From 7debc23dcfcbda193d7505c10657c5268b671be3 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 17 Apr 2023 13:19:25 +0100 Subject: [PATCH 1/2] chore(helm): add unit tests for setting sa annotations --- helm/tests/chart_test.go | 4 + helm/tests/testdata/sa.golden | 165 ++++++++++++++++++++++++++++++++++ helm/tests/testdata/sa.yaml | 8 ++ 3 files changed, 177 insertions(+) create mode 100644 helm/tests/testdata/sa.golden create mode 100644 helm/tests/testdata/sa.yaml diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go index 8bcde97c4a46e..cc384ffca1b1e 100644 --- a/helm/tests/chart_test.go +++ b/helm/tests/chart_test.go @@ -36,6 +36,10 @@ var TestCases = []TestCase{ name: "tls", expectedError: "", }, + { + name: "sa", + expectedError: "", + }, } type TestCase struct { diff --git a/helm/tests/testdata/sa.golden b/helm/tests/testdata/sa.golden new file mode 100644 index 0000000000000..a6531600df4c7 --- /dev/null +++ b/helm/tests/testdata/sa.golden @@ -0,0 +1,165 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-service-account" + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["*"] +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder-service-account" +subjects: + - kind: ServiceAccount + name: "coder-service-account" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} + spec: + serviceAccountName: "coder-service-account" + restartPolicy: Always + terminationGracePeriodSeconds: 60 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - name: coder + image: "ghcr.io/coder/coder:latest" + imagePullPolicy: IfNotPresent + resources: + {} + lifecycle: + {} + env: + - name: CODER_HTTP_ADDRESS + value: "0.0.0.0:8080" + - name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 + - name: CODER_ACCESS_URL + value: "http://coder.default.svc.cluster.local" + # Used for inter-pod communication with high-availability. + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: "http://$(KUBE_POD_IP):8080" + + ports: + - name: "http" + containerPort: 8080 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + readinessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + livenessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + volumeMounts: [] + volumes: [] diff --git a/helm/tests/testdata/sa.yaml b/helm/tests/testdata/sa.yaml new file mode 100644 index 0000000000000..4e0c98c223ae1 --- /dev/null +++ b/helm/tests/testdata/sa.yaml @@ -0,0 +1,8 @@ +coder: + image: + tag: latest + serviceAccount: + name: coder-service-account + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account + workspacePerms: true From 33f34fa921793995665cb7487a916b3cbbc162bc Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 17 Apr 2023 13:37:13 +0100 Subject: [PATCH 2/2] chore(cli): also add test for labels / annotations / podLabels / podAnnotations --- helm/tests/chart_test.go | 4 + helm/tests/testdata/labels_annotations.golden | 171 ++++++++++++++++++ helm/tests/testdata/labels_annotations.yaml | 15 ++ 3 files changed, 190 insertions(+) create mode 100644 helm/tests/testdata/labels_annotations.golden create mode 100644 helm/tests/testdata/labels_annotations.yaml diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go index cc384ffca1b1e..ff8acc217ddda 100644 --- a/helm/tests/chart_test.go +++ b/helm/tests/chart_test.go @@ -40,6 +40,10 @@ var TestCases = []TestCase{ name: "sa", expectedError: "", }, + { + name: "labels_annotations", + expectedError: "", + }, } type TestCase struct { diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/tests/testdata/labels_annotations.golden new file mode 100644 index 0000000000000..f980dddf84b44 --- /dev/null +++ b/helm/tests/testdata/labels_annotations.golden @@ -0,0 +1,171 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder" + annotations: + {} + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["*"] +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + com.coder/label/baz: qux + com.coder/label/foo: bar + annotations: + com.coder/annotation/baz: qux + com.coder/annotation/foo: bar +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + com.coder/podLabel/baz: qux + com.coder/podLabel/foo: bar + annotations: + com.coder/podAnnotation/baz: qux + com.coder/podAnnotation/foo: bar + spec: + serviceAccountName: "coder" + restartPolicy: Always + terminationGracePeriodSeconds: 60 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - name: coder + image: "ghcr.io/coder/coder:latest" + imagePullPolicy: IfNotPresent + resources: + {} + lifecycle: + {} + env: + - name: CODER_HTTP_ADDRESS + value: "0.0.0.0:8080" + - name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 + - name: CODER_ACCESS_URL + value: "http://coder.default.svc.cluster.local" + # Used for inter-pod communication with high-availability. + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: "http://$(KUBE_POD_IP):8080" + + ports: + - name: "http" + containerPort: 8080 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + readinessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + livenessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + volumeMounts: [] + volumes: [] diff --git a/helm/tests/testdata/labels_annotations.yaml b/helm/tests/testdata/labels_annotations.yaml new file mode 100644 index 0000000000000..a7ddda708be79 --- /dev/null +++ b/helm/tests/testdata/labels_annotations.yaml @@ -0,0 +1,15 @@ +coder: + image: + tag: latest + annotations: + com.coder/annotation/foo: bar + com.coder/annotation/baz: qux + labels: + com.coder/label/foo: bar + com.coder/label/baz: qux + podAnnotations: + com.coder/podAnnotation/foo: bar + com.coder/podAnnotation/baz: qux + podLabels: + com.coder/podLabel/foo: bar + com.coder/podLabel/baz: qux