diff --git a/charts/k8ez/Chart.yaml b/charts/k8ez/Chart.yaml index 056f8561..a264d470 100644 --- a/charts/k8ez/Chart.yaml +++ b/charts/k8ez/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: k8ez description: A Re-usable Helm Chart for Deploying Almost Any App type: application -version: 0.0.1 +version: 1.0.0 appVersion: 0.0.1 maintainers: - name: M9sweeper diff --git a/charts/k8ez/files/example-file.yaml b/charts/k8ez/files/example-file.yaml new file mode 100644 index 00000000..76cf3c87 --- /dev/null +++ b/charts/k8ez/files/example-file.yaml @@ -0,0 +1,2 @@ +example-root: + example-key: exampleValue diff --git a/charts/k8ez/templates/_helpers.tpl b/charts/k8ez/templates/_helpers.tpl index 50789804..1becc5cc 100755 --- a/charts/k8ez/templates/_helpers.tpl +++ b/charts/k8ez/templates/_helpers.tpl @@ -3,7 +3,7 @@ Expand the name of the chart. */}} {{- define "chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | lower -}} {{- end -}} {{/* @@ -12,16 +12,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "chart.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" | lower -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" | lower -}} -{{- end -}} -{{- end -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" | lower -}} + {{- else -}} + {{- $name := include "chart.name" . -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" | lower -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" | lower -}} + {{- end -}} + {{- end -}} {{- end -}} {{/* @@ -30,3 +30,78 @@ Create chart name and version as used by the chart label. {{- define "chart.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Basic selector labels for the chart +** will also be used for matchExpressions +*/}} +{{- define "chart.basicSelectorLabels" -}} +app: {{ include "chart.fullname" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{/* +Basic labels for the chart +*/}} +{{- define "chart.basicLabels" -}} +{{ include "chart.basicSelectorLabels" . }} +chart: {{ include "chart.chart" . }} +heritage: {{ .Release.Service }} +version: {{ .Chart.Version }} +{{- end -}} + +{{/* +Builds the full image path +Tested by the array of Stateful Sets +*/}} +{{- define "chart.buildImagePath" -}} + {{- if .image }}{{/* IF .image is defined */}} + {{- if (kindIs "map" .image) }} + {{- $image_to_use := default .values.image.image .image.image }} + {{- if .image.tag }} + {{- $image_to_use }}:{{ .image.tag }}{{/* ENDPOINT ONE */}} + {{- else }}{{/* if not .image.tag */}} + {{- $image_to_use }}{{/* ENDPOINT TWO */}} + {{- end }}{{/* ends if .image.tag */}} + {{- else -}} {{/* if not (kindIs "map" .image) */}} + {{- .image }}{{/* ENDPOINT THREE */}} + {{- end }}{{/* ends if (kindIs "map" .image) */}} + {{- else -}} {{/* if not .image */}} + {{- if .values.image.tag }} + {{- .values.image.image }}:{{ .values.image.tag }}{{/* ENDPOINT FOUR A */}} + {{- else -}}{{/* if not .values.image.tag */}} + {{- .values.image.image }}{{/* ENDPOINT FOUR B */}} + {{- end }}{{/* end if .values.image.tag */}} + {{- end }}{{/* ends if .image */}} +{{- end }} + +{{/* +Generic function to build extra annotations +Will include the global annotations unless specified +Will include the resource-specific annotations +*/}} +{{- define "chart.buildExtraAnnotations" -}} +{{- if and .values.extraAnnotations (ne (.excludeGlobalExtraAnnotations | toString | lower) "true") }} +{{- toYaml .values.extraAnnotations | nindent 0 }} +{{- end }} +{{- if .extraAnnotations }} +{{- toYaml .extraAnnotations | nindent 0 }} +{{- end }} +{{- end }} + +{{/* +Generic function to build volumes +Will include the global volumes unless specified +Will include the resource-specific volumes +*/}} +{{- define "chart.buildVolumes" -}} +{{- if or .volumes (and .values.volumes (ne (.excludeGlobalVolumes | toString | lower) "true")) }} +volumes: +{{- if and .values.volumes (ne (.excludeGlobalVolumes | toString | lower) "true") }} +{{- toYaml .values.volumes | nindent 2 }} +{{- end }} +{{- if .volumes }} +{{- toYaml .volumes | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/k8ez/templates/configmap-files.yaml b/charts/k8ez/templates/configmap-files.yaml index 662a8de2..cfe5893f 100644 --- a/charts/k8ez/templates/configmap-files.yaml +++ b/charts/k8ez/templates/configmap-files.yaml @@ -3,13 +3,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .configMapName }} + name: {{ required "Each entry in configFiles needs a configMapName" .configMapName }} labels: - app: {{ $.Release.Name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- include "chart.basicLabels" $ | nindent 4 }} data: {{- range $path, $_ := $.Files.Glob .fileGlob }} {{- $path | base | nindent 2 }}: |- diff --git a/charts/k8ez/templates/configmap.yaml b/charts/k8ez/templates/configmap.yaml index e60e3218..2e173322 100644 --- a/charts/k8ez/templates/configmap.yaml +++ b/charts/k8ez/templates/configmap.yaml @@ -3,13 +3,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} data: {{ toYaml .Values.configData | indent 2 }} {{ end }} \ No newline at end of file diff --git a/charts/k8ez/templates/cronjobs.yaml b/charts/k8ez/templates/cronjobs.yaml index 41d6c568..14a7efd6 100644 --- a/charts/k8ez/templates/cronjobs.yaml +++ b/charts/k8ez/templates/cronjobs.yaml @@ -1,5 +1,7 @@ {{- if .Values.cronJobs.enabled }} {{- range .Values.cronJobs.scheduled }} +{{- $cronJobName := (required "Each entry in cronJobs.scheduled needs a name" .name) }} +{{- $cronJobFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $cronJobName }} --- {{- if $.Capabilities.APIVersions.Has "batch/v1/CronJob" -}} apiVersion: batch/v1 @@ -8,13 +10,9 @@ apiVersion: batch/v1beta1 {{- end }} kind: CronJob metadata: - name: {{ .name }} - labels: - app: {{ $.Release.Name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + name: {{ $cronJobFullName }} + labels: {{/* TODO: should the app label include the cronjob name? */}} + {{- include "chart.basicLabels" $ | nindent 4}} spec: concurrencyPolicy: Forbid jobTemplate: @@ -22,65 +20,85 @@ spec: template: metadata: annotations: -{{- if not $.Values.istio.enabled }} + {{- if not $.Values.istio.enabled }} sidecar.istio.io/inject: "false" -{{- end }} -{{- if $.Values.extraAnnotations }} -{{ toYaml $.Values.extraAnnotations | indent 12 }} -{{- end }} + {{- end }} + {{- if $.Values.extraAnnotations }} + {{- toYaml $.Values.extraAnnotations | nindent 12 }} + {{- end }} spec: - {{if $.Values.imagePullSecrets}} {{- with $.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{ end }} - serviceAccount: {{ $.Release.Name }} + serviceAccount: {{ include "chart.fullname" $ }} enableServiceLinks: {{ $.Values.enableServiceLinks }} securityContext: fsGroup: {{ $.Values.podSecurityContext.fsGroup }} containers: - name: {{ .name }} - image: "{{ or .image $.Values.image.image }}" - securityContext: -{{ toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | indent 16}} -{{if .resources}} - resources: -{{ toYaml $.Values.resources | indent 14 }} -{{- end }} -{{- if .volumeMounts }} - volumeMounts: -{{ toYaml .volumeMounts | indent 14 }} -{{- end }} -{{ if .command }} + image: {{ include "chart.buildImagePath" (dict "image" .image "values" $.Values ) | quote }} + {{- if and .image (kindIs "map" .image) }} + {{/* commented out: - if and .image (default dict .image).pullPolicy */}} + imagePullPolicy: {{ .image.pullPolicy }} + {{- else }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- end }} + securityContext: + {{- toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | nindent 16}} + + {{- if .command }} command: [{{ .command | quote }}] -{{- end }} -{{ if .args }} - args: -{{ toYaml .args | indent 14 }} -{{- end }} -{{ if .env }} - env: -{{- range $k, $v := .env }} + {{- end }} + + {{- if .args }} + args: + {{- toYaml .args | nindent 14 }} + {{- end }} + + {{- if .env }} + env: + {{- range $k, $v := .env }} - name: {{ $k | quote}} value: {{ $v | quote }} -{{- end }} -{{- end }} + {{- end }} + {{- end }} + + {{- if or $.Values.configData $.Values.secretData}} envFrom: -{{ if $.Values.configData }} + {{- if $.Values.configData }} - configMapRef: - name: {{ $.Release.Name }} -{{- end }} -{{ if $.Values.secretData }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- if $.Values.secretData }} - secretRef: - name: {{ $.Release.Name }} -{{- end }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- end }} + + {{- with .volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 14 }} + {{- end }} + + {{- if .resources}} + resources: + {{- toYaml .resources | nindent 16 }} + {{- else }} + {{- with $.Values.resources }} + resources: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- end }} + restartPolicy: {{ or .restartPolicy "Never" }} -{{- if .volumes }} + + {{- if .volumes }} volumes: -{{ toYaml .volumes | indent 10 }} -{{- end }} + {{- toYaml .volumes | nindent 10 }} + {{- end }} + schedule: {{ .schedule | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/k8ez/templates/deployment.yaml b/charts/k8ez/templates/deployment.yaml index c65a535a..ab1f2bf0 100644 --- a/charts/k8ez/templates/deployment.yaml +++ b/charts/k8ez/templates/deployment.yaml @@ -3,44 +3,35 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ .Release.Name }} - release: {{ .Release.Name }} + {{- include "chart.basicSelectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/{{ include "chart.fullname" . }}-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/{{ include "chart.fullname" . }}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- if not .Values.istio.enabled }} + {{- if not .Values.istio.enabled }} sidecar.istio.io/inject: "false" -{{- end }} -{{- if .Values.extraAnnotations }} -{{ toYaml .Values.extraAnnotations | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.extraAnnotations }} + {{- toYaml .Values.extraAnnotations | nindent 8 }} + {{- end }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 8 }} spec: -{{ if .Values.imagePullSecrets }} -{{- with .Values.imagePullSecrets }} + {{- if .Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml . | nindent 8 }} -{{- end }} -{{- end }} - serviceAccount: {{ .Release.Name }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + serviceAccount: {{ include "chart.fullname" . }} enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: fsGroup: {{ .Values.podSecurityContext.fsGroup }} @@ -51,70 +42,131 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app - operator: In - values: - - {{ .Release.Name }} - - key: release + {{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" . | fromYaml }} + {{- range $k, $v := $dictOfBasicSelectorLabels }} + - key: {{ $k | quote }} operator: In values: - - {{ .Release.Name }} + - {{ $v | quote }} + {{- end }} topologyKey: kubernetes.io/hostname + {{- if .Values.deployment.initContainers.enabled }} + initContainers: + {{- range .Values.deployment.initContainers.containers }} + - name: {{ required "A valid name for each initContainer is required!" .name | lower }} + image: {{ include "chart.buildImagePath" (dict "image" .image "values" $.Values ) }} + {{- if and .image (default dict .image).pullPolicy }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- else }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- end }} + securityContext: + {{- toYaml (default $.Values.securityContext .securityContext) | nindent 12}} + + {{- if .command }} + command: [{{ .command | quote }}] + {{- end }} + + {{- if .args }} + args: {{- toYaml .args | nindent 10 }} + {{- end }} + + {{- if or $.Values.configData $.Values.secretData}} + envFrom: + {{- if $.Values.configData }} + - configMapRef: + name: {{ include "chart.fullname" $ }} + {{- end }} + + {{- if $.Values.secretData }} + - secretRef: + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- end }} + + {{- with $.Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default $.Values.resources .resources) }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- end }} + {{- end }} containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.image }}" - securityContext: -{{ toYaml .Values.securityContext | indent 12}} -{{ if .Values.deployment.command }} + - name: {{ include "chart.fullname" . | quote }} + {{- if .Values.image.tag }} + image: {{ required "You must include image.image" .Values.image.image }}:{{ .Values.image.tag }} + {{- else }} + image: {{ required "You must include image.image" .Values.image.image }} + {{- end }} + securityContext: + {{- toYaml (required ".Values.securityContexts is required" .Values.securityContext) | nindent 12 }} + ports: + - containerPort: {{ required "Values.service.port is required" .Values.service.port }} + + {{- if .Values.deployment.command }} command: [{{ .Values.deployment.command | quote }}] -{{- end }} -{{ if .Values.deployment.args }} - args: -{{ toYaml .Values.deployment.args | indent 10 }} -{{- end }} + {{- end }} + + {{- if .Values.deployment.args }} + args: + {{- toYaml .Values.deployment.args | nindent 10 }} + {{- end }} + + {{- if or .Values.configData .Values.secretData}} envFrom: -{{ if .Values.configData }} + {{- if .Values.configData }} - configMapRef: - name: {{ .Release.Name }} -{{- end }} -{{ if .Values.secretData }} + name: {{ include "chart.fullname" . }} + {{- end }} + + {{- if .Values.secretData }} - secretRef: - name: {{ .Release.Name }} -{{- end }} - ports: - - containerPort: {{ .Values.service.port }} -{{- with .Values.livenessProbe }} + name: {{ include "chart.fullname" . }} + {{- end }} + {{- end }} + + {{- with .Values.livenessProbe }} livenessProbe: -{{ toYaml . | indent 12 }} -{{- end }} -{{- with .Values.readinessProbe }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.readinessProbe }} readinessProbe: -{{ toYaml . | indent 12 }} -{{- end }} -{{- if .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.volumeMounts }} volumeMounts: -{{ toYaml .Values.volumeMounts | indent 12 }} -{{- end }} -{{ if .Values.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.resources }} resources: -{{ toYaml .Values.resources | indent 12 }} -{{- end }} -{{- with .Values.nodeSelector }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.tolerations }} tolerations: -{{ toYaml . | indent 8 }} -{{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} -{{- if .Values.volumes }} + {{- with .Values.volumes }} volumes: -{{ toYaml .Values.volumes | indent 6 }} -{{- end }} - + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/k8ez/templates/extra-deployments.yaml b/charts/k8ez/templates/extra-deployments.yaml index e25d2b26..b2d28cbd 100644 --- a/charts/k8ez/templates/extra-deployments.yaml +++ b/charts/k8ez/templates/extra-deployments.yaml @@ -1,47 +1,56 @@ {{- if .Values.extraDeployment.enabled -}} {{- range .Values.extraDeployment.deployments }} +{{- $deploymentName := (required "Each entry in extraDeployment.deployments needs a name" .name) }} +{{- $dictOfBasicLabels := include "chart.basicLabels" $ | fromYaml }} +{{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" $ | fromYaml }} +{{- $deploymentFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) .name }} --- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .name }} + name: {{ $deploymentFullName }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $deploymentFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: - replicas: {{ .replicaCount }} + replicas: {{ required "Each entry in extraDeployment.deployments needs a replicaCount" .replicaCount }} selector: matchLabels: - app: {{ .name }} - release: {{ $.Release.Name }} + {{- range $k, $v := $dictOfBasicSelectorLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $deploymentFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} template: metadata: annotations: checksum/{{ include "chart.fullname" $ }}-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} checksum/{{ include "chart.fullname" $ }}-secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} -{{- if not $.Values.istio.enabled }} + {{- if not $.Values.istio.enabled }} sidecar.istio.io/inject: "false" -{{- end }} -{{- if $.Values.extraAnnotations }} -{{ toYaml $.Values.extraAnnotations | indent 8 }} -{{- end }} + {{- end }} + {{- include "chart.buildExtraAnnotations" (dict "excludeGlobalExtraAnnotations" .excludeGlobalExtraAnnotations "extraAnnotations" .extraAnnotations "values" $.Values) | indent 8 }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $deploymentFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: - {{if $.Values.imagePullSecrets}} {{- with $.Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml . | nindent 8 }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} - serviceAccount: {{ $.Release.Name }} + serviceAccount: {{ include "chart.fullname" $ }} enableServiceLinks: {{ $.Values.enableServiceLinks }} securityContext: fsGroup: {{ $.Values.podSecurityContext.fsGroup }} @@ -52,127 +61,165 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + {{- range $k, $v := $dictOfBasicSelectorLabels }} + - key: {{ $k | quote }} operator: In values: - - {{ .name }} - - key: release - operator: In - values: - - {{ $.Release.Name }} + {{- if eq $k "app" }} + - {{ $deploymentFullName | quote }} + {{- else }} + - {{ $v | quote }} + {{- end }} + {{- end }} topologyKey: kubernetes.io/hostname containers: - - name: "{{ .name }}" - image: "{{ or .image $.Values.image.image }}" - securityContext: -{{ toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | indent 12}} -{{ if .command }} + - name: {{ $deploymentFullName | quote }} + image: {{ include "chart.buildImagePath" (dict "image" .image "values" $.Values ) | quote }} + {{- if and .image (kindIs "map" .image) }} + {{/* commented out: - if and .image (default dict .image).pullPolicy */}} + imagePullPolicy: {{ .image.pullPolicy }} + {{- else }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- end }} + securityContext: + {{- toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | nindent 12}} + ports: + - containerPort: {{ required "Each entry in extraDeployment.deployments needs a port" .port }} + + {{- if .command }} command: [{{ .command | quote }}] -{{- end }} -{{ if .args }} - args: -{{ toYaml .args | indent 10 }} -{{- end }} -{{ if .env }} - env: -{{- range $k, $v := .env }} + {{- end }} + + {{- if .args }} + args: + {{- toYaml .args | nindent 10 }} + {{- end }} + + {{- if .env }} + env: + {{- range $k, $v := .env }} - name: {{ $k | quote}} value: {{ $v | quote }} -{{- end }} -{{- end }} + {{- end }} + {{- end }} + + {{- if or $.Values.configData $.Values.secretData}} envFrom: -{{ if $.Values.configData }} + {{- if $.Values.configData }} - configMapRef: - name: {{ $.Release.Name }} -{{- end }} -{{ if $.Values.secretData }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- if $.Values.secretData }} - secretRef: - name: {{ $.Release.Name }} -{{- end }} - ports: - - containerPort: {{ .port }} -{{- with $.Values.livenessProbe }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- end }} + + {{- with $.Values.livenessProbe }} livenessProbe: -{{ toYaml . | indent 12 }} -{{- end }} -{{- with $.Values.readinessProbe }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with $.Values.readinessProbe }} readinessProbe: -{{ toYaml . | indent 12 }} -{{- end }} -{{- if .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with .volumeMounts }} volumeMounts: -{{ toYaml .volumeMounts | indent 10 }} -{{- end }} -{{if .resources}} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- if .resources}} resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- with $.Values.nodeSelector }} + {{- toYaml .resources | nindent 12 }} + {{- else }} + {{- with $.Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + + {{- with $.Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with $.Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with $.Values.affinity }} affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with $.Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with $.Values.tolerations }} tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .volumes }} - volumes: -{{ toYaml .volumes | indent 6 }} -{{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- include "chart.buildVolumes" (dict "volumes" .volumes "excludeGlobalVolumes" .excludeGlobalVolumes "values" $.Values) | indent 6 }} + {{- end }} {{- end }} {{- if .Values.extraDeployment.hpaExtra.enabled -}} {{- range .Values.extraDeployment.deployments }} +{{- $deploymentName := (required "Each entry in extraDeployment.deployments needs a name" .name) }} +{{- $deploymentFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $deploymentName }} --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ .name }} + name: {{ $deploymentFullName }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ .name }} - minReplicas: {{ .minPods }} - maxReplicas: {{ .maxPods }} + name: {{ $deploymentFullName }} + minReplicas: {{ required "if extraDeployment has hpaExtra enabled, each deployment must have minPods and maxPods set" .minPods }} + maxReplicas: {{ required "if extraDeployment has hpaExtra enabled, each deployment must have minPods and maxPods set" .maxPods }} metrics: - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .cpuAverageUtilizationThreshold }} + averageUtilization: {{ required "if extraDeployment has hpaExtra enabled, each deployment must have cpuAverageUtilizationThreshold set" .cpuAverageUtilizationThreshold }} {{- end }} {{- end }} {{- if .Values.extraDeployment.enabled -}} {{- range .Values.extraDeployment.deployments }} +{{- $deploymentName := (required "Each entry in extraDeployment.deployments needs a name" .name) }} +{{- $dictOfBasicLabels := include "chart.basicLabels" $ | fromYaml }} +{{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" $ | fromYaml }} +{{- $deploymentFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $deploymentName }} --- apiVersion: v1 kind: Service metadata: - name: {{ .name }} + name: {{ $deploymentFullName }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $deploymentFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: - type: {{ .serviceType }} + type: {{ default "ClusterIP" .serviceType }} ports: - port: {{ .port }} targetPort: {{ or .targetPort .port }} name: http selector: - app: {{ .name }} - release: {{ $.Release.Name }} + {{- range $k, $v := $dictOfBasicSelectorLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $deploymentFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/k8ez/templates/hpa.yaml b/charts/k8ez/templates/hpa.yaml index 7fac7581..87653872 100644 --- a/charts/k8ez/templates/hpa.yaml +++ b/charts/k8ez/templates/hpa.yaml @@ -3,19 +3,19 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ .Release.Name }} - minReplicas: {{ .Values.autoscale.minPods }} - maxReplicas: {{ .Values.autoscale.maxPods }} + name: {{ include "chart.fullname" . }} + minReplicas: {{ required "If autoscaling is enabled, minPods, maxPods, and cpuAverageUtilizationThreshold must all be set" .Values.autoscale.minPods }} + maxReplicas: {{ required "If autoscaling is enabled, minPods, maxPods, and cpuAverageUtilizationThreshold must all be set" .Values.autoscale.maxPods }} metrics: - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .Values.autoscale.cpuAverageUtilizationThreshold }} + averageUtilization: {{ required "If autoscaling is enabled, minPods, maxPods, and cpuAverageUtilizationThreshold must all be set" .Values.autoscale.cpuAverageUtilizationThreshold }} {{- end }} diff --git a/charts/k8ez/templates/image-pull-secret.yaml b/charts/k8ez/templates/image-pull-secret.yaml index 99cec5e0..f09379e2 100755 --- a/charts/k8ez/templates/image-pull-secret.yaml +++ b/charts/k8ez/templates/image-pull-secret.yaml @@ -5,8 +5,9 @@ kind: Secret metadata: name: {{ .Release.Name }}-registry-secret labels: - {{- include "common.labels" . | nindent 4 }} + {{- include "chart.basicLabels" . | nindent 4 }} type: kubernetes.io/dockerconfigjson data: +{{/* TODO: does this template need to be created? */}} .dockerconfigjson: {{ template "imagePullSecret" . }} {{- end -}} diff --git a/charts/k8ez/templates/ingress-istio.yaml b/charts/k8ez/templates/ingress-istio.yaml index 0d9c9974..eac95a7f 100644 --- a/charts/k8ez/templates/ingress-istio.yaml +++ b/charts/k8ez/templates/ingress-istio.yaml @@ -3,57 +3,72 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} spec: -{{- with .Values.istio.gateways }} + {{- with .Values.istio.gateways }} gateways: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.istio.hosts }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.istio.hosts }} hosts: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} http: + {{- if .Values.istio.forceHttpRedirect }} - match: -{{- range .Values.istio.paths }} - - uri: - prefix: {{ . }} -{{- end }} + - headers: + 'X-Forwarded-Proto': + exact: http + redirect: + scheme: https + redirectCode: 301 + - match: + {{- range .Values.istio.paths }} + - uri: + prefix: {{ . }} + headers: + 'X-Forwarded-Proto': + exact: https + {{- end }} route: - - destination: - host: {{ .Release.Name }} - port: - number: {{ .Values.service.port }} + - destination: + host: {{ include "chart.fullname" . }} + port: + number: {{ .Values.service.port }} + {{- else }} + - match: + {{- range .Values.istio.paths }} + - uri: + prefix: {{ . }} + {{- end }} + route: + - destination: + host: {{ include "chart.fullname" . }} + port: + number: {{ .Values.service.port }} + {{- end }} --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} spec: - host: {{ .Release.Name }} + host: {{ include "chart.fullname" . }} trafficPolicy: loadBalancer: -{{- if .Values.istio.useCustomLoadBalancer -}} - {{ toYaml .Values.istio.customLoadBalancer | nindent 6 }} -{{- else }} - simple: {{ .Values.istio.loadBalancerType }} -{{- end }} -{{- if .Values.istio.mtls.enabled }} + {{- if .Values.istio.useCustomLoadBalancer -}} + {{ toYaml .Values.istio.customLoadBalancer | nindent 6 }} + {{- else }} + simple: {{ required "Values.istio.loadBalancerType is required if customLoadBalancer is false" .Values.istio.loadBalancerType }} + {{- end }} + {{- if .Values.istio.mtls.enabled }} tls: mode: ISTIO_MUTUAL -{{- end }} + {{- end }} {{- end }} diff --git a/charts/k8ez/templates/ingress-kubernetes.yaml b/charts/k8ez/templates/ingress-kubernetes.yaml index 171268af..bf318a5e 100644 --- a/charts/k8ez/templates/ingress-kubernetes.yaml +++ b/charts/k8ez/templates/ingress-kubernetes.yaml @@ -9,16 +9,12 @@ apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} {{- with .Values.k8sIngress.annotations }} annotations: - {{ toYaml . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.k8sIngress.tls }} @@ -32,24 +28,22 @@ spec: {{- end }} {{- end }} rules: - {{- if .Values.hosts }} - {{- range .Values.hosts }} + {{- range (required "if .Values.k8sIngress.enabled is true, .Values.k8sIngress.hosts is required" .Values.k8sIngress.hosts) }} - host: {{ . }} http: paths: - - path: {{ $.Values.path }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + - path: {{ $.Values.k8sIngress.path }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} pathType: Prefix backend: service: - name: {{ $.Release.Name }} + name: {{ include "chart.fullname" $ }} port: number: {{ $.Values.service.port }} - {{- else }} + {{- else }} backend: - serviceName: {{ $.Release.Name }} + serviceName: {{ include "chart.fullname" $ }} servicePort: {{ $.Values.service.port }} - {{- end }} + {{- end }} {{- end }} - {{- end }} {{- end -}} diff --git a/charts/k8ez/templates/jobs.yaml b/charts/k8ez/templates/jobs.yaml index 1e893d05..f89873bf 100644 --- a/charts/k8ez/templates/jobs.yaml +++ b/charts/k8ez/templates/jobs.yaml @@ -1,79 +1,96 @@ {{- if .Values.jobs.enabled }} {{- range .Values.jobs.jobs }} +{{- $jobName := (required "Each entry in jobs.jobs needs a name" .name) }} +{{- $dictOfBasicLabels := include "chart.basicLabels" $ | fromYaml }} +{{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" $ | fromYaml }} +{{- $jobFullName := printf "%s-job-%s" (include "chart.fullname" $ | trunc 40) $jobName }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ .name }} -{{ if .extraAnnotations }} -{{- with .extraAnnotations }} + name: {{ $jobFullName }} annotations: - {{ toYaml . | nindent 4 }} -{{- end }} -{{ end }} + checksum/{{ include "chart.fullname" $ }}-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} + checksum/{{ include "chart.fullname" $ }}-secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} + {{- include "chart.buildExtraAnnotations" (dict "excludeGlobalExtraAnnotations" .excludeGlobalExtraAnnotations "extraAnnotations" .extraAnnotations "values" $.Values) | indent 4 }} spec: template: metadata: annotations: -{{- if not $.Values.istio.enabled }} + checksum/{{ include "chart.fullname" $ }}-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} + checksum/{{ include "chart.fullname" $ }}-secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} + {{- if not $.Values.istio.enabled }} sidecar.istio.io/inject: "false" -{{- end }} -{{- if $.Values.extraAnnotations }} -{{ toYaml $.Values.extraAnnotations | indent 8 }} -{{- end }} + {{- end }} + {{- include "chart.buildExtraAnnotations" (dict "excludeGlobalExtraAnnotations" .excludeGlobalExtraAnnotations "extraAnnotations" .extraAnnotations "values" $.Values) | indent 8 }} spec: - {{if $.Values.imagePullSecrets}} {{- with $.Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml . | nindent 8 }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} - serviceAccount: {{ $.Release.Name }} + serviceAccount: {{ include "chart.fullname" $ }} enableServiceLinks: {{ $.Values.enableServiceLinks }} securityContext: fsGroup: {{ $.Values.podSecurityContext.fsGroup }} + restartPolicy: {{ or .restartPolicy "Never" }} containers: - - name: {{ .name }} - image: "{{ or .image $.Values.image.image }}" - securityContext: -{{ toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | indent 12}} -{{if .resources}} - resources: -{{ toYaml $.Values.resources | indent 8 }} -{{- end }} -{{- if .volumeMounts }} - volumeMounts: -{{ toYaml .volumeMounts | indent 8 }} -{{- end }} -{{ if .command }} - command: [{{ .command | quote}}] -{{- end }} -{{ if .args }} - args: -{{ toYaml .args | indent 8 }} -{{- end }} -{{ if .env }} - env: -{{- range $k, $v := .env }} + - name: {{ $jobFullName | quote }} + image: {{ include "chart.buildImagePath" (dict "image" .image "values" $.Values ) | quote }} + {{- if and .image (kindIs "map" .image) }} + {{/* commented out: - if and .image (default dict .image).pullPolicy */}} + imagePullPolicy: {{ .image.pullPolicy }} + {{- else }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- end }} + securityContext: + {{- toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | nindent 10 }} + + {{- if .command }} + command: [{{ .command | quote }}] + {{- end }} + + {{- if .args }} + args: + {{- toYaml .args | nindent 8 }} + {{- end }} + + {{- if .env }} + env: + {{- range $k, $v := .env }} - name: {{ $k | quote}} value: {{ $v | quote }} -{{- end }} -{{- end }} + {{- end }} + {{- end }} + + {{- if or $.Values.configData $.Values.secretData}} envFrom: -{{ if $.Values.configData }} - - configMapRef: - name: {{ $.Release.Name }} -{{- end }} -{{ if $.Values.secretData }} - - secretRef: - name: {{ $.Release.Name }} -{{- end }} - restartPolicy: {{ or .restartPolicy "Never" }} -{{- if .volumes }} - volumes: -{{ toYaml .volumes | indent 6 }} -{{- end }} + {{- if $.Values.configData }} + - configMapRef: + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- if $.Values.secretData }} + - secretRef: + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- end }} + + {{- with .volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- if .resources}} + resources: + {{- toYaml .resources | nindent 10 }} + {{- else }} + {{- with $.Values.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + + {{- include "chart.buildVolumes" (dict "volumes" .volumes "excludeGlobalVolumes" .excludeGlobalVolumes "values" $.Values) | indent 6 }} backoffLimit: 0 {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/k8ez/templates/pod-disruption-budget.yaml b/charts/k8ez/templates/pod-disruption-budget.yaml index e4a98923..20caee37 100644 --- a/charts/k8ez/templates/pod-disruption-budget.yaml +++ b/charts/k8ez/templates/pod-disruption-budget.yaml @@ -4,18 +4,13 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} spec: minAvailable: 50% selector: matchLabels: - app: {{ .Release.Name }} - release: {{ .Release.Name }} + {{- include "chart.basicSelectorLabels" . | nindent 6 }} {{- end }} {{ end }} \ No newline at end of file diff --git a/charts/k8ez/templates/pvc.yaml b/charts/k8ez/templates/pvc.yaml index fbbb6393..e5a3ffd1 100644 --- a/charts/k8ez/templates/pvc.yaml +++ b/charts/k8ez/templates/pvc.yaml @@ -1,22 +1,20 @@ {{ if .Values.persistentVolumeClaims }} {{- range .Values.persistentVolumeClaims }} +{{- $pvcName := (required "Each entry in persistentVolumeClaims needs a name" .name) }} +{{- $pvcFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $pvcName }} --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ .name }} + name: {{ $pvcFullName }} labels: - app: {{ include "chart.name" $ }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- include "chart.basicLabels" $ | nindent 4 }} spec: accessModes: - - {{ .accessMode }} - storageClassName: {{ .storageClass }} + - {{ required "Each entry in persistentVolumeClaims needs an accessMode, a storageClassName, and a size" .accessMode }} + storageClassName: {{ required "Each entry in persistentVolumeClaims needs an accessMode, a storageClassName, and a size" .storageClassName }} resources: requests: - storage: {{ .size }} + storage: {{ required "Each entry in persistentVolumeClaims needs an accessMode, a storageClassName, and a size" .size }} {{- end }} {{- end }} diff --git a/charts/k8ez/templates/secret.yaml b/charts/k8ez/templates/secret.yaml index 492e603d..83120a24 100755 --- a/charts/k8ez/templates/secret.yaml +++ b/charts/k8ez/templates/secret.yaml @@ -3,14 +3,10 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} type: Opaque data: -{{ toYaml .Values.secretData | indent 2 }} +{{- toYaml .Values.secretData | nindent 2 }} {{ end }} diff --git a/charts/k8ez/templates/service.yaml b/charts/k8ez/templates/service.yaml index 36fdd186..94052899 100644 --- a/charts/k8ez/templates/service.yaml +++ b/charts/k8ez/templates/service.yaml @@ -2,19 +2,14 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ required "Values.service requires a type" .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} + - port: {{ required "Values.service requires a port" .Values.service.port }} + targetPort: {{ default .Values.service.port .Values.service.targetPort }} name: http selector: - app: {{ .Release.Name }} - release: {{ .Release.Name }} + {{- include "chart.basicSelectorLabels" . | nindent 4 }} diff --git a/charts/k8ez/templates/serviceaccount.yaml b/charts/k8ez/templates/serviceaccount.yaml index 5fc6a954..bea880b4 100755 --- a/charts/k8ez/templates/serviceaccount.yaml +++ b/charts/k8ez/templates/serviceaccount.yaml @@ -2,16 +2,12 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }} + name: {{ include "chart.fullname" . }} labels: - app: {{ .Release.Name }} - chart: {{ include "chart.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - version: {{ .Chart.Version }} + {{- include "chart.basicLabels" . | nindent 4 }} {{- if .Values.image.credentials.create }} imagePullSecrets: -- name: {{ .Release.Name }}-registry-secret +- name: {{ include "chart.fullname" . }}-registry-secret {{- else if ne .Values.image.credentials.secretRef "" }} imagePullSecrets: - name: {{ .Values.image.credentials.secretRef }} diff --git a/charts/k8ez/templates/statefulsets.yaml b/charts/k8ez/templates/statefulsets.yaml index e93aaec6..83cf59e7 100644 --- a/charts/k8ez/templates/statefulsets.yaml +++ b/charts/k8ez/templates/statefulsets.yaml @@ -1,40 +1,51 @@ {{- if .Values.statefulSets.enabled -}} {{- range .Values.statefulSets.statefulsets }} +{{- $statefulSetName := (required "Each entry in statefulSets.statefulsets needs a name" .name) }} +{{- $dictOfBasicLabels := include "chart.basicLabels" $ | fromYaml }} +{{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" $ | fromYaml }} +{{- $statefulSetFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $statefulSetName }} --- apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ .name }} + name: {{ $statefulSetFullName }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $statefulSetFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: replicas: {{ .replicaCount }} selector: matchLabels: - app: {{ .name }} - release: {{ $.Release.Name }} - serviceName: {{ .name }} + {{- range $k, $v := $dictOfBasicSelectorLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $statefulSetFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} + serviceName: {{ $statefulSetFullName }} template: metadata: annotations: checksum/{{ include "chart.fullname" $ }}-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} checksum/{{ include "chart.fullname" $ }}-secret: {{ include (print $.Template.BasePath "/secret.yaml") $ | sha256sum }} -{{- if not $.Values.istio.enabled }} + {{- if not $.Values.istio.enabled }} sidecar.istio.io/inject: "false" -{{- end }} -{{- if $.Values.extraAnnotations }} -{{ toYaml $.Values.extraAnnotations | indent 8 }} -{{- end }} + {{- end }} + {{- include "chart.buildExtraAnnotations" (dict "excludeGlobalExtraAnnotations" .excludeGlobalExtraAnnotations "extraAnnotations" .extraAnnotations "values" $.Values) | indent 8 }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $statefulSetFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: enableServiceLinks: {{ $.Values.enableServiceLinks }} securityContext: @@ -47,94 +58,128 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app - operator: In - values: - - {{ .name }} - - key: release + {{- range $k, $v := $dictOfBasicSelectorLabels }} + - key: {{ $k | quote }} operator: In values: - - {{ $.Release.Name }} + {{- if eq $k "app" }} + - {{ $statefulSetFullName | quote }} + {{- else }} + - {{ $v | quote }} + {{- end }} + {{- end }} topologyKey: kubernetes.io/hostname containers: - - name: {{ .name }} - image: "{{ or .image $.Values.image.image }}" - securityContext: -{{ toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | indent 12}} -{{ if .command }} - command: [{{ .command | quote}}] -{{- end }} -{{ if .args }} - args: -{{ toYaml .args | indent 10 }} -{{- end }} + - name: {{ $statefulSetFullName | quote }} + image: {{ include "chart.buildImagePath" (dict "image" .image "values" $.Values ) | quote }} + {{- if and .image (kindIs "map" .image) }} + {{/* commented out: - if and .image (default dict .image).pullPolicy */}} + imagePullPolicy: {{ .image.pullPolicy }} + {{- else }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- end }} + securityContext: + {{- toYaml (merge dict $.Values.securityContext (or .securityContext dict)) | nindent 12}} ports: - - containerPort: {{ .port }} -{{ if .env }} - env: -{{- range $k, $v := .env }} + - containerPort: {{ required "Each entry in statefulSets.statefulsets needs a port" .port }} + + {{- if .command }} + command: [{{ .command | quote }}] + {{- end }} + + {{- if .args }} + args: + {{- toYaml .args | nindent 10 }} + {{- end }} + + {{- if .env }} + env: + {{- range $k, $v := .env }} - name: {{ $k | quote}} value: {{ $v | quote }} -{{- end }} -{{- end }} + {{- end }} + {{- end }} + + {{- if or $.Values.configData $.Values.secretData}} envFrom: -{{ if $.Values.configData }} + {{- if $.Values.configData }} - configMapRef: - name: {{ $.Release.Name }} -{{- end }} -{{ if $.Values.secretData }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- if $.Values.secretData }} - secretRef: - name: {{ $.Release.Name }} -{{- end }} -{{- if .volumeMounts }} + name: {{ include "chart.fullname" $ }} + {{- end }} + {{- end }} + + {{- with .volumeMounts }} volumeMounts: -{{ toYaml .volumeMounts | indent 10 }} -{{- end }} -{{if .resources}} + {{- toYaml . | nindent 12 }} + {{- end }} + + {{- if .resources}} resources: -{{ toYaml $.Values.resources | indent 10 }} -{{- end }} -{{- with $.Values.nodeSelector }} + {{- toYaml .resources | nindent 12 }} + {{- else }} + {{- with $.Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + + {{- with $.Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with $.Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with $.Values.affinity }} affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with $.Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with $.Values.tolerations }} tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .volumes }} - volumes: -{{ toYaml .volumes | indent 6 }} -{{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- include "chart.buildVolumes" (dict "volumes" .volumes "excludeGlobalVolumes" .excludeGlobalVolumes "values" $.Values) | indent 6 }} + {{- end }} {{- end }} {{- if $.Values.statefulSets.enabled -}} {{- range $.Values.statefulSets.statefulsets }} +{{- $statefulSetName := (required "Each entry in statefulSets.statefulsets needs a name" .name) }} +{{- $dictOfBasicLabels := include "chart.basicLabels" $ | fromYaml }} +{{- $dictOfBasicSelectorLabels := include "chart.basicSelectorLabels" $ | fromYaml }} +{{- $statefulSetFullName := printf "%s-%s" (include "chart.fullname" $ | trunc 40) $statefulSetName }} --- apiVersion: v1 kind: Service metadata: - name: {{ .name }} + name: {{ $statefulSetFullName }} labels: - app: {{ .name }} - chart: {{ include "chart.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - version: {{ $.Chart.Version }} + {{- range $k, $v := $dictOfBasicLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $statefulSetFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} spec: - clusterIP: None + clusterIP: None {{- /* aka a headless service*/}} ports: - port: {{ .port }} targetPort: {{ or .targetPort .port }} name: http selector: - app: {{ .name }} + {{- range $k, $v := $dictOfBasicSelectorLabels }} + {{- if eq $k "app" }} + {{ $k }}: {{ $statefulSetFullName }} + {{- else}} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} {{- end }} {{- end }} - diff --git a/charts/k8ez/values.yaml b/charts/k8ez/values.yaml index c462ac0b..433fe7b8 100755 --- a/charts/k8ez/values.yaml +++ b/charts/k8ez/values.yaml @@ -1,10 +1,14 @@ ######################################################### # Define the main deployment of the app # ######################################################### +# Overrides for the name +nameOverride: "" # chart name override +fullnameOverride: "" # full name override (install + chart name) # Image and any required credentials to download it for the default deployment image: image: "" + tag: "" pullPolicy: Always credentials: create: false @@ -30,14 +34,27 @@ podSecurityContext: fsGroup: 1050 # Specify image pull secrets if required or if you have it creating registry credentials -# imagePullSecrets: +# imagePullSecrets: # - name: Release.name--registry-secret # Enable deployment - by default we enable a simple deployment -deployment: +deployment: enabled: true - # command: "sh" - # args: [] + command: "" + args: [] + # by default, disable initContainers + initContainers: + enabled: false + containers: [] +# - name: migrations +# image: +# image: "path/to/image" +# tag: "my-tag" +# pullPolicy: always +# command: 'python' +# args: ['manage.py', 'migrate_schemas'] +# securityContext: {} +# resources: {} # Configure the number of pods for this service. If autoscale is enabled, replica count is not used. replicaCount: 1 @@ -47,18 +64,18 @@ autoscale: maxPods: 4 cpuAverageUtilizationThreshold: 70 -podDisruptionBudget: +podDisruptionBudget: enabled: false # Enable and configure a service with a reasonable default port service: type: ClusterIP port: 8080 +# targetPort: 8080 # will use port by default # Configure resources it will be given with reasonable defaults resources: limits: - cpu: 1000m memory: 512Mi requests: cpu: 200m @@ -84,11 +101,17 @@ configData: {} # Set secret data key-value pairs that will be loaded into env variables secretData: {} +# K8ezSecret: 'YES' -# List of files to load into configmaps. Supports glob patterns, all files that match will be put into the configmap +# List of files to load into configmaps. +# Supports glob patterns, all files that match will be put into the configmap +# note that the path to the file(s) should be from within the k8ez chart +# (ie: files/config.toml refers to charts/k8ez/files/config.toml) configFiles: [] - # - fileGlob: files/config.toml - # configMapName: config.toml +# - configMapName: all-toml +# fileGlob: "files/**.toml" +# - fileGlob: files/config.toml +# configMapName: config.toml # List of extra annotations to be injected into pod templates extraAnnotations: {} @@ -105,22 +128,22 @@ extraAnnotations: {} # See https://kubernetes.io/docs/concepts/storage/volumes/ volumes: [] - # - name: mydir - # hostPath: - # # Ensure the file directory is created. - # path: /var/local/aaa - # type: DirectoryOrCreate +# - name: mydir +# hostPath: +# # Ensure the file directory is created. +# path: /var/local/aaa +# type: DirectoryOrCreate volumeMounts: [] - # - name: myvolume - # mountPath: /mount +# - name: myvolume +# mountPath: /mount # See https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -persistentVolumeClaims: - # - name: efs - # accessMode: ReadWriteMany - # storageClass: my-storage-class - # size: 50Gi +persistentVolumeClaims: [] +# - name: efs +# accessMode: ReadWriteMany +# storageClassName: my-storage-class +# size: 50Gi # Possibly select a certain type of node nodeSelector: {} @@ -137,7 +160,6 @@ enableServiceLinks: true ########### # Ingress # ########### - # Deploys a Kubernetes Ingress resource, defaults to nginx ingress controller. # If networking.k8s.io/v1 is available in your cluster that will be used, # otherwise fall back to networking.k8s.io/v1 @@ -168,6 +190,7 @@ istio: paths: [] loadBalancerType: ROUND_ROBIN useCustomLoadBalancer: false + forceHttpRedirect: false customLoadBalancer: {} # consistentHash: # httpCookie: @@ -179,79 +202,109 @@ istio: ######################################################### # Stateful Sets # ######################################################### - statefulSets: enabled: false statefulsets: [] - # - name: abcd - # image: nginx - # port: 4000 - # serviceType: "ClusterIP" - # replicaCount: 1 - # command: "sh" - # args: [] - # volumes: [] - # volumeMounts: [] - # env: {} # additional env vars - # securityContext: {} +# - name: nginx +# replicaCount: 1 +# excludeGlobalExtraAnnotations: true # false if unset +# extraAnnotations: +# testing: 1234 +# image: +# image: nginx +# tag: latest +# pullPolicy: always +# port: 4000 +# targetPort: 8080 +# serviceType: "ClusterIP" +# command: "sh" +# args: ["test", "me"] +# excludeGlobalVolumes: true # false if unset +# volumes: [] +# volumeMounts: [] +# resources: {} # will default to global resources +# env: # additional env vars +# ENV_VAR_1: "my env var" +# securityContext: +# testing: 5678 ############################################################# # Additional Deployments # ############################################################# - extraDeployment: enabled: false hpaExtra: # autoscaling enabled: false deployments: [] - # - name: abcde - # image: nginx - # port: 4000 - # targetPort: 8080 - # serviceType: "ClusterIP" - # replicaCount: 1 - # command: "sh" - # args: [] - # volumes: [] - # volumeMounts: [] - # env: {} # additional env vars - # securityContext: {} - # - # minPods: 2 - # maxPods: 4 - # cpuAverageUtilizationThreshold: 70 +# - name: nginx-TEST +# replicaCount: 1 +# excludeGlobalExtraAnnotations: true # false if unset +# extraAnnotations: +# testing: 1234 +# image: +# image: nginx +# tag: latest +# pullPolicy: always +# port: 4000 +# targetPort: 8080 +# serviceType: "ClusterIP" +# command: "sh" +# args: ["test", "me"] +# excludeGlobalVolumes: true # false if unset +# volumes: [] +# volumeMounts: [] +# resources: {} # will default to global resources +# env: # additional env vars +# ENV_VAR_1: "my env var" +# securityContext: +# testing: 5678 +# minPods: 2 +# maxPods: 4 +# cpuAverageUtilizationThreshold: 70 ############ # CronJobs # ############ - cronJobs: - enabled: false + enabled: true scheduled: [] - # - name: abc - # image: nginx - # schedule: "30 * * * *" # every 30 min - # command: "sh" - # args: [] - # volumes: [] - # volumeMounts: [] - # env: {} # additional env vars - # securityContext: {} +# - name: abc +# image: +# image: nginx +# tag: latest +# pullPolicy: always +# securityContext: +# testing: 1234 +# schedule: "30 * * * *" # every 30 min +# command: "sh" +# args: [] +# volumes: [] +# volumeMounts: [] +# env: {} # additional env vars ######## # Jobs # ######## - jobs: enabled: false jobs: [] - # - name: hgu - # image: nginx - # command: "sh" - # #args: [] - # #volumes: [] - # #volumeMounts: [] - # #env: {} # additional env vars - # #extraAnnotations: {} # additional annotations - # securityContext: {} +# - name: nginx +# excludeGlobalExtraAnnotations: true # false if unset +# extraAnnotations: +# testing: 1234 +# image: +# image: nginx +# tag: latest +# pullPolicy: always +# securityContext: +# testing: 5678 +# restartPolicy: "" # will default to "Never" +# command: "sh" +# args: ["test", "me"] +# env: # additional env vars +# ENV_VAR_1: "my env var" +# resources: {} # will default to global resources +# excludeGlobalVolumes: true # false if unset +# volumes: [] +# volumeMounts: [] diff --git a/tests/everything.values.yaml b/tests/everything.values.yaml index 73eb92da..65236753 100644 --- a/tests/everything.values.yaml +++ b/tests/everything.values.yaml @@ -1,29 +1,61 @@ ######################################################### # Define the main deployment of the app # ######################################################### +# Overrides for the name +nameOverride: "" +fullnameOverride: "" # Image and any required credentials to download it for the default deployment image: image: "redis" + tag: "7.2.1" pullPolicy: Always - credentials: - create: false - username: "" - password: "" - secretRef: "" # Default security contetx -securityContext: +securityContext: allowPrivilegeEscalation: false runAsNonRoot: true + privileged: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault runAsUser: 999 # redis image creates this user runAsGroup: 999 # redis image creates this user +# pod context (inherited by all containers) +podSecurityContext: + fsGroup: 1050 + +# Specify image pull secrets if required or if you have it creating registry credentials +# imagePullSecrets: +# - name: Release.name--registry-secret + # Enable deployment - by default we enable a simple deployment -deployment: +deployment: enabled: true command: "sh" args: ["-c", "sleep 1000"] + # by default, disable initContainers + initContainers: + enabled: false + containers: + - name: init-container-sleep + image: + image: alpine + tag: 3.18.4 + pullPolicy: always + command: 'sh' + args: ['-c', 'sleep 1000'] + securityContext: + runAsGroup: 1050 + runAsUser: 1050 + resources: + limits: + memory: 256Mi + requests: + cpu: 100m + memory: 64Mi # Configure the number of pods for this service. If autoscale is enabled, replica count is not used. replicaCount: 2 @@ -33,7 +65,7 @@ autoscale: maxPods: 4 cpuAverageUtilizationThreshold: 70 -podDisruptionBudget: +podDisruptionBudget: enabled: true # Enable and configure a service with a reasonable default port @@ -44,7 +76,6 @@ service: # Configure resources it will be given with reasonable defaults resources: limits: - cpu: 1000m memory: 512Mi requests: cpu: 200m @@ -52,7 +83,7 @@ resources: # pod liveness and readiness probes to check the applications health # https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -# livenessProbe: +# livenessProbe: # httpGet: # path: /health # port: 8080 @@ -62,7 +93,7 @@ resources: # initialDelaySeconds: 3 # periodSeconds: 3 -# readinessProbe: +# readinessProbe: # httpGet: # path: /health # port: 8080 @@ -73,34 +104,39 @@ resources: # periodSeconds: 3 # List key/value pairs to be included in this service's ConfigMap -configData: +configData: K8EZ: 'YES' # Set secret data key-value pairs that will be loaded into env variables # this expects values are already base64 encoded -secretData: +secretData: SECRET: 'dmFsdWU=' +configFiles: + - configMapName: all-yaml + fileGlob: "files/**.yaml" + +extraAnnotations: + someExtraAnnotation: annotationValueHere + # See https://kubernetes.io/docs/concepts/storage/volumes/ -volumes: +volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate -volumeMounts: +volumeMounts: - name: mydir mountPath: /mount # See https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -persistentVolumeClaims: [] -# - name: myvolumeclaim -# accessMode: ReadWriteMany -# storageClassName: default -# resources: -# requests: -# storage: 1Gi +persistentVolumeClaims: + - name: myvolumeclaim + accessMode: ReadWriteMany + storageClassName: default + size: 50Gi # Possibly select a certain type of node nodeSelector: {} @@ -111,127 +147,173 @@ tolerations: [] # Set pod affinity affinity: {} +# sets whether containers get the kubernetes generated env vars for addresses to other services in the same namespace +enableServiceLinks: true + ########### # Ingress # ########### - -# Kubernetes native ingress and Istio are supported, only enable one or neither of them. -# If you enable neither you will need to port-forward to dash -ingress: - hosts: - # Add lists of hosts +# Deploys a Kubernetes Ingress resource, defaults to nginx ingress controller. +# If networking.k8s.io/v1 is available in your cluster that will be used, +# otherwise fall back to networking.k8s.io/v1 +k8sIngress: + enabled: true + hosts: - example.local path: / + annotations: + # kubernetes.io/ingress.class: gce + kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/ssl-redirect: "false" + # kubernetes.io/ingress.allow-http: false + # kubernetes.io/tls-acme: true + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: dash-certificate + # hosts: + # - example.local - # Deploys a Kubernetes Ingress resource - k8sIngress: - enabled: true - annotations: - # kubernetes.io/ingress.class: gce - kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/ssl-redirect: "false" - # kubernetes.io/ingress.allow-http: false - # kubernetes.io/tls-acme: true - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: dash-certificate - # hosts: - # - example.local - # Deploys an Istio VirtualService, DestinationRule, Gateway (optional), PeerAuthentication (optional) - istio: - enabled: false - loadBalancerType: ROUND_ROBIN - mtlsMode: "PERMISSIVE" - -ingressgateway: +# Deploys an Istio VirtualService and DestinationRule +istio: enabled: false gateways: [] - hosts: [] + hosts: + - example.local paths: - / loadBalancerType: ROUND_ROBIN + useCustomLoadBalancer: false + forceHttpRedirect: false + customLoadBalancer: {} + # consistentHash: + # httpCookie: + # name: my_cookie_name + # ttl: 300s + mtls: + enabled: false ######################################################### # Stateful Sets # ######################################################### - statefulSets: enabled: true - statefulsets: - - name: abcd - image: redis + statefulsets: + - name: statefulSetWithImageString + image: myImageOne port: 4000 serviceType: "ClusterIP" replicaCount: 1 command: "sh" args: ["-c", "sleep 1000"] - volumes: + volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate - volumeMounts: + volumeMounts: - name: mydir mountPath: /mount - env: + env: ENVVAR: 'value' + resources: + limits: + memory: 256Mi + excludeGlobalExtraAnnotations: true + extraAnnotations: + imageType: "image string" + annotationInfo: "exclude global, include extras" + resources: "custom limits (limits.memory 256Mi, requests.cpu 200m, requests.memory 128Mi)" + - name: statefulSetWithImageDict + image: + image: myImageTwo + tag: myTagTwo + port: 4000 + extraAnnotations: + imageType: "full dictionary" + annotationInfo: "include global and extras" + - name: statefulSetWithImageOnly + image: + image: separateImageOnly + port: 4000 + extraAnnotations: + imageType: "dictionary with image only" + annotationInfo: "include global and extras" + - name: statefulSetWithTagOnly + image: + tag: separateTagOnly + port: 4000 + extraAnnotations: + imageType: "dictionary with tag only (should use default image with custom tag)" + annotationInfo: "include global and extras" + - name: statefulSetWithEmptyImage + image: + port: 4000 + excludeGlobalExtraAnnotations: true + extraAnnotations: + imageType: "empty dictionary (should use default)" + annotationInfo: "exclude global, include extras" + - name: statefulSetWithoutImageInfo + excludeGlobalExtraAnnotations: true + extraAnnotations: + imageType: "none included (should use default)" + annotationInfo: "exclude global, include extras" + port: 4000 ############################################################# # Additional Deployments # ############################################################# - extraDeployment: enabled: true hpaExtra: # autoscaling enabled: false - deployments: - - name: abcde + deployments: + - name: extra-redis-deployment-one image: redis port: 4000 serviceType: "ClusterIP" replicaCount: 1 command: "sh" args: ["-c", "sleep 1000"] - volumes: + volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate - volumeMounts: + volumeMounts: - name: mydir mountPath: /mount - env: + env: ENVVAR: 'value' - + minPods: 2 maxPods: 4 cpuAverageUtilizationThreshold: 70 - securityContext: + securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - - name: abcdf + - name: extra-redis-deployment-two image: redis port: 4000 serviceType: "ClusterIP" replicaCount: 1 command: "sh" args: ["-c", "sleep 1000"] - volumes: + volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate - volumeMounts: + volumeMounts: - name: mydir mountPath: /mount - env: + env: ENVVAR: 'value' - + minPods: 2 maxPods: 4 cpuAverageUtilizationThreshold: 70 @@ -240,48 +322,46 @@ extraDeployment: ############ # CronJobs # ############ - cronJobs: enabled: true - scheduled: - - name: abc + scheduled: + - name: example-cronjob image: redis schedule: "30 * * * *" # every 30 min command: "sh" args: ["-c", "sleep 1000"] - volumes: + volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate - volumeMounts: + volumeMounts: - name: mydir mountPath: /mount - env: + env: ENVVAR: 'value' ######## # Jobs # ######## - jobs: enabled: true - jobs: - - name: hgu + jobs: + - name: example-job image: redis command: "sh" args: ["-c", "sleep 1000"] - volumes: + volumes: - name: mydir hostPath: # Ensure the file directory is created. path: /var/local/aaa type: DirectoryOrCreate - volumeMounts: + volumeMounts: - name: mydir mountPath: /mount - env: + env: ENVVAR: 'value' - extraAnnotations: - annotation: value + extraAnnotations: + jobExtraAnnotation: something diff --git a/tests/full-features-istio-test.yaml b/tests/full-features-istio-test.yaml new file mode 100644 index 00000000..37be38b2 --- /dev/null +++ b/tests/full-features-istio-test.yaml @@ -0,0 +1,1279 @@ +--- +# Source: k8ez/templates/pod-disruption-budget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + minAvailable: 50% + selector: + matchLabels: + app: test-everything-app-ingress + release: test-everything-app +--- +# Source: k8ez/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +--- +# Source: k8ez/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +type: Opaque +data: + SECRET: dmFsdWU= +--- +# Source: k8ez/templates/configmap-files.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: all-yaml + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +data: + example-file.yaml: |- + example-root: + example-key: exampleValue +--- +# Source: k8ez/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +data: + K8EZ: "YES" +--- +# Source: k8ez/templates/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: test-everything-app-ingress-myvolumeclaim + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + accessModes: + - ReadWriteMany + storageClassName: default + resources: + requests: + storage: 50Gi +--- +# Source: k8ez/templates/extra-deployments.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-extra-redis-deployment-one + labels: + app: test-everything-app-ingress-extra-redis-deployment-one + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + type: ClusterIP + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-extra-redis-deployment-one + release: test-everything-app +--- +# Source: k8ez/templates/extra-deployments.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-extra-redis-deployment-two + labels: + app: test-everything-app-ingress-extra-redis-deployment-two + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + type: ClusterIP + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-extra-redis-deployment-two + release: test-everything-app +--- +# Source: k8ez/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + name: http + selector: + app: test-everything-app-ingress + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithImageString + labels: + app: test-everything-app-ingress-statefulSetWithImageString + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithImageString + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithImageDict + labels: + app: test-everything-app-ingress-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithImageDict + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithImageOnly + labels: + app: test-everything-app-ingress-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithImageOnly + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithTagOnly + labels: + app: test-everything-app-ingress-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithTagOnly + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithEmptyImage + labels: + app: test-everything-app-ingress-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithEmptyImage + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-ingress-statefulSetWithoutImageInfo + labels: + app: test-everything-app-ingress-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-ingress-statefulSetWithoutImageInfo + release: test-everything-app +--- +# Source: k8ez/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + replicas: 2 + selector: + matchLabels: + app: test-everything-app-ingress + release: test-everything-app + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 + spec: + serviceAccount: test-everything-app-ingress + enableServiceLinks: true + securityContext: + fsGroup: 1050 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress" + image: redis:7.2.1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 80 + command: ["sh"] + args: + - -c + - sleep 1000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/extra-deployments.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-everything-app-ingress-extra-redis-deployment-one + labels: + app: test-everything-app-ingress-extra-redis-deployment-one + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: 1 + selector: + matchLabels: + app: test-everything-app-ingress-extra-redis-deployment-one + release: test-everything-app + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + labels: + app: test-everything-app-ingress-extra-redis-deployment-one + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + serviceAccount: test-everything-app-ingress + enableServiceLinks: true + securityContext: + fsGroup: 1050 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-extra-redis-deployment-one" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-extra-redis-deployment-one" + image: "redis" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/extra-deployments.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-everything-app-ingress-extra-redis-deployment-two + labels: + app: test-everything-app-ingress-extra-redis-deployment-two + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: 1 + selector: + matchLabels: + app: test-everything-app-ingress-extra-redis-deployment-two + release: test-everything-app + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + labels: + app: test-everything-app-ingress-extra-redis-deployment-two + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + serviceAccount: test-everything-app-ingress + enableServiceLinks: true + securityContext: + fsGroup: 1050 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-extra-redis-deployment-two" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-extra-redis-deployment-two" + image: "redis" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithImageString + labels: + app: test-everything-app-ingress-statefulSetWithImageString + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: 1 + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithImageString + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithImageString + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: image string + resources: custom limits (limits.memory 256Mi, requests.cpu 200m, requests.memory + 128Mi) + labels: + app: test-everything-app-ingress-statefulSetWithImageString + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithImageString" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithImageString" + image: "myImageOne" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 256Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithImageDict + labels: + app: test-everything-app-ingress-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithImageDict + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithImageDict + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: full dictionary + labels: + app: test-everything-app-ingress-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithImageDict" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithImageDict" + image: "myImageTwo:myTagTwo" + + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithImageOnly + labels: + app: test-everything-app-ingress-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithImageOnly + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithImageOnly + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: dictionary with image only + labels: + app: test-everything-app-ingress-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithImageOnly" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithImageOnly" + image: "separateImageOnly" + + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithTagOnly + labels: + app: test-everything-app-ingress-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithTagOnly + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithTagOnly + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: dictionary with tag only (should use default image with custom tag) + labels: + app: test-everything-app-ingress-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithTagOnly" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithTagOnly" + image: "redis:separateTagOnly" + + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithEmptyImage + labels: + app: test-everything-app-ingress-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithEmptyImage + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithEmptyImage + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: empty dictionary (should use default) + labels: + app: test-everything-app-ingress-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithEmptyImage" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithEmptyImage" + image: "redis:7.2.1" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-ingress-statefulSetWithoutImageInfo + labels: + app: test-everything-app-ingress-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-ingress-statefulSetWithoutImageInfo + release: test-everything-app + serviceName: test-everything-app-ingress-statefulSetWithoutImageInfo + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: none included (should use default) + labels: + app: test-everything-app-ingress-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-ingress-statefulSetWithoutImageInfo" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-ingress-statefulSetWithoutImageInfo" + image: "redis:7.2.1" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/jobs.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: test-everything-app-ingress-job-example-job + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + someExtraAnnotation: annotationValueHere + jobExtraAnnotation: something +spec: + template: + metadata: + annotations: + checksum/test-everything-app-ingress-configmap: ee6fd293287f30c4bbbb35af39f9489c19a799017f46da2d4b635ebe7d4e3ad2 + checksum/test-everything-app-ingress-secret: 97d76c2d45f539fe00d1954df43c420cb95432d2f5ea1167809d1618939fda63 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + jobExtraAnnotation: something + spec: + serviceAccount: test-everything-app-ingress + enableServiceLinks: true + securityContext: + fsGroup: 1050 + restartPolicy: Never + containers: + - name: "test-everything-app-ingress-job-example-job" + image: "redis" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + backoffLimit: 0 +--- +# Source: k8ez/templates/cronjobs.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: test-everything-app-ingress-example-cronjob + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + spec: + serviceAccount: test-everything-app-ingress + enableServiceLinks: true + securityContext: + fsGroup: 1050 + containers: + - name: example-cronjob + image: "redis" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app-ingress + - secretRef: + name: test-everything-app-ingress + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + + restartPolicy: Never + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + + schedule: "30 * * * *" +--- +# Source: k8ez/templates/ingress-kubernetes.yaml +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: test-everything-app-ingress + labels: + app: test-everything-app-ingress + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 + annotations: + kubernetes.io/ingress.class: nginx +spec: + rules: + - host: example.local + http: + paths: + - path: / + backend: + serviceName: test-everything-app-ingress + servicePort: 80 diff --git a/tests/full-features-test.yaml b/tests/full-features-test.yaml index a94d36b4..96e88d57 100644 --- a/tests/full-features-test.yaml +++ b/tests/full-features-test.yaml @@ -6,10 +6,10 @@ metadata: name: test-everything-app labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: minAvailable: 50% selector: @@ -24,26 +24,42 @@ metadata: name: test-everything-app labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 --- # Source: k8ez/templates/secret.yaml apiVersion: v1 kind: Secret metadata: name: test-everything-app - labels: - app: test-everything-app - chart: k8ez-0.0.1 - release: test-everything-app - heritage: Helm - version: 0.0.1 + labels: + app: test-everything-app + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 type: Opaque -data: +data: SECRET: dmFsdWU= --- +# Source: k8ez/templates/configmap-files.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: all-yaml + labels: + app: test-everything-app + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +data: + example-file.yaml: |- + example-root: + example-key: exampleValue +--- # Source: k8ez/templates/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -51,24 +67,43 @@ metadata: name: test-everything-app labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 data: K8EZ: "YES" --- +# Source: k8ez/templates/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: test-everything-app-myvolumeclaim + labels: + app: test-everything-app + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 +spec: + accessModes: + - ReadWriteMany + storageClassName: default + resources: + requests: + storage: 50Gi +--- # Source: k8ez/templates/extra-deployments.yaml apiVersion: v1 kind: Service metadata: - name: abcde + name: test-everything-app-extra-redis-deployment-one labels: - app: abcde - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-one + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: type: ClusterIP ports: @@ -76,20 +111,20 @@ spec: targetPort: 4000 name: http selector: - app: abcde + app: test-everything-app-extra-redis-deployment-one release: test-everything-app --- # Source: k8ez/templates/extra-deployments.yaml apiVersion: v1 kind: Service metadata: - name: abcdf + name: test-everything-app-extra-redis-deployment-two labels: - app: abcdf - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-two + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: type: ClusterIP ports: @@ -97,7 +132,7 @@ spec: targetPort: 4000 name: http selector: - app: abcdf + app: test-everything-app-extra-redis-deployment-two release: test-everything-app --- # Source: k8ez/templates/service.yaml @@ -107,10 +142,10 @@ metadata: name: test-everything-app labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: type: ClusterIP ports: @@ -125,13 +160,118 @@ spec: apiVersion: v1 kind: Service metadata: - name: abcd + name: test-everything-app-statefulSetWithImageString + labels: + app: test-everything-app-statefulSetWithImageString + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-statefulSetWithImageString + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-statefulSetWithImageDict + labels: + app: test-everything-app-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-statefulSetWithImageDict + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-statefulSetWithImageOnly + labels: + app: test-everything-app-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-statefulSetWithImageOnly + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-statefulSetWithTagOnly + labels: + app: test-everything-app-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-statefulSetWithTagOnly + release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-statefulSetWithEmptyImage labels: - app: abcd - chart: k8ez-0.0.1 + app: test-everything-app-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + clusterIP: None + ports: + - port: 4000 + targetPort: 4000 + name: http + selector: + app: test-everything-app-statefulSetWithEmptyImage release: test-everything-app +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-everything-app-statefulSetWithoutImageInfo + labels: + app: test-everything-app-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: clusterIP: None ports: @@ -139,7 +279,8 @@ spec: targetPort: 4000 name: http selector: - app: abcd + app: test-everything-app-statefulSetWithoutImageInfo + release: test-everything-app --- # Source: k8ez/templates/deployment.yaml apiVersion: apps/v1 @@ -148,10 +289,10 @@ metadata: name: test-everything-app labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: replicas: 2 selector: @@ -161,17 +302,17 @@ spec: template: metadata: annotations: - checksum/test-everything-app-k8ez-configmap: bb54d952d07e66be7a9004707e400ab55feddf185858b8ed7767d13985581178 - checksum/test-everything-app-k8ez-secret: 12af56d0cc3bed959a9ea3e27ace6e0fa33375694e3aedbc1239618e8d27337b + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: - serviceAccount: test-everything-app enableServiceLinks: true securityContext: @@ -183,19 +324,19 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + - key: "app" operator: In values: - - test-everything-app - - key: release + - "test-everything-app" + - key: "release" operator: In values: - - test-everything-app + - "test-everything-app" topologyKey: kubernetes.io/hostname containers: - name: "test-everything-app" - image: "redis" - securityContext: + image: redis:7.2.1 + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -206,28 +347,22 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - + ports: + - containerPort: 80 command: ["sh"] - - args: + args: - -c - sleep 1000 envFrom: - - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app - ports: - - containerPort: 80 volumeMounts: - mountPath: /mount name: mydir - resources: limits: - cpu: 1000m memory: 512Mi requests: cpu: 200m @@ -242,33 +377,33 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: abcde + name: test-everything-app-extra-redis-deployment-one labels: - app: abcde - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-one + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: replicas: 1 selector: matchLabels: - app: abcde + app: test-everything-app-extra-redis-deployment-one release: test-everything-app template: metadata: annotations: - checksum/test-everything-app-k8ez-configmap: bb54d952d07e66be7a9004707e400ab55feddf185858b8ed7767d13985581178 - checksum/test-everything-app-k8ez-secret: 12af56d0cc3bed959a9ea3e27ace6e0fa33375694e3aedbc1239618e8d27337b - sidecar.istio.io/inject: "false" + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere labels: - app: abcde - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-one + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: - serviceAccount: test-everything-app enableServiceLinks: true securityContext: @@ -280,19 +415,20 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + - key: "app" operator: In values: - - abcde - - key: release + - "test-everything-app-extra-redis-deployment-one" + - key: "release" operator: In values: - - test-everything-app + - "test-everything-app" topologyKey: kubernetes.io/hostname containers: - - name: "abcde" + - name: "test-everything-app-extra-redis-deployment-one" image: "redis" - securityContext: + imagePullPolicy: Always + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -303,66 +439,70 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - + ports: + - containerPort: 4000 command: ["sh"] - - args: + args: - -c - sleep 1000 - env: - name: "ENVVAR" value: "value" envFrom: - - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app - ports: - - containerPort: 4000 volumeMounts: - - mountPath: /mount - name: mydir - + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi volumes: - - hostPath: - path: /var/local/aaa - type: DirectoryOrCreate - name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir --- # Source: k8ez/templates/extra-deployments.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: abcdf + name: test-everything-app-extra-redis-deployment-two labels: - app: abcdf - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-two + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: replicas: 1 selector: matchLabels: - app: abcdf + app: test-everything-app-extra-redis-deployment-two release: test-everything-app template: metadata: annotations: - checksum/test-everything-app-k8ez-configmap: bb54d952d07e66be7a9004707e400ab55feddf185858b8ed7767d13985581178 - checksum/test-everything-app-k8ez-secret: 12af56d0cc3bed959a9ea3e27ace6e0fa33375694e3aedbc1239618e8d27337b - sidecar.istio.io/inject: "false" + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere labels: - app: abcdf - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-extra-redis-deployment-two + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: - serviceAccount: test-everything-app enableServiceLinks: true securityContext: @@ -374,19 +514,20 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + - key: "app" operator: In values: - - abcdf - - key: release + - "test-everything-app-extra-redis-deployment-two" + - key: "release" operator: In values: - - test-everything-app + - "test-everything-app" topologyKey: kubernetes.io/hostname containers: - - name: "abcdf" + - name: "test-everything-app-extra-redis-deployment-two" image: "redis" - securityContext: + imagePullPolicy: Always + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -397,65 +538,73 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - + ports: + - containerPort: 4000 command: ["sh"] - - args: + args: - -c - sleep 1000 - env: - name: "ENVVAR" value: "value" envFrom: - - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app - ports: - - containerPort: 4000 volumeMounts: - - mountPath: /mount - name: mydir - + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi volumes: - - hostPath: - path: /var/local/aaa - type: DirectoryOrCreate - name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir --- # Source: k8ez/templates/statefulsets.yaml apiVersion: apps/v1 kind: StatefulSet metadata: - name: abcd + name: test-everything-app-statefulSetWithImageString labels: - app: abcd - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-statefulSetWithImageString + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: replicas: 1 selector: matchLabels: - app: abcd + app: test-everything-app-statefulSetWithImageString release: test-everything-app - serviceName: abcd + serviceName: test-everything-app-statefulSetWithImageString template: metadata: annotations: - checksum/test-everything-app-k8ez-configmap: bb54d952d07e66be7a9004707e400ab55feddf185858b8ed7767d13985581178 - checksum/test-everything-app-k8ez-secret: 12af56d0cc3bed959a9ea3e27ace6e0fa33375694e3aedbc1239618e8d27337b - sidecar.istio.io/inject: "false" + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: image string + resources: custom limits (limits.memory 256Mi, requests.cpu 200m, requests.memory + 128Mi) labels: - app: abcd - chart: k8ez-0.0.1 - release: test-everything-app + app: test-everything-app-statefulSetWithImageString + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + release: test-everything-app + version: 1.0.0 spec: enableServiceLinks: true securityContext: @@ -468,19 +617,20 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + - key: "app" operator: In values: - - abcd - - key: release + - "test-everything-app-statefulSetWithImageString" + - key: "release" operator: In values: - - test-everything-app + - "test-everything-app" topologyKey: kubernetes.io/hostname containers: - - name: abcd - image: "redis" - securityContext: + - name: "test-everything-app-statefulSetWithImageString" + image: "myImageOne" + imagePullPolicy: Always + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -491,60 +641,96 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - + ports: + - containerPort: 4000 command: ["sh"] - - args: + args: - -c - sleep 1000 - ports: - - containerPort: 4000 - env: - name: "ENVVAR" value: "value" envFrom: - - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app volumeMounts: - - mountPath: /mount - name: mydir - + - mountPath: /mount + name: mydir + resources: + limits: + memory: 256Mi volumes: - - hostPath: - path: /var/local/aaa - type: DirectoryOrCreate - name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir --- -# Source: k8ez/templates/jobs.yaml -apiVersion: batch/v1 -kind: Job +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet metadata: - name: hgu - - annotations: - - annotation: value - + name: test-everything-app-statefulSetWithImageDict + labels: + app: test-everything-app-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 spec: + replicas: + selector: + matchLabels: + app: test-everything-app-statefulSetWithImageDict + release: test-everything-app + serviceName: test-everything-app-statefulSetWithImageDict template: metadata: annotations: - sidecar.istio.io/inject: "false" + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: full dictionary + labels: + app: test-everything-app-statefulSetWithImageDict + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 spec: - - serviceAccount: test-everything-app enableServiceLinks: true securityContext: fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-statefulSetWithImageDict" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname containers: - - name: hgu - image: "redis" - securityContext: + - name: "test-everything-app-statefulSetWithImageDict" + image: "myImageTwo:myTagTwo" + + imagePullPolicy: + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -555,46 +741,460 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - - volumeMounts: - - mountPath: /mount - name: mydir - - command: ["sh"] - - args: - - -c - - sleep 1000 - - env: - - name: "ENVVAR" - value: "value" - envFrom: - + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app + - secretRef: + name: test-everything-app + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-statefulSetWithImageOnly + labels: + app: test-everything-app-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-statefulSetWithImageOnly + release: test-everything-app + serviceName: test-everything-app-statefulSetWithImageOnly + template: + metadata: + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: dictionary with image only + labels: + app: test-everything-app-statefulSetWithImageOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-statefulSetWithImageOnly" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-statefulSetWithImageOnly" + image: "separateImageOnly" + + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app + - secretRef: + name: test-everything-app + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-statefulSetWithTagOnly + labels: + app: test-everything-app-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-statefulSetWithTagOnly + release: test-everything-app + serviceName: test-everything-app-statefulSetWithTagOnly + template: + metadata: + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + annotationInfo: include global and extras + imageType: dictionary with tag only (should use default image with custom tag) + labels: + app: test-everything-app-statefulSetWithTagOnly + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-statefulSetWithTagOnly" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-statefulSetWithTagOnly" + image: "redis:separateTagOnly" + + imagePullPolicy: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-statefulSetWithEmptyImage + labels: + app: test-everything-app-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-statefulSetWithEmptyImage + release: test-everything-app + serviceName: test-everything-app-statefulSetWithEmptyImage + template: + metadata: + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: empty dictionary (should use default) + labels: + app: test-everything-app-statefulSetWithEmptyImage + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-statefulSetWithEmptyImage" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-statefulSetWithEmptyImage" + image: "redis:7.2.1" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app + - secretRef: + name: test-everything-app + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/statefulsets.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-everything-app-statefulSetWithoutImageInfo + labels: + app: test-everything-app-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 +spec: + replicas: + selector: + matchLabels: + app: test-everything-app-statefulSetWithoutImageInfo + release: test-everything-app + serviceName: test-everything-app-statefulSetWithoutImageInfo + template: + metadata: + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + annotationInfo: exclude global, include extras + imageType: none included (should use default) + labels: + app: test-everything-app-statefulSetWithoutImageInfo + chart: k8ez-1.0.0 + heritage: Helm + release: test-everything-app + version: 1.0.0 + spec: + enableServiceLinks: true + securityContext: + fsGroup: 1050 + terminationGracePeriodSeconds: 10 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "test-everything-app-statefulSetWithoutImageInfo" + - key: "release" + operator: In + values: + - "test-everything-app" + topologyKey: kubernetes.io/hostname + containers: + - name: "test-everything-app-statefulSetWithoutImageInfo" + image: "redis:7.2.1" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 4000 + envFrom: + - configMapRef: + name: test-everything-app + - secretRef: + name: test-everything-app + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir +--- +# Source: k8ez/templates/jobs.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: test-everything-app-job-example-job + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + someExtraAnnotation: annotationValueHere + jobExtraAnnotation: something +spec: + template: + metadata: + annotations: + checksum/test-everything-app-configmap: 0e663f4583951ab36dc7aecbef55a00c05ce2cee874bfce9593fd49a8139b850 + checksum/test-everything-app-secret: df3cf63a339c34203251c4cb7fed0216e0cf99ea374286b95c7100c3686ad038 + sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere + jobExtraAnnotation: something + spec: + serviceAccount: test-everything-app + enableServiceLinks: true + securityContext: + fsGroup: 1050 restartPolicy: Never + containers: + - name: "test-everything-app-job-example-job" + image: "redis" + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + command: ["sh"] + args: + - -c + - sleep 1000 + env: + - name: "ENVVAR" + value: "value" + envFrom: + - configMapRef: + name: test-everything-app + - secretRef: + name: test-everything-app + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi volumes: - - hostPath: - path: /var/local/aaa - type: DirectoryOrCreate - name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: mydir backoffLimit: 0 --- # Source: k8ez/templates/cronjobs.yaml apiVersion: batch/v1beta1 kind: CronJob metadata: - name: abc - labels: + name: test-everything-app-example-cronjob + labels: app: test-everything-app - chart: k8ez-0.0.1 release: test-everything-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: concurrencyPolicy: Forbid jobTemplate: @@ -603,16 +1203,17 @@ spec: metadata: annotations: sidecar.istio.io/inject: "false" + someExtraAnnotation: annotationValueHere spec: - serviceAccount: test-everything-app enableServiceLinks: true securityContext: fsGroup: 1050 containers: - - name: abc + - name: example-cronjob image: "redis" - securityContext: + imagePullPolicy: Always + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -623,31 +1224,56 @@ spec: runAsUser: 999 seccompProfile: type: RuntimeDefault - - volumeMounts: - - mountPath: /mount - name: mydir - command: ["sh"] - - args: + args: - -c - sleep 1000 - env: - name: "ENVVAR" value: "value" envFrom: - - configMapRef: name: test-everything-app - - secretRef: name: test-everything-app + volumeMounts: + - mountPath: /mount + name: mydir + resources: + limits: + memory: 512Mi + requests: + cpu: 200m + memory: 128Mi + restartPolicy: Never volumes: - hostPath: path: /var/local/aaa type: DirectoryOrCreate name: mydir + schedule: "30 * * * *" +--- +# Source: k8ez/templates/ingress-kubernetes.yaml +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: test-everything-app + labels: + app: test-everything-app + release: test-everything-app + chart: k8ez-1.0.0 + heritage: Helm + version: 1.0.0 + annotations: + kubernetes.io/ingress.class: nginx +spec: + rules: + - host: example.local + http: + paths: + - path: / + backend: + serviceName: test-everything-app + servicePort: 80 diff --git a/tests/simple-app-test.yaml b/tests/simple-app-test.yaml index af4f3dfb..863ce52e 100644 --- a/tests/simple-app-test.yaml +++ b/tests/simple-app-test.yaml @@ -3,25 +3,25 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: test-simple-app + name: test-simple-app-k8ez labels: - app: test-simple-app - chart: k8ez-0.0.1 + app: test-simple-app-k8ez release: test-simple-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 --- # Source: k8ez/templates/service.yaml apiVersion: v1 kind: Service metadata: - name: test-simple-app + name: test-simple-app-k8ez labels: - app: test-simple-app - chart: k8ez-0.0.1 + app: test-simple-app-k8ez release: test-simple-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: type: ClusterIP ports: @@ -29,25 +29,25 @@ spec: targetPort: 80 name: http selector: - app: test-simple-app + app: test-simple-app-k8ez release: test-simple-app --- # Source: k8ez/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: test-simple-app + name: test-simple-app-k8ez labels: - app: test-simple-app - chart: k8ez-0.0.1 + app: test-simple-app-k8ez release: test-simple-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: replicas: 1 selector: matchLabels: - app: test-simple-app + app: test-simple-app-k8ez release: test-simple-app template: metadata: @@ -56,14 +56,13 @@ spec: checksum/test-simple-app-k8ez-secret: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6 sidecar.istio.io/inject: "false" labels: - app: test-simple-app - chart: k8ez-0.0.1 + app: test-simple-app-k8ez release: test-simple-app + chart: k8ez-1.0.0 heritage: Helm - version: 0.0.1 + version: 1.0.0 spec: - - serviceAccount: test-simple-app + serviceAccount: test-simple-app-k8ez enableServiceLinks: true securityContext: fsGroup: 1050 @@ -74,19 +73,19 @@ spec: podAffinityTerm: labelSelector: matchExpressions: - - key: app + - key: "app" operator: In values: - - test-simple-app - - key: release + - "test-simple-app-k8ez" + - key: "release" operator: In values: - - test-simple-app + - "test-simple-app" topologyKey: kubernetes.io/hostname containers: - - name: "test-simple-app" - image: "redis" - securityContext: + - name: "test-simple-app-k8ez" + image: redis + securityContext: allowPrivilegeEscalation: false capabilities: drop: @@ -97,17 +96,10 @@ spec: runAsUser: 1050 seccompProfile: type: RuntimeDefault - - - envFrom: - - ports: - containerPort: 80 - resources: limits: - cpu: 1000m memory: 512Mi requests: cpu: 200m diff --git a/tests/template-tests.sh b/tests/template-tests.sh index e634ad1b..2c751215 100755 --- a/tests/template-tests.sh +++ b/tests/template-tests.sh @@ -5,3 +5,6 @@ helm template test-simple-app ../charts/k8ez --set-string image.image=redis --se # Template with a ton of features enabled echo "\n\n\n\n----------------------------- RUNNING TESTS WITH MANY CONFIGS ---------------------------------\n\n\n\n" helm template test-everything-app ../charts/k8ez --values everything.values.yaml -n default > full-features-test.yaml + +echo "\n\n\n\n----------------------------- RUNNING TESTS WITH MANY CONFIGS AND ISTIO ---------------------------------\n\n\n\n" +helm template test-everything-app ../charts/k8ez --values everything.values.yaml --set-string nameOverride=ingress-nameOverride --set-string fullnameOverride=test-everything-app-ingress --set-string ingress.k8sIngress.enabled=false --set-string ingress.istio.enabled=true --set-string ingress.istio.forceHttpRedirect=true -n default > full-features-istio-test.yaml