Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( DefaultReleaseName = "example-chart" DefaultNamespace = "default" )
View Source
var AllResourcesHaveHelmReleaseLabels = test.Checks{ checker.Once(func(tc *checker.TestContext) { chartName := checker.MustRenderValue[string](tc, ".Chart.Name") releaseName := checker.MustRenderValue[string](tc, ".Release.Name") normalizedChartVersion := strings.ReplaceAll(checker.MustRenderValue[string](tc, ".Chart.Version"), "+", "_") nameOverride, hasNameOverride := checker.RenderValue[string](tc, ".Values.nameOverride") checker.MapSet(tc, "Default Labels", "app.kubernetes.io/managed-by", "Helm", ) checker.MapSet(tc, "Default Labels", "app.kubernetes.io/instance", releaseName, ) checker.MapSet(tc, "Default Labels", "app.kubernetes.io/version", normalizedChartVersion, ) if hasNameOverride && len(nameOverride) != 0 { checker.MapSet(tc, "Default Labels", "app.kubernetes.io/part-of", nameOverride, ) } else { checker.MapSet(tc, "Default Labels", "app.kubernetes.io/part-of", chartName, ) } checker.MapSet(tc, "Default Labels", "chart", fmt.Sprintf("%s-%s", chartName, normalizedChartVersion, ), ) checker.MapSet(tc, "Default Labels", "release", releaseName, ) checker.MapSet(tc, "Default Labels", "heritage", "Helm", ) }), checker.PerResource(func(tc *checker.TestContext, obj *unstructured.Unstructured) { expectedLabels, ok := checker.Get[string, map[string]string](tc, "Default Labels") if !ok { assert.True(tc.T, ok) return } objLabels := obj.GetLabels() relevantObjLabels := map[string]string{} for k := range expectedLabels { objVal, ok := objLabels[k] if !ok { continue } relevantObjLabels[k] = objVal } assert.Equal(tc.T, expectedLabels, relevantObjLabels, "%s %s's labels do not match expected labels", obj.GroupVersionKind().Kind, checker.Key(obj)) }), }
Check that all resources have expected Helm release labels
View Source
var AllWorkloadsHaveNodeSelectorsAndTolerationsForOS = test.Checks{ checker.PerWorkload(func(tc *checker.TestContext, obj metav1.Object, podTemplateSpec corev1.PodTemplateSpec) { nodeSelector := podTemplateSpec.Spec.NodeSelector betaOSVal, hasBetaOSAnnotation := nodeSelector["beta.kubernetes.io/os"] osVal, hasOSAnnotation := nodeSelector["kubernetes.io/os"] if hasBetaOSAnnotation && hasOSAnnotation { assert.Equal(tc.T, osVal, betaOSVal, fmt.Sprintf("%T %s is has conflicting values for nodeSelector beta.kubernetes.io/os or kubernetes.io/os", obj, checker.Key(obj))) } if hasBetaOSAnnotation { if betaOSVal == "windows" { checker.MapSet(tc, "Windows Workload", &podTemplateSpec, true) } tc.T.Logf("warn: beta.kubernetes.io/os nodeSelector has been deprecated but is used in %T %s", obj, checker.Key(obj)) assert.Contains(tc.T, []string{"linux", "windows"}, betaOSVal, fmt.Sprintf("%T %s cannot have value for beta.kubernetes.io/os that is not 'linux' or 'windows': found %s", obj, checker.Key(obj), betaOSVal)) } if hasOSAnnotation { if osVal == "windows" { checker.MapSet(tc, "Windows Workload", &obj, true) } assert.Contains(tc.T, []string{"linux", "windows"}, osVal, fmt.Sprintf("%T %s cannot have value for kubernetes.io/os that is not 'linux' or 'windows': found %s", obj, checker.Key(obj), osVal)) } assert.False(tc.T, !hasBetaOSAnnotation && !hasOSAnnotation, fmt.Sprintf("%T %s is missing OS key for nodeSelector, expected to find either beta.kubernetes.io/os or kubernetes.io/os", obj, checker.Key(obj))) }), checker.PerWorkload(func(tc *checker.TestContext, obj metav1.Object, podTemplateSpec corev1.PodTemplateSpec) { isWindowsWorkload, _ := checker.MapGet[string, *metav1.Object, bool](tc, "Windows Workload", &obj) if isWindowsWorkload { return } tolerations := podTemplateSpec.Spec.Tolerations var foundToleration bool for _, toleration := range tolerations { if toleration.Key != "cattle.io/os" { continue } if toleration.Value != "linux" { continue } if toleration.Effect != "NoSchedule" { continue } if toleration.Operator != "Equal" { continue } foundToleration = true } assert.True(tc.T, foundToleration, "could not find toleration in workload %T %s that tolerates the NoSchedule 'cattle.io/os: linux' taint", obj, checker.Key(obj)) }), }
View Source
var AllWorkloadsHaveServiceAccount = test.Checks{ checker.OnWorkloads(func(tc *checker.TestContext, podTemplateSpecs map[metav1.Object]corev1.PodTemplateSpec) { for obj, podTemplateSpec := range podTemplateSpecs { key := relatedresource.NewKey( obj.GetNamespace(), podTemplateSpec.Spec.ServiceAccountName, ) checker.MapSet(tc, "ServiceAccountsToCheck", key, false) } }), checker.PerResource(func(tc *checker.TestContext, serviceAccount *corev1.ServiceAccount) { key := checker.Key(serviceAccount) _, exists := checker.MapGet[string, relatedresource.Key, bool](tc, "ServiceAccountsToCheck", key) if !exists { tc.T.Logf("warn: serviceaccount %s is not tied to any workload", key) return } checker.MapSet(tc, "ServiceAccountsToCheck", key, true) }), checker.Once(func(tc *checker.TestContext) { checker.MapFor(tc, "ServiceAccountsToCheck", func(key relatedresource.Key, exists bool) { assert.True(tc.T, exists, "serviceaccount %s is not in this chart", key) }) }), }
Check that every Workload has a ServiceAccount deployed with it
View Source
var ChartPath = utils.MustGetPathFromModuleRoot("..", "testdata", "charts", "example-chart")
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.