volker.raschek/helm-gitea
Archived
1
0
Fork 0
Code Issues 2 Pull Requests 7 Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-06-02. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
323b6bc863d884ea9c92cbfeb72798fd14c02323
helm-gitea/unittests/helm/deployment/openshift.yaml
T
techknowlogick b7663bb95f fix: Improve OpenShift compatibility (#1066)
2026-04-15 14:46:54 +00:00

107 lines
3.2 KiB
YAML
Raw Blame History

suite: deployment template (openshift)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: renders openshift-compatible defaults for chart-managed containers
template: templates/gitea/deployment.yaml
set:
openshift.enabled: true
asserts:
- notExists:
path: spec.template.spec.hostUsers
- notExists:
path: spec.template.spec.securityContext
- equal:
path: spec.template.spec.initContainers[0].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.initContainers[1].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.initContainers[2].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- equal:
path: spec.template.spec.containers[0].securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- it: does not force runAsUser 1000 for command init containers on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift.enabled: true
signing.enabled: true
signing.existingSecret: custom-gpg-secret
asserts:
- notExists:
path: spec.template.spec.initContainers[2].securityContext.runAsUser
- notExists:
path: spec.template.spec.initContainers[3].securityContext.runAsUser
- it: preserves explicit pod and container security context overrides on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift:
enabled: true
hostUsers: true
podSecurityContext:
fsGroup: 1000620000
containerSecurityContext:
runAsUser: 1000620000
runAsGroup: 1000620000
asserts:
- equal:
path: spec.template.spec.hostUsers
value: true
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 1000620000
- equal:
path: spec.template.spec.initContainers[2].securityContext.runAsUser
value: 1000620000
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
value: 1000620000
- it: renders an explicit hostUsers=false override on OpenShift
template: templates/gitea/deployment.yaml
set:
openshift:
enabled: true
hostUsers: false
asserts:
- equal:
path: spec.template.spec.hostUsers
value: false
Reference in New Issue View Git Blame Copy Permalink