Add tests for ACM annotation setting backend protocol

gravitational · Mar 22, 2022 · 4f94a12 · 4f94a12
1 parent b8d0b02
commit 4f94a12
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 0 deletions.
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/service_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/service_test.yaml.snap
@@ -118,6 +118,84 @@ sets AWS annotations when chartMode=aws:
       selector:
         app: RELEASE-NAME
       type: LoadBalancer
+sets AWS backend protocol annotation to ssl when in AWS mode and ACM annotation is set:
+  1: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:1234567890:certificate/a857a76c-51d0-4d3d-8000-465bb3e9829b
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      labels:
+        app: RELEASE-NAME
+      name: RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      ports:
+      - name: https
+        port: 443
+        protocol: TCP
+        targetPort: 3080
+      - name: sshproxy
+        port: 3023
+        protocol: TCP
+        targetPort: 3023
+      - name: k8s
+        port: 3026
+        protocol: TCP
+        targetPort: 3026
+      - name: sshtun
+        port: 3024
+        protocol: TCP
+        targetPort: 3024
+      - name: mysql
+        port: 3036
+        protocol: TCP
+        targetPort: 3036
+      selector:
+        app: RELEASE-NAME
+      type: LoadBalancer
+sets AWS backend protocol annotation to tcp when in AWS mode and ACM annotation is not set:
+  1: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      labels:
+        app: RELEASE-NAME
+      name: RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      ports:
+      - name: https
+        port: 443
+        protocol: TCP
+        targetPort: 3080
+      - name: sshproxy
+        port: 3023
+        protocol: TCP
+        targetPort: 3023
+      - name: k8s
+        port: 3026
+        protocol: TCP
+        targetPort: 3026
+      - name: sshtun
+        port: 3024
+        protocol: TCP
+        targetPort: 3024
+      - name: mysql
+        port: 3036
+        protocol: TCP
+        targetPort: 3036
+      selector:
+        app: RELEASE-NAME
+      type: LoadBalancer
 sets service annotations when specified:
   1: |
     apiVersion: v1

diff --git a/examples/chart/teleport-cluster/tests/service_test.yaml b/examples/chart/teleport-cluster/tests/service_test.yaml
@@ -90,3 +90,26 @@ tests:
             targetPort: 27017
             protocol: TCP
       - matchSnapshot: {}
+
+  - it: sets AWS backend protocol annotation to ssl when in AWS mode and ACM annotation is set
+    values:
+      - ../.lint/aws-ha.yaml
+    set:
+      annotations:
+        service:
+          service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:1234567890:certificate/a857a76c-51d0-4d3d-8000-465bb3e9829b
+          service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
+    asserts:
+      - equal:
+          path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
+          value: ssl
+      - matchSnapshot: {}
+
+  - it: sets AWS backend protocol annotation to tcp when in AWS mode and ACM annotation is not set
+    values:
+      - ../.lint/aws-ha.yaml
+    asserts:
+      - equal:
+          path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
+          value: tcp
+      - matchSnapshot: {}