diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 411e603a..61cb89c9 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -32,7 +32,7 @@ jobs: - run: make -j verify - test-unit: + test: runs-on: ubuntu-latest timeout-minutes: 15 @@ -62,4 +62,4 @@ jobs: path: _bin/downloaded key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit - - run: make -j test-unit + - run: make -j test-unit test-helm diff --git a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml index e76573d9..f37e8a16 100644 --- a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml +++ b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml @@ -32,8 +32,23 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or .Values.http_proxy .Values.https_proxy .Values.no_proxy }} env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: POD_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName {{- with .Values.http_proxy }} - name: HTTP_PROXY value: {{ . }} @@ -46,7 +61,6 @@ spec: - name: NO_PROXY value: {{ . }} {{- end }} - {{- end }} {{- if not (empty .Values.command) }} command: {{- range .Values.command }} @@ -89,23 +103,6 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: POD_NODE - valueFrom: - fieldRef: - fieldPath: spec.nodeName {{- if .Values.metrics.enabled }} ports: - containerPort: 8081 diff --git a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml index e902c66d..73418755 100644 --- a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml +++ b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml @@ -77,9 +77,6 @@ tests: # Check the volumes and volumeMounts works correctly - it: Volumes and VolumeMounts added correctly - set: - config.organisation: test_org - config.cluster: test_cluster values: - ./values/custom-volumes.yaml asserts: @@ -102,3 +99,37 @@ tests: items: - key: cabundle path: ca-certificates.crt + + # Check proxy settings are additive not overriding and set to correct values. + # Values from our documentation: https://docs.venafi.cloud/vaas/k8s-components/c-vcp-network-requirements/#modifying-network-settings-for-kubernetes + - it: All environment variables present when all proxy settings are supplied + set: + http_proxy: "http://:" + https_proxy: "https://:" + no_proxy: "127.0.0.1,localhost,kubernetes.default.svc,kubernetes.default.svc.cluster.local" + template: deployment.yaml + asserts: + - isKind: + of: Deployment + - lengthEqual : + path: spec.template.spec.containers[0].env + count: 7 + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "NO_PROXY")].value + value: "127.0.0.1,localhost,kubernetes.default.svc,kubernetes.default.svc.cluster.local" + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "HTTPS_PROXY")].value + value: "https://:" + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "HTTP_PROXY")].value + value: "http://:" + + # Check no proxy settings are set when no proxy settings are provided + - it: Only default environment variables are set when no proxy settings are provided + template: deployment.yaml + asserts: + - isKind: + of: Deployment + - lengthEqual : + path: spec.template.spec.containers[0].env + count: 4 diff --git a/make/00_mod.mk b/make/00_mod.mk index 12db7df6..809069dd 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -53,3 +53,5 @@ endef golangci_lint_config := .golangci.yaml go_header_file := /dev/null + +include make/extra_tools.mk diff --git a/make/02_mod.mk b/make/02_mod.mk index 9ac846fe..7ebd45cf 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -52,3 +52,15 @@ shared_generate_targets += generate-crds-venconn ## @category Testing test-e2e-gke: ./hack/e2e/test.sh + +.PHONY: test-helm +## Run `helm unittest`. +## @category Testing +test-helm: | $(NEEDS_HELM-UNITTEST) + $(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ + +.PHONY: test-helm-snapshot +## Update the `helm unittest` snapshots. +## @category Testing +test-helm-snapshot: | $(NEEDS_HELM-UNITTEST) + $(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ -u diff --git a/make/extra_tools.mk b/make/extra_tools.mk new file mode 100644 index 00000000..639af1ed --- /dev/null +++ b/make/extra_tools.mk @@ -0,0 +1,6 @@ +ADDITIONAL_TOOLS := +ADDITIONAL_GO_DEPENDENCIES := + +# https://pkg.go.dev/github.com/helm-unittest/helm-unittest?tab=versions +ADDITIONAL_TOOLS += helm-unittest=v0.8.2 +ADDITIONAL_GO_DEPENDENCIES += helm-unittest=github.com/helm-unittest/helm-unittest/cmd/helm-unittest