: /healthz
- - equal:
- path: spec.template.spec.containers[0].ports[1]
- value:
- containerPort: 8082
- protocol: TCP
- name: live
- - it: should customize livenessProbe port under spec.port
- set:
- livenessProbe:
- enabled: true
- spec:
- port: 8888
- asserts:
- - equal:
- path: spec.template.spec.containers[0].livenessProbe
- value:
- timeoutSeconds: 5
- failureThreshold: 5
- periodSeconds: 10
- successThreshold: 1
- initialDelaySeconds: 10
- httpGet:
- port: live
- path: /healthz
- - equal:
- path: spec.template.spec.containers[0].ports[1]
- value:
- containerPort: 8888
- protocol: TCP
- name: live
- - it: should customize livenessProbe port under spec.httpGet
- set:
- livenessProbe:
- enabled: true
- spec:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 10
- failureThreshold: 10
- successThreshold: 10
- httpGet:
- path: /healthz
- port: 8080
- scheme: HTTP
- asserts:
- - equal:
- path: spec.template.spec.containers[0].livenessProbe
- value:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 10
- failureThreshold: 10
- successThreshold: 10
- httpGet:
- port: 8080
- path: /healthz
- scheme: HTTP
- - equal:
- path: spec.template.spec.containers[0].ports[1]
- value:
- containerPort: 8080
- protocol: TCP
- name: live
- - it: should use httpGet.port over spec.port when httpGet.port is numeric
- set:
- livenessProbe:
- enabled: true
- spec:
- port: 3030
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 10
- failureThreshold: 10
- successThreshold: 10
- httpGet:
- path: /healthz
- port: 8080
- scheme: HTTP
- asserts:
- - equal:
- path: spec.template.spec.containers[0].livenessProbe
- value:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 10
- failureThreshold: 10
- successThreshold: 10
- httpGet:
- port: 8080
- path: /healthz
- scheme: HTTP
- - equal:
- path: spec.template.spec.containers[0].ports[1]
- value:
- containerPort: 8080
- protocol: TCP
- name: live
- - it: should update args with enableHTTP2=true
- set:
- enableHTTP2: true
- asserts:
- - contains:
- path: spec.template.spec.containers[0].args
- content: "--enable-http2=true"
- - it: should not have enableHTTP2 flag by default
- asserts:
- - notContains:
- path: spec.template.spec.containers[0].args
- content: "--enable-http2"
- - it: should default to hostUsers absent
- capabilities:
- majorVersion: '1'
- minorVersion: '33'
- asserts:
- - notExists:
- path: spec.template.spec.hostUsers
- - it: should permit override of hostUsers
- capabilities:
- majorVersion: '1'
- minorVersion: '33'
- set:
- hostUsers: false
- asserts:
- - equal:
- path: spec.template.spec.hostUsers
- value: false
- - it: should ignore hostUsers on older k8s
- capabilities:
- majorVersion: '1'
- minorVersion: '32'
- set:
- hostUsers: false
- asserts:
- - notExists:
- path: spec.template.spec.hostUsers
- - it: should not have hostAliases by default
- asserts:
- - notExists:
- path: spec.template.spec.hostAliases
- - it: should add hostAliases when configured
- set:
- hostAliases:
- - ip: "192.168.1.100"
- hostnames:
- - "example.local"
- - "example"
- - ip: "10.0.0.1"
- hostnames:
- - "internal.example.com"
- asserts:
- - equal:
- path: spec.template.spec.hostAliases
- value:
- - ip: "192.168.1.100"
- hostnames:
- - "example.local"
- - "example"
- - ip: "10.0.0.1"
- hostnames:
- - "internal.example.com"
- - it: should use global hostAliases when root level not set
- set:
- global:
- hostAliases:
- - ip: "192.168.1.200"
- hostnames:
- - "global.example.com"
- asserts:
- - equal:
- path: spec.template.spec.hostAliases
- value:
- - ip: "192.168.1.200"
- hostnames:
- - "global.example.com"
- - it: should prefer root level hostAliases over global
- set:
- hostAliases:
- - ip: "192.168.1.100"
- hostnames:
- - "root.example.com"
- global:
- hostAliases:
- - ip: "192.168.1.200"
- hostnames:
- - "global.example.com"
- asserts:
- - equal:
- path: spec.template.spec.hostAliases
- value:
- - ip: "192.168.1.100"
- hostnames:
- - "root.example.com"
|
