Skip to content

Commit 8f3f15a

Browse files
[gitops-operator] move crds to tempates, change cluster wide naming and add tests (#87)
* move crds and change sa name * change cluster wide names,split resources and add tests
1 parent 3ea34ee commit 8f3f15a

File tree

11 files changed

+316
-10
lines changed

11 files changed

+316
-10
lines changed

charts/gitops-runtime/templates/_components/gitops-operator/_all_resources.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{{- define "gitops-operator.resources" }}
22
---
3-
{{ include "gitops-operator.resources.deployment" . }}
3+
{{ include "gitops-operator.resources.deployment" . }} #
44
---
55
{{ include "gitops-operator.resources.rbac" . }}
66
---
@@ -11,4 +11,6 @@
1111
{{ include "gitops-operator.resources.restricted_git_source_rbac" . }}
1212
---
1313
{{ include "gitops-operator.resources.sa" .}}
14+
---
15+
{{- include "gitops-operator.crds.restricted-gitsource" . }} #
1416
{{- end }}

charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ spec:
5050
securityContext:
5151
{{- toYaml .Values.securityContext | nindent 12 }}
5252
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
53+
{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" .Values.env | nindent 8 }}
5354
imagePullPolicy: {{ .Values.image.pullPolicy }}
5455
command:
5556
- /manager

charts/gitops-runtime/templates/_components/gitops-operator/_rbac.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ kind: ClusterRole
55
metadata:
66
labels:
77
{{- include "gitops-operator.selectorLabels" . | nindent 4 }}
8-
name: controller-manager
8+
name: codefresh-gitops-operator
99
rules:
1010
- apiGroups:
1111
- argoproj.io
@@ -51,11 +51,11 @@ kind: ClusterRoleBinding
5151
metadata:
5252
labels:
5353
{{- include "gitops-operator.selectorLabels" . | nindent 4 }}
54-
name: controller-manager
54+
name: codefresh-gitops-operator
5555
roleRef:
5656
apiGroup: rbac.authorization.k8s.io
5757
kind: ClusterRole
58-
name: controller-manager
58+
name: codefresh-gitops-operator
5959
subjects:
6060
- kind: ServiceAccount
6161
name: {{ include "gitops-operator.serviceAccountName" . }}

charts/gitops-runtime/crds/gitops-operator/csdp.codefresh.io_restrictedgitsources.yaml renamed to charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,22 @@
1-
---
1+
{{- define "gitops-operator.crds.restricted-gitsource" }}
2+
{{- if .Values.crds.install }}
23
apiVersion: apiextensions.k8s.io/v1
34
kind: CustomResourceDefinition
45
metadata:
56
name: restrictedgitsources.csdp.codefresh.io
7+
annotations:
8+
{{- if .Values.crds.keep }}
9+
"helm.sh/resource-policy": keep
10+
{{- end }}
11+
{{- with .Values.crds.annotations }}
12+
{{- toYaml . | nindent 4 }}
13+
{{- end }}
14+
labels:
15+
app.kubernetes.io/name: restrictedgitsources.csdp.codefresh.io
16+
app.kubernetes.io/part-of: gitops-operator
17+
{{- with .Values.crds.additionalLabels }}
18+
{{- toYaml . | nindent 4}}
19+
{{- end }}
620
spec:
721
group: csdp.codefresh.io
822
names:
@@ -507,3 +521,5 @@ spec:
507521
storage: true
508522
subresources:
509523
status: {}
524+
{{- end }}
525+
{{- end }}

charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ kind: ClusterRole
55
metadata:
66
labels:
77
{{- include "gitops-operator.selectorLabels" . | nindent 4 }}
8-
name: proxy
8+
name: codefresh-gitops-operator-proxy
99
rules:
1010
- apiGroups:
1111
- authentication.k8s.io
@@ -25,11 +25,11 @@ kind: ClusterRoleBinding
2525
metadata:
2626
labels:
2727
{{- include "gitops-operator.selectorLabels" . | nindent 4 }}
28-
name: proxy
28+
name: codefresh-gitops-operator-proxy
2929
roleRef:
3030
apiGroup: rbac.authorization.k8s.io
3131
kind: ClusterRole
32-
name: proxy
32+
name: codefresh-gitops-operator-proxy
3333
subjects:
3434
- kind: ServiceAccount
3535
name: {{ include "gitops-operator.serviceAccountName" . }}
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{{- $gitopsOperatorContext := deepCopy . }}
2+
{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }}
3+
{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }}
4+
5+
{{- include "gitops-operator.crds.restricted-gitsource" $gitopsOperatorContext }}
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
{{- $gitopsOperatorContext := deepCopy . }}
2+
{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }}
3+
{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }}
4+
5+
{{- include "gitops-operator.resources.deployment" $gitopsOperatorContext }}
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
{{- $gitopsOperatorContext := deepCopy . }}
2+
{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }}
3+
{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }}
4+
{{- include "gitops-operator.resources.rbac" $gitopsOperatorContext }}
5+
---
6+
{{- include "gitops-operator.resources.auth_proxy_rbac" $gitopsOperatorContext }}
7+
---
8+
{{- include "gitops-operator.resources.leader_election_rbac" $gitopsOperatorContext }}
9+
---
10+
{{- include "gitops-operator.resources.restricted_git_source_rbac" $gitopsOperatorContext }}

charts/gitops-runtime/templates/gitops-operator/all_resources.yaml renamed to charts/gitops-runtime/templates/gitops-operator/sa.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,4 @@
22
{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }}
33
{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }}
44

5-
{{- include "gitops-operator.resources" $gitopsOperatorContext }}
5+
{{ include "gitops-operator.resources.sa" $gitopsOperatorContext }}
Lines changed: 238 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,238 @@
1+
suite: misc tests on gitops-operator templates generation
2+
templates:
3+
- gitops-operator/deployment.yaml
4+
- gitops-operator/sa.yaml
5+
- gitops-operator/rbac.yaml
6+
tests:
7+
- it: override both images works
8+
template: 'gitops-operator/deployment.yaml'
9+
set:
10+
gitops-operator:
11+
image:
12+
repository: example.com/repo
13+
tag: 0.0.1
14+
kube-rbac-proxy:
15+
image:
16+
repository: example.com/repo
17+
tag: 0.0.1
18+
asserts:
19+
- equal:
20+
path: spec.template.spec.containers[0].image
21+
value: example.com/repo:0.0.1
22+
- equal:
23+
path: spec.template.spec.containers[1].image
24+
value: example.com/repo:0.0.1
25+
26+
- it: override service account name - sa object
27+
template: 'gitops-operator/sa.yaml'
28+
values:
29+
- ./values/mandatory-values.yaml
30+
set:
31+
gitops-operator.serviceAccount.name: sa-name
32+
asserts:
33+
- equal:
34+
path: metadata.name
35+
value: sa-name
36+
37+
- it: override service account name - deployment
38+
template: 'gitops-operator/deployment.yaml'
39+
values:
40+
- ./values/mandatory-values.yaml
41+
set:
42+
gitops-operator.serviceAccount.name: sa-name
43+
asserts:
44+
- equal:
45+
path: spec.template.spec.serviceAccountName
46+
value: sa-name
47+
48+
- it: overriding of environment variables on main container
49+
template: 'gitops-operator/deployment.yaml'
50+
values:
51+
- ./values/mandatory-values.yaml
52+
set:
53+
gitops-operator.env.PORT: '8787'
54+
asserts:
55+
- contains:
56+
path: spec.template.spec.containers[1].env
57+
content:
58+
name: PORT
59+
value: "8787"
60+
- it: adding environment variables on main container
61+
template: 'gitops-operator/deployment.yaml'
62+
values:
63+
- ./values/mandatory-values.yaml
64+
set:
65+
gitops-operator.env.SOME_ENV: 'test'
66+
asserts:
67+
- contains:
68+
path: spec.template.spec.containers[1].env
69+
content:
70+
name: SOME_ENV
71+
value: test
72+
- it: setting security context on main container
73+
template: 'gitops-operator/deployment.yaml'
74+
values:
75+
- ./values/mandatory-values.yaml
76+
set:
77+
gitops-operator.securityContext.runAsUser: 1000
78+
asserts:
79+
- equal:
80+
path: spec.template.spec.containers[1].securityContext.runAsUser
81+
value: 1000
82+
- it: override readiness and liveness probes values
83+
template: 'gitops-operator/deployment.yaml'
84+
values:
85+
- ./values/mandatory-values.yaml
86+
set:
87+
gitops-operator.readinessProbe.initialDelaySeconds: 1
88+
gitops-operator.readinessProbe.periodSeconds: 1
89+
gitops-operator.readinessProbe.timeoutSeconds: 1
90+
gitops-operator.readinessProbe.successThreshold: 1
91+
gitops-operator.readinessProbe.failureThreshold: 1
92+
gitops-operator.livenessProbe.initialDelaySeconds: 1
93+
gitops-operator.livenessProbe.periodSeconds: 1
94+
gitops-operator.livenessProbe.timeoutSeconds: 1
95+
gitops-operator.livenessProbe.successThreshold: 1
96+
gitops-operator.livenessProbe.failureThreshold: 1
97+
asserts:
98+
- equal:
99+
path: spec.template.spec.containers[1].readinessProbe.initialDelaySeconds
100+
value: 1
101+
- equal:
102+
path: spec.template.spec.containers[1].readinessProbe.periodSeconds
103+
value: 1
104+
- equal:
105+
path: spec.template.spec.containers[1].readinessProbe.timeoutSeconds
106+
value: 1
107+
- equal:
108+
path: spec.template.spec.containers[1].readinessProbe.successThreshold
109+
value: 1
110+
- equal:
111+
path: spec.template.spec.containers[1].readinessProbe.failureThreshold
112+
value: 1
113+
- equal:
114+
path: spec.template.spec.containers[1].livenessProbe.initialDelaySeconds
115+
value: 1
116+
- equal:
117+
path: spec.template.spec.containers[1].livenessProbe.periodSeconds
118+
value: 1
119+
- equal:
120+
path: spec.template.spec.containers[1].livenessProbe.timeoutSeconds
121+
value: 1
122+
- equal:
123+
path: spec.template.spec.containers[1].livenessProbe.successThreshold
124+
value: 1
125+
- equal:
126+
path: spec.template.spec.containers[1].livenessProbe.failureThreshold
127+
value: 1
128+
- it: setting node selector
129+
template: 'gitops-operator/deployment.yaml'
130+
values:
131+
- ./values/mandatory-values.yaml
132+
set:
133+
gitops-operator.nodeSelector:
134+
test.io/node: "test"
135+
asserts:
136+
- equal:
137+
path: spec.template.spec.nodeSelector
138+
value:
139+
test.io/node: "test"
140+
141+
- it: setting tolerations
142+
template: 'gitops-operator/deployment.yaml'
143+
values:
144+
- ./values/mandatory-values.yaml
145+
set:
146+
gitops-operator.tolerations:
147+
- key: "arch"
148+
operator: "Equal"
149+
value: "arm64"
150+
effect: "NoSchedule"
151+
asserts:
152+
- contains:
153+
path: spec.template.spec.tolerations
154+
content:
155+
key: "arch"
156+
operator: "Equal"
157+
value: "arm64"
158+
effect: "NoSchedule"
159+
160+
- it: setting affinity
161+
template: 'gitops-operator/deployment.yaml'
162+
values:
163+
- ./values/mandatory-values.yaml
164+
set:
165+
gitops-operator.affinity:
166+
nodeAffinity:
167+
requiredDuringSchedulingIgnoredDuringExecution:
168+
nodeSelectorTerms:
169+
- matchExpressions:
170+
- key: topology.kubernetes.io/zone
171+
operator: In
172+
values:
173+
- antarctica-east1
174+
- antarctica-west1
175+
asserts:
176+
- equal:
177+
path: spec.template.spec.affinity
178+
value:
179+
nodeAffinity:
180+
requiredDuringSchedulingIgnoredDuringExecution:
181+
nodeSelectorTerms:
182+
- matchExpressions:
183+
- key: topology.kubernetes.io/zone
184+
operator: In
185+
values:
186+
- antarctica-east1
187+
- antarctica-west1
188+
189+
- it: contains all expected roles and role bindings
190+
template: gitops-operator/rbac.yaml
191+
values:
192+
- ./values/mandatory-values.yaml
193+
asserts:
194+
- containsDocument:
195+
kind: ClusterRole
196+
apiVersion: rbac.authorization.k8s.io/v1
197+
name: codefresh-gitops-operator-proxy
198+
- containsDocument:
199+
kind: ClusterRoleBinding
200+
apiVersion: rbac.authorization.k8s.io/v1
201+
name: codefresh-gitops-operator-proxy
202+
- containsDocument:
203+
kind: ClusterRoleBinding
204+
apiVersion: rbac.authorization.k8s.io/v1
205+
name: restrictedgitsource-editor
206+
- containsDocument:
207+
kind: ClusterRole
208+
apiVersion: rbac.authorization.k8s.io/v1
209+
name: restrictedgitsource-editor
210+
- containsDocument:
211+
kind: ClusterRole
212+
apiVersion: rbac.authorization.k8s.io/v1
213+
name: restrictedgitsource-viewer
214+
- containsDocument:
215+
kind: ClusterRole
216+
apiVersion: rbac.authorization.k8s.io/v1
217+
name: codefresh-gitops-operator
218+
- containsDocument:
219+
kind: ClusterRoleBinding
220+
apiVersion: rbac.authorization.k8s.io/v1
221+
name: codefresh-gitops-operator
222+
- containsDocument:
223+
kind: ClusterRoleBinding
224+
apiVersion: rbac.authorization.k8s.io/v1
225+
name: restrictedgitsource-viewer
226+
- containsDocument:
227+
kind: Role
228+
apiVersion: rbac.authorization.k8s.io/v1
229+
name: leader-election
230+
- containsDocument:
231+
kind: Role
232+
apiVersion: rbac.authorization.k8s.io/v1
233+
name: leader-election
234+
- containsDocument:
235+
kind: RoleBinding
236+
apiVersion: rbac.authorization.k8s.io/v1
237+
name: leader-election
238+

0 commit comments

Comments
 (0)