diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml index a7bcf8d86..e69ba72ef 100644 --- a/templates/injector-deployment.yaml +++ b/templates/injector-deployment.yaml @@ -140,12 +140,6 @@ spec: periodSeconds: 2 successThreshold: 1 timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} {{- if .Values.injector.certs.secretName }} volumes: - name: webhook-certs diff --git a/templates/tests/server-test.yaml b/templates/tests/server-test.yaml index 7c8bab61d..56dbee78c 100644 --- a/templates/tests/server-test.yaml +++ b/templates/tests/server-test.yaml @@ -1,10 +1,6 @@ -<<<<<<< HEAD {{ template "vault.mode" . }} {{- if ne .mode "external" }} {{- if .serverEnabled -}} -======= -{{- if .Values.server.enabled }} ->>>>>>> c4ab664 (feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)) apiVersion: v1 kind: Pod metadata: @@ -13,10 +9,7 @@ metadata: annotations: "helm.sh/hook": test spec: -<<<<<<< HEAD {{- include "imagePullSecrets" . | nindent 2 }} -======= ->>>>>>> c4ab664 (feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)) containers: - name: {{ .Release.Name }}-server-test image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} @@ -24,10 +17,7 @@ spec: env: - name: VAULT_ADDR value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} -<<<<<<< HEAD {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} -======= ->>>>>>> c4ab664 (feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)) command: - /bin/sh - -c @@ -48,7 +38,6 @@ spec: fi exit 0 -<<<<<<< HEAD volumeMounts: {{- if .Values.server.volumeMounts }} {{- toYaml .Values.server.volumeMounts | nindent 8}} @@ -60,8 +49,3 @@ spec: restartPolicy: Never {{- end }} {{- end }} -======= - - restartPolicy: Never -{{- end }} ->>>>>>> c4ab664 (feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)) diff --git a/test/acceptance/csi.bats b/test/acceptance/csi.bats index c6f53b5ae..0973043a2 100644 --- a/test/acceptance/csi.bats +++ b/test/acceptance/csi.bats @@ -2,7 +2,15 @@ load _helpers +check_skip_csi() { + if [ ! -z ${SKIP_CSI} ]; then + skip "Skipping CSI tests" + fi +} + @test "csi: testing deployment" { + check_skip_csi + cd `chart_dir` kubectl delete namespace acceptance --ignore-not-found=true kubectl create namespace acceptance @@ -49,6 +57,8 @@ load _helpers # Clean up teardown() { + check_skip_csi + if [[ ${CLEANUP:-true} == "true" ]] then echo "helm/pvc teardown" diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index 0da308b67..59c08f248 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -53,6 +53,29 @@ load _helpers [ "${actual}" = "true" ] } +# priorityClassName + +@test "csi/daemonset: priorityClassName not set by default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set "csi.enabled=true" \ + . | tee /dev/stderr | + yq '.spec.template.spec | .priorityClassName? == null' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "csi/daemonset: priorityClassName can be set" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.priorityClassName=armaggeddon' \ + --set "csi.enabled=true" \ + . | tee /dev/stderr | + yq '.spec.template.spec | .priorityClassName == "armaggeddon"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + # serviceAccountName reference name @test "csi/daemonset: serviceAccountName reference name" { cd `chart_dir` diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats index 9d2271c46..6c21e40dd 100755 --- a/test/unit/injector-deployment.bats +++ b/test/unit/injector-deployment.bats @@ -913,7 +913,6 @@ EOF yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr) [ "${value}" = "false" ] } - @test "injector/deployment: agent default template_config.static_secret_render_interval" { cd `chart_dir` local object=$(helm template \ diff --git a/test/unit/injector-disruptionbudget.bats b/test/unit/injector-disruptionbudget.bats index 2f8f50aea..16c43e742 100755 --- a/test/unit/injector-disruptionbudget.bats +++ b/test/unit/injector-disruptionbudget.bats @@ -51,4 +51,4 @@ load _helpers . | tee /dev/stderr | yq '.apiVersion == "policy/v1"' | tee /dev/stderr) [ "${actual}" = "true" ] -} \ No newline at end of file +} diff --git a/test/unit/server-ha-disruptionbudget.bats b/test/unit/server-ha-disruptionbudget.bats index c98bc660d..bd71ca241 100755 --- a/test/unit/server-ha-disruptionbudget.bats +++ b/test/unit/server-ha-disruptionbudget.bats @@ -120,4 +120,4 @@ load _helpers . | tee /dev/stderr | yq '.apiVersion == "policy/v1"' | tee /dev/stderr) [ "${actual}" = "true" ] -} \ No newline at end of file +} diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats index 51b1a3021..1daea2684 100755 --- a/test/unit/server-route.bats +++ b/test/unit/server-route.bats @@ -179,3 +179,41 @@ load _helpers yq -r '.spec.tls.insecureEdgeTerminationPolicy' | tee /dev/stderr) [ "${actual}" = "Redirect" ] } + +@test "server/route: OpenShift - route termination mode set to default passthrough" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.tls.termination' | tee /dev/stderr) + [ "${actual}" = "passthrough" ] +} + +@test "server/route: OpenShift - route termination mode set to edge" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --set 'server.route.tls.termination=edge' \ + . | tee /dev/stderr | + yq -r '.spec.tls.termination' | tee /dev/stderr) + [ "${actual}" = "edge" ] +} + +@test "server/route: OpenShift - route custom tls entry" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --set 'server.route.tls.insecureEdgeTerminationPolicy=Redirect' \ + . | tee /dev/stderr | + yq -r '.spec.tls.insecureEdgeTerminationPolicy' | tee /dev/stderr) + [ "${actual}" = "Redirect" ] +} diff --git a/values.schema.json b/values.schema.json index c18395700..72573fc51 100644 --- a/values.schema.json +++ b/values.schema.json @@ -53,6 +53,9 @@ } } }, + "priorityClassName": { + "type": "string" + }, "debug": { "type": "boolean" }, @@ -364,6 +367,9 @@ "podDisruptionBudget": { "type": "object" }, + "podDisruptionBudget": { + "type": "object" + }, "port": { "type": "integer" },