centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix usage of extra envs as map in Helm chart (#2146)

Browse source 
# What this PR does


1. Fixes setting extra envs using:
```yaml
env:
  proxy: http://example.com
  SOME_VAR: some-value
```
It had failed if postgresql setting enabled and in `job-migrate`

2. Fixes an issue if custom database and username set for internal
mariadb, `MYSQL_` envs did not use them
```yaml
mariadb:
  auth:
     database: grafana_oncall
     username: grafana_oncall
```

3. Added `imagePullSecrets: []` to values.yaml. It used in helm chart,
but does not present in the values.yaml
4. More unit tests

## Which issue(s) this PR fixes

## Checklist

- [x] Unit, integration, and e2e (if applicable) tests updated
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)

Co-authored-by: Ildar Iskhakov <Ildar.iskhakov@grafana.com>
This commit is contained in:
Alexander Cherepanov 2023-06-12 09:34:36 +06:00 committed by GitHub
parent a3d9b181c3
commit d3247447ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 883 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- Fix receive channel filter in alert groups API [#2140](https://github.com/grafana/oncall/pull/2140)
- Helm chart: Fix usage of `env` settings as map;
Fix usage of `mariadb.auth.database` and `mariadb.auth.username` for MYSQL env variables by @alexintech [#2146](https://github.com/grafana/oncall/pull/2146)
## v1.2.41 (2023-06-08)

4
helm/oncall/templates/_env.tpl
View file

@ -257,7 +257,7 @@ http://{{ include "oncall.grafana.fullname" . }}
{{- if and (not .Values.mariadb.enabled) .Values.externalMysql.db_name -}}
{{- required "externalMysql.db_name is required if not mariadb.enabled" .Values.externalMysql.db_name | quote}}
{{- else -}}
"oncall"
{{- .Values.mariadb.auth.database | default "oncall" | quote -}}
{{- end -}}
{{- end -}}
@ -265,7 +265,7 @@ http://{{ include "oncall.grafana.fullname" . }}
{{- if and (not .Values.mariadb.enabled) .Values.externalMysql.user -}}
{{- .Values.externalMysql.user | quote }}
{{- else -}}
"root"
{{- .Values.mariadb.auth.username | default "root" | quote -}}
{{- end -}}
{{- end -}}

30
helm/oncall/templates/_helpers.tpl
View file

@ -97,17 +97,7 @@ Create the name of the service account to use
{{- include "snippet.mysql.env" . | nindent 4 }}
{{- include "snippet.rabbitmq.env" . | nindent 4 }}
{{- include "snippet.redis.env" . | nindent 4 }}
{{- if .Values.env }}
{{- if (kindIs "map" .Values.env) }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value }}
{{- end -}}
{{/* support previous schema */}}
{{- else }}
{{- toYaml .Values.env | nindent 4 }}
{{- end }}
{{- end }}
{{- include "oncall.extraEnvs" . | nindent 4 }}
{{- end }}
{{- define "oncall.postgresql.wait-for-db" }}
@ -122,7 +112,19 @@ Create the name of the service account to use
{{- include "snippet.postgresql.env" . | nindent 4 }}
{{- include "snippet.rabbitmq.env" . | nindent 4 }}
{{- include "snippet.redis.env" . | nindent 4 }}
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 4 }}
{{- end }}
{{- include "oncall.extraEnvs" . | nindent 4 }}
{{- end }}
{{- define "oncall.extraEnvs" -}}
{{- if .Values.env }}
{{- if (kindIs "map" .Values.env) }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value }}
{{- end -}}
{{/* support previous schema */}}
{{- else }}
{{- toYaml .Values.env }}
{{- end }}
{{- end }}
{{- end }}

12
helm/oncall/templates/celery/_deployment.tpl
View file

@ -59,17 +59,7 @@ spec:
{{- end }}
{{- include "snippet.rabbitmq.env" . | nindent 12 }}
{{- include "snippet.redis.env" . | nindent 12 }}
{{- if .Values.env }}
{{- if (kindIs "map" .Values.env) }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value }}
{{- end -}}
{{/* support previous schema */}}
{{- else }}
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
{{- end }}
{{- include "oncall.extraEnvs" . | nindent 12 }}
{{- if .Values.celery.livenessProbe.enabled }}
livenessProbe:
exec:

12
helm/oncall/templates/engine/deployment.yaml
View file

@ -59,17 +59,7 @@ spec:
{{- end }}
{{- include "snippet.rabbitmq.env" . | nindent 12 }}
{{- include "snippet.redis.env" . | nindent 12 }}
{{- if .Values.env }}
{{- if (kindIs "map" .Values.env) }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value }}
{{- end -}}
{{/* support previous schema */}}
{{- else }}
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
{{- end }}
{{- include "oncall.extraEnvs" . | nindent 12 }}
livenessProbe:
httpGet:
path: /health/

4
helm/oncall/templates/engine/job-migrate.yaml
View file

@ -74,9 +74,7 @@ spec:
{{- end }}
{{- include "snippet.rabbitmq.env" . | nindent 12 }}
{{- include "snippet.redis.env" . | nindent 12 }}
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
{{- include "oncall.extraEnvs" . | nindent 12 }}
resources:
{{- toYaml .Values.engine.resources | nindent 12 }}
{{- end }}

298
helm/oncall/tests/__snapshot__/wait_for_db_test.yaml.snap Normal file
View file

@ -0,0 +1,298 @@
database.type=mysql -> should create initContainer for MySQL database (default):
1: |
- command:
- sh
- -c
- until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
env:
- name: BASE_URL
value: https://example.com
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: SECRET_KEY
name: oncall
- name: MIRAGE_SECRET_KEY
valueFrom:
secretKeyRef:
key: MIRAGE_SECRET_KEY
name: oncall
- name: MIRAGE_CIPHER_IV
value: 1234567890abcdef
- name: DJANGO_SETTINGS_MODULE
value: settings.helm
- name: AMIXR_DJANGO_ADMIN_PATH
value: admin
- name: OSS
value: "True"
- name: UWSGI_LISTEN
value: "1024"
- name: BROKER_TYPE
value: rabbitmq
- name: GRAFANA_API_URL
value: http://oncall-grafana
- name: MYSQL_HOST
value: oncall-mariadb
- name: MYSQL_PORT
value: "3306"
- name: MYSQL_DB_NAME
value: oncall
- name: MYSQL_USER
value: root
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: mariadb-root-password
name: oncall-mariadb
- name: RABBITMQ_USERNAME
value: user
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: rabbitmq-password
name: oncall-rabbitmq
- name: RABBITMQ_HOST
value: oncall-rabbitmq
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_PROTOCOL
value: amqp
- name: RABBITMQ_VHOST
value: ""
- name: REDIS_HOST
value: oncall-redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: oncall-redis
image: grafana/oncall:v1.2.36
imagePullPolicy: Always
name: wait-for-db
securityContext: {}
2: |
- command:
- sh
- -c
- until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
env:
- name: BASE_URL
value: https://example.com
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: SECRET_KEY
name: oncall
- name: MIRAGE_SECRET_KEY
valueFrom:
secretKeyRef:
key: MIRAGE_SECRET_KEY
name: oncall
- name: MIRAGE_CIPHER_IV
value: 1234567890abcdef
- name: DJANGO_SETTINGS_MODULE
value: settings.helm
- name: AMIXR_DJANGO_ADMIN_PATH
value: admin
- name: OSS
value: "True"
- name: UWSGI_LISTEN
value: "1024"
- name: BROKER_TYPE
value: rabbitmq
- name: GRAFANA_API_URL
value: http://oncall-grafana
- name: MYSQL_HOST
value: oncall-mariadb
- name: MYSQL_PORT
value: "3306"
- name: MYSQL_DB_NAME
value: oncall
- name: MYSQL_USER
value: root
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: mariadb-root-password
name: oncall-mariadb
- name: RABBITMQ_USERNAME
value: user
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: rabbitmq-password
name: oncall-rabbitmq
- name: RABBITMQ_HOST
value: oncall-rabbitmq
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_PROTOCOL
value: amqp
- name: RABBITMQ_VHOST
value: ""
- name: REDIS_HOST
value: oncall-redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: oncall-redis
image: grafana/oncall:v1.2.36
imagePullPolicy: Always
name: wait-for-db
securityContext: {}
database.type=postgresql -> should create initContainer for PostgreSQL database:
1: |
- command:
- sh
- -c
- until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
env:
- name: BASE_URL
value: https://example.com
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: SECRET_KEY
name: oncall
- name: MIRAGE_SECRET_KEY
valueFrom:
secretKeyRef:
key: MIRAGE_SECRET_KEY
name: oncall
- name: MIRAGE_CIPHER_IV
value: 1234567890abcdef
- name: DJANGO_SETTINGS_MODULE
value: settings.helm
- name: AMIXR_DJANGO_ADMIN_PATH
value: admin
- name: OSS
value: "True"
- name: UWSGI_LISTEN
value: "1024"
- name: BROKER_TYPE
value: rabbitmq
- name: GRAFANA_API_URL
value: http://oncall-grafana
- name: DATABASE_TYPE
value: postgresql
- name: DATABASE_HOST
value: oncall-postgresql
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_NAME
value: oncall
- name: DATABASE_USER
value: postgres
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: oncall-postgresql
- name: RABBITMQ_USERNAME
value: user
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: rabbitmq-password
name: oncall-rabbitmq
- name: RABBITMQ_HOST
value: oncall-rabbitmq
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_PROTOCOL
value: amqp
- name: RABBITMQ_VHOST
value: ""
- name: REDIS_HOST
value: oncall-redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: oncall-redis
image: grafana/oncall:v1.2.36
imagePullPolicy: Always
name: wait-for-db
securityContext: {}
2: |
- command:
- sh
- -c
- until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
env:
- name: BASE_URL
value: https://example.com
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: SECRET_KEY
name: oncall
- name: MIRAGE_SECRET_KEY
valueFrom:
secretKeyRef:
key: MIRAGE_SECRET_KEY
name: oncall
- name: MIRAGE_CIPHER_IV
value: 1234567890abcdef
- name: DJANGO_SETTINGS_MODULE
value: settings.helm
- name: AMIXR_DJANGO_ADMIN_PATH
value: admin
- name: OSS
value: "True"
- name: UWSGI_LISTEN
value: "1024"
- name: BROKER_TYPE
value: rabbitmq
- name: GRAFANA_API_URL
value: http://oncall-grafana
- name: DATABASE_TYPE
value: postgresql
- name: DATABASE_HOST
value: oncall-postgresql
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_NAME
value: oncall
- name: DATABASE_USER
value: postgres
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: oncall-postgresql
- name: RABBITMQ_USERNAME
value: user
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: rabbitmq-password
name: oncall-rabbitmq
- name: RABBITMQ_HOST
value: oncall-rabbitmq
- name: RABBITMQ_PORT
value: "5672"
- name: RABBITMQ_PROTOCOL
value: amqp
- name: RABBITMQ_VHOST
value: ""
- name: REDIS_HOST
value: oncall-redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: oncall-redis
image: grafana/oncall:v1.2.36
imagePullPolicy: Always
name: wait-for-db
securityContext: {}

108
helm/oncall/tests/extra_env_test.yaml Normal file
View file

@ -0,0 +1,108 @@
suite: test extra envs for deployments
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
- celery/deployment-celery.yaml
release:
name: oncall
tests:
- it: env=[] -> should support old syntax
set:
env:
- name: SOME_VAR
value: some_value
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: SOME_VAR
value: some_value
- it: env=map[] -> should set multiple envs
set:
env:
SOME_VAR: some_value
another_var: "another_value"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: SOME_VAR
value: some_value
- contains:
path: spec.template.spec.containers[0].env
content:
name: another_var
value: "another_value"
- it: env=[] -> should add envs into initContainer
templates:
- engine/deployment.yaml
- celery/deployment-celery.yaml
set:
env:
- name: SOME_VAR
value: some_value
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: SOME_VAR
value: some_value
- it: env=map[] -> should add envs into initContainer
templates:
- engine/deployment.yaml
- celery/deployment-celery.yaml
set:
env:
SOME_VAR: some_value
another_var: "another_value"
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: SOME_VAR
value: some_value
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: another_var
value: "another_value"
- it: database.type=postgresql and env=map[] -> should add envs into initContainer
templates:
- engine/deployment.yaml
- celery/deployment-celery.yaml
set:
database.type: postgresql
env:
SOME_VAR: some_value
another_var: "another_value"
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: SOME_VAR
value: some_value
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: another_var
value: "another_value"
- it: database.type=postgresql and env=[] -> should support old style for initContainer
templates:
- engine/deployment.yaml
- celery/deployment-celery.yaml
set:
database.type: postgresql
env:
- name: SOME_VAR
value: some_value
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: SOME_VAR
value: some_value

33
helm/oncall/tests/image_deployments_test.yaml Normal file
View file

@ -0,0 +1,33 @@
suite: test image and imagePullPolicy for deployments
templates:
- celery/deployment-celery.yaml
- engine/deployment.yaml
- engine/job-migrate.yaml
release:
name: oncall
chart:
appVersion: 1.2.36
tests:
- it: image={} -> should use default image tag
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: grafana/oncall:1.2.36
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
- it: image.repository and image.tag -> should use custom image
set:
image:
repository: custom-oncall
tag: 1.2.36-custom
pullPolicy: IfNotPresent
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: custom-oncall:1.2.36-custom
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent

25
helm/oncall/tests/image_pull_secrets_test.yaml Normal file
View file

@ -0,0 +1,25 @@
suite: test image pull secrets
templates:
- celery/deployment-celery.yaml
- engine/deployment.yaml
- engine/job-migrate.yaml
release:
name: oncall
tests:
- it: imagePullSecrets=[] -> should not create spec.template.spec.imagePullSecrets
set:
imagePullSecrets: []
asserts:
- notExists:
path: spec.template.spec.imagePullSecrets
- it: imagePullSecrets -> should use custom imagePullSecrets
set:
imagePullSecrets:
- name: regcred
asserts:
- contains:
path: spec.template.spec.imagePullSecrets
content:
name: regcred

118
helm/oncall/tests/mysql_env_test.yaml Normal file
View file

@ -0,0 +1,118 @@
suite: test MySQL envs for deployments
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
- celery/deployment-celery.yaml
release:
name: oncall
tests:
- it: mariadb.enabled=false -> external MySQL default settings
set:
mariadb.enabled: false
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: DATABASE_TYPE
not: true
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_DB_NAME
value: oncall
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_PORT
value: "3306"
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_USER
value: root
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_HOST
value: oncall-mariadb
- it: externalMysql -> use external MySQL custom settings
set:
mariadb.enabled: false
externalMysql:
host: test-host
port: 5555
db_name: grafana_oncall
user: test_user
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_DB_NAME
value: grafana_oncall
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_PORT
value: "5555"
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_USER
value: test_user
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_HOST
value: test-host
- it: mariadb.enabled=true -> internal MySQL default settings
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_DB_NAME
value: oncall
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_PORT
value: "3306"
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_USER
value: root
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_HOST
value: oncall-mariadb
- it: mariadb.auth -> internal MySQL custom settings
set:
mariadb:
auth:
database: grafana_oncall
username: grafana_oncall
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_DB_NAME
value: grafana_oncall
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_PORT
value: "3306"
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_USER
value: grafana_oncall
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_HOST
value: oncall-mariadb

46
helm/oncall/tests/mysql_password_env_test.yaml Normal file
View file

@ -0,0 +1,46 @@
suite: test MySQL password envs for deployments
release:
name: oncall
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
- celery/deployment-celery.yaml
- secrets.yaml
tests:
- it: secrets -> should fail if externalMysql.password not set
set:
mariadb.enabled: false
asserts:
- failedTemplate:
errorMessage: externalMysql.password is required if not mariadb.enabled
template: secrets.yaml
- it: externalMySQL.password -> should create a Secret -mariadb-external
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
- celery/deployment-celery.yaml
set:
mariadb.enabled: false
externalMysql:
password: abcd123
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: oncall-mysql-external
key: mariadb-root-password
- containsDocument:
kind: Secret
apiVersion: v1
name: oncall-mysql-external
template: secrets.yaml
- equal:
path: data.mariadb-root-password
value: abcd123
decodeBase64: true
documentIndex: 1
template: secrets.yaml

10
helm/oncall/tests/postgres_env_test.yaml
View file

@ -1,4 +1,4 @@
suite: test postgresql deployment environments
suite: test PostgreSQL envs for deployments
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
@ -6,7 +6,7 @@ templates:
release:
name: oncall
tests:
- it: external Postgresql default settings
- it: postgresql.enabled=false -> external PostgreSQL default settings
set:
database.type: postgresql
postgresql.enabled: false
@ -37,7 +37,7 @@ tests:
name: DATABASE_HOST
value: oncall-postgresql
- it: external Postgresql custom settings
- it: externalPostgresql -> should use external PostgreSQL custom settings
set:
database.type: postgresql
postgresql.enabled: false
@ -73,7 +73,7 @@ tests:
name: DATABASE_HOST
value: test-host
- it: internal Postgresql default settings
- it: postgresql.enabled=true -> internal PostgreSQL default settings
set:
database.type: postgresql
postgresql.enabled: true
@ -104,7 +104,7 @@ tests:
name: DATABASE_HOST
value: oncall-postgresql
- it: internal Postgresql custom settings
- it: postgresql.auth -> should use internal PostgreSQL custom settings
set:
database.type: postgresql
postgresql:

12
helm/oncall/tests/postgres_password_env_test.yaml
View file

@ -1,4 +1,4 @@
suite: test postgresql password deployment environments
suite: test PostgreSQL password envs for deployments
release:
name: oncall
templates:
@ -7,7 +7,7 @@ templates:
- celery/deployment-celery.yaml
- secrets.yaml
tests:
- it: should fail if externalPostgresql.password not set
- it: secrets -> should fail if externalPostgresql.password not set
set:
database.type: postgresql
postgresql.enabled: false
@ -16,7 +16,7 @@ tests:
errorMessage: externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret
template: secrets.yaml
- it: externalPostgresql.password should create Secret -postgresql-external
- it: externalPostgresql.password -> should create a Secret -postgresql-external
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
@ -47,7 +47,7 @@ tests:
documentIndex: 1
template: secrets.yaml
- it: externalPostgresql.existingSecret should use existing secret
- it: externalPostgresql.existingSecret -> should use existing secret
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
@ -67,7 +67,7 @@ tests:
name: some-postgres-secret
key: postgres-password
- it: externalPostgresql.passwordKey should be used for existing secret
- it: externalPostgresql.passwordKey -> should be used for existing secret
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml
@ -88,7 +88,7 @@ tests:
name: some-postgres-secret
key: postgres.key
- it: internal Postgresql custom settings
- it: postgresql.auth -> should use internal Postgresql custom settings
templates:
- engine/deployment.yaml
- engine/job-migrate.yaml

39
helm/oncall/tests/security_context_deployments_test.yaml Normal file
View file

@ -0,0 +1,39 @@
suite: test security context for deployments
templates:
- celery/deployment-celery.yaml
- engine/deployment.yaml
- engine/job-migrate.yaml
release:
name: oncall
tests:
- it: podSecurityContext={} -> spec.template.spec.securityContext is empty (default)
set:
asserts:
- isNullOrEmpty:
path: spec.template.spec.securityContext
- isNullOrEmpty:
path: spec.template.spec.containers[0].securityContext
- it: podSecurityContext.runAsNonRoot=true -> should fill securityContext
set:
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
asserts:
- isSubset:
path: spec.template.spec.securityContext
content:
runAsNonRoot: true
runAsUser: 1000
- it: securityContext.runAsNonRoot=true -> should fill securityContext for container
set:
securityContext:
runAsNonRoot: true
runAsUser: 1000
asserts:
- isSubset:
path: spec.template.spec.containers[0].securityContext
content:
runAsNonRoot: true
runAsUser: 1000

30
helm/oncall/tests/service_account_deployments_test.yaml Normal file
View file

@ -0,0 +1,30 @@
suite: test service account deployments
templates:
- celery/deployment-celery.yaml
- engine/deployment.yaml
- engine/job-migrate.yaml
release:
name: oncall
tests:
- it: serviceAccount.create=true -> should use created serviceAccount for deployments (default)
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: oncall
- it: serviceAccount.create=false -> should use default serviceAccount for deployments
set:
serviceAccount.create: false
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: default
- it: serviceAccount.name=custom -> should use created custom serviceAccount for deployments
set:
serviceAccount.name: custom
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: custom

44
helm/oncall/tests/service_account_test.yaml Normal file
View file

@ -0,0 +1,44 @@
suite: test service account
templates:
- serviceaccount.yaml
release:
name: oncall
tests:
- it: serviceAccount.create=true -> should create serviceAccount (default)
asserts:
- containsDocument:
kind: ServiceAccount
apiVersion: v1
name: oncall
- notExists:
path: metadata.annotations
- isSubset:
path: metadata.labels
content:
app.kubernetes.io/instance: oncall
app.kubernetes.io/name: oncall
- it: serviceAccount.create=false -> should not create serviceAccount
set:
serviceAccount.create: false
asserts:
- hasDocuments:
count: 0
- it: serviceAccount.name=custom -> should create custom serviceAccount
set:
serviceAccount.name: custom
asserts:
- equal:
path: metadata.name
value: custom
- it: serviceAccount.annotations -> should add annotations to serviceAccount
set:
serviceAccount.annotations:
some-annotation: some-value
asserts:
- isSubset:
path: metadata.annotations
content:
some-annotation: some-value

55
helm/oncall/tests/telegram_env_test.yaml Normal file
View file

@ -0,0 +1,55 @@
suite: test telegram envs for deployments
templates:
- engine/deployment.yaml
- celery/deployment-celery.yaml
release:
name: oncall
tests:
- it: oncall.telegram.enabled=false -> Telegram integration disabled (default)
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: FEATURE_TELEGRAM_INTEGRATION_ENABLED
value: "False"
- it: oncall.telegram.enabled=true -> should enable Telegram integration
set:
oncall.telegram:
enabled: true
webhookUrl: https://example.com
token: "abcd:123"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: FEATURE_TELEGRAM_INTEGRATION_ENABLED
value: "True"
- contains:
path: spec.template.spec.containers[0].env
content:
name: TELEGRAM_WEBHOOK_HOST
value: "https://example.com"
- contains:
path: spec.template.spec.containers[0].env
content:
name: TELEGRAM_TOKEN
value: "abcd:123"
- it: oncall.telegram.existingSecret=some-secret -> should prefer existing secret over oncall.telegram.token
set:
oncall.telegram:
enabled: true
token: "abcd:123"
existingSecret: some-secret
tokenKey: token
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: TELEGRAM_TOKEN
valueFrom:
secretKeyRef:
name: some-secret
key: token

7
helm/oncall/tests/uwsgi_env_test.yaml
View file

@ -6,7 +6,7 @@ templates:
release:
name: oncall
tests:
- it: uwsgi.listen should overwrite UWSGI_LISTEN env
- it: uwsgi.listen -> should overwrite UWSGI_LISTEN env
set:
uwsgi.listen: 128
asserts:
@ -15,7 +15,7 @@ tests:
content:
name: UWSGI_LISTEN
value: "128"
- it: uwsgi.envs should set multiple UWSGI_* envs
- it: uwsgi=map[] -> should set multiple UWSGI_* envs
set:
uwsgi:
processes: 3
@ -36,7 +36,8 @@ tests:
content:
name: UWSGI_MAX_REQUESTS
value: "1000"
- it: uwsgi.null should not set any UWSGI_* variable
- it: uwsgi=null -> should not set any UWSGI_* variable
set:
uwsgi: null
asserts:

41
helm/oncall/tests/wait_for_db_test.yaml Normal file
View file

@ -0,0 +1,41 @@
suite: test init container wait-for-db in deployments
templates:
- celery/deployment-celery.yaml
- engine/deployment.yaml
release:
name: oncall
chart:
appVersion: v1.2.36
tests:
- it: database.type=mysql -> should create initContainer for MySQL database (default)
asserts:
- contains:
path: spec.template.spec.initContainers
content:
name: wait-for-db
any: true
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: MYSQL_DB_NAME
value: oncall
- matchSnapshot:
path: spec.template.spec.initContainers
- it: database.type=postgresql -> should create initContainer for PostgreSQL database
set:
database.type: postgresql
asserts:
- contains:
path: spec.template.spec.initContainers
content:
name: wait-for-db
any: true
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: DATABASE_TYPE
value: postgresql
- matchSnapshot:
path: spec.template.spec.initContainers

8
helm/oncall/values.yaml
View file

@ -4,6 +4,14 @@
# If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too
base_url: example.com
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## imagePullSecrets:
## - name: myRegistryKeySecretName
imagePullSecrets: []
image:
# Grafana OnCall docker image repository
repository: grafana/oncall