2b2b0dd2fa
Uses Values.injector.externalVaultAddr to control the vault address env variable and server yaml rendering. If injector.externalVaultAddr is empty, both the injector and vault are deployed, with the injector using the local vault. If injector.externalVaultAddr is not empty, only the injector is deployed, and it uses the vault at the address specified in injector.externalVaultAddr.
190 lines
6.4 KiB
Bash
Executable file
190 lines
6.4 KiB
Bash
Executable file
#!/usr/bin/env bats
|
|
|
|
load _helpers
|
|
|
|
@test "injector/deployment: default injector.enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "injector/deployment: enable with injector.enabled true" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "injector/deployment: disable with global.enabled" {
|
|
cd `chart_dir`
|
|
local actual=$( (helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'global.enabled=false' \
|
|
--set 'injector.enabled=true' \
|
|
. || echo "---") | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
@test "injector/deployment: image defaults to injector.image" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.image.repository=foo' \
|
|
--set 'injector.image.tag=1.2.3' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].image' | tee /dev/stderr)
|
|
[ "${actual}" = "foo:1.2.3" ]
|
|
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.image.repository=foo' \
|
|
--set 'injector.image.tag=1.2.3' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].image' | tee /dev/stderr)
|
|
[ "${actual}" = "foo:1.2.3" ]
|
|
}
|
|
|
|
@test "injector/deployment: default imagePullPolicy" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].imagePullPolicy' | tee /dev/stderr)
|
|
[ "${actual}" = "IfNotPresent" ]
|
|
}
|
|
|
|
@test "injector/deployment: default resources" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "injector/deployment: custom resources" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'injector.resources.requests.memory=256Mi' \
|
|
--set 'injector.resources.requests.cpu=250m' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
|
|
[ "${actual}" = "256Mi" ]
|
|
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'injector.resources.limits.memory=256Mi' \
|
|
--set 'injector.resources.limits.cpu=250m' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
|
|
[ "${actual}" = "256Mi" ]
|
|
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'injector.resources.requests.cpu=250m' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources.requests.cpu' | tee /dev/stderr)
|
|
[ "${actual}" = "250m" ]
|
|
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'injector.resources.limits.cpu=250m' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources.limits.cpu' | tee /dev/stderr)
|
|
[ "${actual}" = "250m" ]
|
|
}
|
|
|
|
@test "injector/deployment: manual TLS environment vars" {
|
|
cd `chart_dir`
|
|
local object=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.certs.secretName=foobar' \
|
|
--set 'injector.certs.certName=test.crt' \
|
|
--set 'injector.certs.keyName=test.key' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[4].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_TLS_CERT_FILE" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[4].value' | tee /dev/stderr)
|
|
[ "${actual}" = "/etc/webhook/certs/test.crt" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[5].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_TLS_KEY_FILE" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[5].value' | tee /dev/stderr)
|
|
[ "${actual}" = "/etc/webhook/certs/test.key" ]
|
|
}
|
|
|
|
@test "injector/deployment: auto TLS by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].volumeMounts | length' | tee /dev/stderr)
|
|
[ "${actual}" = "0" ]
|
|
|
|
local object=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[4].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_TLS_AUTO" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[5].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_TLS_AUTO_HOSTS" ]
|
|
}
|
|
|
|
@test "injector/deployment: with externalVaultAddr" {
|
|
cd `chart_dir`
|
|
local object=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--set 'injector.externalVaultAddr=http://vault-outside' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_VAULT_ADDR" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].value' | tee /dev/stderr)
|
|
[ "${actual}" = "http://vault-outside" ]
|
|
}
|
|
|
|
@test "injector/deployment: without externalVaultAddr" {
|
|
cd `chart_dir`
|
|
local object=$(helm template \
|
|
--show-only templates/injector-deployment.yaml \
|
|
--release-name not-external-test \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].name' | tee /dev/stderr)
|
|
[ "${actual}" = "AGENT_INJECT_VAULT_ADDR" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].value' | tee /dev/stderr)
|
|
[ "${actual}" = "http://not-external-test-vault.default.svc:8200" ]
|
|
}
|