Skip to content
Snippets Groups Projects
Commit f2c595fc authored by OZGCloud's avatar OZGCloud
Browse files

Merge pull request 'OZG-7021-info-client-helmchart' (#855) from... 

Merge pull request 'OZG-7021-info-client-helmchart' (#855) from OZG-7021-info-client-helmchart into master

Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/alfa/pulls/855


Reviewed-by: default avatarOZGCloud <ozgcloud@mgm-tp.com>
Reviewed-by: default avatarOZGCloud <ozgcloud@mgm-tp.com>
parents 7027df53 d0c707eb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 946 additions and 25 deletions
alfa-client/apps/info/Jenkinsfile
+ 75
25
View file @ f2c595fc
...@@ -35,8 +35,7 @@ pipeline { ...@@ -35,8 +35,7 @@ pipeline {
script { script {
FAILED_STAGE = env.STAGE_NAME FAILED_STAGE = env.STAGE_NAME
dir('alfa-client') { dir('alfa-client') {
sh 'echo "registry=https://nexus.ozg-sh.de/repository/npm-proxy" >> ~/.npmrc' withNPM(npmrcConfig: 'npm-nexus-auth') {
sh 'echo "//nexus.ozg-sh.de/:_auth=amVua2luczprTSFnNVUhMVQzNDZxWQ==" >> ~/.npmrc'
sh 'npm cache verify' sh 'npm cache verify'
sh 'npm install' sh 'npm install'
sh 'npx nx run info:test' sh 'npx nx run info:test'
...@@ -60,6 +59,57 @@ pipeline { ...@@ -60,6 +59,57 @@ pipeline {
} }
} }
} }
stage('Test, build and deploy info-client HelmChart') {
steps {
script {
FAILED_STAGE = env.STAGE_NAME
HELM_CHART_VERSION = generateHelmChartVersion()
dir('alfa-client/apps/info') {
sh "./run_helm_test.sh"
dir('src/main/helm') {
sh "helm package --version=${HELM_CHART_VERSION} ."
deployHelmChart(HELM_CHART_VERSION)
}
}
}
}
}
stage('Trigger Dev Rollout') {
when {
branch 'master'
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
cloneGitopsRepo()
setNewDevVersion()
pushDevGitopsRepo()
}
}
}
stage('Trigger Test rollout') {
when {
expression {
isReleaseBranch()
}
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
cloneGitopsRepo()
setNewTestVersion()
pushTestGitopsRepo()
}
}
}
}
post { post {
failure { failure {
script { script {
...@@ -71,7 +121,7 @@ pipeline { ...@@ -71,7 +121,7 @@ pipeline {
} }
} }
Boolean isReleaseBranch() { Boolean isReleaseBranch() {
return env.BRANCH_NAME == 'release-admin' return env.BRANCH_NAME == 'release-info'
} }
String generateImageTag() { String generateImageTag() {
...@@ -111,24 +161,24 @@ Void setNewTestVersion() { ...@@ -111,24 +161,24 @@ Void setNewTestVersion() {
Void setNewGitopsVersion(String environment) { Void setNewGitopsVersion(String environment) {
dir("gitops") { dir("gitops") {
def envFile = "${environment}/application/values/admin-client-values.yaml" def envFile = "${environment}/application/values/info-client-values.yaml"
def envVersions = readYaml file: envFile def envVersions = readYaml file: envFile
envVersions.admin_client.image.tag = IMAGE_TAG envVersions.info_client.image.tag = IMAGE_TAG
envVersions.admin_client.helm.version = HELM_CHART_VERSION envVersions.info_client.helm.version = HELM_CHART_VERSION
writeYaml file: envFile, data: envVersions, overwrite: true writeYaml file: envFile, data: envVersions, overwrite: true
if (hasValuesFileChanged(environment)) { if (hasValuesFileChanged(environment)) {
sh "git add ${envFile}" sh "git add ${envFile}"
sh "git commit -m 'jenkins rollout ${environment} admin_client version ${IMAGE_TAG}'" sh "git commit -m 'jenkins rollout ${environment} info-client version ${IMAGE_TAG}'"
} }
} }
} }
Boolean hasValuesFileChanged(String environment) { Boolean hasValuesFileChanged(String environment) {
return sh (script: "git status | grep '${environment}/application/values/admin-client-values.yaml'", returnStatus: true) == env.SH_SUCCESS_STATUS_CODE as Integer return sh (script: "git status | grep '${environment}/application/values/info-client-values.yaml'", returnStatus: true) == env.SH_SUCCESS_STATUS_CODE as Integer
} }
...@@ -161,10 +211,10 @@ String getPackagejsonVersion() { ...@@ -161,10 +211,10 @@ String getPackagejsonVersion() {
Void deployHelmChart(String helmChartVersion) { Void deployHelmChart(String helmChartVersion) {
withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]){ withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]){
if (isReleaseBranch()) { if (isReleaseBranch()) {
result = sh script: '''curl -u $USERNAME:$PASSWORD https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps -F file=@admin-client-'''+helmChartVersion+'''.tgz''', returnStdout: true result = sh script: '''curl -u $USERNAME:$PASSWORD https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps -F file=@info-client-'''+helmChartVersion+'''.tgz''', returnStdout: true
} }
else { else {
result = sh script: '''curl -u $USERNAME:$PASSWORD https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps-snapshot -F file=@admin-client-'''+helmChartVersion+'''.tgz''', returnStdout: true result = sh script: '''curl -u $USERNAME:$PASSWORD https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps-snapshot -F file=@info-client-'''+helmChartVersion+'''.tgz''', returnStdout: true
} }
if (result != '') { if (result != '') {
...@@ -192,9 +242,9 @@ Boolean isMasterBranch() { ...@@ -192,9 +242,9 @@ Boolean isMasterBranch() {
Void sendFailureMessage() { Void sendFailureMessage() {
def room = '' def room = ''
def data = """{"msgtype":"m.text", \ def data = """{"msgtype":"m.text", \
"body":"Admin-Client: Build Failed. Stage: ${FAILED_STAGE} Build-ID: ${env.BUILD_NUMBER} Link: ${BLUE_OCEAN_URL}", \ "body":"Info-Client: Build Failed. Stage: ${FAILED_STAGE} Build-ID: ${env.BUILD_NUMBER} Link: ${BLUE_OCEAN_URL}", \
"format": "org.matrix.custom.html", \ "format": "org.matrix.custom.html", \
"formatted_body":"Admin-Client: Build Failed. Stage: ${FAILED_STAGE} Build-ID: <a href='${BLUE_OCEAN_URL}'>${env.BUILD_NUMBER}</a>"}""" "formatted_body":"Info-Client: Build Failed. Stage: ${FAILED_STAGE} Build-ID: <a href='${BLUE_OCEAN_URL}'>${env.BUILD_NUMBER}</a>"}"""
if (isMasterBranch()) { if (isMasterBranch()) {
room = "!iQPAvQIiRwRpNOszjw:matrix.ozg-sh.de" room = "!iQPAvQIiRwRpNOszjw:matrix.ozg-sh.de"
......
alfa-client/apps/info/run_helm_test.sh 0 → 100755
+ 8
0
View file @ f2c595fc
#!/bin/sh
set -e
set -x
helm template ./src/main/helm/ -f src/test/helm-linter-values.yaml
helm lint -f src/test/helm-linter-values.yaml ./src/main/helm/
cd src/main/helm && helm unittest -f '../../test/helm/**/*test.yaml' .
\ No newline at end of file
alfa-client/apps/info/src/main/helm/Chart.yaml 0 → 100644
+ 4
0
View file @ f2c595fc
apiVersion: v1
name: info-client
version: 0.0.0-MANAGED-BY-JENKINS
description: A Helm chart for Info Client
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/_helpers.tpl 0 → 100644
+ 75
0
View file @ f2c595fc
{{/* vim: set filetype=mustache: */}}
{{/* error check 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
{{/* Namespace */}}
{{- define "app.namespace" -}}
{{- if gt (len (.Release.Namespace)) 63 -}}
{{- fail (printf ".Release.Namespace %s ist zu lang (max. 63 Zeichen)" .Release.Namespace) -}}
{{- end -}}
{{ printf "%s" .Release.Namespace }}
{{- end -}}
{{/* Chart: Name + Version */}}
{{- define "app.chart" -}}
{{- if gt (len (printf "%s-%s" .Chart.Name .Chart.Version)) 63 -}}
{{- fail (printf ".Chart.Name-.Chart.Version %s-%s ist zu lang (max. 63 Zeichen)" .Chart.Name .Chart.Version) -}}
{{- end -}}
{{ printf "%s-%s" .Chart.Name .Chart.Version }}
{{- end -}}
{{/* Managed-by -> On Helm, this value is always Helm */}}
{{- define "app.managedBy" -}}
{{- if gt (len (.Release.Service)) 63 -}}
{{- fail (printf ".Release.Service %s ist zu lang (max. 63 Zeichen)" .Release.Service) -}}
{{- end -}}
{{ printf "%s" .Release.Service }}
{{- end -}}
{{/* Default Labels: Helm recommended best-practice labels https://helm.sh/docs/chart_best_practices/labels/ */}}
{{- define "app.defaultLabels" }}
app.kubernetes.io/instance: info-client
app.kubernetes.io/managed-by: {{ include "app.managedBy" . }}
app.kubernetes.io/part-of: ozgcloud
app.kubernetes.io/version: {{ .Chart.Version }}
helm.sh/chart: {{ include "app.chart" . }}
{{- include "app.matchLabels" . }}
{{- end -}}
{{- define "app.matchLabels" }}
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- end -}}
{{- define "app.getBaseDomain" -}}
{{- required "baseDomain muss angegeben sein" .Values.baseDomain }}
{{- end -}}
{{- define "app.getCustomList" -}}
{{- with (.Values.env).customList -}}
{{- if kindIs "map" . -}}
{{ include "app.dictToList" . }}
{{- else if kindIs "slice" . -}}
{{ . | toYaml }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "app.dictToList" -}}
{{- $customList := list -}}
{{- range $key, $value := . -}}
{{- $customList = append $customList (dict "name" $key "value" $value) }}
{{- end -}}
{{- $customList | toYaml -}}
{{- end -}}
{{- define "app.getIngressTlsSecretName" -}}
{{- if (.Values.ingress).tlsSecretName -}}
{{ (.Values.ingress).tlsSecretName }}
{{- else -}}
{{ printf "%s-tls" .Release.Name }}
{{- end -}}
{{- end -}}
{{- define "app.getImageName" -}}
{{- required "image.name muss angegeben sein" .Values.image.name }}
{{- end -}}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/deployment.yaml 0 → 100644
+ 117
0
View file @ f2c595fc
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.defaultLabels" . | indent 4 }}
spec:
progressDeadlineSeconds: 600
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: 10
selector:
matchLabels:
{{- include "app.matchLabels" . | indent 6 }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
{{- include "app.defaultLabels" . | indent 8 }}
spec:
{{- if (.Values.serviceAccount).create }}
serviceAccountName: {{ (.Values.serviceAccount).name }}
{{- end }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
{{- include "app.matchLabels" . | indent 12 }}
containers:
- env:
{{- with include "app.getCustomList" . }}
{{ . | indent 8 }}
{{- end }}
image: "{{ .Values.image.repo }}/{{ include "app.getImageName" . }}:{{ .Values.image.tag }}"
imagePullPolicy: Always
name: info-client
ports:
- containerPort: 8080
name: 8080tcp
protocol: TCP
{{- if not .Values.disableMonitoring }}
- containerPort: 2091
name: metrics
protocol: TCP
{{- end }}
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
startupProbe:
failureThreshold: 10
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
{{- if .Values.enableLivenessProbe }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
{{- end }}
resources:
{{- with .Values.resources }}
{{ toYaml . | indent 10 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
{{- with (.Values.securityContext).runAsUser }}
runAsUser: {{ . }}
{{- end }}
{{- with (.Values.securityContext).runAsGroup }}
runAsGroup: {{ . }}
{{- end }}
{{- with (.Values.securityContext).capabilities }}
capabilities:
{{ toYaml . | indent 12 }}
{{- end }}
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
dnsConfig: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
{{- with .Values.hostAliases }}
hostAliases:
{{ toYaml . | indent 8 }}
{{- end }}
schedulerName: default-scheduler
{{- with .Values.podSecurityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 30
alfa-client/apps/info/src/main/helm/templates/ingress.yaml 0 → 100644
+ 37
0
View file @ f2c595fc
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
{{- with (.Values.ingress).annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- if not (.Values.ingress).disableDefaultCertManager }}
{{- if (.Values.ingress).useStagingCert }}
cert-manager.io/cluster-issuer: letsencrypt-staging
{{- else }}
cert-manager.io/cluster-issuer: letsencrypt-prod
{{- end }}
{{- end }}
name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }}
spec:
{{- if (.Values.ingress).className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
rules:
- http:
paths:
- backend:
service:
port:
number: 8080
name: {{ .Release.Name }}
path: '/'
pathType: Prefix
host: {{ include "app.getBaseDomain" . }}
{{- if not (.Values.ingress).skipTlsSecret }}
tls:
- hosts:
- {{ include "app.getBaseDomain" . }}
secretName: {{ include "app.getIngressTlsSecretName" . }}
{{- end }}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/network_policy.yaml 0 → 100644
+ 32
0
View file @ f2c595fc
{{- if not (.Values.networkPolicy).disabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: network-policy-info-client
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
{{- include "app.matchLabels" . | indent 6 }}
policyTypes:
- Ingress
ingress:
- ports:
- port: 8080
{{- if not .Values.disableMonitoring }}
- from:
- namespaceSelector:
matchLabels:
name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-user-workload-monitoring" }}
ports:
- protocol: TCP
port: 2019
{{- end }}
{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
{{- end }}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/service.yaml 0 → 100644
+ 20
0
View file @ f2c595fc
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.defaultLabels" . | indent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 8080
protocol: TCP
{{- if not .Values.disableMonitoring }}
- name: metrics
port: 2019
protocol: TCP
{{- end }}
selector:
{{- include "app.matchLabels" . | indent 4 }}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/service_account.yaml 0 → 100644
+ 7
0
View file @ f2c595fc
{{- if (.Values.serviceAccount).create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ (.Values.serviceAccount).name }}
namespace: {{ include "app.namespace" . }}
{{- end }}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/templates/service_monitor.yaml 0 → 100644
+ 19
0
View file @ f2c595fc
{{- if not .Values.disableMonitoring }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.defaultLabels" . | indent 4 }}
spec:
endpoints:
- port: metrics
path: /metrics
namespaceSelector:
matchNames:
- {{ include "app.namespace" . }}
selector:
matchLabels:
{{- include "app.matchLabels" . | indent 6 }}
{{- end }}
\ No newline at end of file
alfa-client/apps/info/src/main/helm/values.yaml 0 → 100644
+ 22
0
View file @ f2c595fc
image:
repo: docker.ozg-sh.de
name:
tag: latest
replicaCount: 1
resources:
limits:
cpu: 150m
memory: 150Mi
requests:
cpu: 50m
memory: 50Mi
baseDomain:
disableMonitoring:
serviceAccount:
create:
name: info-client-service-account
\ No newline at end of file
alfa-client/apps/info/src/test/helm-linter-values.yaml 0 → 100644
+ 4
0
View file @ f2c595fc
image:
name: info-client-test
baseDomain: static.dev.by.ozg-cloud.de
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_63_char_test.yaml 0 → 100644
+ 28
0
View file @ f2c595fc
suite: test _helpers functions less then 63 characters
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-client-by
tests:
- it: should fail on .Release.Namespace length longer than 63 characters
release:
namespace: test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
asserts:
- failedTemplate:
errorMessage: .Release.Namespace test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
- it: should not fail on .Release.Namespace length less than 63 characters
asserts:
- notFailedTemplate: {}
- it: should fail on .Chart.Name-.Chart.Version length longer than 63 characters
chart:
version: 1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
asserts:
- failedTemplate:
errorMessage: .Chart.Name-.Chart.Version info-client-1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
- it: should not fail on .Chart.Name-.Chart.Version length less than 63 characters
asserts:
- notFailedTemplate: {}
alfa-client/apps/info/src/test/helm/deployment_container_env_test.yaml 0 → 100644
+ 50
0
View file @ f2c595fc
suite: test deployment container envs
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-client-by
tests:
- it: check customList as list
set:
env:
customList:
- name: my_test_environment_name
value: "A test value"
- name: test_environment
value: "B test value"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: my_test_environment_name
value: "A test value"
- contains:
path: spec.template.spec.containers[0].env
content:
name: test_environment
value: "B test value"
- it: check customList as dict
set:
env:
customList:
my_test_environment_name: "A test value"
test_environment: "B test value"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: my_test_environment_name
value: "A test value"
- contains:
path: spec.template.spec.containers[0].env
content:
name: test_environment
value: "B test value"
- it: check env is empty by default
asserts:
- isEmpty:
path: spec.template.spec.containers[0].env
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_container_image_test.yaml 0 → 100644
+ 19
0
View file @ f2c595fc
suite: test deployment image
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
tests:
- it: should faile if image.name is not set
asserts:
- failedTemplate:
errorMessage: image.name muss angegeben sein
- it: should set image
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: docker.ozg-sh.de/info-client-by:latest
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_container_ports_test.yaml 0 → 100644
+ 32
0
View file @ f2c595fc
suite: test deployment container ports
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-client-by
tests:
- it: should have ports
asserts:
- equal:
path: spec.template.spec.containers[0].ports
value:
- containerPort: 8080
name: 8080tcp
protocol: TCP
- containerPort: 2091
name: metrics
protocol: TCP
- it: should not contain metrics ports if monitoring is disabled
set:
disableMonitoring: true
asserts:
- notContains:
path: spec.template.spec.containers[0].ports
content:
containerPort: 2091
name: metrics
protocol: TCP
any: true
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_container_probes_test.yaml 0 → 100644
+ 56
0
View file @ f2c595fc
suite: test deployment container probes
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-client-by
tests:
- it: should have readinessProbe
asserts:
- equal:
path: spec.template.spec.containers[0].readinessProbe
value:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
- it: should have startupProbe
asserts:
- equal:
path: spec.template.spec.containers[0].startupProbe
value:
failureThreshold: 10
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
- it: should not have livenessProbe
asserts:
- notExists:
path: spec.template.spec.containers[0].livenessProbe
- it: should have livenessProbe
set:
enableLivenessProbe: true
asserts:
- equal:
path: spec.template.spec.containers[0].livenessProbe
value:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_container_security_context_test.yaml 0 → 100644
+ 63
0
View file @ f2c595fc
suite: test deployment container security context
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-clinet-by
tests:
- it: check default values
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
value: false
- equal:
path: spec.template.spec.containers[0].securityContext.privileged
value: false
- equal:
path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
value: false
- equal:
path: spec.template.spec.containers[0].securityContext.runAsNonRoot
value: true
- isNull:
path: spec.template.spec.containers[0].securityContext.runAsUser
- isNull:
path: spec.template.spec.containers[0].securityContext.runAsGroup
- isNull:
path: spec.template.spec.containers[0].securityContext.capabilities
- it: check runAsUser
set:
securityContext.runAsUser: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsUser
value: 1000
- it: check runAsGroup
set:
securityContext.runAsGroup: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
value: 1000
- it: check fsGroup
set:
podSecurityContext.fsGroup: 1000
asserts:
- equal:
path: spec.template.spec.securityContext.fsGroup
value: 1000
- it: check capabilities
set:
securityContext:
capabilities:
drop:
- ALL
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.capabilities
value:
drop:
- ALL
\ No newline at end of file
alfa-client/apps/info/src/test/helm/deployment_container_test.yaml 0 → 100644
+ 164
0
View file @ f2c595fc
suite: test deployment container
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
tests:
- it: check customList as list
set:
image:
name: info-client-by
env:
customList:
- name: my_test_environment_name
value: "A test value"
- name: test_environment
value: "B test value"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: my_test_environment_name
value: "A test value"
- contains:
path: spec.template.spec.containers[0].env
content:
name: test_environment
value: "B test value"
- it: check customList as dict
set:
image:
name: info-client-by
env:
customList:
my_test_environment_name: "A test value"
test_environment: "B test value"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: my_test_environment_name
value: "A test value"
- contains:
path: spec.template.spec.containers[0].env
content:
name: test_environment
value: "B test value"
- it: check env is empty by default
set:
image:
name: info-client-by
asserts:
- isEmpty:
path: spec.template.spec.containers[0].env
- it: should faile if image.name is not set
asserts:
- failedTemplate:
errorMessage: image.name muss angegeben sein
- it: should set image
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: docker.ozg-sh.de/info-client-by:latest
- it: should have ports
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].ports
value:
- containerPort: 8080
name: 8080tcp
protocol: TCP
- containerPort: 2091
name: metrics
protocol: TCP
- it: should not contain metrics ports if monitoring is disabled
set:
image:
name: info-client-by
disableMonitoring: true
asserts:
- notContains:
path: spec.template.spec.containers[0].ports
content:
containerPort: 2091
name: metrics
protocol: TCP
any: true
- it: should have readinessProbe
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].readinessProbe
value:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
- it: should have startupProbe
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].startupProbe
value:
failureThreshold: 10
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
- it: should not have livenessProbe
set:
image:
name: info-client-by
asserts:
- notExists:
path: spec.template.spec.containers[0].livenessProbe
- it: should have livenessProbe
set:
image:
name: info-client-by
enableLivenessProbe: true
asserts:
- equal:
path: spec.template.spec.containers[0].livenessProbe
value:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
- it: should have defautl resources
set:
image:
name: info-client-by
asserts:
- equal:
path: spec.template.spec.containers[0].resources
value:
limits:
cpu: 150m
memory: 150Mi
requests:
cpu: 50m
memory: 50Mi
alfa-client/apps/info/src/test/helm/deployment_pod_test.yaml 0 → 100644
+ 114
0
View file @ f2c595fc
suite: test pod deployment
release:
name: info-client
namespace: by-helm-test
templates:
- templates/deployment.yaml
set:
image:
name: info-client-by
tests:
- it: validate kind
asserts:
- isKind:
of: Deployment
- it: validate apiVersion
asserts:
- isAPIVersion:
of: "apps/v1"
- it: validate default name
asserts:
- equal:
path: metadata.name
value: info-client
- it: validate default namespace
asserts:
- equal:
path: metadata.namespace
value: by-helm-test
- it: should have default labels
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/instance: info-client
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: ozgcloud
app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
helm.sh/chart: info-client-0.0.0-MANAGED-BY-JENKINS
app.kubernetes.io/name: info-client
app.kubernetes.io/namespace: by-helm-test
- it: should have default replicaCount
asserts:
- equal:
path: spec.replicas
value: 1
- it: should set replicaCount
set:
replicaCount: 2
asserts:
- equal:
path: spec.replicas
value: 2
- it: should have match labels
asserts:
- equal:
path: spec.selector.matchLabels
value:
app.kubernetes.io/name: info-client
app.kubernetes.io/namespace: by-helm-test
- it: template should have default labels
asserts:
- equal:
path: spec.template.metadata.labels
value:
app.kubernetes.io/instance: info-client
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: ozgcloud
app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
helm.sh/chart: info-client-0.0.0-MANAGED-BY-JENKINS
app.kubernetes.io/name: info-client
app.kubernetes.io/namespace: by-helm-test
- it: topologySpreadConstraints should have default matchLabels
asserts:
- equal:
path: spec.template.spec.topologySpreadConstraints[0].labelSelector.matchLabels
value:
app.kubernetes.io/name: info-client
app.kubernetes.io/namespace: by-helm-test
- it: should not set hostAliases
asserts:
- isNull:
path: spec.template.spec.hostAliases
- it: should set hostAliases
set:
hostAliases:
- ip: "127.0.0.1"
hostname:
- "eins"
- "zwei"
asserts:
- contains:
path: spec.template.spec.hostAliases
content:
ip: "127.0.0.1"
hostname:
- "eins"
- "zwei"
- it: should not set pod securityContext
asserts:
- isNull:
path: spec.template.spec.securityContext
- it: should set pod securityContext
set:
podSecurityContext:
capabilities:
drop:
- ALL
asserts:
- equal:
path: spec.template.spec.securityContext.capabilities
value:
drop:
- ALL
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit