From 32c4fd4519db9641614d5e7e29ba0a2bc891c81f Mon Sep 17 00:00:00 2001 From: Peter Fiddes Date: Wed, 18 Jun 2025 09:13:03 +0100 Subject: [PATCH 1/7] fix: Only provide one env key in deployment.yaml Signed-off-by: Peter Fiddes --- .../templates/deployment.yaml | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml index e76573d9..f39afc92 100644 --- a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml +++ b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml @@ -32,8 +32,24 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or .Values.http_proxy .Values.https_proxy .Values.no_proxy }} env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: POD_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if or .Values.http_proxy .Values.https_proxy .Values.no_proxy }} {{- with .Values.http_proxy }} - name: HTTP_PROXY value: {{ . }} @@ -89,23 +105,6 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: POD_NODE - valueFrom: - fieldRef: - fieldPath: spec.nodeName {{- if .Values.metrics.enabled }} ports: - containerPort: 8081 From 4b6be3491443806affaaecf26a3a7b0389b45237 Mon Sep 17 00:00:00 2001 From: Peter Fiddes Date: Wed, 18 Jun 2025 09:25:18 +0100 Subject: [PATCH 2/7] chore: Add two tests for env key and fix failing test for helm chart Signed-off-by: Peter Fiddes --- .../tests/deployment_test.yaml | 29 +++++++++++++++++-- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml index e902c66d..75904756 100644 --- a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml +++ b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml @@ -75,11 +75,11 @@ tests: path: spec.template.spec.containers[0].command content: notpreflight - # Check the volumes and volumeMounts works correctly + # Check the volumes and volumeMounts works correctly - FAILING - it: Volumes and VolumeMounts added correctly set: - config.organisation: test_org - config.cluster: test_cluster + # config.organisation: test_org -> Should be removed? + # config.cluster: test_cluster -> Should be config.clusterName? values: - ./values/custom-volumes.yaml asserts: @@ -102,3 +102,26 @@ tests: items: - key: cabundle path: ca-certificates.crt + + # Check proxy settings are additive not overriding + - it: All environment variables present when all proxy settings are supplied + set: + http_proxy: "http://testing.proxy" + no_proxy: "127.0.0.1,localhost" + https_proxy: "https://testing.proxy" + template: deployment.yaml + asserts: + - isKind: + of: Deployment + - lengthEqual : + path: spec.template.spec.containers[0].env + count: 7 + + - it: Only default environment variables are set when no proxy settings are provided + template: deployment.yaml + asserts: + - isKind: + of: Deployment + - lengthEqual : + path: spec.template.spec.containers[0].env + count: 4 From c5c4033b085d3d25b11f0575ff36760eba3e5a51 Mon Sep 17 00:00:00 2001 From: Peter Fiddes Date: Wed, 18 Jun 2025 10:49:19 +0100 Subject: [PATCH 3/7] chore: Add actual values of proxy settings from our documentation into existing test Signed-off-by: Peter Fiddes --- .../tests/deployment_test.yaml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml index 75904756..9a601d2e 100644 --- a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml +++ b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml @@ -103,12 +103,13 @@ tests: - key: cabundle path: ca-certificates.crt - # Check proxy settings are additive not overriding + # Check proxy settings are additive not overriding and set to correct values. + # Values from our documentation: https://docs.venafi.cloud/vaas/k8s-components/c-vcp-network-requirements/#modifying-network-settings-for-kubernetes - it: All environment variables present when all proxy settings are supplied set: - http_proxy: "http://testing.proxy" - no_proxy: "127.0.0.1,localhost" - https_proxy: "https://testing.proxy" + http_proxy: "http://:" + https_proxy: "https://:" + no_proxy: "127.0.0.1,localhost,kubernetes.default.svc,kubernetes.default.svc.cluster.local" template: deployment.yaml asserts: - isKind: @@ -116,7 +117,17 @@ tests: - lengthEqual : path: spec.template.spec.containers[0].env count: 7 + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "NO_PROXY")].value + value: "127.0.0.1,localhost,kubernetes.default.svc,kubernetes.default.svc.cluster.local" + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "HTTPS_PROXY")].value + value: "https://:" + - equal: + path: spec.template.spec.containers[0].env[?(@.name == "HTTP_PROXY")].value + value: "http://:" + # Check no proxy settings are set when no proxy settings are provided - it: Only default environment variables are set when no proxy settings are provided template: deployment.yaml asserts: From 37aad2f747bc9283c43abfd35bfd5d823ed726c9 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 18 Jun 2025 17:13:37 +0100 Subject: [PATCH 4/7] Run the Helm tests automatically Signed-off-by: Richard Wall --- .github/workflows/tests.yaml | 4 ++-- make/00_mod.mk | 2 ++ make/02_mod.mk | 12 ++++++++++++ make/extra_tools.mk | 6 ++++++ 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 make/extra_tools.mk diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 411e603a..61cb89c9 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -32,7 +32,7 @@ jobs: - run: make -j verify - test-unit: + test: runs-on: ubuntu-latest timeout-minutes: 15 @@ -62,4 +62,4 @@ jobs: path: _bin/downloaded key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit - - run: make -j test-unit + - run: make -j test-unit test-helm diff --git a/make/00_mod.mk b/make/00_mod.mk index 12db7df6..809069dd 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -53,3 +53,5 @@ endef golangci_lint_config := .golangci.yaml go_header_file := /dev/null + +include make/extra_tools.mk diff --git a/make/02_mod.mk b/make/02_mod.mk index 9ac846fe..7ebd45cf 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -52,3 +52,15 @@ shared_generate_targets += generate-crds-venconn ## @category Testing test-e2e-gke: ./hack/e2e/test.sh + +.PHONY: test-helm +## Run `helm unittest`. +## @category Testing +test-helm: | $(NEEDS_HELM-UNITTEST) + $(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ + +.PHONY: test-helm-snapshot +## Update the `helm unittest` snapshots. +## @category Testing +test-helm-snapshot: | $(NEEDS_HELM-UNITTEST) + $(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ -u diff --git a/make/extra_tools.mk b/make/extra_tools.mk new file mode 100644 index 00000000..639af1ed --- /dev/null +++ b/make/extra_tools.mk @@ -0,0 +1,6 @@ +ADDITIONAL_TOOLS := +ADDITIONAL_GO_DEPENDENCIES := + +# https://pkg.go.dev/github.com/helm-unittest/helm-unittest?tab=versions +ADDITIONAL_TOOLS += helm-unittest=v0.8.2 +ADDITIONAL_GO_DEPENDENCIES += helm-unittest=github.com/helm-unittest/helm-unittest/cmd/helm-unittest From a443ec88d427d93f17268468b79250494969302f Mon Sep 17 00:00:00 2001 From: Peter Fiddes Date: Thu, 19 Jun 2025 08:58:14 +0100 Subject: [PATCH 5/7] chore: Remove commented out values as not needed Signed-off-by: Peter Fiddes --- .../charts/venafi-kubernetes-agent/tests/deployment_test.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml index 9a601d2e..9fe4d6fc 100644 --- a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml +++ b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml @@ -77,9 +77,6 @@ tests: # Check the volumes and volumeMounts works correctly - FAILING - it: Volumes and VolumeMounts added correctly - set: - # config.organisation: test_org -> Should be removed? - # config.cluster: test_cluster -> Should be config.clusterName? values: - ./values/custom-volumes.yaml asserts: From fb1813cdd4a0d40b0f7067f4c161fa9e0a124661 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Thu, 19 Jun 2025 10:18:46 +0100 Subject: [PATCH 6/7] Update deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml Signed-off-by: Richard Wall --- .../charts/venafi-kubernetes-agent/tests/deployment_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml index 9fe4d6fc..73418755 100644 --- a/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml +++ b/deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml @@ -75,7 +75,7 @@ tests: path: spec.template.spec.containers[0].command content: notpreflight - # Check the volumes and volumeMounts works correctly - FAILING + # Check the volumes and volumeMounts works correctly - it: Volumes and VolumeMounts added correctly values: - ./values/custom-volumes.yaml From d40149be14121b86b4395f8c9fe6b8d3f8f10187 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Thu, 19 Jun 2025 10:36:59 +0100 Subject: [PATCH 7/7] Remove unnecessary `if` block around the Deployment env section Signed-off-by: Richard Wall --- deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml index f39afc92..f37e8a16 100644 --- a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml +++ b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml @@ -49,7 +49,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if or .Values.http_proxy .Values.https_proxy .Values.no_proxy }} {{- with .Values.http_proxy }} - name: HTTP_PROXY value: {{ . }} @@ -62,7 +61,6 @@ spec: - name: NO_PROXY value: {{ . }} {{- end }} - {{- end }} {{- if not (empty .Values.command) }} command: {{- range .Values.command }}