377 lines
9.7 KiB
YAML
377 lines
9.7 KiB
YAML
|
chart:
|
||
|
|
appVersion: 0.1.0
|
||
|
|
version: 0.1.0
|
||
|
|
suite: DaemonSet template (basic)
|
||
|
|
release:
|
||
|
|
name: prometheus-fail2ban-exporter-unittest
|
||
|
|
namespace: testing
|
||
|
|
templates:
|
||
|
|
- templates/prometheus-fail2ban-exporter/daemonSet.yaml
|
||
|
|
tests:
|
||
|
|
- it: Rendering default
|
||
|
|
asserts:
|
||
|
|
- hasDocuments:
|
||
|
|
count: 1
|
||
|
|
- containsDocument:
|
||
|
|
apiVersion: apps/v1
|
||
|
|
kind: DaemonSet
|
||
|
|
name: prometheus-fail2ban-exporter-unittest
|
||
|
|
namespace: testing
|
||
|
|
- notExists:
|
||
|
|
path: metadata.annotations
|
||
|
|
- equal:
|
||
|
|
path: metadata.labels
|
||
|
|
value:
|
||
|
|
app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest
|
||
|
|
app.kubernetes.io/managed-by: Helm
|
||
|
|
app.kubernetes.io/name: prometheus-fail2ban-exporter
|
||
|
|
app.kubernetes.io/version: 0.1.0
|
||
|
|
helm.sh/chart: prometheus-fail2ban-exporter-0.1.0
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.affinity
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.containers[0].envFrom
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].args
|
||
|
|
value:
|
||
|
|
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
|
||
|
|
- --web.listen-address=:9191
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].volumeMounts
|
||
|
|
value:
|
||
|
|
- mountPath: /var/run/fail2ban
|
||
|
|
name: socket
|
||
|
|
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||
|
|
name: config-d
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.volumes
|
||
|
|
value:
|
||
|
|
- hostPath:
|
||
|
|
path: /var/run/fail2ban
|
||
|
|
type: Directory
|
||
|
|
name: socket
|
||
|
|
- name: config-d
|
||
|
|
secret:
|
||
|
|
secretName: prometheus-fail2ban-exporter-unittest-web-config
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].image
|
||
|
|
value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||
|
|
value: IfNotPresent
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.containers[0].resources
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.containers[0].securityContext
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.dnsConfig
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.dnsPolicy
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.hostname
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.hostNetwork
|
||
|
|
value: false
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.imagePullSecrets
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.nodeSelector
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.priorityClassName
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.restartPolicy
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.subdomain
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||
|
|
value: 60
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.tolerations
|
||
|
|
- notExists:
|
||
|
|
path: spec.template.spec.topologySpreadConstraints
|
||
|
|
- equal:
|
||
|
|
path: spec.updateStrategy
|
||
|
|
value:
|
||
|
|
rollingUpdate:
|
||
|
|
maxSurge: 1
|
||
|
|
maxUnavailable: 1
|
||
|
|
type: "RollingUpdate"
|
||
|
|
|
||
|
|
- it: Test custom affinity
|
||
|
|
set:
|
||
|
|
daemonSet.affinity:
|
||
|
|
nodeAffinity:
|
||
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
|
nodeSelectorTerms:
|
||
|
|
- matchExpressions:
|
||
|
|
- key: topology.kubernetes.io/zone
|
||
|
|
operator: In
|
||
|
|
values:
|
||
|
|
- antarctica-east1
|
||
|
|
- antarctica-west1
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.affinity
|
||
|
|
value:
|
||
|
|
nodeAffinity:
|
||
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
|
nodeSelectorTerms:
|
||
|
|
- matchExpressions:
|
||
|
|
- key: topology.kubernetes.io/zone
|
||
|
|
operator: In
|
||
|
|
values:
|
||
|
|
- antarctica-east1
|
||
|
|
- antarctica-west1
|
||
|
|
|
||
|
|
- it: Test additional arguments
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.args:
|
||
|
|
- "--foo=bar"
|
||
|
|
- "--bar=foo"
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].args
|
||
|
|
value:
|
||
|
|
# - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml
|
||
|
|
- --web.listen-address=:9191
|
||
|
|
- --foo=bar
|
||
|
|
- --bar=foo
|
||
|
|
|
||
|
|
- it: Test custom imageRegistry and imageRepository
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.image.registry: registry.example.local
|
||
|
|
daemonSet.fail2banExporter.image.repository: path/special/prometheus-fail2ban-exporter
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].image
|
||
|
|
value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0
|
||
|
|
|
||
|
|
- it: Test custom imagePullPolicy
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.image.pullPolicy: Always
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].imagePullPolicy
|
||
|
|
value: Always
|
||
|
|
|
||
|
|
- it: Test config.webConfig.existingSecret
|
||
|
|
set:
|
||
|
|
config.webConfig.existingSecret.enabled: true
|
||
|
|
config.webConfig.existingSecret.secretName: web-config-secret
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].volumeMounts
|
||
|
|
value:
|
||
|
|
- mountPath: /var/run/fail2ban
|
||
|
|
name: socket
|
||
|
|
- mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||
|
|
name: config-d
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.volumes
|
||
|
|
value:
|
||
|
|
- hostPath:
|
||
|
|
path: /var/run/fail2ban
|
||
|
|
type: Directory
|
||
|
|
name: socket
|
||
|
|
- name: config-d
|
||
|
|
secret:
|
||
|
|
secretName: web-config-secret
|
||
|
|
|
||
|
|
- it: Test custom resource limits and requests
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.resources:
|
||
|
|
limits:
|
||
|
|
cpu: 100m
|
||
|
|
memory: 250MB
|
||
|
|
requests:
|
||
|
|
cpu: 25m
|
||
|
|
memory: 100MB
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].env
|
||
|
|
value:
|
||
|
|
- name: GOMAXPROCS
|
||
|
|
valueFrom:
|
||
|
|
resourceFieldRef:
|
||
|
|
divisor: "1"
|
||
|
|
resource: limits.cpu
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].resources
|
||
|
|
value:
|
||
|
|
limits:
|
||
|
|
cpu: 100m
|
||
|
|
memory: 250MB
|
||
|
|
requests:
|
||
|
|
cpu: 25m
|
||
|
|
memory: 100MB
|
||
|
|
|
||
|
|
- it: Test custom securityContext
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.securityContext:
|
||
|
|
capabilities:
|
||
|
|
add:
|
||
|
|
- NET_RAW
|
||
|
|
drop:
|
||
|
|
- ALL
|
||
|
|
privileged: false
|
||
|
|
readOnlyRootFilesystem: true
|
||
|
|
runAsNonRoot: true
|
||
|
|
runAsUser: 1000
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].securityContext
|
||
|
|
value:
|
||
|
|
capabilities:
|
||
|
|
add:
|
||
|
|
- NET_RAW
|
||
|
|
drop:
|
||
|
|
- ALL
|
||
|
|
privileged: false
|
||
|
|
readOnlyRootFilesystem: true
|
||
|
|
runAsNonRoot: true
|
||
|
|
runAsUser: 1000
|
||
|
|
|
||
|
|
- it: Test dnsConfig
|
||
|
|
set:
|
||
|
|
daemonSet.dnsConfig:
|
||
|
|
nameservers:
|
||
|
|
- "8.8.8.8"
|
||
|
|
- "8.8.4.4"
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.dnsConfig
|
||
|
|
value:
|
||
|
|
nameservers:
|
||
|
|
- "8.8.8.8"
|
||
|
|
- "8.8.4.4"
|
||
|
|
|
||
|
|
- it: Test dnsPolicy
|
||
|
|
set:
|
||
|
|
daemonSet.dnsPolicy: ClusterFirst
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.dnsPolicy
|
||
|
|
value: ClusterFirst
|
||
|
|
|
||
|
|
- it: Test hostNetwork, hostname, subdomain
|
||
|
|
set:
|
||
|
|
daemonSet.hostNetwork: true
|
||
|
|
daemonSet.hostname: pg-exporter
|
||
|
|
daemonSet.subdomain: exporters.internal
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.hostNetwork
|
||
|
|
value: true
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.hostname
|
||
|
|
value: pg-exporter
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.subdomain
|
||
|
|
value: exporters.internal
|
||
|
|
|
||
|
|
- it: Test imagePullSecrets
|
||
|
|
set:
|
||
|
|
daemonSet.imagePullSecrets:
|
||
|
|
- name: my-pull-secret
|
||
|
|
- name: my-special-secret
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.imagePullSecrets
|
||
|
|
value:
|
||
|
|
- name: my-pull-secret
|
||
|
|
- name: my-special-secret
|
||
|
|
|
||
|
|
- it: Test nodeSelector
|
||
|
|
set:
|
||
|
|
daemonSet.nodeSelector:
|
||
|
|
foo: bar
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.nodeSelector
|
||
|
|
value:
|
||
|
|
foo: bar
|
||
|
|
|
||
|
|
- it: Test priorityClassName
|
||
|
|
set:
|
||
|
|
daemonSet.priorityClassName: my-priority
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.priorityClassName
|
||
|
|
value: my-priority
|
||
|
|
|
||
|
|
- it: Test restartPolicy
|
||
|
|
set:
|
||
|
|
daemonSet.restartPolicy: Always
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.restartPolicy
|
||
|
|
value: Always
|
||
|
|
|
||
|
|
- it: Test terminationGracePeriodSeconds
|
||
|
|
set:
|
||
|
|
daemonSet.terminationGracePeriodSeconds: 120
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.terminationGracePeriodSeconds
|
||
|
|
value: 120
|
||
|
|
|
||
|
|
- it: Test tolerations
|
||
|
|
set:
|
||
|
|
daemonSet.tolerations:
|
||
|
|
- key: database/type
|
||
|
|
operator: Equal
|
||
|
|
value: fail2ban
|
||
|
|
effect: NoSchedule
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.tolerations
|
||
|
|
value:
|
||
|
|
- key: database/type
|
||
|
|
operator: Equal
|
||
|
|
value: fail2ban
|
||
|
|
effect: NoSchedule
|
||
|
|
|
||
|
|
- it: Test topologySpreadConstraints
|
||
|
|
set:
|
||
|
|
daemonSet.topologySpreadConstraints:
|
||
|
|
- topologyKey: kubernetes.io/hostname
|
||
|
|
whenUnsatisfiable: DoNotSchedule
|
||
|
|
labelSelector:
|
||
|
|
matchLabels:
|
||
|
|
app.kubernetes.io/instance: prometheus-fail2ban-exporter
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.topologySpreadConstraints
|
||
|
|
value:
|
||
|
|
- topologyKey: kubernetes.io/hostname
|
||
|
|
whenUnsatisfiable: DoNotSchedule
|
||
|
|
labelSelector:
|
||
|
|
matchLabels:
|
||
|
|
app.kubernetes.io/instance: prometheus-fail2ban-exporter
|
||
|
|
|
||
|
|
- it: Test additional volumeMounts and volumes
|
||
|
|
set:
|
||
|
|
daemonSet.fail2banExporter.volumeMounts:
|
||
|
|
- name: data
|
||
|
|
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
|
||
|
|
daemonSet.volumes:
|
||
|
|
- name: data
|
||
|
|
hostPath:
|
||
|
|
path: /usr/lib/prometheus-fail2ban-exporter/data
|
||
|
|
asserts:
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.containers[0].volumeMounts
|
||
|
|
value:
|
||
|
|
- name: data
|
||
|
|
mountPath: /usr/lib/prometheus-fail2ban-exporter/data
|
||
|
|
- name: config-d
|
||
|
|
mountPath: /etc/prometheus-fail2ban-exporter/config.d
|
||
|
|
- equal:
|
||
|
|
path: spec.template.spec.volumes
|
||
|
|
value:
|
||
|
|
- name: data
|
||
|
|
hostPath:
|
||
|
|
path: /usr/lib/prometheus-fail2ban-exporter/data
|
||
|
|
- name: config-d
|
||
|
|
secret:
|
||
|
|
secretName: prometheus-fail2ban-exporter-unittest-web-config
|