chore(helm): add unit tests for setting labels / annotations on serviceaccount / deployment / pod (#7156)

johnstcn · web-flow · commit 25c1e45930c2 · 2023-04-17T16:49:25.000+01:00
* chore(helm): add unit tests for setting sa annotations

* chore(cli): also add test for labels / annotations / podLabels / podAnnotations
diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go
@@ -36,6 +36,14 @@ var TestCases = []TestCase{
 		name:          "tls",
 		expectedError: "",
 	},
+	{
+		name:          "sa",
+		expectedError: "",
+	},
+	{
+		name:          "labels_annotations",
+		expectedError: "",
+	},
 }
 
 type TestCase struct {
diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/tests/testdata/labels_annotations.golden
@@ -0,0 +1,171 @@
+---
+# Source: coder/templates/coder.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "coder"
+  annotations: 
+    {}
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-workspace-perms
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["*"]
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "coder"
+subjects:
+  - kind: ServiceAccount
+    name: "coder"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-workspace-perms
+---
+# Source: coder/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    {}
+spec:
+  type: LoadBalancer
+  sessionAffinity: ClientIP
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: "http"
+      protocol: TCP
+  externalTrafficPolicy: "Cluster"
+  selector:
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+---
+# Source: coder/templates/coder.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+    com.coder/label/baz: qux
+    com.coder/label/foo: bar
+  annotations: 
+    com.coder/annotation/baz: qux
+    com.coder/annotation/foo: bar
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: coder
+      app.kubernetes.io/instance: release-name
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: coder-0.1.0
+        app.kubernetes.io/name: coder
+        app.kubernetes.io/instance: release-name
+        app.kubernetes.io/part-of: coder
+        app.kubernetes.io/version: "0.1.0"
+        app.kubernetes.io/managed-by: Helm
+        com.coder/podLabel/baz: qux
+        com.coder/podLabel/foo: bar
+      annotations:
+        com.coder/podAnnotation/baz: qux
+        com.coder/podAnnotation/foo: bar
+    spec:
+      serviceAccountName: "coder"
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/instance
+                  operator: In
+                  values:
+                  - coder
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+        - name: coder
+          image: "ghcr.io/coder/coder:latest"
+          imagePullPolicy: IfNotPresent
+          resources:
+            {}
+          lifecycle:
+            {}
+          env:
+            - name: CODER_HTTP_ADDRESS
+              value: "0.0.0.0:8080"
+            - name: CODER_PROMETHEUS_ADDRESS
+              value: "0.0.0.0:2112"
+            # Set the default access URL so a `helm apply` works by default.
+            # See: https://github.com/coder/coder/issues/5024
+            - name: CODER_ACCESS_URL
+              value: "http://coder.default.svc.cluster.local"
+            # Used for inter-pod communication with high-availability.
+            - name: KUBE_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CODER_DERP_SERVER_RELAY_URL
+              value: "http://$(KUBE_POD_IP):8080"
+            
+          ports:
+            - name: "http"
+              containerPort: 8080
+              protocol: TCP
+          securityContext: 
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: null
+            runAsGroup: 1000
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          readinessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          livenessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          volumeMounts: []
+      volumes: []
diff --git a/helm/tests/testdata/labels_annotations.yaml b/helm/tests/testdata/labels_annotations.yaml
@@ -0,0 +1,15 @@
+coder:
+  image:
+    tag: latest
+  annotations:
+    com.coder/annotation/foo: bar
+    com.coder/annotation/baz: qux
+  labels:
+    com.coder/label/foo: bar
+    com.coder/label/baz: qux
+  podAnnotations:
+    com.coder/podAnnotation/foo: bar
+    com.coder/podAnnotation/baz: qux
+  podLabels:
+    com.coder/podLabel/foo: bar
+    com.coder/podLabel/baz: qux
diff --git a/helm/tests/testdata/sa.golden b/helm/tests/testdata/sa.golden
@@ -0,0 +1,165 @@
+---
+# Source: coder/templates/coder.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "coder-service-account"
+  annotations: 
+    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-workspace-perms
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["*"]
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "coder-service-account"
+subjects:
+  - kind: ServiceAccount
+    name: "coder-service-account"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-workspace-perms
+---
+# Source: coder/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    {}
+spec:
+  type: LoadBalancer
+  sessionAffinity: ClientIP
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: "http"
+      protocol: TCP
+  externalTrafficPolicy: "Cluster"
+  selector:
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+---
+# Source: coder/templates/coder.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations: 
+    {}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: coder
+      app.kubernetes.io/instance: release-name
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: coder-0.1.0
+        app.kubernetes.io/name: coder
+        app.kubernetes.io/instance: release-name
+        app.kubernetes.io/part-of: coder
+        app.kubernetes.io/version: "0.1.0"
+        app.kubernetes.io/managed-by: Helm
+      annotations:
+        {}
+    spec:
+      serviceAccountName: "coder-service-account"
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/instance
+                  operator: In
+                  values:
+                  - coder
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+        - name: coder
+          image: "ghcr.io/coder/coder:latest"
+          imagePullPolicy: IfNotPresent
+          resources:
+            {}
+          lifecycle:
+            {}
+          env:
+            - name: CODER_HTTP_ADDRESS
+              value: "0.0.0.0:8080"
+            - name: CODER_PROMETHEUS_ADDRESS
+              value: "0.0.0.0:2112"
+            # Set the default access URL so a `helm apply` works by default.
+            # See: https://github.com/coder/coder/issues/5024
+            - name: CODER_ACCESS_URL
+              value: "http://coder.default.svc.cluster.local"
+            # Used for inter-pod communication with high-availability.
+            - name: KUBE_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CODER_DERP_SERVER_RELAY_URL
+              value: "http://$(KUBE_POD_IP):8080"
+            
+          ports:
+            - name: "http"
+              containerPort: 8080
+              protocol: TCP
+          securityContext: 
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: null
+            runAsGroup: 1000
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          readinessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          livenessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          volumeMounts: []
+      volumes: []
diff --git a/helm/tests/testdata/sa.yaml b/helm/tests/testdata/sa.yaml
@@ -0,0 +1,8 @@
+coder:
+  image:
+    tag: latest
+  serviceAccount:
+    name: coder-service-account
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account
+    workspacePerms: true
