Skip to content

Commit

Permalink
add app chart and http e2e
Browse files Browse the repository at this point in the history
Signed-off-by: ii2day <ji.li@daocloud.io>
  • Loading branch information
ii2day committed Jul 17, 2023
1 parent 4e4d0f3 commit 2191cac
Show file tree
Hide file tree
Showing 319 changed files with 39,662 additions and 139 deletions.
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,8 @@ e2e_init:
make -C test deploy_metallb
make -C test deploy_contour
make -C test deploy_project
make -C test install_apiserver_token




Expand Down
1 change: 1 addition & 0 deletions Makefile.defs
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ DESTDIR_BIN ?= $(ROOT_DIR)/output/$(TARGETARCH)/bin
DESTDIR_BASH_COMPLETION ?= $(ROOT_DIR)/output/$(TARGETARCH)/bash-completion

CHART_DIR := $(ROOT_DIR)/charts
APP_CHART_DIR := $(ROOT_DIR)/test/chart-app
DESTDIR_CHART ?= $(ROOT_DIR)/output/chart

UNITEST_OUTPUT ?= $(ROOT_DIR)/output/test
Expand Down
2 changes: 1 addition & 1 deletion charts/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ return the kdoctorController image
generate the CA cert
*/}}
{{- define "generate-ca-certs" }}
{{- $ca := genCA "kdoctor.io" (.Values.kdoctorController.tls.auto.caExpiration | int) -}}
{{- $ca := genCA "kdoctor.io" (.Values.tls.server.auto.caExpiration | int) -}}
{{- $_ := set . "ca" $ca -}}
{{- end }}

Expand Down
26 changes: 13 additions & 13 deletions charts/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,19 +81,19 @@ spec:
{{- end }}
ports:
{{- if .Values.kdoctorController.prometheus.enabled }}
- name: metrics
containerPort: {{ .Values.kdoctorController.prometheus.port }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.kdoctorController.prometheus.port }}
protocol: TCP
{{- end }}
- name: http
containerPort: {{ .Values.kdoctorController.httpServer.port }}
protocol: TCP
- name: webhook
containerPort: {{ .Values.kdoctorController.webhookPort }}
protocol: TCP
- name: apiserver
containerPort: 443
protocol: TCP
- name: http
containerPort: {{ .Values.kdoctorController.httpServer.port }}
protocol: TCP
- name: webhook
containerPort: {{ .Values.kdoctorController.webhookPort }}
protocol: TCP
- name: apiserver
containerPort: 443
protocol: TCP
{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }}
startupProbe:
httpGet:
Expand Down Expand Up @@ -210,7 +210,7 @@ spec:
defaultMode: 0400
sources:
- secret:
name: {{ .Values.kdoctorController.tls.secretName | trunc 63 | trimSuffix "-" }}
name: {{ .Values.tls.server.secretName | trunc 63 | trimSuffix "-" }}
items:
- key: tls.crt
path: tls.crt
Expand Down
78 changes: 39 additions & 39 deletions charts/templates/tls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: MutatingWebhookConfiguration
metadata:
name: {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}
annotations:
{{- if (eq .Values.kdoctorController.tls.method "certmanager") }}
{{- if (eq .Values.tls.server.method "certmanager") }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}-server-certs
{{- end }}
webhooks:
Expand All @@ -16,9 +16,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/mutate-kdoctor-io-v1beta1-apphttphealthy"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -43,9 +43,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/mutate-kdoctor-io-v1beta1-netreach"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -71,9 +71,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/mutate-kdoctor-io-v1beta1-netdns"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -96,7 +96,7 @@ kind: ValidatingWebhookConfiguration
metadata:
name: {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}
annotations:
{{- if (eq .Values.kdoctorController.tls.method "certmanager") }}
{{- if (eq .Values.tls.server.method "certmanager") }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}-server-certs
{{- end }}
webhooks:
Expand All @@ -108,9 +108,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/validate-kdoctor-io-v1beta1-apphttphealthy"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -134,9 +134,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/validate-kdoctor-io-v1beta1-netreach"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -160,9 +160,9 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: "/validate-kdoctor-io-v1beta1-netdns"
port: {{ .Values.kdoctorController.webhookPort }}
{{- if (eq .Values.kdoctorController.tls.method "provided") }}
caBundle: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.kdoctorController.tls.method "auto") }}
{{- if (eq .Values.tls.server.method "provided") }}
caBundle: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
{{- else if (eq .Values.tls.server.method "auto") }}
caBundle: {{ .ca.Cert | b64enc }}
{{- end }}
failurePolicy: Fail
Expand All @@ -179,7 +179,7 @@ webhooks:
resources:
- netdnses

{{- if eq .Values.kdoctorController.tls.method "certmanager" -}}
{{- if eq .Values.tls.server.method "certmanager" -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
Expand All @@ -188,56 +188,56 @@ metadata:
namespace: {{ .Release.Namespace }}
spec:
issuerRef:
name: {{ .Values.kdoctorController.tls.certmanager.issuerName | trunc 63 | trimSuffix "-" }}
secretName: {{ .Values.kdoctorController.tls.secretName | trunc 63 | trimSuffix "-" }}
name: {{ .Values.tls.server.certmanager.issuerName | trunc 63 | trimSuffix "-" }}
secretName: {{ .Values.tls.server.secretName | trunc 63 | trimSuffix "-" }}
commonName: {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc
dnsNames:
- {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}
- {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}
- {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc
- {{ .Values.kdoctorController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDnsDomain }}
{{- range $dns := .Values.kdoctorController.tls.certmanager.extraDnsNames }}
- {{ $dns | quote }}
{{- range $dns := .Values.tls.server.certmanager.extraDnsNames }}
- {{ $dns | quote }}
{{- end }}
{{- if .Values.kdoctorController.tls.certmanager.extraIPAddresses }}
{{- if .Values.tls.server.certmanager.extraIPAddresses }}
ipAddresses:
{{- range $ip := .Values.kdoctorController.tls.certmanager.extraIPAddresses }}
- {{ $ip | quote }}
{{- range $ip := .Values.tls.server.certmanager.extraIPAddresses }}
- {{ $ip | quote }}
{{- end }}
{{- end }}
duration: {{ printf "%dh" (mul .Values.kdoctorController.tls.certmanager.certValidityDuration 24) }}
duration: {{ printf "%dh" (mul .Values.tls.server.certmanager.certValidityDuration 24) }}
{{- end }}

{{- if (eq .Values.kdoctorController.tls.method "provided") }}
{{- if (eq .Values.tls.server.method "provided") }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.kdoctorController.tls.secretName | trunc 63 | trimSuffix "-" }}
name: {{ .Values.tls.server.secretName | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
ca.crt: {{ .Values.kdoctorController.tls.provided.tlsCa | required "missing tls.provided.tlsCa" }}
tls.crt: {{ .Values.kdoctorController.tls.provided.tlsCert | required "missing tls.provided.tlsCert" }}
tls.key: {{ .Values.kdoctorController.tls.provided.tlsKey | required "missing tls.provided.tlsKey" }}
ca.crt: {{ .Values.tls.server.provided.tlsCa | required "missing tls.provided.tlsCa" }}
tls.crt: {{ .Values.tls.server.provided.tlsCert | required "missing tls.provided.tlsCert" }}
tls.key: {{ .Values.tls.server.provided.tlsKey | required "missing tls.provided.tlsKey" }}
{{- end }}

{{- if eq .Values.kdoctorController.tls.method "auto" }}
{{- if eq .Values.tls.server.method "auto" }}
---
{{- $cn := printf "kdoctor.io" }}
{{- $ip := .Values.kdoctorController.tls.auto.extraIpAddresses }}
{{- $ip := .Values.tls.server.auto.extraIpAddresses }}
{{- $dns1 := printf "%s.%s" .Values.kdoctorController.name .Release.Namespace }}
{{- $dns2 := printf "%s.%s.svc" .Values.kdoctorController.name .Release.Namespace }}
{{- $dns3 := printf "%s.%s.svc.%s" .Values.kdoctorController.name .Release.Namespace .Values.global.clusterDnsDomain }}
{{- $dns := prepend .Values.kdoctorController.tls.auto.extraDnsNames $dns1 }}
{{- $dns := prepend .Values.tls.server.auto.extraDnsNames $dns1 }}
{{- $dns = prepend $dns $dns2 }}
{{- $dns = prepend $dns $dns3 }}
{{- $dns = prepend $dns $cn }}
{{- $cert := genSignedCert $cn $ip $dns (.Values.kdoctorController.tls.auto.certExpiration | int) .ca }}
{{- $cert := genSignedCert $cn $ip $dns (.Values.tls.server.auto.certExpiration | int) .ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.kdoctorController.tls.secretName | trunc 63 | trimSuffix "-" }}
name: {{ .Values.tls.server.secretName | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
Expand Down
66 changes: 33 additions & 33 deletions charts/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -365,12 +365,12 @@ kdoctorController:

## @param kdoctorController.extraVolumes the additional volumes of kdoctorController container
extraVolumes: []
# - name: test-val
# - name: test-val
# mountPath: /host/tmp

## @param kdoctorController.extraVolumeMounts the additional hostPath mounts of kdoctorController container
extraVolumeMounts: []
# - name: test-val
# - name: test-val
# mountPath: /tmp

## @param kdoctorController.podAnnotations the additional annotations of kdoctorController pod
Expand Down Expand Up @@ -484,67 +484,67 @@ kdoctorController:
## @param kdoctorController.debug.gopsPort the gops port of template Controller
gopsPort: 5724

apiserver:
## @param kdoctorApiserver.name the kdoctorApiserver name
name: "kdoctor-apiserver"

## TLS configuration for kdoctor
tls:
ca:
## @param tls.ca.secretName the secret name for storing TLS certificates
secretName: "kdoctor-ca"

## TLS configuration for kdoctor client
client:
## @param tls.ca.client.secretName the secret name for storing TLS certificates
secretName: "kdoctor-client-cert"

## TLS configuration for webhook
tls:
## @param kdoctorController.tls.method the method for generating TLS certificates. [ provided , certmanager , auto]
server:
## @param tls.server.method the method for generating TLS certificates. [ provided , certmanager , auto]
## - provided: provide all certificates by helm options
## - certmanager: This method use cert-manager to generate & rotate certificates.
## - auto: Auto generate cert.
method: auto

## @param kdoctorController.tls.secretName the secret name for storing TLS certificates
secretName: "template-controller-server-certs"
## @param tls.server.secretName the secret name for storing TLS certificates
secretName: "kdoctor-controller-cert"

## for certmanager method
certmanager:
## @param kdoctorController.tls.certmanager.certValidityDuration generated certificates validity duration in days for 'certmanager' method
## @param tls.server.certmanager.certValidityDuration generated certificates validity duration in days for 'certmanager' method
certValidityDuration: 365

## @param kdoctorController.tls.certmanager.issuerName issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created.
## @param tls.server.certmanager.issuerName issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created.
issuerName: ""

## @param kdoctorController.tls.certmanager.extraDnsNames extra DNS names added to certificate when it's auto generated
## @param tls.server.certmanager.extraDnsNames extra DNS names added to certificate when it's auto generated
extraDnsNames: []

## @param kdoctorController.tls.certmanager.extraIPAddresses extra IP addresses added to certificate when it's auto generated
## @param tls.server.certmanager.extraIPAddresses extra IP addresses added to certificate when it's auto generated
extraIPAddresses: []

## for provided method
provided:
## @param kdoctorController.tls.provided.tlsCert encoded tls certificate for provided method
## @param kdoctorController.tls.provided.tlsKey encoded tls key for provided method
## @param kdoctorController.tls.provided.tlsCa encoded tls CA for provided method
## @param tls.server.provided.tlsCert encoded tls certificate for provided method
## @param tls.server.provided.tlsKey encoded tls key for provided method
## @param tls.server.provided.tlsCa encoded tls CA for provided method
tlsCert: ""
tlsKey: ""
tlsCa: ""

## for auto method
auto:
## @param kdoctorController.tls.auto.caExpiration ca expiration for auto method
## @param tls.server.auto.caExpiration ca expiration for auto method
# in day , default 200 years
caExpiration: '73000'

## @param kdoctorController.tls.auto.certExpiration server cert expiration for auto method
## @param tls.server.auto.certExpiration server cert expiration for auto method
# in day, default 200 years
certExpiration: '73000'

## @param kdoctorController.tls.auto.extraIpAddresses extra IP addresses of server certificate for auto method
## @param tls.server.auto.extraIpAddresses extra IP addresses of server certificate for auto method
extraIpAddresses: []

## @param kdoctorController.tls.auto.extraDnsNames extra DNS names of server cert for auto method
extraDnsNames: []

apiserver:
## @param kdoctorApiserver.name the kdoctorApiserver name
name: "kdoctor-apiserver"

## TLS configuration for kdoctor
tls:
ca:
## @param tls.ca.secretName the secret name for storing TLS certificates
secretName: "kdoctor-ca"

## TLS configuration for kdoctor client
client:
## @param tls.ca.client.secretName the secret name for storing TLS certificates
secretName: "kdoctor-client-cert"
## @param tls.server.auto.extraDnsNames extra DNS names of server cert for auto method
extraDnsNames: []
Loading

0 comments on commit 2191cac

Please sign in to comment.