Commit 3ed8e066 authored by Jeff Kwan's avatar Jeff Kwan Committed by Shinya Maeda
Browse files

Introduce serviceAccountName, ingress.path, ingress.tls.useDefaultSecret... 

Introduce serviceAccountName, ingress.path, ingress.tls.useDefaultSecret config options for Auto Deploy
parent 66e24975

assets/auto-deploy-app/Chart.yaml

+1 −1
Original line number Diff line number Diff line 
apiVersion: v1

description: GitLab's Auto-deploy Helm Chart

name: auto-deploy-app

version: 2.0.2

version: 2.2.0

icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png

assets/auto-deploy-app/README.md

+3 −0
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@ 
| ---                           | ---         | ---                                |

| replicaCount                  |             | `1`                                |

| strategyType                  | Pod deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` |

| serviceAccountName            | Pod service account name override  | `nil` |

| image.repository              |             | `gitlab.example.com/group/project` |

| image.tag                     |             | `stable`                           |

| image.pullPolicy              |             | `Always`                           |
@@ -39,8 +40,10 @@ 
| service.externalPort          |             | `5000`                             |

| service.internalPort          |             | `5000`                             |

| ingress.enabled               | If true, enables ingress | `true`                |

| ingress.path                  | Default path for the ingress | `/` |

| ingress.tls.enabled           | If true, enables SSL | `true`                    |

| ingress.tls.secretName        | Name of the secret used to terminate SSL traffic | `""` |

| ingress.tls.useDefaultSecret  | If set to `true`, the `secretName` is not used, which makes Ingress fall back to the default secret (certificate). This requires [configuration of the default secret](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate). | `false` |

| ingress.modSecurity.enabled | Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) | `false` |

| ingress.modSecurity.secRuleEngine | Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) | `DetectionOnly` |

| ingress.modSecurity.secRules | Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) | `nil` |

assets/auto-deploy-app/templates/deployment.yaml

+3 −0
Original line number Diff line number Diff line
@@ -40,6 +40,9 @@ spec: 
        tier: "{{ .Values.application.tier }}"

        release: {{ .Release.Name }}

    spec:

{{- if .Values.serviceAccountName }}

      serviceAccountName: {{ .Values.serviceAccountName | quote }}

{{- end }}        

      imagePullSecrets:

{{ toYaml .Values.image.secrets | indent 10 }}

      containers:

assets/auto-deploy-app/templates/ingress.yaml

+3 −1
Original line number Diff line number Diff line
@@ -52,14 +52,16 @@ spec: 
    - {{ template "hostname" $host }}

{{- end -}}

{{- end }}

{{- if not .Values.ingress.tls.useDefaultSecret }}

    secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "fullname" .)) }}

{{- end }}

{{- end }}

  rules:

  - host: {{ template "hostname" .Values.service.url }}

    http:

      &httpRule

      paths:

      - path: /

      - path: {{ .Values.ingress.path | default "/" | quote }}

        backend:

          serviceName: {{ template "fullname" . }}

          servicePort: {{ .Values.service.externalPort }}

assets/auto-deploy-app/test/deploymenttemplate_test.go

+52 −0
Original line number Diff line number Diff line
@@ -161,6 +161,58 @@ func TestDeploymentTemplate(t *testing.T) { 
		})

	}



	for _, tc := range []struct {

		CaseName                   string

		Release                    string

		Values                     map[string]string

		ExpectedServiceAccountName string

	}{

		{

			CaseName:                   "default service account",

			Release:                    "production",

			ExpectedServiceAccountName: "",

		},

		{

			CaseName: "empty service account name",

			Release:  "production",

			Values: map[string]string{

				"serviceAccountName": "",

			},

			ExpectedServiceAccountName: "",

		},

		{

			CaseName: "custom service account name - myServiceAccount",

			Release:  "production",

			Values: map[string]string{

				"serviceAccountName": "myServiceAccount",

			},

			ExpectedServiceAccountName: "myServiceAccount",

		},

	} {

		t.Run(tc.CaseName, func(t *testing.T) {

			namespaceName := "minimal-ruby-app-" + strings.ToLower(random.UniqueId())



			values := map[string]string{

				"gitlab.app": "auto-devops-examples/minimal-ruby-app",

				"gitlab.env": "prod",

			}



			mergeStringMap(values, tc.Values)



			options := &helm.Options{

				SetValues:      values,

				KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),

			}



			output := helm.RenderTemplate(t, options, helmChartPath, tc.Release, []string{"templates/deployment.yaml"})



			var deployment appsV1.Deployment

			helm.UnmarshalK8SYaml(t, output, &deployment)



			require.Equal(t, tc.ExpectedServiceAccountName, deployment.Spec.Template.Spec.ServiceAccountName)

		})

	}



	// deployment livenessProbe, and readinessProbe tests

	for _, tc := range []struct {

		CaseName string