From a27c4f6124ab9d7322169bf56027b59f7165f1bf Mon Sep 17 00:00:00 2001 From: Bernd Schorgers Date: Sun, 10 Mar 2024 17:08:43 +0100 Subject: [PATCH] feat(common)!: Release v3.0.0-beta4 (#282) --- .../common-test/ci/advanced-values.yaml | 4 +- .../library/common-test/ci/basic-values.yaml | 9 ++ .../common-test/ci/cronjob-values.yaml | 6 +- charts/library/common-test/ci/no-service.yaml | 14 +- .../common-test/ci/vaultwarden-example.yaml | 3 + .../tests/persistence/configmap_test.yaml | 73 ++++++++++ .../common-test/tests/persistence/custom.yaml | 32 +++++ .../tests/persistence/nfs_test.yaml | 26 ++++ .../tests/persistence/secret_test.yaml | 75 ++++++++++ .../tests/persistence/types_test.yaml | 129 ------------------ charts/library/common/Chart.yaml | 7 +- .../library/common/schemas/persistence.json | 26 +++- .../templates/lib/pod/fields/_volumes.tpl | 24 +++- charts/library/common/values.schema.json | 2 +- .../common-library/storage/types/configmap.md | 5 +- docs/common-library/storage/types/secret.md | 5 +- 16 files changed, 283 insertions(+), 157 deletions(-) create mode 100644 charts/library/common-test/tests/persistence/configmap_test.yaml create mode 100644 charts/library/common-test/tests/persistence/custom.yaml create mode 100644 charts/library/common-test/tests/persistence/nfs_test.yaml create mode 100644 charts/library/common-test/tests/persistence/secret_test.yaml delete mode 100644 charts/library/common-test/tests/persistence/types_test.yaml diff --git a/charts/library/common-test/ci/advanced-values.yaml b/charts/library/common-test/ci/advanced-values.yaml index db967e26..e9425345 100644 --- a/charts/library/common-test/ci/advanced-values.yaml +++ b/charts/library/common-test/ci/advanced-values.yaml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=../../common/values.schema.json controllers: main: containers: @@ -53,7 +55,7 @@ service: controller: main ports: http: - port: 8081 + port: 8887 ingress: main: diff --git a/charts/library/common-test/ci/basic-values.yaml b/charts/library/common-test/ci/basic-values.yaml index 68187d2d..aa0abb7c 100644 --- a/charts/library/common-test/ci/basic-values.yaml +++ b/charts/library/common-test/ci/basic-values.yaml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=../../common/values.schema.json controllers: main: containers: @@ -28,6 +30,13 @@ ingress: - hosts: - "test.local" +service: + main: + controller: main + ports: + http: + port: 8080 + persistence: media: type: persistentVolumeClaim diff --git a/charts/library/common-test/ci/cronjob-values.yaml b/charts/library/common-test/ci/cronjob-values.yaml index 1f520f77..6a9060e2 100644 --- a/charts/library/common-test/ci/cronjob-values.yaml +++ b/charts/library/common-test/ci/cronjob-values.yaml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=../../common/values.schema.json controllers: main: type: cronjob @@ -11,10 +13,6 @@ controllers: tag: 31 pullPolicy: IfNotPresent -service: - main: - enabled: false - configMaps: config: enabled: true diff --git a/charts/library/common-test/ci/no-service.yaml b/charts/library/common-test/ci/no-service.yaml index 0c404aa1..ed23874f 100644 --- a/charts/library/common-test/ci/no-service.yaml +++ b/charts/library/common-test/ci/no-service.yaml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=../../common/values.schema.json controllers: main: containers: @@ -6,15 +8,3 @@ controllers: repository: ghcr.io/mendhak/http-https-echo tag: 31 pullPolicy: IfNotPresent - -service: - main: - enabled: false - -probes: - liveness: - enabled: false - readiness: - enabled: false - startup: - enabled: false diff --git a/charts/library/common-test/ci/vaultwarden-example.yaml b/charts/library/common-test/ci/vaultwarden-example.yaml index acbba413..55e67058 100644 --- a/charts/library/common-test/ci/vaultwarden-example.yaml +++ b/charts/library/common-test/ci/vaultwarden-example.yaml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=../../common/values.schema.json controllers: main: strategy: Recreate @@ -22,6 +24,7 @@ controllers: # -- Configures service settings for the chart. service: main: + controller: main ports: http: port: 80 diff --git a/charts/library/common-test/tests/persistence/configmap_test.yaml b/charts/library/common-test/tests/persistence/configmap_test.yaml new file mode 100644 index 00000000..29420af9 --- /dev/null +++ b/charts/library/common-test/tests/persistence/configmap_test.yaml @@ -0,0 +1,73 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: persistence configmap +templates: + - common.yaml +tests: + - it: configmap persistence type should pass + set: + persistence: + configmap: + type: configMap + name: mySettings + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: configmap + configMap: + name: mySettings + + - it: configmap persistence type with name template should pass + set: + persistence: + configmap: + type: configMap + name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-config' + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: configmap + configMap: + name: RELEASE-NAME-config + + - it: configmap persistence type with identifier reference should pass + set: + configMaps: + mySettings: + data: + test: testvalue + persistence: + configmap: + type: configMap + identifier: mySettings + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: configmap + configMap: + name: RELEASE-NAME-mySettings + + - it: configmap persistence type with invalid identifier reference should fail + set: + persistence: + configmap: + type: configMap + identifier: doesNotExist + asserts: + - failedTemplate: + errorMessage: "No configmap found with this identifier. (persistence item 'configmap', identifier 'doesNotExist')" diff --git a/charts/library/common-test/tests/persistence/custom.yaml b/charts/library/common-test/tests/persistence/custom.yaml new file mode 100644 index 00000000..0eedd95c --- /dev/null +++ b/charts/library/common-test/tests/persistence/custom.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: persistence custom +templates: + - common.yaml +tests: + - it: custom persistence type should pass + set: + persistence: + custom-mount: + enabled: true + type: custom + volumeSpec: + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: custom-mount + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels diff --git a/charts/library/common-test/tests/persistence/nfs_test.yaml b/charts/library/common-test/tests/persistence/nfs_test.yaml new file mode 100644 index 00000000..d83d1864 --- /dev/null +++ b/charts/library/common-test/tests/persistence/nfs_test.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: persistence nfs +templates: + - common.yaml +tests: + - it: nfs persistence type should pass + set: + persistence: + nfs: + enabled: true + type: nfs + server: 10.10.0.8 + path: /tank/nas/library + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: nfs + nfs: + path: /tank/nas/library + server: 10.10.0.8 diff --git a/charts/library/common-test/tests/persistence/secret_test.yaml b/charts/library/common-test/tests/persistence/secret_test.yaml new file mode 100644 index 00000000..13c7ff41 --- /dev/null +++ b/charts/library/common-test/tests/persistence/secret_test.yaml @@ -0,0 +1,75 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: persistence secret +templates: + - common.yaml +tests: + - it: secret persistence type should pass + set: + persistence: + secret: + enabled: true + type: secret + name: mySettings + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: secret + secret: + secretName: mySettings + + - it: secret persistence type with name template should pass + set: + persistence: + secret: + enabled: true + type: secret + name: "{{ .Release.Name }}-config" + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: secret + secret: + secretName: RELEASE-NAME-config + + - it: secret persistence type with identifier reference should pass + set: + secrets: + mySettings: + stringData: + test: testvalue + persistence: + secret: + type: secret + identifier: mySettings + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.volumes[0] + value: + name: secret + secret: + secretName: RELEASE-NAME-mySettings + + - it: secret persistence type with invalid identifier reference should fail + set: + persistence: + secret: + type: secret + identifier: doesNotExist + asserts: + - failedTemplate: + errorMessage: "No secret found with this identifier. (persistence item 'secret', identifier 'doesNotExist')" diff --git a/charts/library/common-test/tests/persistence/types_test.yaml b/charts/library/common-test/tests/persistence/types_test.yaml deleted file mode 100644 index 4363fad9..00000000 --- a/charts/library/common-test/tests/persistence/types_test.yaml +++ /dev/null @@ -1,129 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json -suite: persistence types -templates: - - common.yaml -tests: - - it: custom persistence type should pass - set: - persistence: - custom-mount: - enabled: true - type: custom - volumeSpec: - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: custom-mount - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - - it: configmap persistence type should pass - set: - persistence: - configmap: - enabled: true - type: configMap - name: mySettings - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: configmap - configMap: - name: mySettings - - - it: configmap persistence type with name template should pass - set: - persistence: - configmap: - enabled: true - type: configMap - name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-config' - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: configmap - configMap: - name: RELEASE-NAME-config - - - it: secret persistence type should pass - set: - persistence: - secret: - enabled: true - type: secret - name: mySettings - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: secret - secret: - secretName: mySettings - - - it: secret persistence type with name template should pass - set: - persistence: - secret: - enabled: true - type: secret - name: "{{ .Release.Name }}-config" - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: secret - secret: - secretName: RELEASE-NAME-config - - - it: nfs persistence type should pass - set: - persistence: - nfs: - enabled: true - type: nfs - server: 10.10.0.8 - path: /tank/nas/library - asserts: - - documentIndex: 0 - isKind: - of: Deployment - - documentIndex: 0 - equal: - path: spec.template.spec.volumes[0] - value: - name: nfs - nfs: - path: /tank/nas/library - server: 10.10.0.8 diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml index ded59e57..dc6e6e28 100644 --- a/charts/library/common/Chart.yaml +++ b/charts/library/common/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: common description: Function library for Helm charts type: library -version: 3.0.0-beta3 +version: 3.0.0-beta4 kubeVersion: ">=1.22.0-0" keywords: - common @@ -19,10 +19,13 @@ annotations: Default objects (they used to be called main) have been commented out and will therefore no longer provide any (both expected and unexpected) default values. - kind: changed description: |- - enableServiceLinks is disabled by default + enableServiceLinks is now disabled by default - kind: added description: |- Added support for restartPolicy field on container level - kind: added description: |- Added json-schema to the chart + - kind: added + description: |- + Allow referencing secrets and configMaps by identifier in persistence section diff --git a/charts/library/common/schemas/persistence.json b/charts/library/common/schemas/persistence.json index b94cacce..3a7748b3 100644 --- a/charts/library/common/schemas/persistence.json +++ b/charts/library/common/schemas/persistence.json @@ -93,10 +93,21 @@ "name": { "type": "string" }, + "identifier": { + "type": "string" + }, "advancedMounts": {"$ref": "#/advancedMounts"}, "globalMounts": {"$ref": "#/globalMounts"} }, - "required": ["name"] + "oneOf": [{"required": ["name"]}, {"required": ["identifier"]}], + "dependencies": { + "name": { + "not": {"required": ["identifier"]} + }, + "identifier": { + "not": {"required": ["name"]} + } + } }, "secretItem": { @@ -114,10 +125,21 @@ "name": { "type": "string" }, + "identifier": { + "type": "string" + }, "advancedMounts": {"$ref": "#/advancedMounts"}, "globalMounts": {"$ref": "#/globalMounts"} }, - "required": ["name"] + "oneOf": [{"required": ["name"]}, {"required": ["identifier"]}], + "dependencies": { + "name": { + "not": {"required": ["identifier"]} + }, + "identifier": { + "not": {"required": ["name"]} + } + } }, "nfsItem": { diff --git a/charts/library/common/templates/lib/pod/fields/_volumes.tpl b/charts/library/common/templates/lib/pod/fields/_volumes.tpl index 2e883690..2918d504 100644 --- a/charts/library/common/templates/lib/pod/fields/_volumes.tpl +++ b/charts/library/common/templates/lib/pod/fields/_volumes.tpl @@ -58,8 +58,16 @@ Returns the value for volumes {{- /* configMap persistence type */ -}} {{- else if eq $persistenceValues.type "configMap" -}} - {{- $objectName := (required (printf "name not set for persistence item %s" $identifier) $persistenceValues.name) -}} - {{- $objectName = tpl $objectName $rootContext -}} + {{- $objectName := "" -}} + {{- if $persistenceValues.name -}} + {{- $objectName = tpl $persistenceValues.name $rootContext -}} + {{- else if $persistenceValues.identifier -}} + {{- $object := (include "bjw-s.common.lib.configMap.getByIdentifier" (dict "rootContext" $rootContext "id" $persistenceValues.identifier) | fromYaml ) -}} + {{- if not $object -}} + {{fail (printf "No configmap found with this identifier. (persistence item '%s', identifier '%s')" $identifier $persistenceValues.identifier)}} + {{- end -}} + {{- $objectName = $object.name -}} + {{- end -}} {{- $_ := set $volume "configMap" dict -}} {{- $_ := set $volume.configMap "name" $objectName -}} {{- with $persistenceValues.defaultMode -}} @@ -71,8 +79,16 @@ Returns the value for volumes {{- /* Secret persistence type */ -}} {{- else if eq $persistenceValues.type "secret" -}} - {{- $objectName := (required (printf "name not set for persistence item %s" $identifier) $persistenceValues.name) -}} - {{- $objectName = tpl $objectName $rootContext -}} + {{- $objectName := "" -}} + {{- if $persistenceValues.name -}} + {{- $objectName = tpl $persistenceValues.name $rootContext -}} + {{- else if $persistenceValues.identifier -}} + {{- $object := (include "bjw-s.common.lib.secret.getByIdentifier" (dict "rootContext" $rootContext "id" $persistenceValues.identifier) | fromYaml ) -}} + {{- if not $object -}} + {{fail (printf "No secret found with this identifier. (persistence item '%s', identifier '%s')" $identifier $persistenceValues.identifier)}} + {{- end -}} + {{- $objectName = $object.name -}} + {{- end -}} {{- $_ := set $volume "secret" dict -}} {{- $_ := set $volume.secret "secretName" $objectName -}} {{- with $persistenceValues.defaultMode -}} diff --git a/charts/library/common/values.schema.json b/charts/library/common/values.schema.json index 9a39e3f9..6f505a56 100644 --- a/charts/library/common/values.schema.json +++ b/charts/library/common/values.schema.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema", - "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.0.0-beta3/charts/library/common/values.schema.json", + "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.0.0-beta4/charts/library/common/values.schema.json", "type": "object", "properties": { diff --git a/docs/common-library/storage/types/configmap.md b/docs/common-library/storage/types/configmap.md index a70456b9..e3b97f50 100644 --- a/docs/common-library/storage/types/configmap.md +++ b/docs/common-library/storage/types/configmap.md @@ -10,10 +10,13 @@ In order to mount a configMap to a mount point within the Pod you can use the | Field | Mandatory | Docs / Description | | ------------- | --------- | -------------------------------------------------------------------------- | -| `name` | Yes | Which configMap should be mounted. Supports Helm templating. | +| `name` | No | Which configMap should be mounted. Supports Helm templating. | +| `identifier` | No | Reference a configMap from the `configMaps` key by its identifier. | | `defaultMode` | No | The default file access permission bit. | | `items` | No | Specify item-specific configuration. Will be passed 1:1 to the volumeSpec. | +Either `name` or `identifier` is required. + !!! note Even if not specified, the configMap will be read-only. diff --git a/docs/common-library/storage/types/secret.md b/docs/common-library/storage/types/secret.md index 5c1a49c2..08ef73a4 100644 --- a/docs/common-library/storage/types/secret.md +++ b/docs/common-library/storage/types/secret.md @@ -10,10 +10,13 @@ In order to mount a Secret to a mount point within the Pod you can use the | Field | Mandatory | Docs / Description | | ------------- | --------- | -------------------------------------------------------------------------- | -| `name` | Yes | Which Secret should be mounted. Supports Helm templating. | +| `name` | No | Which Secret should be mounted. Supports Helm templating. | +| `identifier` | No | Reference a Secret from the `secrets` key by its identifier. | | `defaultMode` | No | The default file access permission bit. | | `items` | No | Specify item-specific configuration. Will be passed 1:1 to the volumeSpec. | +Either `name` or `identifier` is required. + !!! note Even if not specified, the Secret will be read-only.