gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add helm charts

Browse Source
This commit is contained in:
Ybehrooz
2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backing-services/vcluster/tests/README.md Normal file
View File

@@ -0,0 +1,14 @@
Add [unittest plugin](https://github.com/helm-unittest/helm-unittest) via:
```
helm plugin install https://github.com/helm-unittest/helm-unittest.git
```
Run tests via:
```
helm unittest chart
```
To update the `values.schema.json` run:
```
go run hack/schema/main.go
```

428
backing-services/vcluster/tests/clusterrole_test.yaml Normal file
View File

@@ -0,0 +1,428 @@
suite: ClusterRoleBinding
templates:
- clusterrole.yaml
tests:
- it: disable by default
asserts:
- hasDocuments:
count: 0
- it: force enable
set:
rbac:
clusterRole:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: force disable
set:
rbac:
clusterRole:
enabled: false
extraRules:
- apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
overwriteRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 0
- it: enable isolated control plane
set:
experimental:
isolatedControlPlane:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "watch", "list" ]
- it: enable scheduler
set:
controlPlane:
advanced:
virtualScheduler:
enabled: true
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses", "csinodes", "csidrivers", "csistoragecapacities" ]
verbs: [ "get", "watch", "list" ]
- it: enable csinodes
set:
sync:
fromHost:
csiNodes:
enabled: true
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "storage.k8s.io" ]
resources: [ "csinodes" ]
verbs: [ "get", "watch", "list" ]
- it: enable by multi namespace mode
set:
rbac:
clusterRole:
enabled: auto
experimental:
multiNamespaceMode:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "namespaces", "serviceaccounts" ]
verbs: [ "create", "delete", "patch", "update", "get", "watch", "list" ]
- it: override rules
set:
rbac:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
overwriteRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test" ]
verbs: [ "test" ]
- it: extra rules
set:
sync:
toHost:
priorityClasses:
enabled: true
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
- it: plugin rules
set:
plugin:
myTest:
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
plugins:
myTest2:
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test1234" ]
verbs: [ "test1234" ]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test1234" ]
verbs: [ "test1234" ]
- it: replicate services
set:
networking:
replicateServices:
fromHost:
- from: test
to: other-test
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "services", "endpoints" ]
verbs: [ "get", "watch", "list" ]
- it: real nodes
set:
sync:
fromHost:
nodes:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "pods", "nodes", "nodes/status", "nodes/metrics", "nodes/stats", "nodes/proxy" ]
verbs: [ "get", "watch", "list" ]
- it: virtual scheduler
set:
controlPlane:
advanced:
virtualScheduler:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities"]
verbs: ["get", "watch", "list"]
- it: legacy pro
set:
pro: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 3
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "pods", "nodes", "nodes/status", "nodes/metrics", "nodes/stats", "nodes/proxy" ]
verbs: [ "get", "watch", "list" ]
- contains:
path: rules
content:
apiGroups: [ "cluster.loft.sh", "storage.loft.sh" ]
resources: [ "features", "virtualclusters" ]
verbs: [ "get", "list", "watch" ]
- contains:
path: rules
content:
apiGroups: ["management.loft.sh"]
resources: ["virtualclusterinstances"]
verbs: ["get"]
- it: metrics proxy
set:
integrations:
metricsServer:
enabled: true
nodes: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "metrics.k8s.io" ]
resources: [ "nodes" ]
verbs: [ "get", "list" ]
- it: externalSecrets
set:
integrations:
externalSecrets:
enabled: true
webhook:
enabled: false
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
- it: kubeVirt
set:
integrations:
kubeVirt:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- it: crd sync to host
set:
sync:
toHost:
customResources:
test.test-group:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch" ]
- it: crd sync from host
set:
sync:
fromHost:
customResources:
test.test-group:
enabled: true
scope: Cluster
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "test-group" ]
resources: [ "test" ]
verbs: [ "get", "list", "watch" ]
- contains:
path: rules
content:
apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch" ]
- it: eso clusterstore sync
set:
integrations:
externalSecrets:
enabled: true
webhook:
enabled: true
sync:
clusterStores:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: [ "external-secrets.io" ]
resources: [ "clustersecretstores" ]
verbs: ["get", "list", "watch"]

141
backing-services/vcluster/tests/clusterrolebinding_test.yaml Normal file
View File

@@ -0,0 +1,141 @@
suite: ClusterRoleBinding
templates:
- clusterrolebinding.yaml
tests:
- it: disable by default
asserts:
- hasDocuments:
count: 0
- it: enable by multi namespace mode
set:
experimental:
multiNamespaceMode:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: enable by from syncer
set:
sync:
fromHost:
ingressClasses:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: enable by generic sync
set:
experimental:
genericSync:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- it: enable by plugins
set:
plugins:
test:
rbac:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- it: enable by plugin
set:
plugin:
test:
rbac:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- it: enable by legacy api key
set:
pro: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: ClusterRoleBinding
- equal:
path: metadata.name
value: vc-my-release-v-my-namespace
- notExists:
path: metadata.namespace
- it: enable by extra rules
set:
rbac:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: ClusterRoleBinding
- equal:
path: metadata.name
value: vc-my-release-v-my-namespace
- notExists:
path: metadata.namespace
- it: enable by overwrite rules
set:
rbac:
clusterRole:
overwriteRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: ClusterRoleBinding
- equal:
path: metadata.name
value: vc-my-release-v-my-namespace
- notExists:
path: metadata.namespace

577
backing-services/vcluster/tests/coredns-configmap_test.yaml Normal file
View File

@@ -0,0 +1,577 @@
suite: CoreDNS Configmap
templates:
- coredns-configmap.yaml
tests:
- it: should create configmap
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-coredns-my-release
- equal:
path: metadata.namespace
value: my-namespace
- it: should create correct external coredns config
asserts:
- hasDocuments:
count: 1
- notExists:
path: data.Corefile
- equal:
path: data["coredns.yaml"]
value: |-
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |-
.:1053 {
errors
health
ready
rewrite name regex .*\.nodes\.vcluster\.com kubernetes.default.svc.cluster.local
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
loadbalance
}
import /etc/coredns/custom/*.server
NodeHosts: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/name: "CoreDNS"
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
priorityClassName: ""
serviceAccountName: coredns
nodeSelector:
kubernetes.io/os: linux
topologySpreadConstraints:
- labelSelector:
matchLabels:
k8s-app: kube-dns
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
containers:
- name: coredns
image: {{.IMAGE}}
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1000m
memory: 170Mi
requests:
cpu: 20m
memory: 64Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
- name: custom-config-volume
mountPath: /etc/coredns/custom
readOnly: true
securityContext:
runAsNonRoot: true
runAsUser: {{.RUN_AS_USER}}
runAsGroup: {{.RUN_AS_GROUP}}
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 2
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
- key: NodeHosts
path: NodeHosts
- name: custom-config-volume
configMap:
name: coredns-custom
optional: true
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
type: ClusterIP
selector:
k8s-app: kube-dns
ports:
- name: dns
port: 53
targetPort: 1053
protocol: UDP
- name: dns-tcp
port: 53
targetPort: 1053
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
- it: should create correct custom configmap
set:
controlPlane:
coredns:
embedded: true
overwriteManifests: |-
abc
asserts:
- hasDocuments:
count: 1
- equal:
path: data["coredns.yaml"]
value: |-
abc
- it: should create correct custom configmap
set:
controlPlane:
coredns:
embedded: true
overwriteConfig: |-
abc
asserts:
- hasDocuments:
count: 1
- equal:
path: data.Corefile
value: |-
abc
- it: should create correct embedded configmap
set:
controlPlane:
coredns:
embedded: true
asserts:
- hasDocuments:
count: 1
- equal:
path: data.Corefile
value: |-
.:1053 {
errors
health
ready
rewrite name regex .*\.nodes\.vcluster\.com kubernetes.default.svc.cluster.local
kubernetes cluster.local in-addr.arpa ip6.arpa {
kubeconfig /data/vcluster/admin.conf
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
loadbalance
}
import /etc/coredns/custom/*.server
- equal:
path: data["coredns.yaml"]
value: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
NodeHosts: ""
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
type: ClusterIP
ports:
- name: dns
port: 53
targetPort: 1053
protocol: UDP
- name: dns-tcp
port: 53
targetPort: 1053
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
- it: should correctly apply affinity and tolerations
set:
controlPlane:
coredns:
deployment:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- coredns
topologyKey: kubernetes.io/hostname
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
asserts:
- equal:
path: data["coredns.yaml"]
value: |-
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |-
.:1053 {
errors
health
ready
rewrite name regex .*\.nodes\.vcluster\.com kubernetes.default.svc.cluster.local
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
loadbalance
}
import /etc/coredns/custom/*.server
NodeHosts: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/name: "CoreDNS"
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
priorityClassName: ""
serviceAccountName: coredns
nodeSelector:
kubernetes.io/os: linux
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- coredns
topologyKey: kubernetes.io/hostname
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
topologySpreadConstraints:
- labelSelector:
matchLabels:
k8s-app: kube-dns
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
containers:
- name: coredns
image: {{.IMAGE}}
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1000m
memory: 170Mi
requests:
cpu: 20m
memory: 64Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
- name: custom-config-volume
mountPath: /etc/coredns/custom
readOnly: true
securityContext:
runAsNonRoot: true
runAsUser: {{.RUN_AS_USER}}
runAsGroup: {{.RUN_AS_GROUP}}
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 2
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
- key: NodeHosts
path: NodeHosts
- name: custom-config-volume
configMap:
name: coredns-custom
optional: true
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
type: ClusterIP
selector:
k8s-app: kube-dns
ports:
- name: dns
port: 53
targetPort: 1053
protocol: UDP
- name: dns-tcp
port: 53
targetPort: 1053
protocol: TCP
- name: metrics
port: 9153
protocol: TCP

125
backing-services/vcluster/tests/etcd-headless-service_test.yaml Normal file
View File

@@ -0,0 +1,125 @@
suite: External etcd headless Service
templates:
- etcd-headless-service.yaml
tests:
- it: check disabled
asserts:
- hasDocuments:
count: 0
- it: enable for k3s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
headlessService:
annotations:
test: test
distro:
k3s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd-headless
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test
- it: enable for k0s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
headlessService:
annotations:
test: test
distro:
k0s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd-headless
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test
- it: enable for k8s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
headlessService:
annotations:
test: test
distro:
k8s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd-headless
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test
- it: enable for k8s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
headlessService:
annotations:
test: test
distro:
k8s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd-headless
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test

38
backing-services/vcluster/tests/etcd-service_test.yaml Normal file
View File

@@ -0,0 +1,38 @@
suite: External etcd Service
templates:
- etcd-service.yaml
tests:
- it: check disabled
asserts:
- hasDocuments:
count: 0
- it: enable for k8s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
service:
annotations:
test: test
distro:
k8s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test

196
backing-services/vcluster/tests/etcd-statefulset_test.yaml Normal file
View File

@@ -0,0 +1,196 @@
suite: External etcd StatefulSet
templates:
- etcd-statefulset.yaml
tests:
- it: check disabled
asserts:
- hasDocuments:
count: 0
- it: check disabled headless
set:
controlPlane:
distro:
k8s:
enabled: true
experimental:
isolatedControlPlane:
headless: true
asserts:
- hasDocuments:
count: 0
- it: check default image registry
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
image:
tag: "123"
advanced:
defaultImageRegistry: fabi.com
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.containers[0].image
value: fabi.com/etcd:123
- it: disables serviceLinks for backingStore etcd pod
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
enabled: true
enableServiceLinks: false
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.enableServiceLinks
value: false
- it: change image registry
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
image:
registry: fabi.com
tag: "123"
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.template.spec.containers[0].image
value: fabi.com/etcd:123
- it: check specified storage class is used
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
persistence:
volumeClaim:
storageClass: test-sc
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.volumeClaimTemplates[0].spec.storageClassName
value: test-sc
- it: enabled for k3s & non persistent
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
extraArgs:
- "extra-arg"
env:
- name: my-new-env
persistence:
volumeClaim:
enabled: false
addVolumes:
- name: my-new-volume
addVolumeMounts:
- name: my-new-volume
asserts:
- hasDocuments:
count: 1
- contains:
path: spec.template.spec.volumes
content:
name: "data"
emptyDir: {}
count: 1
- notExists:
path: spec.volumeClaimTemplates
- contains:
path: spec.template.spec.volumes
content:
name: "my-new-volume"
count: 1
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: "my-new-volume"
count: 1
- contains:
path: spec.template.spec.containers[0].env
content:
name: "my-new-env"
count: 1
- contains:
path: spec.template.spec.containers[0].command
content: "extra-arg"
count: 1
- it: enable for k8s & defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
highAvailability:
replicas: 3
annotations:
test: test
distro:
k8s:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release-etcd
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: metadata.annotations.test
value: test
- equal:
path: spec.replicas
value: 3
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 2
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 1
- notExists:
path: spec.template.spec.containers[0].args
- contains:
path: spec.template.spec.containers[0].command
content: "--initial-cluster=my-release-etcd-0=https://my-release-etcd-0.my-release-etcd-headless.my-namespace:2380,my-release-etcd-1=https://my-release-etcd-1.my-release-etcd-headless.my-namespace:2380,my-release-etcd-2=https://my-release-etcd-2.my-release-etcd-headless.my-namespace:2380"
count: 1

97
backing-services/vcluster/tests/headless-service_test.yaml Normal file
View File

@@ -0,0 +1,97 @@
suite: ControlPlane StatefulSet
templates:
- headless-service.yaml
tests:
- it: should not create control-plane
set:
experimental:
isolatedControlPlane:
headless: true
asserts:
- hasDocuments:
count: 0
- it: should create if k8s
set:
controlPlane:
distro:
k8s:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: should not create if stateless
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
asserts:
- hasDocuments:
count: 0
- it: should not create if stateless 2
set:
controlPlane:
backingStore:
database:
external:
enabled: true
asserts:
- hasDocuments:
count: 0
- it: name
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 1
- equal:
path: metadata.name
value: my-release-headless
- equal:
path: metadata.namespace
value: my-namespace
- it: embedded-etcd
set:
controlPlane:
backingStore:
etcd:
embedded:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 3
- equal:
path: spec.ports[1].name
value: etcd
- equal:
path: spec.ports[2].name
value: peer
- it: embedded-database
set:
controlPlane:
backingStore:
database:
embedded:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 1

56
backing-services/vcluster/tests/ingress_test.yaml Normal file
View File

@@ -0,0 +1,56 @@
suite: ControlPlane Ingress
templates:
- ingress.yaml
tests:
- it: should not create ingress by default
asserts:
- hasDocuments:
count: 0
- it: ingress defaults
set:
controlPlane:
ingress:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release
- equal:
path: metadata.namespace
value: my-namespace
- it: overwrite ingress tls
set:
controlPlane:
ingress:
enabled: true
host: my-host
spec:
tls:
- hosts:
- ingress-demo.example.com
secretName: ingress-demo-tls
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.tls
count: 1
- equal:
path: spec.rules[0].host
value: my-host
- contains:
path: spec.tls
count: 1
content:
hosts:
- ingress-demo.example.com
secretName: ingress-demo-tls

94
backing-services/vcluster/tests/limitrange_test.yaml Normal file
View File

@@ -0,0 +1,94 @@
suite: LimitRange
templates:
- limitrange.yaml
tests:
- it: should not create limit range by default
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
policies:
limitRange:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- lengthEqual:
path: spec.limits
count: 1
- it: check enabled
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: check disabled
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: true
limitRange:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: check disabled both false
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: false
limitRange:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: check disabled both false
release:
name: my-release
namespace: my-namespace
set:
policies:
limitRange:
enabled: true
min:
cpu: 1
max:
memory: 256Mi
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.limits[0].min.cpu
value: "1"
- equal:
path: spec.limits[0].max.memory
value: "256Mi"

94
backing-services/vcluster/tests/manifests_test.yaml Normal file
View File

@@ -0,0 +1,94 @@
suite: Manifests
templates:
- manifests.yaml
tests:
- it: should not create manifests by default
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
experimental:
deploy:
vcluster:
manifests: |-
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
experimental:
deploy:
host:
manifests: |-
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Pod
- equal:
path: spec.containers[0].name
value: nginx
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
experimental:
deploy:
host:
manifestsTemplate: |-
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: {{ .Release.Namespace }}
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Pod
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: spec.containers[0].name
value: nginx

49
backing-services/vcluster/tests/networkpolicy_test.yaml Normal file
View File

@@ -0,0 +1,49 @@
suite: NetworkPolicy
templates:
- networkpolicy.yaml
tests:
- it: should not create network policy by default
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
policies:
networkPolicy:
enabled: true
asserts:
- hasDocuments:
count: 2
- documentIndex: 0
equal:
path: metadata.name
value: vc-work-my-release
- documentIndex: 0
equal:
path: spec.egress[2].to[1].ipBlock.cidr
value: 0.0.0.0/0
- documentIndex: 1
equal:
path: metadata.name
value: vc-cp-my-release
- documentIndex: 0
equal:
path: metadata.namespace
value: my-namespace
- documentIndex: 1
equal:
path: metadata.namespace
value: my-namespace
- documentIndex: 0
lengthEqual:
path: spec.egress
count: 3
- documentIndex: 1
lengthEqual:
path: spec.egress
count: 2

114
backing-services/vcluster/tests/platform-secret-role_test.yaml Normal file
View File

@@ -0,0 +1,114 @@
suite: Platform Secret Role
templates:
- platform-rbac.yaml
tests:
- it: check explicitly disabled
set:
external:
platform:
apiKey:
namespace: "some-other-namespace"
createRBAC: false
asserts:
- hasDocuments:
count: 0
- it: check disabled on empty namespace
set:
external:
platform:
apiKey:
namespace: ""
asserts:
- hasDocuments:
count: 0
- it: check disabled on implicit same namespace
set:
external:
platform:
apiKey:
secretName: "some-other-secret"
asserts:
- hasDocuments:
count: 0
- it: automatically create role for specific secret for reading & patching
set:
external:
platform:
apiKey:
secretName: "my-secret-name"
namespace: "some-other-namespace"
asserts:
- hasDocuments:
count: 2
- documentIndex: 0
lengthEqual:
path: rules
count: 1
- documentIndex: 0
equal:
path: metadata.name
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role"
- documentIndex: 1
equal:
path: metadata.name
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role-binding"
- documentIndex: 0
contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
resourceNames: ["my-secret-name"]
- documentIndex: 1
contains:
path: subjects
count: 1
content:
kind: ServiceAccount
name: vc-RELEASE-NAME
namespace: some-other-namespace
- it: automatically create role for default secret for reading & patching
set:
external:
platform:
apiKey:
namespace: "some-other-namespace"
asserts:
- hasDocuments:
count: 2
- documentIndex: 0
lengthEqual:
path: rules
count: 1
- documentIndex: 0
equal:
path: metadata.name
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role"
- documentIndex: 1
equal:
path: metadata.name
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role-binding"
- documentIndex: 0
contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
resourceNames: ["vcluster-platform-api-key"]
- documentIndex: 1
contains:
path: subjects
count: 1
content:
kind: ServiceAccount
name: vc-RELEASE-NAME
namespace: some-other-namespace

70
backing-services/vcluster/tests/resourcequota_test.yaml Normal file
View File

@@ -0,0 +1,70 @@
suite: ResourceQuota
templates:
- resourcequota.yaml
tests:
- it: should not create resource quota by default
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: spec.hard["requests.cpu"]
value: "10"
- it: check enabled
release:
name: my-release
namespace: my-namespace
set:
policies:
limitRange:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: check disabled
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: false
limitRange:
enabled: true
asserts:
- hasDocuments:
count: 0
- it: check disabled both false
release:
name: my-release
namespace: my-namespace
set:
policies:
resourceQuota:
enabled: false
limitRange:
enabled: false
asserts:
- hasDocuments:
count: 0

349
backing-services/vcluster/tests/role_test.yaml Normal file
View File

@@ -0,0 +1,349 @@
suite: Role
templates:
- role.yaml
tests:
- it: check disabled
set:
rbac:
role:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: check overwrite rules
set:
rbac:
role:
overwriteRules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- it: check plugin extra rules
set:
plugin:
test123:
rbac:
role:
extraRules:
- apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
plugins:
test:
rbac:
role:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 7
- contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
- contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["test"]
verbs: ["test"]
- it: check generic sync
set:
experimental:
genericSync:
role:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 6
- contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["test"]
verbs: ["test"]
- it: check extra rules
set:
rbac:
role:
extraRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 6
- contains:
path: rules
count: 1
content:
apiGroups: [""]
resources: ["test"]
verbs: ["test"]
- it: check defaults
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- it: multi-namespace mode
set:
experimental:
multiNamespaceMode:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: ClusterRole
- equal:
path: metadata.name
value: vc-mn-my-release-v-my-namespace
- it: metrics proxy
set:
integrations:
metricsServer:
enabled: true
pods: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- contains:
path: rules
content:
apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list"]
- it: external secret test
set:
integrations:
externalSecrets:
enabled: true
sync:
externalSecrets:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- contains:
path: rules
content:
apiGroups: ["external-secrets.io"]
resources: ["externalsecrets"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- it: external secret test store sync
set:
integrations:
externalSecrets:
enabled: true
sync:
externalSecrets:
enabled: true
stores:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- contains:
path: rules
content:
apiGroups: ["external-secrets.io"]
resources: ["secretstores"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- it: kubeVirt test
set:
integrations:
kubeVirt:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- contains:
path: rules
content:
apiGroups: ["kubevirt.io"]
resources:
[
"virtualmachines",
"virtualmachines/status",
"virtualmachineinstances",
"virtualmachineinstances/status",
"virtualmachineinstancemigrations",
"virtualmachineinstancemigrations/status",
]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["cdi.kubevirt.io"]
resources: ["datavolumes", "datavolumes/status"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["clone.kubevirt.io"]
resources: ["virtualmachineclones", "virtualmachineclones/status"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["pool.kubevirt.io"]
resources: ["virtualmachinepools", "virtualmachinepools/status"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- it: crd sync
set:
sync:
toHost:
customResources:
test.my-group:
enabled: false
test.my-group-2:
enabled: true
tests.my-group-3.com:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: Role
- lengthEqual:
path: rules
count: 7
- contains:
path: rules
content:
apiGroups: ["my-group-2"]
resources: ["test"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["my-group-3.com"]
resources: ["tests"]
verbs:
["create", "delete", "patch", "update", "get", "list", "watch"]
- it: patches
set:
sync:
toHost:
customResources:
test.my-group-2:
enabled: true
patches:
- path: "test"
expression: "test"
release:
name: my-release
namespace: my-namespace
asserts:
- notFailedTemplate: {}
- it: patches 2
set:
sync:
toHost:
customResources:
test.my-group-2:
enabled: true
patches:
- path: "test"
reference:
apiVersion: "v1"
kind: "Secret"
release:
name: my-release
namespace: my-namespace
asserts:
- notFailedTemplate: {}

59
backing-services/vcluster/tests/rolebinding_test.yaml Normal file
View File

@@ -0,0 +1,59 @@
suite: RoleBinding
templates:
- rolebinding.yaml
tests:
- it: check defaults
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: RoleBinding
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: subjects[0].name
value: vc-my-release
- equal:
path: roleRef.kind
value: Role
- equal:
path: roleRef.name
value: vc-my-release
- it: multi-namespace mode
set:
experimental:
multiNamespaceMode:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: ClusterRoleBinding
- equal:
path: metadata.name
value: vc-mn-my-release-v-my-namespace
- notExists:
path: metadata.namespace
- equal:
path: subjects[0].name
value: vc-my-release
- equal:
path: roleRef.kind
value: ClusterRole
- equal:
path: roleRef.name
value: vc-mn-my-release-v-my-namespace

33
backing-services/vcluster/tests/service-monitor_test.yaml Normal file
View File

@@ -0,0 +1,33 @@
suite: ServiceMonitor
templates:
- service-monitor.yaml
tests:
- it: should not create service monitor by default
asserts:
- hasDocuments:
count: 0
- it: check defaults
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
serviceMonitor:
enabled: true
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: spec.selector.matchLabels.app
value: vcluster
- lengthEqual:
path: spec.endpoints
count: 1

118
backing-services/vcluster/tests/service_test.yaml Normal file
View File

@@ -0,0 +1,118 @@
suite: ControlPlane Service
templates:
- service.yaml
tests:
- it: should not create service
set:
controlPlane:
service:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: should not create kubelet port
set:
networking:
advanced:
proxyKubelets:
byHostname: false
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 1
- contains:
path: spec.ports
content:
name: https
nodePort: 0
targetPort: 8443
protocol: TCP
port: 443
- it: should not create kubelet port 2
set:
controlPlane:
service:
spec:
type: LoadBalancer
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 1
- contains:
path: spec.ports
content:
name: https
nodePort: 0
targetPort: 8443
protocol: TCP
port: 443
- it: should create kubelet port
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: spec.ports
count: 2
- contains:
path: spec.ports
content:
name: kubelet
nodePort: 0
targetPort: 8443
protocol: TCP
port: 10250
- it: service defaults
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: my-release
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: spec.type
value: ClusterIP
- equal:
path: spec.selector.app
value: vcluster
- lengthEqual:
path: spec.ports
count: 2
- it: isolated control plane
release:
name: my-release
namespace: my-namespace
set:
experimental:
isolatedControlPlane:
headless: true
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.type
value: ClusterIP
- lengthEqual:
path: spec.ports
count: 2
- notExists:
path: spec.ports[0].targetPort
- notExists:
path: spec.ports[1].targetPort
- notExists:
path: spec.selector

61
backing-services/vcluster/tests/serviceaccount_test.yaml Normal file
View File

@@ -0,0 +1,61 @@
suite: ControlPlane ServiceAccount
templates:
- serviceaccount.yaml
tests:
- it: should not create service account
set:
controlPlane:
advanced:
serviceAccount:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: should create service account
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-my-release
- equal:
path: metadata.namespace
value: my-namespace
- it: should create service account with name
set:
controlPlane:
advanced:
serviceAccount:
name: test
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: test
- it: should create image pull secrets
set:
controlPlane:
advanced:
serviceAccount:
imagePullSecrets:
- name: test1
workloadServiceAccount:
imagePullSecrets:
- name: test2
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: imagePullSecrets
count: 1
- equal:
path: imagePullSecrets[0].name
value: test1

897
backing-services/vcluster/tests/statefulset_test.yaml Normal file
View File

@@ -0,0 +1,897 @@
suite: ControlPlane StatefulSet
templates:
- statefulset.yaml
tests:
- it: should not create control-plane
set:
experimental:
isolatedControlPlane:
headless: true
asserts:
- hasDocuments:
count: 0
- it: image name
set:
controlPlane:
statefulSet:
image:
registry: "custom-registry.com"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: custom-registry.com/loft-sh/vcluster-pro:0.0.1
- it: defaultImageRegistry
set:
controlPlane:
advanced:
defaultImageRegistry: docker.io
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: docker.io/loft-sh/vcluster-pro:0.0.1
- it: custom tag
set:
controlPlane:
statefulSet:
image:
repository: my-repo
tag: "custom-tag"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/my-repo:custom-tag
- it: custom init container
set:
controlPlane:
distro:
k3s:
enabled: true
image:
registry: "ghcr.io"
repository: "test"
tag: "123"
asserts:
- equal:
path: spec.template.spec.initContainers[0].image
value: ghcr.io/test:123
- it: custom init container
set:
controlPlane:
distro:
k0s:
enabled: true
image:
registry: ""
repository: "k0s"
tag: "123"
asserts:
- equal:
path: spec.template.spec.initContainers[0].image
value: k0s:123
- it: disables serviceLinks for sts etcd pod
set:
controlPlane:
statefulSet:
enableServiceLinks: false
asserts:
- equal:
path: spec.template.spec.enableServiceLinks
value: false
- it: custom init container
set:
controlPlane:
distro:
k8s:
enabled: true
controllerManager:
image:
registry: ""
repository: "k8s-controller"
tag: "123"
apiServer:
image:
registry: ""
repository: "k8s-api"
tag: "456"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: k8s-controller:123
- equal:
path: spec.template.spec.initContainers[2].image
value: k8s-api:456
- it: custom init container
set:
controlPlane:
distro:
k8s:
enabled: true
controllerManager:
image:
repository: "k8s-controller"
tag: "123"
apiServer:
image:
repository: "k8s-api"
tag: "456"
advanced:
defaultImageRegistry: "bbb.com"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: bbb.com/k8s-controller:123
- equal:
path: spec.template.spec.initContainers[2].image
value: bbb.com/k8s-api:456
- it: name & defaults
release:
name: my-release
namespace: my-namespace
capabilities:
majorVersion: 1
minorVersion: 29
asserts:
- hasDocuments:
count: 1
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.template.spec.containers
count: 1
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/loft-sh/vcluster-pro:0.0.1
- contains:
path: spec.template.spec.containers[0].env
content:
name: VCLUSTER_NAME
value: my-release
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: data
mountPath: /data
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: binaries
mountPath: /binaries
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: certs
mountPath: /pki
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: helm-cache
mountPath: /.cache/helm
- equal:
path: metadata.name
value: my-release
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: spec.podManagementPolicy
value: Parallel
- equal:
path: spec.persistentVolumeClaimRetentionPolicy.whenDeleted
value: Retain
- equal:
path: spec.replicas
value: 1
- equal:
path: spec.template.metadata.labels.app
value: vcluster
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 10
- equal:
path: spec.volumeClaimTemplates[0].spec.accessModes[0]
value: ReadWriteOnce
- equal:
path: spec.volumeClaimTemplates[0].spec.resources.requests.storage
value: 5Gi
- it: fail when both backing stores are enabled
set:
controlPlane:
backingStore:
etcd:
embedded:
enabled: true
deploy:
enabled: true
asserts:
- failedTemplate:
errorMessage: "you can only enable one backingStore at the same time"
- it: not persistent when external etcd is enabled
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
asserts:
- equal:
path: kind
value: Deployment
- notExists:
path: spec.volumeClaimTemplates
- it: not persistent when k8s and external database
set:
controlPlane:
distro:
k8s:
enabled: true
backingStore:
database:
external:
enabled: true
asserts:
- equal:
path: kind
value: Deployment
- notExists:
path: spec.volumeClaimTemplates
- it: persistent when embedded database
set:
controlPlane:
distro:
k8s:
enabled: true
backingStore:
database:
embedded:
enabled: true
asserts:
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: persistent when k8s and embedded etcd
set:
controlPlane:
backingStore:
etcd:
embedded:
enabled: true
distro:
k8s:
enabled: true
asserts:
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: persistent when embedded database
asserts:
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: plugin 1
set:
plugins:
test:
image: test
plugin:
test123:
version: v2
image: test
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 7
- lengthEqual:
path: spec.template.spec.initContainers
count: 5
- it: plugin volumes 2
set:
controlPlane:
distro:
k0s:
enabled: true
plugin:
test:
version: v2
image: test
asserts:
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.template.spec.volumes
count: 8
- lengthEqual:
path: spec.template.spec.initContainers
count: 2
- it: plugin volumes 3
set:
plugin:
test:
image: test
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 6
- lengthEqual:
path: spec.template.spec.initContainers
count: 3
- it: add volumes
set:
controlPlane:
distro:
k3s:
enabled: true
statefulSet:
persistence:
addVolumes:
- name: myVolume
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: myVolume
- lengthEqual:
path: spec.template.spec.volumes
count: 8
- it: enable k8s
set:
controlPlane:
distro:
k8s:
enabled: true
asserts:
- equal:
path: kind
value: StatefulSet
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: enable k8s with deploy etcd
set:
controlPlane:
distro:
k8s:
enabled: true
backingStore:
etcd:
deploy:
enabled: true
asserts:
- equal:
path: kind
value: Deployment
- notExists:
path: spec.volumeClaimTemplates
- contains:
path: spec.template.spec.volumes
content:
name: data
emptyDir: {}
- it: enable k8s
release:
name: my-release
namespace: my-namespace
set:
controlPlane:
distro:
k8s:
enabled: true
statefulSet:
persistence:
volumeClaim:
enabled: false
volumeClaimTemplates:
- metadata:
name: data
spec:
resources:
requests:
storage: 5Gi
asserts:
- equal:
path: kind
value: StatefulSet
- equal:
path: spec.serviceName
value: my-release-headless
- contains:
path: spec.volumeClaimTemplates
content:
metadata:
name: data
spec:
resources:
requests:
storage: 5Gi
- it: enable k8s
set:
controlPlane:
distro:
k8s:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- equal:
path: kind
value: StatefulSet
- equal:
path: spec.serviceName
value: my-release-headless
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: enable k8s with deploy etcd
set:
controlPlane:
distro:
k8s:
enabled: true
backingStore:
etcd:
deploy:
enabled: true
asserts:
- equal:
path: kind
value: Deployment
- notExists:
path: spec.volumeClaimTemplates
- contains:
path: spec.template.spec.volumes
content:
name: data
emptyDir: {}
- it: enable k0s
set:
controlPlane:
backingStore:
etcd:
deploy:
enabled: true
distro:
k0s:
enabled: true
asserts:
- equal:
path: kind
value: Deployment
- notExists:
path: spec.volumeClaimTemplates
- contains:
path: spec.template.spec.volumes
content:
name: data
emptyDir: {}
- it: append distro env
set:
controlPlane:
distro:
k3s:
enabled: true
env:
- name: KEY
value: VALUE
asserts:
- equal:
path: kind
value: StatefulSet
- contains:
path: spec.template.spec.containers[0].env
content:
name: KEY
value: VALUE
- it: should correctly set labels on the statefulset
set:
controlPlane:
statefulSet:
labels:
my-label: my-value
asserts:
- equal:
path: kind
value: StatefulSet
- equal:
path: metadata.labels["my-label"]
value: "my-value"
- it: binariesVolume - should set to emptyDir by default
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: binaries
emptyDir: {}
- it: binariesVolume - should set the specified volume type correctly
set:
controlPlane:
statefulSet:
persistence:
binariesVolume:
- name: binaries
persistentVolumeClaim:
claimName: my-pvc
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: binaries
persistentVolumeClaim:
claimName: my-pvc
- it: dataVolume - should set the specified data volume type correctly
set:
controlPlane:
statefulSet:
persistence:
dataVolume:
- name: data
persistentVolumeClaim:
claimName: my-custom-pvc
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: data
persistentVolumeClaim:
claimName: my-custom-pvc
- it: k8s version not set, default tag images used for apiServer and controllerManager
chart:
version: "test-"
set:
controlPlane:
distro:
k8s:
enabled: true
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.31.1
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v1.31.1
- it: k8s capabilities set
chart:
version: "test-v1.29.3"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.29.3
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v1.29.3
- it: k8s capabilities orbstack
chart:
version: "test-v1.29.3+orb1"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.29.3
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v1.29.3
- it: k8s capabilities invalid
chart:
version: "test-invalid"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.31.1
- it: k8s capabilities incomplete
chart:
version: "test-v1.22"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.31.1
- it: k8s capabilities incomplete 2
chart:
version: "test-1.22.11"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.31.1
- it: k8s capabilities incomplete 2
chart:
version: "test-v1.22.33"
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.22.33
- it: k8s version sets image tag for apiServer and controllerManager
set:
controlPlane:
distro:
k8s:
enabled: true
version: v1.35.999
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.35.999
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v1.35.999
- it: k8s version set but overridden by image tag for apiServer and controllerManager
set:
controlPlane:
distro:
k8s:
enabled: true
version: v1.30.999
apiServer:
image:
tag: v99912
controllerManager:
image:
tag: v23123
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v23123
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v99912
- it: k8s not version set but image tags for apiServer and controllerManager set
set:
controlPlane:
distro:
k8s:
enabled: true
apiServer:
image:
tag: v99914
controllerManager:
image:
tag: v23127
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v23127
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-apiserver:v99914
- it: k8s version not set, default tag images used for apiServer and controllerManager (virtual scheduler enabled)
chart:
version: "test-"
set:
controlPlane:
distro:
k8s:
enabled: true
advanced:
virtualScheduler:
enabled: true
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.31.1
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-scheduler:v1.31.1
- equal:
path: spec.template.spec.initContainers[3].image
value: registry.k8s.io/kube-apiserver:v1.31.1
- it: k8s version sets image tag for apiServer and controllerManager (virtual scheduler enabled)
set:
controlPlane:
distro:
k8s:
enabled: true
version: v1.35.999
advanced:
virtualScheduler:
enabled: true
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v1.35.999
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-scheduler:v1.35.999
- equal:
path: spec.template.spec.initContainers[3].image
value: registry.k8s.io/kube-apiserver:v1.35.999
- it: k8s version set but overridden by image tag for apiServer and controllerManager (virtual scheduler enabled)
set:
controlPlane:
distro:
k8s:
enabled: true
version: v1.30.999
apiServer:
image:
tag: v99912
controllerManager:
image:
tag: v23123
scheduler:
image:
tag: v123654
advanced:
virtualScheduler:
enabled: true
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v23123
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-scheduler:v123654
- equal:
path: spec.template.spec.initContainers[3].image
value: registry.k8s.io/kube-apiserver:v99912
- it: k8s not version set but image tags for apiServer and controllerManager set (virtual scheduler enabled)
set:
controlPlane:
distro:
k8s:
enabled: true
apiServer:
image:
tag: v99914
controllerManager:
image:
tag: v23127
scheduler:
image:
tag: v123656
advanced:
virtualScheduler:
enabled: true
asserts:
- equal:
path: spec.template.spec.initContainers[1].image
value: registry.k8s.io/kube-controller-manager:v23127
- equal:
path: spec.template.spec.initContainers[2].image
value: registry.k8s.io/kube-scheduler:v123656
- equal:
path: spec.template.spec.initContainers[3].image
value: registry.k8s.io/kube-apiserver:v99914
- it: custom dnsPolicy
set:
controlPlane:
statefulSet:
dnsPolicy: "ClusterFirst"
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: "ClusterFirst"
- it: custom dnsConfig
set:
controlPlane:
statefulSet:
dnsConfig:
nameservers:
- 192.0.2.1
searches:
- ns1.svc.cluster-domain.example
options:
- name: ndots
value: "2"
asserts:
- equal:
path: spec.template.spec.dnsConfig.nameservers[0]
value: "192.0.2.1"
- equal:
path: spec.template.spec.dnsConfig.searches[0]
value: "ns1.svc.cluster-domain.example"
- equal:
path: spec.template.spec.dnsConfig.options[0].name
value: "ndots"
- equal:
path: spec.template.spec.dnsConfig.options[0].value
value: "2"
- it: must use StatefulSet for embedded etcd
set:
controlPlane:
backingStore:
etcd:
embedded:
enabled: true
asserts:
- equal:
path: kind
value: StatefulSet
- it: must use StatefulSet for embedded etcd without persistence
set:
controlPlane:
backingStore:
etcd:
embedded:
enabled: true
statefulSet:
persistence:
volumeClaim:
enabled: false
binariesVolume:
- name: binaries
emptyDir:
medium: Memory
asserts:
- equal:
path: kind
value: StatefulSet
- it: sync custom resources
set:
sync:
toHost:
customResources:
test.cert-manager.io:
enabled: true
patches:
- path: spec.dnsNames[*]
expression: "value.startsWith('www.') ? value.slice(4) : value"
reverseExpression: '"www."+value'
asserts:
- equal:
path: kind
value: StatefulSet

64
backing-services/vcluster/tests/workload-serviceaccount_test.yaml Normal file
View File

@@ -0,0 +1,64 @@
suite: Workload ServiceAccount
templates:
- workload-serviceaccount.yaml
tests:
- it: should not create service account
set:
controlPlane:
advanced:
workloadServiceAccount:
enabled: false
asserts:
- hasDocuments:
count: 0
- it: should create service account
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: vc-workload-my-release
- equal:
path: metadata.namespace
value: my-namespace
- it: should create service account with name
set:
controlPlane:
advanced:
workloadServiceAccount:
name: test
asserts:
- hasDocuments:
count: 1
- equal:
path: metadata.name
value: test
- it: should create image pull secrets
set:
controlPlane:
advanced:
serviceAccount:
imagePullSecrets:
- name: test1
workloadServiceAccount:
imagePullSecrets:
- name: test2
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: imagePullSecrets
count: 2
- equal:
path: imagePullSecrets[0].name
value: test1
- equal:
path: imagePullSecrets[1].name
value: test2