Commit 4aff0fa9 authored by Shinya Maeda's avatar Shinya Maeda
Browse files

Merge branch 'feat-more-chart-options-v2' into 'master' 

Introduce serviceAccountName, ingress.path, ingress.tls.useDefaultSecret config options for Auto Deploy

See merge request gitlab-org/cluster-integration/auto-deploy-image!151
parents d190c626 3ed8e066

assets/auto-deploy-app/Chart.yaml

+1 −1
Original line number Diff line number Diff line 
apiVersion: v1

description: GitLab's Auto-deploy Helm Chart

name: auto-deploy-app

version: 2.0.2

version: 2.2.0

icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png

assets/auto-deploy-app/README.md

+3 −0
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@ 
| ---                           | ---         | ---                                |

| replicaCount                  |             | `1`                                |

| strategyType                  | Pod deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` |

| serviceAccountName            | Pod service account name override  | `nil` |

| image.repository              |             | `gitlab.example.com/group/project` |

| image.tag                     |             | `stable`                           |

| image.pullPolicy              |             | `Always`                           |
@@ -39,8 +40,10 @@ 
| service.externalPort          |             | `5000`                             |

| service.internalPort          |             | `5000`                             |

| ingress.enabled               | If true, enables ingress | `true`                |

| ingress.path                  | Default path for the ingress | `/` |

| ingress.tls.enabled           | If true, enables SSL | `true`                    |

| ingress.tls.secretName        | Name of the secret used to terminate SSL traffic | `""` |

| ingress.tls.useDefaultSecret  | If set to `true`, the `secretName` is not used, which makes Ingress fall back to the default secret (certificate). This requires [configuration of the default secret](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate). | `false` |

| ingress.modSecurity.enabled | Enable custom configuration for modsecurity, defaulting to [the Core Rule Set](https://coreruleset.org) | `false` |

| ingress.modSecurity.secRuleEngine | Configuration for [ModSecurity's rule engine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine) | `DetectionOnly` |

| ingress.modSecurity.secRules | Configuration for custom [ModSecurity's rules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secrule) | `nil` |

assets/auto-deploy-app/templates/deployment.yaml

+3 −0
Original line number Diff line number Diff line
@@ -40,6 +40,9 @@ spec: 
        tier: "{{ .Values.application.tier }}"

        release: {{ .Release.Name }}

    spec:

{{- if .Values.serviceAccountName }}

      serviceAccountName: {{ .Values.serviceAccountName | quote }}

{{- end }}        

      imagePullSecrets:

{{ toYaml .Values.image.secrets | indent 10 }}

      containers:

assets/auto-deploy-app/templates/ingress.yaml

+3 −1
Original line number Diff line number Diff line
@@ -52,14 +52,16 @@ spec: 
    - {{ template "hostname" $host }}

{{- end -}}

{{- end }}

{{- if not .Values.ingress.tls.useDefaultSecret }}

    secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "fullname" .)) }}

{{- end }}

{{- end }}

  rules:

  - host: {{ template "hostname" .Values.service.url }}

    http:

      &httpRule

      paths:

      - path: /

      - path: {{ .Values.ingress.path | default "/" | quote }}

        backend:

          serviceName: {{ template "fullname" . }}

          servicePort: {{ .Values.service.externalPort }}

assets/auto-deploy-app/test/deploymenttemplate_test.go

+52 −0
Original line number Diff line number Diff line
@@ -161,6 +161,58 @@ func TestDeploymentTemplate(t *testing.T) { 
		})

	}



	for _, tc := range []struct {

		CaseName                   string

		Release                    string

		Values                     map[string]string

		ExpectedServiceAccountName string

	}{

		{

			CaseName:                   "default service account",

			Release:                    "production",

			ExpectedServiceAccountName: "",

		},

		{

			CaseName: "empty service account name",

			Release:  "production",

			Values: map[string]string{

				"serviceAccountName": "",

			},

			ExpectedServiceAccountName: "",

		},

		{

			CaseName: "custom service account name - myServiceAccount",

			Release:  "production",

			Values: map[string]string{

				"serviceAccountName": "myServiceAccount",

			},

			ExpectedServiceAccountName: "myServiceAccount",

		},

	} {

		t.Run(tc.CaseName, func(t *testing.T) {

			namespaceName := "minimal-ruby-app-" + strings.ToLower(random.UniqueId())



			values := map[string]string{

				"gitlab.app": "auto-devops-examples/minimal-ruby-app",

				"gitlab.env": "prod",

			}



			mergeStringMap(values, tc.Values)



			options := &helm.Options{

				SetValues:      values,

				KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),

			}



			output := helm.RenderTemplate(t, options, helmChartPath, tc.Release, []string{"templates/deployment.yaml"})



			var deployment appsV1.Deployment

			helm.UnmarshalK8SYaml(t, output, &deployment)



			require.Equal(t, tc.ExpectedServiceAccountName, deployment.Spec.Template.Spec.ServiceAccountName)

		})

	}



	// deployment livenessProbe, and readinessProbe tests

	for _, tc := range []struct {

		CaseName string