diff --git a/CHANGELOG.md b/CHANGELOG.md index cd0f0133..8e706b59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Fix receive channel filter in alert groups API [#2140](https://github.com/grafana/oncall/pull/2140) +- Helm chart: Fix usage of `env` settings as map; + Fix usage of `mariadb.auth.database` and `mariadb.auth.username` for MYSQL env variables by @alexintech [#2146](https://github.com/grafana/oncall/pull/2146) ## v1.2.41 (2023-06-08) diff --git a/helm/oncall/templates/_env.tpl b/helm/oncall/templates/_env.tpl index f269f37d..c4b5a6ac 100644 --- a/helm/oncall/templates/_env.tpl +++ b/helm/oncall/templates/_env.tpl @@ -257,7 +257,7 @@ http://{{ include "oncall.grafana.fullname" . }} {{- if and (not .Values.mariadb.enabled) .Values.externalMysql.db_name -}} {{- required "externalMysql.db_name is required if not mariadb.enabled" .Values.externalMysql.db_name | quote}} {{- else -}} -"oncall" +{{- .Values.mariadb.auth.database | default "oncall" | quote -}} {{- end -}} {{- end -}} @@ -265,7 +265,7 @@ http://{{ include "oncall.grafana.fullname" . }} {{- if and (not .Values.mariadb.enabled) .Values.externalMysql.user -}} {{- .Values.externalMysql.user | quote }} {{- else -}} -"root" +{{- .Values.mariadb.auth.username | default "root" | quote -}} {{- end -}} {{- end -}} diff --git a/helm/oncall/templates/_helpers.tpl b/helm/oncall/templates/_helpers.tpl index 1566deb1..e58f9edc 100644 --- a/helm/oncall/templates/_helpers.tpl +++ b/helm/oncall/templates/_helpers.tpl @@ -97,17 +97,7 @@ Create the name of the service account to use {{- include "snippet.mysql.env" . | nindent 4 }} {{- include "snippet.rabbitmq.env" . | nindent 4 }} {{- include "snippet.redis.env" . | nindent 4 }} - {{- if .Values.env }} - {{- if (kindIs "map" .Values.env) }} - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value }} - {{- end -}} - {{/* support previous schema */}} - {{- else }} - {{- toYaml .Values.env | nindent 4 }} - {{- end }} - {{- end }} + {{- include "oncall.extraEnvs" . | nindent 4 }} {{- end }} {{- define "oncall.postgresql.wait-for-db" }} @@ -122,7 +112,19 @@ Create the name of the service account to use {{- include "snippet.postgresql.env" . | nindent 4 }} {{- include "snippet.rabbitmq.env" . | nindent 4 }} {{- include "snippet.redis.env" . | nindent 4 }} - {{- if .Values.env }} - {{- toYaml .Values.env | nindent 4 }} - {{- end }} + {{- include "oncall.extraEnvs" . | nindent 4 }} {{- end }} + +{{- define "oncall.extraEnvs" -}} +{{- if .Values.env }} + {{- if (kindIs "map" .Values.env) }} + {{- range $key, $value := .Values.env }} +- name: {{ $key }} + value: {{ $value }} + {{- end -}} + {{/* support previous schema */}} + {{- else }} +{{- toYaml .Values.env }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/oncall/templates/celery/_deployment.tpl b/helm/oncall/templates/celery/_deployment.tpl index 92d530ab..681a0d7b 100644 --- a/helm/oncall/templates/celery/_deployment.tpl +++ b/helm/oncall/templates/celery/_deployment.tpl @@ -59,17 +59,7 @@ spec: {{- end }} {{- include "snippet.rabbitmq.env" . | nindent 12 }} {{- include "snippet.redis.env" . | nindent 12 }} - {{- if .Values.env }} - {{- if (kindIs "map" .Values.env) }} - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value }} - {{- end -}} - {{/* support previous schema */}} - {{- else }} - {{- toYaml .Values.env | nindent 12 }} - {{- end }} - {{- end }} + {{- include "oncall.extraEnvs" . | nindent 12 }} {{- if .Values.celery.livenessProbe.enabled }} livenessProbe: exec: diff --git a/helm/oncall/templates/engine/deployment.yaml b/helm/oncall/templates/engine/deployment.yaml index ba9bb820..781e1698 100644 --- a/helm/oncall/templates/engine/deployment.yaml +++ b/helm/oncall/templates/engine/deployment.yaml @@ -59,17 +59,7 @@ spec: {{- end }} {{- include "snippet.rabbitmq.env" . | nindent 12 }} {{- include "snippet.redis.env" . | nindent 12 }} - {{- if .Values.env }} - {{- if (kindIs "map" .Values.env) }} - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value }} - {{- end -}} - {{/* support previous schema */}} - {{- else }} - {{- toYaml .Values.env | nindent 12 }} - {{- end }} - {{- end }} + {{- include "oncall.extraEnvs" . | nindent 12 }} livenessProbe: httpGet: path: /health/ diff --git a/helm/oncall/templates/engine/job-migrate.yaml b/helm/oncall/templates/engine/job-migrate.yaml index 8010905c..b52c824b 100644 --- a/helm/oncall/templates/engine/job-migrate.yaml +++ b/helm/oncall/templates/engine/job-migrate.yaml @@ -74,9 +74,7 @@ spec: {{- end }} {{- include "snippet.rabbitmq.env" . | nindent 12 }} {{- include "snippet.redis.env" . | nindent 12 }} - {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} - {{- end }} + {{- include "oncall.extraEnvs" . | nindent 12 }} resources: {{- toYaml .Values.engine.resources | nindent 12 }} {{- end }} diff --git a/helm/oncall/tests/__snapshot__/wait_for_db_test.yaml.snap b/helm/oncall/tests/__snapshot__/wait_for_db_test.yaml.snap new file mode 100644 index 00000000..76d8cace --- /dev/null +++ b/helm/oncall/tests/__snapshot__/wait_for_db_test.yaml.snap @@ -0,0 +1,298 @@ +database.type=mysql -> should create initContainer for MySQL database (default): + 1: | + - command: + - sh + - -c + - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done + env: + - name: BASE_URL + value: https://example.com + - name: SECRET_KEY + valueFrom: + secretKeyRef: + key: SECRET_KEY + name: oncall + - name: MIRAGE_SECRET_KEY + valueFrom: + secretKeyRef: + key: MIRAGE_SECRET_KEY + name: oncall + - name: MIRAGE_CIPHER_IV + value: 1234567890abcdef + - name: DJANGO_SETTINGS_MODULE + value: settings.helm + - name: AMIXR_DJANGO_ADMIN_PATH + value: admin + - name: OSS + value: "True" + - name: UWSGI_LISTEN + value: "1024" + - name: BROKER_TYPE + value: rabbitmq + - name: GRAFANA_API_URL + value: http://oncall-grafana + - name: MYSQL_HOST + value: oncall-mariadb + - name: MYSQL_PORT + value: "3306" + - name: MYSQL_DB_NAME + value: oncall + - name: MYSQL_USER + value: root + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: mariadb-root-password + name: oncall-mariadb + - name: RABBITMQ_USERNAME + value: user + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: rabbitmq-password + name: oncall-rabbitmq + - name: RABBITMQ_HOST + value: oncall-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_PROTOCOL + value: amqp + - name: RABBITMQ_VHOST + value: "" + - name: REDIS_HOST + value: oncall-redis-master + - name: REDIS_PORT + value: "6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: oncall-redis + image: grafana/oncall:v1.2.36 + imagePullPolicy: Always + name: wait-for-db + securityContext: {} + 2: | + - command: + - sh + - -c + - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done + env: + - name: BASE_URL + value: https://example.com + - name: SECRET_KEY + valueFrom: + secretKeyRef: + key: SECRET_KEY + name: oncall + - name: MIRAGE_SECRET_KEY + valueFrom: + secretKeyRef: + key: MIRAGE_SECRET_KEY + name: oncall + - name: MIRAGE_CIPHER_IV + value: 1234567890abcdef + - name: DJANGO_SETTINGS_MODULE + value: settings.helm + - name: AMIXR_DJANGO_ADMIN_PATH + value: admin + - name: OSS + value: "True" + - name: UWSGI_LISTEN + value: "1024" + - name: BROKER_TYPE + value: rabbitmq + - name: GRAFANA_API_URL + value: http://oncall-grafana + - name: MYSQL_HOST + value: oncall-mariadb + - name: MYSQL_PORT + value: "3306" + - name: MYSQL_DB_NAME + value: oncall + - name: MYSQL_USER + value: root + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: mariadb-root-password + name: oncall-mariadb + - name: RABBITMQ_USERNAME + value: user + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: rabbitmq-password + name: oncall-rabbitmq + - name: RABBITMQ_HOST + value: oncall-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_PROTOCOL + value: amqp + - name: RABBITMQ_VHOST + value: "" + - name: REDIS_HOST + value: oncall-redis-master + - name: REDIS_PORT + value: "6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: oncall-redis + image: grafana/oncall:v1.2.36 + imagePullPolicy: Always + name: wait-for-db + securityContext: {} +database.type=postgresql -> should create initContainer for PostgreSQL database: + 1: | + - command: + - sh + - -c + - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done + env: + - name: BASE_URL + value: https://example.com + - name: SECRET_KEY + valueFrom: + secretKeyRef: + key: SECRET_KEY + name: oncall + - name: MIRAGE_SECRET_KEY + valueFrom: + secretKeyRef: + key: MIRAGE_SECRET_KEY + name: oncall + - name: MIRAGE_CIPHER_IV + value: 1234567890abcdef + - name: DJANGO_SETTINGS_MODULE + value: settings.helm + - name: AMIXR_DJANGO_ADMIN_PATH + value: admin + - name: OSS + value: "True" + - name: UWSGI_LISTEN + value: "1024" + - name: BROKER_TYPE + value: rabbitmq + - name: GRAFANA_API_URL + value: http://oncall-grafana + - name: DATABASE_TYPE + value: postgresql + - name: DATABASE_HOST + value: oncall-postgresql + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_NAME + value: oncall + - name: DATABASE_USER + value: postgres + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: oncall-postgresql + - name: RABBITMQ_USERNAME + value: user + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: rabbitmq-password + name: oncall-rabbitmq + - name: RABBITMQ_HOST + value: oncall-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_PROTOCOL + value: amqp + - name: RABBITMQ_VHOST + value: "" + - name: REDIS_HOST + value: oncall-redis-master + - name: REDIS_PORT + value: "6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: oncall-redis + image: grafana/oncall:v1.2.36 + imagePullPolicy: Always + name: wait-for-db + securityContext: {} + 2: | + - command: + - sh + - -c + - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done + env: + - name: BASE_URL + value: https://example.com + - name: SECRET_KEY + valueFrom: + secretKeyRef: + key: SECRET_KEY + name: oncall + - name: MIRAGE_SECRET_KEY + valueFrom: + secretKeyRef: + key: MIRAGE_SECRET_KEY + name: oncall + - name: MIRAGE_CIPHER_IV + value: 1234567890abcdef + - name: DJANGO_SETTINGS_MODULE + value: settings.helm + - name: AMIXR_DJANGO_ADMIN_PATH + value: admin + - name: OSS + value: "True" + - name: UWSGI_LISTEN + value: "1024" + - name: BROKER_TYPE + value: rabbitmq + - name: GRAFANA_API_URL + value: http://oncall-grafana + - name: DATABASE_TYPE + value: postgresql + - name: DATABASE_HOST + value: oncall-postgresql + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_NAME + value: oncall + - name: DATABASE_USER + value: postgres + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: oncall-postgresql + - name: RABBITMQ_USERNAME + value: user + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: rabbitmq-password + name: oncall-rabbitmq + - name: RABBITMQ_HOST + value: oncall-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_PROTOCOL + value: amqp + - name: RABBITMQ_VHOST + value: "" + - name: REDIS_HOST + value: oncall-redis-master + - name: REDIS_PORT + value: "6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: oncall-redis + image: grafana/oncall:v1.2.36 + imagePullPolicy: Always + name: wait-for-db + securityContext: {} diff --git a/helm/oncall/tests/extra_env_test.yaml b/helm/oncall/tests/extra_env_test.yaml new file mode 100644 index 00000000..3c6e19d0 --- /dev/null +++ b/helm/oncall/tests/extra_env_test.yaml @@ -0,0 +1,108 @@ +suite: test extra envs for deployments +templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml +release: + name: oncall +tests: + - it: env=[] -> should support old syntax + set: + env: + - name: SOME_VAR + value: some_value + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SOME_VAR + value: some_value + + - it: env=map[] -> should set multiple envs + set: + env: + SOME_VAR: some_value + another_var: "another_value" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SOME_VAR + value: some_value + - contains: + path: spec.template.spec.containers[0].env + content: + name: another_var + value: "another_value" + + - it: env=[] -> should add envs into initContainer + templates: + - engine/deployment.yaml + - celery/deployment-celery.yaml + set: + env: + - name: SOME_VAR + value: some_value + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: SOME_VAR + value: some_value + + - it: env=map[] -> should add envs into initContainer + templates: + - engine/deployment.yaml + - celery/deployment-celery.yaml + set: + env: + SOME_VAR: some_value + another_var: "another_value" + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: SOME_VAR + value: some_value + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: another_var + value: "another_value" + + - it: database.type=postgresql and env=map[] -> should add envs into initContainer + templates: + - engine/deployment.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + env: + SOME_VAR: some_value + another_var: "another_value" + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: SOME_VAR + value: some_value + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: another_var + value: "another_value" + + - it: database.type=postgresql and env=[] -> should support old style for initContainer + templates: + - engine/deployment.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + env: + - name: SOME_VAR + value: some_value + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: SOME_VAR + value: some_value diff --git a/helm/oncall/tests/image_deployments_test.yaml b/helm/oncall/tests/image_deployments_test.yaml new file mode 100644 index 00000000..1418ae7c --- /dev/null +++ b/helm/oncall/tests/image_deployments_test.yaml @@ -0,0 +1,33 @@ +suite: test image and imagePullPolicy for deployments +templates: + - celery/deployment-celery.yaml + - engine/deployment.yaml + - engine/job-migrate.yaml +release: + name: oncall +chart: + appVersion: 1.2.36 +tests: + - it: image={} -> should use default image tag + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: grafana/oncall:1.2.36 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: image.repository and image.tag -> should use custom image + set: + image: + repository: custom-oncall + tag: 1.2.36-custom + pullPolicy: IfNotPresent + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom-oncall:1.2.36-custom + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + diff --git a/helm/oncall/tests/image_pull_secrets_test.yaml b/helm/oncall/tests/image_pull_secrets_test.yaml new file mode 100644 index 00000000..e4ffd7cb --- /dev/null +++ b/helm/oncall/tests/image_pull_secrets_test.yaml @@ -0,0 +1,25 @@ +suite: test image pull secrets +templates: + - celery/deployment-celery.yaml + - engine/deployment.yaml + - engine/job-migrate.yaml +release: + name: oncall +tests: + - it: imagePullSecrets=[] -> should not create spec.template.spec.imagePullSecrets + set: + imagePullSecrets: [] + asserts: + - notExists: + path: spec.template.spec.imagePullSecrets + + - it: imagePullSecrets -> should use custom imagePullSecrets + set: + imagePullSecrets: + - name: regcred + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: regcred + diff --git a/helm/oncall/tests/mysql_env_test.yaml b/helm/oncall/tests/mysql_env_test.yaml new file mode 100644 index 00000000..b374adbe --- /dev/null +++ b/helm/oncall/tests/mysql_env_test.yaml @@ -0,0 +1,118 @@ +suite: test MySQL envs for deployments +templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml +release: + name: oncall +tests: + - it: mariadb.enabled=false -> external MySQL default settings + set: + mariadb.enabled: false + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_TYPE + not: true + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_DB_NAME + value: oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_USER + value: root + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_HOST + value: oncall-mariadb + + - it: externalMysql -> use external MySQL custom settings + set: + mariadb.enabled: false + externalMysql: + host: test-host + port: 5555 + db_name: grafana_oncall + user: test_user + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_DB_NAME + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PORT + value: "5555" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_USER + value: test_user + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_HOST + value: test-host + + - it: mariadb.enabled=true -> internal MySQL default settings + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_DB_NAME + value: oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_USER + value: root + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_HOST + value: oncall-mariadb + + - it: mariadb.auth -> internal MySQL custom settings + set: + mariadb: + auth: + database: grafana_oncall + username: grafana_oncall + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_DB_NAME + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_USER + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_HOST + value: oncall-mariadb diff --git a/helm/oncall/tests/mysql_password_env_test.yaml b/helm/oncall/tests/mysql_password_env_test.yaml new file mode 100644 index 00000000..96aca613 --- /dev/null +++ b/helm/oncall/tests/mysql_password_env_test.yaml @@ -0,0 +1,46 @@ +suite: test MySQL password envs for deployments +release: + name: oncall +templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + - secrets.yaml +tests: + - it: secrets -> should fail if externalMysql.password not set + set: + mariadb.enabled: false + asserts: + - failedTemplate: + errorMessage: externalMysql.password is required if not mariadb.enabled + template: secrets.yaml + + - it: externalMySQL.password -> should create a Secret -mariadb-external + templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + set: + mariadb.enabled: false + externalMysql: + password: abcd123 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: oncall-mysql-external + key: mariadb-root-password + - containsDocument: + kind: Secret + apiVersion: v1 + name: oncall-mysql-external + template: secrets.yaml + - equal: + path: data.mariadb-root-password + value: abcd123 + decodeBase64: true + documentIndex: 1 + template: secrets.yaml diff --git a/helm/oncall/tests/postgres_env_test.yaml b/helm/oncall/tests/postgres_env_test.yaml index e55648f4..bbacbe6e 100644 --- a/helm/oncall/tests/postgres_env_test.yaml +++ b/helm/oncall/tests/postgres_env_test.yaml @@ -1,4 +1,4 @@ -suite: test postgresql deployment environments +suite: test PostgreSQL envs for deployments templates: - engine/deployment.yaml - engine/job-migrate.yaml @@ -6,7 +6,7 @@ templates: release: name: oncall tests: - - it: external Postgresql default settings + - it: postgresql.enabled=false -> external PostgreSQL default settings set: database.type: postgresql postgresql.enabled: false @@ -37,7 +37,7 @@ tests: name: DATABASE_HOST value: oncall-postgresql - - it: external Postgresql custom settings + - it: externalPostgresql -> should use external PostgreSQL custom settings set: database.type: postgresql postgresql.enabled: false @@ -73,7 +73,7 @@ tests: name: DATABASE_HOST value: test-host - - it: internal Postgresql default settings + - it: postgresql.enabled=true -> internal PostgreSQL default settings set: database.type: postgresql postgresql.enabled: true @@ -104,7 +104,7 @@ tests: name: DATABASE_HOST value: oncall-postgresql - - it: internal Postgresql custom settings + - it: postgresql.auth -> should use internal PostgreSQL custom settings set: database.type: postgresql postgresql: diff --git a/helm/oncall/tests/postgres_password_env_test.yaml b/helm/oncall/tests/postgres_password_env_test.yaml index cd0e5b9a..83c2cc02 100644 --- a/helm/oncall/tests/postgres_password_env_test.yaml +++ b/helm/oncall/tests/postgres_password_env_test.yaml @@ -1,4 +1,4 @@ -suite: test postgresql password deployment environments +suite: test PostgreSQL password envs for deployments release: name: oncall templates: @@ -7,7 +7,7 @@ templates: - celery/deployment-celery.yaml - secrets.yaml tests: - - it: should fail if externalPostgresql.password not set + - it: secrets -> should fail if externalPostgresql.password not set set: database.type: postgresql postgresql.enabled: false @@ -16,7 +16,7 @@ tests: errorMessage: externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret template: secrets.yaml - - it: externalPostgresql.password should create Secret -postgresql-external + - it: externalPostgresql.password -> should create a Secret -postgresql-external templates: - engine/deployment.yaml - engine/job-migrate.yaml @@ -47,7 +47,7 @@ tests: documentIndex: 1 template: secrets.yaml - - it: externalPostgresql.existingSecret should use existing secret + - it: externalPostgresql.existingSecret -> should use existing secret templates: - engine/deployment.yaml - engine/job-migrate.yaml @@ -67,7 +67,7 @@ tests: name: some-postgres-secret key: postgres-password - - it: externalPostgresql.passwordKey should be used for existing secret + - it: externalPostgresql.passwordKey -> should be used for existing secret templates: - engine/deployment.yaml - engine/job-migrate.yaml @@ -88,7 +88,7 @@ tests: name: some-postgres-secret key: postgres.key - - it: internal Postgresql custom settings + - it: postgresql.auth -> should use internal Postgresql custom settings templates: - engine/deployment.yaml - engine/job-migrate.yaml diff --git a/helm/oncall/tests/security_context_deployments_test.yaml b/helm/oncall/tests/security_context_deployments_test.yaml new file mode 100644 index 00000000..9cf6db81 --- /dev/null +++ b/helm/oncall/tests/security_context_deployments_test.yaml @@ -0,0 +1,39 @@ +suite: test security context for deployments +templates: + - celery/deployment-celery.yaml + - engine/deployment.yaml + - engine/job-migrate.yaml +release: + name: oncall +tests: + - it: podSecurityContext={} -> spec.template.spec.securityContext is empty (default) + set: + asserts: + - isNullOrEmpty: + path: spec.template.spec.securityContext + - isNullOrEmpty: + path: spec.template.spec.containers[0].securityContext + + - it: podSecurityContext.runAsNonRoot=true -> should fill securityContext + set: + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + asserts: + - isSubset: + path: spec.template.spec.securityContext + content: + runAsNonRoot: true + runAsUser: 1000 + + - it: securityContext.runAsNonRoot=true -> should fill securityContext for container + set: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + asserts: + - isSubset: + path: spec.template.spec.containers[0].securityContext + content: + runAsNonRoot: true + runAsUser: 1000 diff --git a/helm/oncall/tests/service_account_deployments_test.yaml b/helm/oncall/tests/service_account_deployments_test.yaml new file mode 100644 index 00000000..9fbe9303 --- /dev/null +++ b/helm/oncall/tests/service_account_deployments_test.yaml @@ -0,0 +1,30 @@ +suite: test service account deployments +templates: + - celery/deployment-celery.yaml + - engine/deployment.yaml + - engine/job-migrate.yaml +release: + name: oncall +tests: + - it: serviceAccount.create=true -> should use created serviceAccount for deployments (default) + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: oncall + + - it: serviceAccount.create=false -> should use default serviceAccount for deployments + set: + serviceAccount.create: false + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: default + + - it: serviceAccount.name=custom -> should use created custom serviceAccount for deployments + set: + serviceAccount.name: custom + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: custom + diff --git a/helm/oncall/tests/service_account_test.yaml b/helm/oncall/tests/service_account_test.yaml new file mode 100644 index 00000000..c60aabc0 --- /dev/null +++ b/helm/oncall/tests/service_account_test.yaml @@ -0,0 +1,44 @@ +suite: test service account +templates: + - serviceaccount.yaml +release: + name: oncall +tests: + - it: serviceAccount.create=true -> should create serviceAccount (default) + asserts: + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + name: oncall + - notExists: + path: metadata.annotations + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/instance: oncall + app.kubernetes.io/name: oncall + + - it: serviceAccount.create=false -> should not create serviceAccount + set: + serviceAccount.create: false + asserts: + - hasDocuments: + count: 0 + + - it: serviceAccount.name=custom -> should create custom serviceAccount + set: + serviceAccount.name: custom + asserts: + - equal: + path: metadata.name + value: custom + + - it: serviceAccount.annotations -> should add annotations to serviceAccount + set: + serviceAccount.annotations: + some-annotation: some-value + asserts: + - isSubset: + path: metadata.annotations + content: + some-annotation: some-value diff --git a/helm/oncall/tests/telegram_env_test.yaml b/helm/oncall/tests/telegram_env_test.yaml new file mode 100644 index 00000000..7f954568 --- /dev/null +++ b/helm/oncall/tests/telegram_env_test.yaml @@ -0,0 +1,55 @@ +suite: test telegram envs for deployments +templates: + - engine/deployment.yaml + - celery/deployment-celery.yaml +release: + name: oncall +tests: + - it: oncall.telegram.enabled=false -> Telegram integration disabled (default) + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: FEATURE_TELEGRAM_INTEGRATION_ENABLED + value: "False" + + - it: oncall.telegram.enabled=true -> should enable Telegram integration + set: + oncall.telegram: + enabled: true + webhookUrl: https://example.com + token: "abcd:123" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: FEATURE_TELEGRAM_INTEGRATION_ENABLED + value: "True" + - contains: + path: spec.template.spec.containers[0].env + content: + name: TELEGRAM_WEBHOOK_HOST + value: "https://example.com" + - contains: + path: spec.template.spec.containers[0].env + content: + name: TELEGRAM_TOKEN + value: "abcd:123" + + - it: oncall.telegram.existingSecret=some-secret -> should prefer existing secret over oncall.telegram.token + set: + oncall.telegram: + enabled: true + token: "abcd:123" + existingSecret: some-secret + tokenKey: token + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: TELEGRAM_TOKEN + valueFrom: + secretKeyRef: + name: some-secret + key: token + diff --git a/helm/oncall/tests/uwsgi_env_test.yaml b/helm/oncall/tests/uwsgi_env_test.yaml index 7986c361..3ed3bbb0 100644 --- a/helm/oncall/tests/uwsgi_env_test.yaml +++ b/helm/oncall/tests/uwsgi_env_test.yaml @@ -6,7 +6,7 @@ templates: release: name: oncall tests: - - it: uwsgi.listen should overwrite UWSGI_LISTEN env + - it: uwsgi.listen -> should overwrite UWSGI_LISTEN env set: uwsgi.listen: 128 asserts: @@ -15,7 +15,7 @@ tests: content: name: UWSGI_LISTEN value: "128" - - it: uwsgi.envs should set multiple UWSGI_* envs + - it: uwsgi=map[] -> should set multiple UWSGI_* envs set: uwsgi: processes: 3 @@ -36,7 +36,8 @@ tests: content: name: UWSGI_MAX_REQUESTS value: "1000" - - it: uwsgi.null should not set any UWSGI_* variable + + - it: uwsgi=null -> should not set any UWSGI_* variable set: uwsgi: null asserts: diff --git a/helm/oncall/tests/wait_for_db_test.yaml b/helm/oncall/tests/wait_for_db_test.yaml new file mode 100644 index 00000000..a744962e --- /dev/null +++ b/helm/oncall/tests/wait_for_db_test.yaml @@ -0,0 +1,41 @@ +suite: test init container wait-for-db in deployments +templates: + - celery/deployment-celery.yaml + - engine/deployment.yaml +release: + name: oncall +chart: + appVersion: v1.2.36 +tests: + - it: database.type=mysql -> should create initContainer for MySQL database (default) + asserts: + - contains: + path: spec.template.spec.initContainers + content: + name: wait-for-db + any: true + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: MYSQL_DB_NAME + value: oncall + - matchSnapshot: + path: spec.template.spec.initContainers + + - it: database.type=postgresql -> should create initContainer for PostgreSQL database + set: + database.type: postgresql + asserts: + - contains: + path: spec.template.spec.initContainers + content: + name: wait-for-db + any: true + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: DATABASE_TYPE + value: postgresql + - matchSnapshot: + path: spec.template.spec.initContainers + diff --git a/helm/oncall/values.yaml b/helm/oncall/values.yaml index 5fc5fafb..2398c86a 100644 --- a/helm/oncall/values.yaml +++ b/helm/oncall/values.yaml @@ -4,6 +4,14 @@ # If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too base_url: example.com +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## e.g: +## imagePullSecrets: +## - name: myRegistryKeySecretName +imagePullSecrets: [] + image: # Grafana OnCall docker image repository repository: grafana/oncall