ab561db8a7
# What this PR does ## Issue At the first run (`helm install ...`) the migration job cannot start the container because cannot find Postgres/Redis/MySQL credentials and ServiceAccount. Workaround: set `.migrate.useHook` value to `false` for the `install` stage, and after you can switch back to `true`. This PR completely resolves this issue. ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated (doesn't violate anything) - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) - [x] It is manually tested in the internal environment --------- Co-authored-by: Joey Orlando <joey.orlando@grafana.com> Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
154 lines
4.5 KiB
YAML
154 lines
4.5 KiB
YAML
suite: test PostgreSQL password envs for deployments
|
|
release:
|
|
name: oncall
|
|
templates:
|
|
- engine/deployment.yaml
|
|
- engine/job-migrate.yaml
|
|
- celery/deployment.yaml
|
|
- telegram-polling/deployment.yaml
|
|
- secrets.yaml
|
|
tests:
|
|
- it: secrets -> should fail if externalPostgresql.password not set
|
|
set:
|
|
database.type: postgresql
|
|
postgresql.enabled: false
|
|
externalPostgresql.host: some-postgres-host
|
|
asserts:
|
|
- failedTemplate:
|
|
errorMessage: >-
|
|
externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret
|
|
template: secrets.yaml
|
|
|
|
- it: externalPostgresql.password -> should create a Secret -postgresql-external
|
|
templates:
|
|
- engine/deployment.yaml
|
|
- engine/job-migrate.yaml
|
|
- celery/deployment.yaml
|
|
- telegram-polling/deployment.yaml
|
|
set:
|
|
telegramPolling.enabled: true
|
|
database.type: postgresql
|
|
postgresql.enabled: false
|
|
externalPostgresql:
|
|
password: abcd123
|
|
host: some-postgres-host
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oncall-postgresql-external
|
|
key: postgres-password
|
|
- containsDocument:
|
|
kind: Secret
|
|
apiVersion: v1
|
|
metadata.name: oncall-postgresql-external
|
|
template: secrets.yaml
|
|
- equal:
|
|
path: data.postgres-password
|
|
value: abcd123
|
|
decodeBase64: true
|
|
documentIndex: 1
|
|
template: secrets.yaml
|
|
|
|
- it: externalPostgresql.existingSecret -> should use existing secret
|
|
templates:
|
|
- engine/deployment.yaml
|
|
- engine/job-migrate.yaml
|
|
- celery/deployment.yaml
|
|
- telegram-polling/deployment.yaml
|
|
set:
|
|
telegramPolling.enabled: true
|
|
database.type: postgresql
|
|
postgresql.enabled: false
|
|
externalPostgresql:
|
|
existingSecret: some-postgres-secret
|
|
host: some-postgres-host
|
|
passwordKey: postgres-password-key
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: some-postgres-secret
|
|
key: postgres-password-key
|
|
|
|
- it: externalPostgresql.passwordKey -> should be used for existing secret
|
|
templates:
|
|
- engine/deployment.yaml
|
|
- engine/job-migrate.yaml
|
|
- celery/deployment.yaml
|
|
- telegram-polling/deployment.yaml
|
|
set:
|
|
telegramPolling.enabled: true
|
|
database.type: postgresql
|
|
postgresql.enabled: false
|
|
externalPostgresql:
|
|
host: some-postgres-host
|
|
existingSecret: some-postgres-secret
|
|
passwordKey: postgres.key
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: some-postgres-secret
|
|
key: postgres.key
|
|
|
|
- it: postgresql.auth -> should use internal Postgresql custom settings
|
|
templates:
|
|
- engine/deployment.yaml
|
|
- engine/job-migrate.yaml
|
|
- celery/deployment.yaml
|
|
- telegram-polling/deployment.yaml
|
|
set:
|
|
telegramPolling.enabled: true
|
|
database.type: postgresql
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
database: grafana_oncall
|
|
username: grafana_oncall
|
|
asserts:
|
|
- contains:
|
|
path: spec.template.spec.containers[0].env
|
|
content:
|
|
name: DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oncall-postgresql
|
|
key: password
|
|
|
|
- it: |
|
|
postgresql.enabled=false and migrate.useHook=>true -> should add "helm.sh/hook" annotations
|
|
to secret with PostgreSQL credentials
|
|
templates:
|
|
- secrets.yaml
|
|
set:
|
|
migrate.useHook: true
|
|
database.type: postgresql
|
|
postgresql.enabled: false
|
|
externalPostgresql:
|
|
host: test-host
|
|
port: 5555
|
|
db_name: grafana_oncall
|
|
user: test_user
|
|
password: ultrasecretword
|
|
asserts:
|
|
- containsDocument:
|
|
kind: Secret
|
|
apiVersion: v1
|
|
name: oncall-postgresql-external
|
|
documentIndex: 1
|
|
- isSubset:
|
|
path: metadata.annotations
|
|
content:
|
|
"helm.sh/hook": pre-install,pre-upgrade
|
|
"helm.sh/hook-weight": "-5"
|
|
documentIndex: 1
|