diff --git a/templates/prometheus-fail2ban-exporter/_pod.tpl b/templates/prometheus-fail2ban-exporter/_pod.tpl index 50b2c0b..280a267 100644 --- a/templates/prometheus-fail2ban-exporter/_pod.tpl +++ b/templates/prometheus-fail2ban-exporter/_pod.tpl @@ -4,6 +4,21 @@ {{- define "prometheus-fail2ban-exporter.pod.annotations" -}} {{ include "prometheus-fail2ban-exporter.annotations" . }} + +# The following annotations are required to trigger a rolling update. Further information can be found in the official +# documentation of helm: +# +# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments +# + +{{/* web config */}} +{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }} +{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }} +checksum/secret-web-config: {{ print $secret.spec | sha256sum }} +{{- else }} +checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-fail2ban-exporter/secretWebConfig.yaml") . | sha256sum }} +{{- end }} + {{- end }} {{/* labels */}} diff --git a/templates/prometheus-fail2ban-exporter/daemonSet.yaml b/templates/prometheus-fail2ban-exporter/daemonSet.yaml index 94ed02f..f1d836d 100644 --- a/templates/prometheus-fail2ban-exporter/daemonSet.yaml +++ b/templates/prometheus-fail2ban-exporter/daemonSet.yaml @@ -17,6 +17,8 @@ spec: {{- include "prometheus-fail2ban-exporter.pod.selectorLabels" . | nindent 6 }} template: metadata: + annotations: + {{- include "prometheus-fail2ban-exporter.pod.annotations" . | nindent 8 }} labels: {{- include "prometheus-fail2ban-exporter.pod.labels" . | nindent 8 }} spec: diff --git a/unittests/daemonset/daemonset.yaml b/unittests/daemonset/daemonset.yaml index 1d5ae42..c995960 100644 --- a/unittests/daemonset/daemonset.yaml +++ b/unittests/daemonset/daemonset.yaml @@ -7,18 +7,22 @@ release: namespace: testing templates: - templates/prometheus-fail2ban-exporter/daemonSet.yaml +- templates/prometheus-fail2ban-exporter/secretWebConfig.yaml tests: - it: Rendering default asserts: - hasDocuments: count: 1 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - containsDocument: apiVersion: apps/v1 kind: DaemonSet name: prometheus-fail2ban-exporter-unittest namespace: testing + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: metadata.annotations + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: metadata.labels value: @@ -27,15 +31,31 @@ tests: app.kubernetes.io/name: prometheus-fail2ban-exporter app.kubernetes.io/version: 0.1.0 helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml + - exists: + path: spec.template.metadata.annotations.checksum/secret-web-config + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml + - equal: + path: spec.template.metadata.labels + value: + app.kubernetes.io/instance: prometheus-fail2ban-exporter-unittest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: prometheus-fail2ban-exporter + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: prometheus-fail2ban-exporter-0.1.0 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.affinity + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.containers[0].envFrom + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.containers[0].args value: # - --web.config.file=/etc/prometheus-fail2ban-exporter/config.d/webConfig.yaml - --web.listen-address=:9191 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.containers[0].volumeMounts value: @@ -43,6 +63,7 @@ tests: name: socket - mountPath: /etc/prometheus-fail2ban-exporter/config.d name: config-d + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.volumes value: @@ -53,42 +74,59 @@ tests: - name: config-d secret: secretName: prometheus-fail2ban-exporter-unittest-web-config + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.containers[0].image value: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:0.1.0 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.containers[0].resources + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.containers[0].securityContext + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.dnsConfig + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.dnsPolicy + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.hostname + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.hostNetwork value: false + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.imagePullSecrets + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.nodeSelector + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.priorityClassName + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.restartPolicy + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.subdomain + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.terminationGracePeriodSeconds value: 60 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.tolerations + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - notExists: path: spec.template.spec.topologySpreadConstraints + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.updateStrategy value: @@ -96,6 +134,7 @@ tests: maxSurge: 1 maxUnavailable: 0 type: "RollingUpdate" + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test custom affinity set: @@ -122,6 +161,7 @@ tests: values: - antarctica-east1 - antarctica-west1 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test additional arguments set: @@ -136,6 +176,7 @@ tests: - --web.listen-address=:9191 - --foo=bar - --bar=foo + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test custom imageRegistry and imageRepository set: @@ -145,6 +186,7 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.example.local/path/special/prometheus-fail2ban-exporter:0.1.0 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test custom imagePullPolicy set: @@ -153,6 +195,7 @@ tests: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test config.webConfig.existingSecret set: @@ -166,6 +209,7 @@ tests: name: socket - mountPath: /etc/prometheus-fail2ban-exporter/config.d name: config-d + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.volumes value: @@ -176,6 +220,7 @@ tests: - name: config-d secret: secretName: web-config-secret + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test custom resource limits and requests set: @@ -195,6 +240,7 @@ tests: resourceFieldRef: divisor: "1" resource: limits.cpu + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.containers[0].resources value: @@ -204,6 +250,7 @@ tests: requests: cpu: 25m memory: 100MB + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test custom securityContext set: @@ -230,6 +277,7 @@ tests: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test dnsConfig set: @@ -244,6 +292,7 @@ tests: nameservers: - "8.8.8.8" - "8.8.4.4" + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test dnsPolicy set: @@ -252,6 +301,7 @@ tests: - equal: path: spec.template.spec.dnsPolicy value: ClusterFirst + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test hostNetwork, hostname, subdomain set: @@ -262,12 +312,15 @@ tests: - equal: path: spec.template.spec.hostNetwork value: true + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.hostname value: pg-exporter + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.subdomain value: exporters.internal + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test imagePullSecrets set: @@ -280,6 +333,7 @@ tests: value: - name: my-pull-secret - name: my-special-secret + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test nodeSelector set: @@ -290,6 +344,7 @@ tests: path: spec.template.spec.nodeSelector value: foo: bar + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test priorityClassName set: @@ -298,6 +353,7 @@ tests: - equal: path: spec.template.spec.priorityClassName value: my-priority + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test restartPolicy set: @@ -306,6 +362,7 @@ tests: - equal: path: spec.template.spec.restartPolicy value: Always + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test terminationGracePeriodSeconds set: @@ -314,6 +371,7 @@ tests: - equal: path: spec.template.spec.terminationGracePeriodSeconds value: 120 + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test tolerations set: @@ -330,6 +388,7 @@ tests: operator: Equal value: fail2ban effect: NoSchedule + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test topologySpreadConstraints set: @@ -348,6 +407,7 @@ tests: labelSelector: matchLabels: app.kubernetes.io/instance: prometheus-fail2ban-exporter + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - it: Test additional volumeMounts and volumes set: @@ -366,6 +426,7 @@ tests: mountPath: /usr/lib/prometheus-fail2ban-exporter/data - name: config-d mountPath: /etc/prometheus-fail2ban-exporter/config.d + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml - equal: path: spec.template.spec.volumes value: @@ -374,4 +435,5 @@ tests: path: /usr/lib/prometheus-fail2ban-exporter/data - name: config-d secret: - secretName: prometheus-fail2ban-exporter-unittest-web-config \ No newline at end of file + secretName: prometheus-fail2ban-exporter-unittest-web-config + template: templates/prometheus-fail2ban-exporter/daemonSet.yaml \ No newline at end of file