From ef02452079571c9d2093419514f6bd8f5bc3ba9a Mon Sep 17 00:00:00 2001 From: Rowan Smith Date: Mon, 22 Jun 2026 03:13:29 +0000 Subject: [PATCH 1/3] helm tests added --- .github/workflows/ci.yaml | 19 ++ helm/tests/chart_test.go | 258 ++++++++++++++++++ helm/tests/testdata/affinity.golden | 90 ++++++ helm/tests/testdata/affinity.yaml | 13 + helm/tests/testdata/affinity_coder.golden | 90 ++++++ helm/tests/testdata/args.golden | 81 ++++++ helm/tests/testdata/args.yaml | 4 + helm/tests/testdata/args_coder.golden | 81 ++++++ helm/tests/testdata/default_values.golden | 78 ++++++ helm/tests/testdata/default_values.yaml | 4 + .../testdata/default_values_coder.golden | 78 ++++++ helm/tests/testdata/field_selector.golden | 80 ++++++ helm/tests/testdata/field_selector.yaml | 2 + .../testdata/field_selector_coder.golden | 80 ++++++ helm/tests/testdata/image.golden | 84 ++++++ helm/tests/testdata/image.yaml | 9 + helm/tests/testdata/image_coder.golden | 84 ++++++ helm/tests/testdata/label_selector.golden | 80 ++++++ helm/tests/testdata/label_selector.yaml | 2 + .../testdata/label_selector_coder.golden | 80 ++++++ helm/tests/testdata/labels.golden | 80 ++++++ helm/tests/testdata/labels.yaml | 4 + helm/tests/testdata/labels_coder.golden | 80 ++++++ helm/tests/testdata/metrics.golden | 86 ++++++ helm/tests/testdata/metrics.yaml | 4 + helm/tests/testdata/metrics_coder.golden | 86 ++++++ helm/tests/testdata/namespaces.golden | 115 ++++++++ helm/tests/testdata/namespaces.yaml | 4 + helm/tests/testdata/namespaces_coder.golden | 115 ++++++++ helm/tests/testdata/node_selector.golden | 81 ++++++ helm/tests/testdata/node_selector.yaml | 4 + .../tests/testdata/node_selector_coder.golden | 81 ++++++ .../testdata/pod_security_context.golden | 80 ++++++ helm/tests/testdata/pod_security_context.yaml | 3 + .../pod_security_context_coder.golden | 80 ++++++ helm/tests/testdata/rbac.golden | 78 ++++++ helm/tests/testdata/rbac.yaml | 4 + helm/tests/testdata/rbac_coder.golden | 78 ++++++ helm/tests/testdata/resources.golden | 83 ++++++ helm/tests/testdata/resources.yaml | 8 + helm/tests/testdata/resources_coder.golden | 83 ++++++ helm/tests/testdata/security_context.golden | 78 ++++++ helm/tests/testdata/security_context.yaml | 6 + .../testdata/security_context_coder.golden | 78 ++++++ helm/tests/testdata/service_account.golden | 78 ++++++ helm/tests/testdata/service_account.yaml | 7 + .../testdata/service_account_coder.golden | 78 ++++++ helm/tests/testdata/tolerations.golden | 87 ++++++ helm/tests/testdata/tolerations.yaml | 10 + helm/tests/testdata/tolerations_coder.golden | 87 ++++++ helm/tests/testdata/volumes.golden | 86 ++++++ helm/tests/testdata/volumes.yaml | 11 + helm/tests/testdata/volumes_coder.golden | 86 ++++++ scripts/check_unstaged.sh | 13 + 54 files changed, 3239 insertions(+) create mode 100644 helm/tests/chart_test.go create mode 100644 helm/tests/testdata/affinity.golden create mode 100644 helm/tests/testdata/affinity.yaml create mode 100644 helm/tests/testdata/affinity_coder.golden create mode 100644 helm/tests/testdata/args.golden create mode 100644 helm/tests/testdata/args.yaml create mode 100644 helm/tests/testdata/args_coder.golden create mode 100644 helm/tests/testdata/default_values.golden create mode 100644 helm/tests/testdata/default_values.yaml create mode 100644 helm/tests/testdata/default_values_coder.golden create mode 100644 helm/tests/testdata/field_selector.golden create mode 100644 helm/tests/testdata/field_selector.yaml create mode 100644 helm/tests/testdata/field_selector_coder.golden create mode 100644 helm/tests/testdata/image.golden create mode 100644 helm/tests/testdata/image.yaml create mode 100644 helm/tests/testdata/image_coder.golden create mode 100644 helm/tests/testdata/label_selector.golden create mode 100644 helm/tests/testdata/label_selector.yaml create mode 100644 helm/tests/testdata/label_selector_coder.golden create mode 100644 helm/tests/testdata/labels.golden create mode 100644 helm/tests/testdata/labels.yaml create mode 100644 helm/tests/testdata/labels_coder.golden create mode 100644 helm/tests/testdata/metrics.golden create mode 100644 helm/tests/testdata/metrics.yaml create mode 100644 helm/tests/testdata/metrics_coder.golden create mode 100644 helm/tests/testdata/namespaces.golden create mode 100644 helm/tests/testdata/namespaces.yaml create mode 100644 helm/tests/testdata/namespaces_coder.golden create mode 100644 helm/tests/testdata/node_selector.golden create mode 100644 helm/tests/testdata/node_selector.yaml create mode 100644 helm/tests/testdata/node_selector_coder.golden create mode 100644 helm/tests/testdata/pod_security_context.golden create mode 100644 helm/tests/testdata/pod_security_context.yaml create mode 100644 helm/tests/testdata/pod_security_context_coder.golden create mode 100644 helm/tests/testdata/rbac.golden create mode 100644 helm/tests/testdata/rbac.yaml create mode 100644 helm/tests/testdata/rbac_coder.golden create mode 100644 helm/tests/testdata/resources.golden create mode 100644 helm/tests/testdata/resources.yaml create mode 100644 helm/tests/testdata/resources_coder.golden create mode 100644 helm/tests/testdata/security_context.golden create mode 100644 helm/tests/testdata/security_context.yaml create mode 100644 helm/tests/testdata/security_context_coder.golden create mode 100644 helm/tests/testdata/service_account.golden create mode 100644 helm/tests/testdata/service_account.yaml create mode 100644 helm/tests/testdata/service_account_coder.golden create mode 100644 helm/tests/testdata/tolerations.golden create mode 100644 helm/tests/testdata/tolerations.yaml create mode 100644 helm/tests/testdata/tolerations_coder.golden create mode 100644 helm/tests/testdata/volumes.golden create mode 100644 helm/tests/testdata/volumes.yaml create mode 100644 helm/tests/testdata/volumes_coder.golden create mode 100755 scripts/check_unstaged.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7771076..bc7d37f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -76,12 +76,31 @@ jobs: - name: Run integration tests run: go test -tags=integration -v -timeout=8m ./... + helm-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - name: Setup Go + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + with: + go-version: "~1.26" + - name: Setup Helm + uses: azure/setup-helm@f0accbfd55e3332a28f721b8202b1016cecf90d5 # v5 + with: + version: "v3.18.3" + - name: Run Helm chart tests + run: go test ./helm/tests/... + - name: Check for unstaged files + run: ./scripts/check_unstaged.sh + required: runs-on: ubuntu-latest needs: - test - lint - integration-test + - helm-test # Allow this job to run even if the needed jobs fail, are skipped or # cancelled. if: always() diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go new file mode 100644 index 0000000..62179de --- /dev/null +++ b/helm/tests/chart_test.go @@ -0,0 +1,258 @@ +package tests // nolint: testpackage + +import ( + "bytes" + "flag" + "os" + "os/exec" + "path/filepath" + "runtime" + "testing" + + "github.com/stretchr/testify/require" + "golang.org/x/xerrors" +) + +// These tests run `helm template` with the values file specified in each test +// and compare the output to the contents of the corresponding golden file. +// All values and golden files are located in the `testdata` directory. +// To update golden files, run `go test . -update`. + +// updateGoldenFiles is a flag that can be set to update golden files. +var updateGoldenFiles = flag.Bool("update", false, "Update golden files") + +var namespaces = []string{ + "default", + "coder", +} + +var testCases = []testCase{ + { + name: "default_values", + expectedError: "", + }, + { + name: "affinity", + expectedError: "", + }, + { + name: "args", + expectedError: "", + }, + { + name: "field_selector", + expectedError: "", + }, + { + name: "image", + expectedError: "", + }, + { + name: "label_selector", + expectedError: "", + }, + { + name: "labels", + expectedError: "", + }, + { + name: "metrics", + expectedError: "", + }, + { + name: "namespaces", + expectedError: "", + }, + { + name: "node_selector", + expectedError: "", + }, + { + name: "pod_security_context", + expectedError: "", + }, + { + name: "rbac", + expectedError: "", + }, + { + name: "resources", + expectedError: "", + }, + { + name: "security_context", + expectedError: "", + }, + { + name: "service_account", + expectedError: "", + }, + { + name: "tolerations", + expectedError: "", + }, + { + name: "volumes", + expectedError: "", + }, +} + +type testCase struct { + name string // Name of the test case. This is used to control which values and golden file are used. + namespace string // Namespace is the name of the namespace the resources should be generated within + expectedError string // Expected error from running `helm template`. +} + +func (tc testCase) valuesFilePath() string { + return filepath.Join("./testdata", tc.name+".yaml") +} + +func (tc testCase) goldenFilePath() string { + if tc.namespace == "default" { + return filepath.Join("./testdata", tc.name+".golden") + } + + return filepath.Join("./testdata", tc.name+"_"+tc.namespace+".golden") +} + +func inCI() bool { return os.Getenv("CI") != "" } + +func TestRenderChart(t *testing.T) { + t.Parallel() + if *updateGoldenFiles { + t.Skip("Golden files are being updated. Skipping test.") + } + if inCI() { + switch runtime.GOOS { + case "windows", "darwin": + t.Skip("Skipping tests on Windows and macOS in CI") + } + } + + // Ensure that Helm is available in $PATH + helmPath := lookupHelm(t) + err := updateHelmDependencies(t, helmPath, "..") + require.NoError(t, err, "failed to build Helm dependencies") + + for _, tc := range testCases { + for _, ns := range namespaces { + tc.namespace = ns + + t.Run(tc.namespace+"/"+tc.name, func(t *testing.T) { + t.Parallel() + + // Ensure that the values file exists. + valuesFilePath := tc.valuesFilePath() + if _, err := os.Stat(valuesFilePath); os.IsNotExist(err) { + t.Fatalf("values file %q does not exist", valuesFilePath) + } + + // Run helm template with the values file. + templateOutput, err := runHelmTemplate(t, helmPath, "..", valuesFilePath, tc.namespace) + if tc.expectedError != "" { + require.Error(t, err, "helm template should have failed") + require.Contains(t, templateOutput, tc.expectedError, "helm template output should contain expected error") + } else { + require.NoError(t, err, "helm template should not have failed") + require.NotEmpty(t, templateOutput, "helm template output should not be empty") + goldenFilePath := tc.goldenFilePath() + goldenBytes, err := os.ReadFile(goldenFilePath) + require.NoError(t, err, "failed to read golden file %q", goldenFilePath) + + // Remove carriage returns to make tests pass on Windows. + goldenBytes = bytes.ReplaceAll(goldenBytes, []byte("\r"), []byte("")) + expected := string(goldenBytes) + + require.NoError(t, err, "failed to load golden file %q") + require.Equal(t, expected, templateOutput) + } + }) + } + } +} + +func TestUpdateGoldenFiles(t *testing.T) { + t.Parallel() + if !*updateGoldenFiles { + t.Skip("Run with -update to update golden files") + } + + helmPath := lookupHelm(t) + err := updateHelmDependencies(t, helmPath, "..") + require.NoError(t, err, "failed to build Helm dependencies") + + for _, tc := range testCases { + if tc.expectedError != "" { + t.Logf("skipping test case %q with render error", tc.name) + continue + } + + for _, ns := range namespaces { + tc.namespace = ns + + valuesPath := tc.valuesFilePath() + templateOutput, err := runHelmTemplate(t, helmPath, "..", valuesPath, tc.namespace) + if err != nil { + t.Logf("error running `helm template -f %q`: %v", valuesPath, err) + t.Logf("output: %s", templateOutput) + } + require.NoError(t, err, "failed to run `helm template -f %q`", valuesPath) + + goldenFilePath := tc.goldenFilePath() + err = os.WriteFile(goldenFilePath, []byte(templateOutput), 0o644) // nolint:gosec + require.NoError(t, err, "failed to write golden file %q", goldenFilePath) + } + } + t.Log("Golden files updated. Please review the changes and commit them.") +} + +// updateHelmDependencies runs `helm dependency update .` on the given chartDir. +func updateHelmDependencies(t testing.TB, helmPath, chartDir string) error { + // Remove charts/ from chartDir if it exists. + err := os.RemoveAll(filepath.Join(chartDir, "charts")) + if err != nil { + return xerrors.Errorf("failed to remove charts/ directory: %w", err) + } + + // Regenerate the chart dependencies. + cmd := exec.Command(helmPath, "dependency", "update", "--skip-refresh", ".") + cmd.Dir = chartDir + t.Logf("exec command: %v", cmd.Args) + out, err := cmd.CombinedOutput() + if err != nil { + return xerrors.Errorf("failed to run `helm dependency build`: %w\noutput: %s", err, out) + } + + return nil +} + +// runHelmTemplate runs helm template on the given chart with the given values and +// returns the raw output. +func runHelmTemplate(t testing.TB, helmPath, chartDir, valuesFilePath, namespace string) (string, error) { + // Ensure that valuesFilePath exists + if _, err := os.Stat(valuesFilePath); err != nil { + return "", xerrors.Errorf("values file %q does not exist: %w", valuesFilePath, err) + } + + cmd := exec.Command(helmPath, "template", chartDir, "-f", valuesFilePath, "--namespace", namespace) + t.Logf("exec command: %v", cmd.Args) + out, err := cmd.CombinedOutput() + return string(out), err +} + +// lookupHelm ensures that Helm is available in $PATH and returns the path to the +// Helm executable. +func lookupHelm(t testing.TB) string { + helmPath, err := exec.LookPath("helm") + if err != nil { + t.Fatalf("helm not found in $PATH: %v", err) + return "" + } + t.Logf("Using helm at %q", helmPath) + return helmPath +} + +func TestMain(m *testing.M) { + flag.Parse() + os.Exit(m.Run()) +} diff --git a/helm/tests/testdata/affinity.golden b/helm/tests/testdata/affinity.golden new file mode 100644 index 0000000..b870341 --- /dev/null +++ b/helm/tests/testdata/affinity.golden @@ -0,0 +1,90 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/affinity.yaml b/helm/tests/testdata/affinity.yaml new file mode 100644 index 0000000..a0c33ba --- /dev/null +++ b/helm/tests/testdata/affinity.yaml @@ -0,0 +1,13 @@ +url: "http://coder.coder.svc.cluster.local" +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube diff --git a/helm/tests/testdata/affinity_coder.golden b/helm/tests/testdata/affinity_coder.golden new file mode 100644 index 0000000..573f35c --- /dev/null +++ b/helm/tests/testdata/affinity_coder.golden @@ -0,0 +1,90 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/args.golden b/helm/tests/testdata/args.golden new file mode 100644 index 0000000..5ffa008 --- /dev/null +++ b/helm/tests/testdata/args.golden @@ -0,0 +1,81 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + args: + - --coder-url + - http://coder.coder.svc.cluster.local + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/args.yaml b/helm/tests/testdata/args.yaml new file mode 100644 index 0000000..d2dd004 --- /dev/null +++ b/helm/tests/testdata/args.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +args: + - --coder-url + - "http://coder.coder.svc.cluster.local" \ No newline at end of file diff --git a/helm/tests/testdata/args_coder.golden b/helm/tests/testdata/args_coder.golden new file mode 100644 index 0000000..f1abcf7 --- /dev/null +++ b/helm/tests/testdata/args_coder.golden @@ -0,0 +1,81 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + args: + - --coder-url + - http://coder.coder.svc.cluster.local + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/default_values.golden b/helm/tests/testdata/default_values.golden new file mode 100644 index 0000000..d1383e2 --- /dev/null +++ b/helm/tests/testdata/default_values.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/default_values.yaml b/helm/tests/testdata/default_values.yaml new file mode 100644 index 0000000..e832a33 --- /dev/null +++ b/helm/tests/testdata/default_values.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +image: + tag: "latest" + diff --git a/helm/tests/testdata/default_values_coder.golden b/helm/tests/testdata/default_values_coder.golden new file mode 100644 index 0000000..e14923f --- /dev/null +++ b/helm/tests/testdata/default_values_coder.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/field_selector.golden b/helm/tests/testdata/field_selector.golden new file mode 100644 index 0000000..ca02d33 --- /dev/null +++ b/helm/tests/testdata/field_selector.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_FIELD_SELECTOR + value: "status.phase!=Succeeded" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/field_selector.yaml b/helm/tests/testdata/field_selector.yaml new file mode 100644 index 0000000..53a8275 --- /dev/null +++ b/helm/tests/testdata/field_selector.yaml @@ -0,0 +1,2 @@ +url: "http://coder.coder.svc.cluster.local" +fieldSelector: status.phase!=Succeeded \ No newline at end of file diff --git a/helm/tests/testdata/field_selector_coder.golden b/helm/tests/testdata/field_selector_coder.golden new file mode 100644 index 0000000..d5dd2a3 --- /dev/null +++ b/helm/tests/testdata/field_selector_coder.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_FIELD_SELECTOR + value: "status.phase!=Succeeded" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/image.golden b/helm/tests/testdata/image.golden new file mode 100644 index 0000000..d61eacb --- /dev/null +++ b/helm/tests/testdata/image.golden @@ -0,0 +1,84 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + imagePullSecrets: + - name: super-secret-pull-secret + containers: + - name: coder-logstream-kube + image: "custom-internal-registry.nicecorp.org/coder-logstream-kube:v1.2.3" + imagePullPolicy: Always + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: SSL_CERT_FILE + value: /etc/ssl/certs/my-custom-cert.pem + - name: SSL_CERT_DIR + value: /etc/ssl/certs/my-custom-cert-directory/ + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/image.yaml b/helm/tests/testdata/image.yaml new file mode 100644 index 0000000..7a19c66 --- /dev/null +++ b/helm/tests/testdata/image.yaml @@ -0,0 +1,9 @@ +url: "http://coder.coder.svc.cluster.local" +image: + repo: custom-internal-registry.nicecorp.org/coder-logstream-kube + tag: v1.2.3 + pullPolicy: Always + pullSecrets: + - name: super-secret-pull-secret + sslCertFile: /etc/ssl/certs/my-custom-cert.pem + sslCertDir: /etc/ssl/certs/my-custom-cert-directory/ diff --git a/helm/tests/testdata/image_coder.golden b/helm/tests/testdata/image_coder.golden new file mode 100644 index 0000000..c192751 --- /dev/null +++ b/helm/tests/testdata/image_coder.golden @@ -0,0 +1,84 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + imagePullSecrets: + - name: super-secret-pull-secret + containers: + - name: coder-logstream-kube + image: "custom-internal-registry.nicecorp.org/coder-logstream-kube:v1.2.3" + imagePullPolicy: Always + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: SSL_CERT_FILE + value: /etc/ssl/certs/my-custom-cert.pem + - name: SSL_CERT_DIR + value: /etc/ssl/certs/my-custom-cert-directory/ + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/label_selector.golden b/helm/tests/testdata/label_selector.golden new file mode 100644 index 0000000..5750994 --- /dev/null +++ b/helm/tests/testdata/label_selector.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_LABEL_SELECTOR + value: "com.coder.deployment=dev-coder.nicecorp.org" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/label_selector.yaml b/helm/tests/testdata/label_selector.yaml new file mode 100644 index 0000000..90f65fb --- /dev/null +++ b/helm/tests/testdata/label_selector.yaml @@ -0,0 +1,2 @@ +url: "http://coder.coder.svc.cluster.local" +labelSelector: com.coder.deployment=dev-coder.nicecorp.org \ No newline at end of file diff --git a/helm/tests/testdata/label_selector_coder.golden b/helm/tests/testdata/label_selector_coder.golden new file mode 100644 index 0000000..c2013b6 --- /dev/null +++ b/helm/tests/testdata/label_selector_coder.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_LABEL_SELECTOR + value: "com.coder.deployment=dev-coder.nicecorp.org" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/labels.golden b/helm/tests/testdata/labels.golden new file mode 100644 index 0000000..baf2529 --- /dev/null +++ b/helm/tests/testdata/labels.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + label-one: turtle + label-two: cat + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/labels.yaml b/helm/tests/testdata/labels.yaml new file mode 100644 index 0000000..e15282d --- /dev/null +++ b/helm/tests/testdata/labels.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +labels: + label-one: turtle + label-two: cat \ No newline at end of file diff --git a/helm/tests/testdata/labels_coder.golden b/helm/tests/testdata/labels_coder.golden new file mode 100644 index 0000000..96e8c56 --- /dev/null +++ b/helm/tests/testdata/labels_coder.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + label-one: turtle + label-two: cat + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/metrics.golden b/helm/tests/testdata/metrics.golden new file mode 100644 index 0000000..734b662 --- /dev/null +++ b/helm/tests/testdata/metrics.golden @@ -0,0 +1,86 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9998" + prometheus.io/path: "/metrics" + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + ports: + - name: metrics + containerPort: 9998 + protocol: TCP + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: ":9998" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/metrics.yaml b/helm/tests/testdata/metrics.yaml new file mode 100644 index 0000000..70f02ce --- /dev/null +++ b/helm/tests/testdata/metrics.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +metrics: + enabled: true + port: 9998 \ No newline at end of file diff --git a/helm/tests/testdata/metrics_coder.golden b/helm/tests/testdata/metrics_coder.golden new file mode 100644 index 0000000..8cc2b7b --- /dev/null +++ b/helm/tests/testdata/metrics_coder.golden @@ -0,0 +1,86 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9998" + prometheus.io/path: "/metrics" + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + ports: + - name: metrics + containerPort: 9998 + protocol: TCP + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: ":9998" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/namespaces.golden b/helm/tests/testdata/namespaces.golden new file mode 100644 index 0000000..3c8c915 --- /dev/null +++ b/helm/tests/testdata/namespaces.golden @@ -0,0 +1,115 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-role + namespace: coder +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-role + namespace: coder-workloads +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding + namespace: coder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding + namespace: coder-workloads +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_NAMESPACES + value: coder,coder-workloads + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/namespaces.yaml b/helm/tests/testdata/namespaces.yaml new file mode 100644 index 0000000..7640fd1 --- /dev/null +++ b/helm/tests/testdata/namespaces.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +namespaces: + - coder + - coder-workloads \ No newline at end of file diff --git a/helm/tests/testdata/namespaces_coder.golden b/helm/tests/testdata/namespaces_coder.golden new file mode 100644 index 0000000..4bd763b --- /dev/null +++ b/helm/tests/testdata/namespaces_coder.golden @@ -0,0 +1,115 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-role + namespace: coder +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-role + namespace: coder-workloads +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding + namespace: coder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding + namespace: coder-workloads +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + - name: CODER_NAMESPACES + value: coder,coder-workloads + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/node_selector.golden b/helm/tests/testdata/node_selector.golden new file mode 100644 index 0000000..bf061a6 --- /dev/null +++ b/helm/tests/testdata/node_selector.golden @@ -0,0 +1,81 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/node_selector.yaml b/helm/tests/testdata/node_selector.yaml new file mode 100644 index 0000000..747e443 --- /dev/null +++ b/helm/tests/testdata/node_selector.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a diff --git a/helm/tests/testdata/node_selector_coder.golden b/helm/tests/testdata/node_selector_coder.golden new file mode 100644 index 0000000..79969c6 --- /dev/null +++ b/helm/tests/testdata/node_selector_coder.golden @@ -0,0 +1,81 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/pod_security_context.golden b/helm/tests/testdata/pod_security_context.golden new file mode 100644 index 0000000..0b1f767 --- /dev/null +++ b/helm/tests/testdata/pod_security_context.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + podSecurityContext: + fsGroup: 655 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/pod_security_context.yaml b/helm/tests/testdata/pod_security_context.yaml new file mode 100644 index 0000000..0956949 --- /dev/null +++ b/helm/tests/testdata/pod_security_context.yaml @@ -0,0 +1,3 @@ +url: "http://coder.coder.svc.cluster.local" +podSecurityContext: + fsGroup: 655 \ No newline at end of file diff --git a/helm/tests/testdata/pod_security_context_coder.golden b/helm/tests/testdata/pod_security_context_coder.golden new file mode 100644 index 0000000..6b51f5c --- /dev/null +++ b/helm/tests/testdata/pod_security_context_coder.golden @@ -0,0 +1,80 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + podSecurityContext: + fsGroup: 655 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/rbac.golden b/helm/tests/testdata/rbac.golden new file mode 100644 index 0000000..d4d5cff --- /dev/null +++ b/helm/tests/testdata/rbac.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-custom-role-name +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/rbac.yaml b/helm/tests/testdata/rbac.yaml new file mode 100644 index 0000000..545753d --- /dev/null +++ b/helm/tests/testdata/rbac.yaml @@ -0,0 +1,4 @@ +url: "http://coder.coder.svc.cluster.local" +rbac: + roleName: coder-logstream-kube-custom-role-name + roleBindingName: coder-logstream-kube-rolebinding-custom-rb-name \ No newline at end of file diff --git a/helm/tests/testdata/rbac_coder.golden b/helm/tests/testdata/rbac_coder.golden new file mode 100644 index 0000000..af373c7 --- /dev/null +++ b/helm/tests/testdata/rbac_coder.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-custom-role-name +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/resources.golden b/helm/tests/testdata/resources.golden new file mode 100644 index 0000000..f460c47 --- /dev/null +++ b/helm/tests/testdata/resources.golden @@ -0,0 +1,83 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/resources.yaml b/helm/tests/testdata/resources.yaml new file mode 100644 index 0000000..4b0b165 --- /dev/null +++ b/helm/tests/testdata/resources.yaml @@ -0,0 +1,8 @@ +url: "http://coder.coder.svc.cluster.local" +resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi \ No newline at end of file diff --git a/helm/tests/testdata/resources_coder.golden b/helm/tests/testdata/resources_coder.golden new file mode 100644 index 0000000..7ea2300 --- /dev/null +++ b/helm/tests/testdata/resources_coder.golden @@ -0,0 +1,83 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/security_context.golden b/helm/tests/testdata/security_context.golden new file mode 100644 index 0000000..d51edac --- /dev/null +++ b/helm/tests/testdata/security_context.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: true + runAsGroup: 655 + runAsNonRoot: true + runAsUser: 655 diff --git a/helm/tests/testdata/security_context.yaml b/helm/tests/testdata/security_context.yaml new file mode 100644 index 0000000..ba8bbb6 --- /dev/null +++ b/helm/tests/testdata/security_context.yaml @@ -0,0 +1,6 @@ +url: "http://coder.coder.svc.cluster.local" +securityContext: + runAsNonRoot: true + runAsUser: 655 + runAsGroup: 655 + allowPrivilegeEscalation: true \ No newline at end of file diff --git a/helm/tests/testdata/security_context_coder.golden b/helm/tests/testdata/security_context_coder.golden new file mode 100644 index 0000000..d584b41 --- /dev/null +++ b/helm/tests/testdata/security_context_coder.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: true + runAsGroup: 655 + runAsNonRoot: true + runAsUser: 655 diff --git a/helm/tests/testdata/service_account.golden b/helm/tests/testdata/service_account.golden new file mode 100644 index 0000000..727e479 --- /dev/null +++ b/helm/tests/testdata/service_account.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube-custom-name" + annotations: + golden: test + labels: + testing: golden +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube-custom-name" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/service_account.yaml b/helm/tests/testdata/service_account.yaml new file mode 100644 index 0000000..2583bde --- /dev/null +++ b/helm/tests/testdata/service_account.yaml @@ -0,0 +1,7 @@ +url: "http://coder.coder.svc.cluster.local" +serviceAccount: + annotations: + golden: test + labels: + testing: golden + name: coder-logstream-kube-custom-name \ No newline at end of file diff --git a/helm/tests/testdata/service_account_coder.golden b/helm/tests/testdata/service_account_coder.golden new file mode 100644 index 0000000..f8f170c --- /dev/null +++ b/helm/tests/testdata/service_account_coder.golden @@ -0,0 +1,78 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube-custom-name" + annotations: + golden: test + labels: + testing: golden +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube-custom-name" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/tolerations.golden b/helm/tests/testdata/tolerations.golden new file mode 100644 index 0000000..dfeef59 --- /dev/null +++ b/helm/tests/testdata/tolerations.golden @@ -0,0 +1,87 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + tolerations: + - effect: NoSchedule + key: dedicated + operator: Equal + value: monitoring + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/tolerations.yaml b/helm/tests/testdata/tolerations.yaml new file mode 100644 index 0000000..4d3a287 --- /dev/null +++ b/helm/tests/testdata/tolerations.yaml @@ -0,0 +1,10 @@ +url: "http://coder.coder.svc.cluster.local" +tolerations: + - key: "dedicated" + operator: "Equal" + value: "monitoring" + effect: "NoSchedule" + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 30 diff --git a/helm/tests/testdata/tolerations_coder.golden b/helm/tests/testdata/tolerations_coder.golden new file mode 100644 index 0000000..d7b5454 --- /dev/null +++ b/helm/tests/testdata/tolerations_coder.golden @@ -0,0 +1,87 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + tolerations: + - effect: NoSchedule + key: dedicated + operator: Equal + value: monitoring + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:0.1.0" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 diff --git a/helm/tests/testdata/volumes.golden b/helm/tests/testdata/volumes.golden new file mode 100644 index 0000000..bc18c63 --- /dev/null +++ b/helm/tests/testdata/volumes.golden @@ -0,0 +1,86 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - mountPath: /etc/ssl/custom + name: custom-ca + readOnly: true + volumes: + - configMap: + name: custom-ca-cert + name: custom-ca diff --git a/helm/tests/testdata/volumes.yaml b/helm/tests/testdata/volumes.yaml new file mode 100644 index 0000000..0afe150 --- /dev/null +++ b/helm/tests/testdata/volumes.yaml @@ -0,0 +1,11 @@ +url: "http://coder.coder.svc.cluster.local" +image: + tag: latest +volumes: + - name: custom-ca + configMap: + name: custom-ca-cert +volumeMounts: + - name: custom-ca + mountPath: /etc/ssl/custom + readOnly: true diff --git a/helm/tests/testdata/volumes_coder.golden b/helm/tests/testdata/volumes_coder.golden new file mode 100644 index 0000000..e424d23 --- /dev/null +++ b/helm/tests/testdata/volumes_coder.golden @@ -0,0 +1,86 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube" + annotations: + {} + labels: + {} +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coder-logstream-kube-role +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coder-logstream-kube-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coder-logstream-kube-role +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: "coder-logstream-kube" + restartPolicy: Always + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + resources: + {} + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: "" + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + volumeMounts: + - mountPath: /etc/ssl/custom + name: custom-ca + readOnly: true + volumes: + - configMap: + name: custom-ca-cert + name: custom-ca diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh new file mode 100755 index 0000000..7b95842 --- /dev/null +++ b/scripts/check_unstaged.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +set -euo pipefail + +files=$(git ls-files --other --modified --exclude-standard) +if [[ -n "$files" ]]; then + echo "The following files contain unstaged changes:" + echo "$files" + echo + git --no-pager diff + echo + echo "Error: unstaged changes, see above for details." + exit 1 +fi From 3e61b18dc86e01b73ee380215f10c0c8b16f58f2 Mon Sep 17 00:00:00 2001 From: Rowan Smith Date: Mon, 22 Jun 2026 03:19:57 +0000 Subject: [PATCH 2/3] \n --- helm/tests/testdata/args.yaml | 2 +- helm/tests/testdata/label_selector.yaml | 2 +- helm/tests/testdata/labels.yaml | 2 +- helm/tests/testdata/metrics.yaml | 2 +- helm/tests/testdata/namespaces.yaml | 2 +- helm/tests/testdata/pod_security_context.yaml | 2 +- helm/tests/testdata/rbac.yaml | 2 +- helm/tests/testdata/resources.yaml | 2 +- helm/tests/testdata/security_context.yaml | 2 +- helm/tests/testdata/service_account.yaml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/helm/tests/testdata/args.yaml b/helm/tests/testdata/args.yaml index d2dd004..79db304 100644 --- a/helm/tests/testdata/args.yaml +++ b/helm/tests/testdata/args.yaml @@ -1,4 +1,4 @@ url: "http://coder.coder.svc.cluster.local" args: - --coder-url - - "http://coder.coder.svc.cluster.local" \ No newline at end of file + - "http://coder.coder.svc.cluster.local" diff --git a/helm/tests/testdata/label_selector.yaml b/helm/tests/testdata/label_selector.yaml index 90f65fb..bc6b3b7 100644 --- a/helm/tests/testdata/label_selector.yaml +++ b/helm/tests/testdata/label_selector.yaml @@ -1,2 +1,2 @@ url: "http://coder.coder.svc.cluster.local" -labelSelector: com.coder.deployment=dev-coder.nicecorp.org \ No newline at end of file +labelSelector: com.coder.deployment=dev-coder.nicecorp.org diff --git a/helm/tests/testdata/labels.yaml b/helm/tests/testdata/labels.yaml index e15282d..77113ae 100644 --- a/helm/tests/testdata/labels.yaml +++ b/helm/tests/testdata/labels.yaml @@ -1,4 +1,4 @@ url: "http://coder.coder.svc.cluster.local" labels: label-one: turtle - label-two: cat \ No newline at end of file + label-two: cat diff --git a/helm/tests/testdata/metrics.yaml b/helm/tests/testdata/metrics.yaml index 70f02ce..0d6b132 100644 --- a/helm/tests/testdata/metrics.yaml +++ b/helm/tests/testdata/metrics.yaml @@ -1,4 +1,4 @@ url: "http://coder.coder.svc.cluster.local" metrics: enabled: true - port: 9998 \ No newline at end of file + port: 9998 diff --git a/helm/tests/testdata/namespaces.yaml b/helm/tests/testdata/namespaces.yaml index 7640fd1..aea5444 100644 --- a/helm/tests/testdata/namespaces.yaml +++ b/helm/tests/testdata/namespaces.yaml @@ -1,4 +1,4 @@ url: "http://coder.coder.svc.cluster.local" namespaces: - coder - - coder-workloads \ No newline at end of file + - coder-workloads diff --git a/helm/tests/testdata/pod_security_context.yaml b/helm/tests/testdata/pod_security_context.yaml index 0956949..52b5d12 100644 --- a/helm/tests/testdata/pod_security_context.yaml +++ b/helm/tests/testdata/pod_security_context.yaml @@ -1,3 +1,3 @@ url: "http://coder.coder.svc.cluster.local" podSecurityContext: - fsGroup: 655 \ No newline at end of file + fsGroup: 655 diff --git a/helm/tests/testdata/rbac.yaml b/helm/tests/testdata/rbac.yaml index 545753d..eee4459 100644 --- a/helm/tests/testdata/rbac.yaml +++ b/helm/tests/testdata/rbac.yaml @@ -1,4 +1,4 @@ url: "http://coder.coder.svc.cluster.local" rbac: roleName: coder-logstream-kube-custom-role-name - roleBindingName: coder-logstream-kube-rolebinding-custom-rb-name \ No newline at end of file + roleBindingName: coder-logstream-kube-rolebinding-custom-rb-name diff --git a/helm/tests/testdata/resources.yaml b/helm/tests/testdata/resources.yaml index 4b0b165..29ecb43 100644 --- a/helm/tests/testdata/resources.yaml +++ b/helm/tests/testdata/resources.yaml @@ -5,4 +5,4 @@ resources: memory: 500Mi requests: cpu: 2000m - memory: 2000Mi \ No newline at end of file + memory: 2000Mi diff --git a/helm/tests/testdata/security_context.yaml b/helm/tests/testdata/security_context.yaml index ba8bbb6..e2701c7 100644 --- a/helm/tests/testdata/security_context.yaml +++ b/helm/tests/testdata/security_context.yaml @@ -3,4 +3,4 @@ securityContext: runAsNonRoot: true runAsUser: 655 runAsGroup: 655 - allowPrivilegeEscalation: true \ No newline at end of file + allowPrivilegeEscalation: true diff --git a/helm/tests/testdata/service_account.yaml b/helm/tests/testdata/service_account.yaml index 2583bde..63c7fd9 100644 --- a/helm/tests/testdata/service_account.yaml +++ b/helm/tests/testdata/service_account.yaml @@ -4,4 +4,4 @@ serviceAccount: golden: test labels: testing: golden - name: coder-logstream-kube-custom-name \ No newline at end of file + name: coder-logstream-kube-custom-name From 55cb03b09be1069a8c4060e1cf0feaa858d0fc47 Mon Sep 17 00:00:00 2001 From: Rowan Smith Date: Mon, 22 Jun 2026 23:35:46 +0000 Subject: [PATCH 3/3] many > two --- helm/tests/chart_test.go | 62 +------ helm/tests/testdata/affinity.golden | 90 ---------- helm/tests/testdata/affinity.yaml | 13 -- helm/tests/testdata/affinity_coder.golden | 90 ---------- helm/tests/testdata/all_values.golden | 169 ++++++++++++++++++ helm/tests/testdata/all_values.yaml | 79 ++++++++ helm/tests/testdata/all_values_coder.golden | 169 ++++++++++++++++++ helm/tests/testdata/args.golden | 81 --------- helm/tests/testdata/args.yaml | 4 - helm/tests/testdata/args_coder.golden | 81 --------- helm/tests/testdata/default_values.yaml | 1 - helm/tests/testdata/field_selector.golden | 80 --------- helm/tests/testdata/field_selector.yaml | 2 - .../testdata/field_selector_coder.golden | 80 --------- helm/tests/testdata/image.golden | 84 --------- helm/tests/testdata/image.yaml | 9 - helm/tests/testdata/image_coder.golden | 84 --------- helm/tests/testdata/label_selector.golden | 80 --------- helm/tests/testdata/label_selector.yaml | 2 - .../testdata/label_selector_coder.golden | 80 --------- helm/tests/testdata/labels.golden | 80 --------- helm/tests/testdata/labels.yaml | 4 - helm/tests/testdata/labels_coder.golden | 80 --------- helm/tests/testdata/metrics.golden | 86 --------- helm/tests/testdata/metrics.yaml | 4 - helm/tests/testdata/metrics_coder.golden | 86 --------- helm/tests/testdata/namespaces.golden | 115 ------------ helm/tests/testdata/namespaces.yaml | 4 - helm/tests/testdata/namespaces_coder.golden | 115 ------------ helm/tests/testdata/node_selector.golden | 81 --------- helm/tests/testdata/node_selector.yaml | 4 - .../tests/testdata/node_selector_coder.golden | 81 --------- .../testdata/pod_security_context.golden | 80 --------- helm/tests/testdata/pod_security_context.yaml | 3 - .../pod_security_context_coder.golden | 80 --------- helm/tests/testdata/rbac.golden | 78 -------- helm/tests/testdata/rbac.yaml | 4 - helm/tests/testdata/rbac_coder.golden | 78 -------- helm/tests/testdata/resources.golden | 83 --------- helm/tests/testdata/resources.yaml | 8 - helm/tests/testdata/resources_coder.golden | 83 --------- helm/tests/testdata/security_context.golden | 78 -------- helm/tests/testdata/security_context.yaml | 6 - .../testdata/security_context_coder.golden | 78 -------- helm/tests/testdata/service_account.golden | 78 -------- helm/tests/testdata/service_account.yaml | 7 - .../testdata/service_account_coder.golden | 78 -------- helm/tests/testdata/tolerations.golden | 87 --------- helm/tests/testdata/tolerations.yaml | 10 -- helm/tests/testdata/tolerations_coder.golden | 87 --------- helm/tests/testdata/volumes.golden | 86 --------- helm/tests/testdata/volumes.yaml | 11 -- helm/tests/testdata/volumes_coder.golden | 86 --------- 53 files changed, 418 insertions(+), 2851 deletions(-) delete mode 100644 helm/tests/testdata/affinity.golden delete mode 100644 helm/tests/testdata/affinity.yaml delete mode 100644 helm/tests/testdata/affinity_coder.golden create mode 100644 helm/tests/testdata/all_values.golden create mode 100644 helm/tests/testdata/all_values.yaml create mode 100644 helm/tests/testdata/all_values_coder.golden delete mode 100644 helm/tests/testdata/args.golden delete mode 100644 helm/tests/testdata/args.yaml delete mode 100644 helm/tests/testdata/args_coder.golden delete mode 100644 helm/tests/testdata/field_selector.golden delete mode 100644 helm/tests/testdata/field_selector.yaml delete mode 100644 helm/tests/testdata/field_selector_coder.golden delete mode 100644 helm/tests/testdata/image.golden delete mode 100644 helm/tests/testdata/image.yaml delete mode 100644 helm/tests/testdata/image_coder.golden delete mode 100644 helm/tests/testdata/label_selector.golden delete mode 100644 helm/tests/testdata/label_selector.yaml delete mode 100644 helm/tests/testdata/label_selector_coder.golden delete mode 100644 helm/tests/testdata/labels.golden delete mode 100644 helm/tests/testdata/labels.yaml delete mode 100644 helm/tests/testdata/labels_coder.golden delete mode 100644 helm/tests/testdata/metrics.golden delete mode 100644 helm/tests/testdata/metrics.yaml delete mode 100644 helm/tests/testdata/metrics_coder.golden delete mode 100644 helm/tests/testdata/namespaces.golden delete mode 100644 helm/tests/testdata/namespaces.yaml delete mode 100644 helm/tests/testdata/namespaces_coder.golden delete mode 100644 helm/tests/testdata/node_selector.golden delete mode 100644 helm/tests/testdata/node_selector.yaml delete mode 100644 helm/tests/testdata/node_selector_coder.golden delete mode 100644 helm/tests/testdata/pod_security_context.golden delete mode 100644 helm/tests/testdata/pod_security_context.yaml delete mode 100644 helm/tests/testdata/pod_security_context_coder.golden delete mode 100644 helm/tests/testdata/rbac.golden delete mode 100644 helm/tests/testdata/rbac.yaml delete mode 100644 helm/tests/testdata/rbac_coder.golden delete mode 100644 helm/tests/testdata/resources.golden delete mode 100644 helm/tests/testdata/resources.yaml delete mode 100644 helm/tests/testdata/resources_coder.golden delete mode 100644 helm/tests/testdata/security_context.golden delete mode 100644 helm/tests/testdata/security_context.yaml delete mode 100644 helm/tests/testdata/security_context_coder.golden delete mode 100644 helm/tests/testdata/service_account.golden delete mode 100644 helm/tests/testdata/service_account.yaml delete mode 100644 helm/tests/testdata/service_account_coder.golden delete mode 100644 helm/tests/testdata/tolerations.golden delete mode 100644 helm/tests/testdata/tolerations.yaml delete mode 100644 helm/tests/testdata/tolerations_coder.golden delete mode 100644 helm/tests/testdata/volumes.golden delete mode 100644 helm/tests/testdata/volumes.yaml delete mode 100644 helm/tests/testdata/volumes_coder.golden diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go index 62179de..d7254bf 100644 --- a/helm/tests/chart_test.go +++ b/helm/tests/chart_test.go @@ -32,67 +32,7 @@ var testCases = []testCase{ expectedError: "", }, { - name: "affinity", - expectedError: "", - }, - { - name: "args", - expectedError: "", - }, - { - name: "field_selector", - expectedError: "", - }, - { - name: "image", - expectedError: "", - }, - { - name: "label_selector", - expectedError: "", - }, - { - name: "labels", - expectedError: "", - }, - { - name: "metrics", - expectedError: "", - }, - { - name: "namespaces", - expectedError: "", - }, - { - name: "node_selector", - expectedError: "", - }, - { - name: "pod_security_context", - expectedError: "", - }, - { - name: "rbac", - expectedError: "", - }, - { - name: "resources", - expectedError: "", - }, - { - name: "security_context", - expectedError: "", - }, - { - name: "service_account", - expectedError: "", - }, - { - name: "tolerations", - expectedError: "", - }, - { - name: "volumes", + name: "all_values", expectedError: "", }, } diff --git a/helm/tests/testdata/affinity.golden b/helm/tests/testdata/affinity.golden deleted file mode 100644 index b870341..0000000 --- a/helm/tests/testdata/affinity.golden +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder-logstream-kube - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/affinity.yaml b/helm/tests/testdata/affinity.yaml deleted file mode 100644 index a0c33ba..0000000 --- a/helm/tests/testdata/affinity.yaml +++ /dev/null @@ -1,13 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder-logstream-kube diff --git a/helm/tests/testdata/affinity_coder.golden b/helm/tests/testdata/affinity_coder.golden deleted file mode 100644 index 573f35c..0000000 --- a/helm/tests/testdata/affinity_coder.golden +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder-logstream-kube - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/all_values.golden b/helm/tests/testdata/all_values.golden new file mode 100644 index 0000000..0ec4af4 --- /dev/null +++ b/helm/tests/testdata/all_values.golden @@ -0,0 +1,169 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube-custom-name" + annotations: + golden: test + labels: + testing: golden +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-custom-role-name + namespace: coder +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-custom-role-name + namespace: coder-workloads +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name + namespace: coder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name + namespace: coder-workloads +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: default +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + label-one: turtle + label-two: cat + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9998" + prometheus.io/path: "/metrics" + spec: + serviceAccountName: "coder-logstream-kube-custom-name" + restartPolicy: Always + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube + topologyKey: kubernetes.io/hostname + weight: 1 + tolerations: + - effect: NoSchedule + key: dedicated + operator: Equal + value: monitoring + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a + podSecurityContext: + fsGroup: 655 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + args: + - --coder-url + - http://coder.coder.svc.cluster.local + ports: + - name: metrics + containerPort: 9998 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: ":9998" + - name: CODER_NAMESPACES + value: coder,coder-workloads + - name: CODER_LABEL_SELECTOR + value: "com.coder.deployment=dev-coder.nicecorp.org" + securityContext: + allowPrivilegeEscalation: true + runAsGroup: 655 + runAsNonRoot: true + runAsUser: 655 + volumeMounts: + - mountPath: /etc/ssl/custom + name: custom-ca + readOnly: true + volumes: + - configMap: + name: custom-ca-cert + name: custom-ca diff --git a/helm/tests/testdata/all_values.yaml b/helm/tests/testdata/all_values.yaml new file mode 100644 index 0000000..63a5ff2 --- /dev/null +++ b/helm/tests/testdata/all_values.yaml @@ -0,0 +1,79 @@ +url: "http://coder.coder.svc.cluster.local" +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube +args: + - --coder-url + - "http://coder.coder.svc.cluster.local" +image: + repo: custom-internal-registry.nicecorp.org/coder-logstream-kube + tag: v1.2.3 + pullPolicy: Always + pullSecrets: + - name: super-secret-pull-secret + sslCertFile: /etc/ssl/certs/my-custom-cert.pem + sslCertDir: /etc/ssl/certs/my-custom-cert-directory/ +labelSelector: com.coder.deployment=dev-coder.nicecorp.org +labels: + label-one: turtle + label-two: cat +metrics: + enabled: true + port: 9998 +namespaces: + - coder + - coder-workloads +nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a +podSecurityContext: + fsGroup: 655 +rbac: + roleName: coder-logstream-kube-custom-role-name + roleBindingName: coder-logstream-kube-rolebinding-custom-rb-name +resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi +securityContext: + runAsNonRoot: true + runAsUser: 655 + runAsGroup: 655 + allowPrivilegeEscalation: true +serviceAccount: + annotations: + golden: test + labels: + testing: golden + name: coder-logstream-kube-custom-name +tolerations: + - key: "dedicated" + operator: "Equal" + value: "monitoring" + effect: "NoSchedule" + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 30 +image: + tag: latest +volumes: + - name: custom-ca + configMap: + name: custom-ca-cert +volumeMounts: + - name: custom-ca + mountPath: /etc/ssl/custom + readOnly: true diff --git a/helm/tests/testdata/all_values_coder.golden b/helm/tests/testdata/all_values_coder.golden new file mode 100644 index 0000000..1bb5080 --- /dev/null +++ b/helm/tests/testdata/all_values_coder.golden @@ -0,0 +1,169 @@ +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder-logstream-kube-custom-name" + annotations: + golden: test + labels: + testing: golden +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-custom-role-name + namespace: coder +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-logstream-kube-custom-role-name + namespace: coder-workloads +rules: + + - apiGroups: [""] + resources: ["pods", "events"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets", "events"] + verbs: ["get", "watch", "list"] +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name + namespace: coder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: coder-logstream-kube-rolebinding-custom-rb-name + namespace: coder-workloads +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-logstream-kube-custom-role-name +subjects: +- kind: ServiceAccount + name: "coder-logstream-kube-custom-name" + namespace: coder +--- +# Source: coder-logstream-kube/templates/service.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name +spec: + # This must remain at 1 otherwise duplicate logs can occur! + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + label-one: turtle + label-two: cat + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9998" + prometheus.io/path: "/metrics" + spec: + serviceAccountName: "coder-logstream-kube-custom-name" + restartPolicy: Always + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder-logstream-kube + topologyKey: kubernetes.io/hostname + weight: 1 + tolerations: + - effect: NoSchedule + key: dedicated + operator: Equal + value: monitoring + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + nodeSelector: + kubernetes.io/os: linux + topology.kubernetes.io/zone: us-east-1a + podSecurityContext: + fsGroup: 655 + containers: + - name: coder-logstream-kube + image: "ghcr.io/coder/coder-logstream-kube:latest" + imagePullPolicy: IfNotPresent + command: + - /coder-logstream-kube + args: + - --coder-url + - http://coder.coder.svc.cluster.local + ports: + - name: metrics + containerPort: 9998 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 2000m + memory: 2000Mi + env: + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + - name: CODER_LOGSTREAM_METRICS_ADDR + value: ":9998" + - name: CODER_NAMESPACES + value: coder,coder-workloads + - name: CODER_LABEL_SELECTOR + value: "com.coder.deployment=dev-coder.nicecorp.org" + securityContext: + allowPrivilegeEscalation: true + runAsGroup: 655 + runAsNonRoot: true + runAsUser: 655 + volumeMounts: + - mountPath: /etc/ssl/custom + name: custom-ca + readOnly: true + volumes: + - configMap: + name: custom-ca-cert + name: custom-ca diff --git a/helm/tests/testdata/args.golden b/helm/tests/testdata/args.golden deleted file mode 100644 index 5ffa008..0000000 --- a/helm/tests/testdata/args.golden +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - args: - - --coder-url - - http://coder.coder.svc.cluster.local - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/args.yaml b/helm/tests/testdata/args.yaml deleted file mode 100644 index 79db304..0000000 --- a/helm/tests/testdata/args.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -args: - - --coder-url - - "http://coder.coder.svc.cluster.local" diff --git a/helm/tests/testdata/args_coder.golden b/helm/tests/testdata/args_coder.golden deleted file mode 100644 index f1abcf7..0000000 --- a/helm/tests/testdata/args_coder.golden +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - args: - - --coder-url - - http://coder.coder.svc.cluster.local - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/default_values.yaml b/helm/tests/testdata/default_values.yaml index e832a33..bd7fad5 100644 --- a/helm/tests/testdata/default_values.yaml +++ b/helm/tests/testdata/default_values.yaml @@ -1,4 +1,3 @@ url: "http://coder.coder.svc.cluster.local" image: tag: "latest" - diff --git a/helm/tests/testdata/field_selector.golden b/helm/tests/testdata/field_selector.golden deleted file mode 100644 index ca02d33..0000000 --- a/helm/tests/testdata/field_selector.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_FIELD_SELECTOR - value: "status.phase!=Succeeded" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/field_selector.yaml b/helm/tests/testdata/field_selector.yaml deleted file mode 100644 index 53a8275..0000000 --- a/helm/tests/testdata/field_selector.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -fieldSelector: status.phase!=Succeeded \ No newline at end of file diff --git a/helm/tests/testdata/field_selector_coder.golden b/helm/tests/testdata/field_selector_coder.golden deleted file mode 100644 index d5dd2a3..0000000 --- a/helm/tests/testdata/field_selector_coder.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_FIELD_SELECTOR - value: "status.phase!=Succeeded" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/image.golden b/helm/tests/testdata/image.golden deleted file mode 100644 index d61eacb..0000000 --- a/helm/tests/testdata/image.golden +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - imagePullSecrets: - - name: super-secret-pull-secret - containers: - - name: coder-logstream-kube - image: "custom-internal-registry.nicecorp.org/coder-logstream-kube:v1.2.3" - imagePullPolicy: Always - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: SSL_CERT_FILE - value: /etc/ssl/certs/my-custom-cert.pem - - name: SSL_CERT_DIR - value: /etc/ssl/certs/my-custom-cert-directory/ - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/image.yaml b/helm/tests/testdata/image.yaml deleted file mode 100644 index 7a19c66..0000000 --- a/helm/tests/testdata/image.yaml +++ /dev/null @@ -1,9 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -image: - repo: custom-internal-registry.nicecorp.org/coder-logstream-kube - tag: v1.2.3 - pullPolicy: Always - pullSecrets: - - name: super-secret-pull-secret - sslCertFile: /etc/ssl/certs/my-custom-cert.pem - sslCertDir: /etc/ssl/certs/my-custom-cert-directory/ diff --git a/helm/tests/testdata/image_coder.golden b/helm/tests/testdata/image_coder.golden deleted file mode 100644 index c192751..0000000 --- a/helm/tests/testdata/image_coder.golden +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - imagePullSecrets: - - name: super-secret-pull-secret - containers: - - name: coder-logstream-kube - image: "custom-internal-registry.nicecorp.org/coder-logstream-kube:v1.2.3" - imagePullPolicy: Always - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: SSL_CERT_FILE - value: /etc/ssl/certs/my-custom-cert.pem - - name: SSL_CERT_DIR - value: /etc/ssl/certs/my-custom-cert-directory/ - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/label_selector.golden b/helm/tests/testdata/label_selector.golden deleted file mode 100644 index 5750994..0000000 --- a/helm/tests/testdata/label_selector.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_LABEL_SELECTOR - value: "com.coder.deployment=dev-coder.nicecorp.org" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/label_selector.yaml b/helm/tests/testdata/label_selector.yaml deleted file mode 100644 index bc6b3b7..0000000 --- a/helm/tests/testdata/label_selector.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -labelSelector: com.coder.deployment=dev-coder.nicecorp.org diff --git a/helm/tests/testdata/label_selector_coder.golden b/helm/tests/testdata/label_selector_coder.golden deleted file mode 100644 index c2013b6..0000000 --- a/helm/tests/testdata/label_selector_coder.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_LABEL_SELECTOR - value: "com.coder.deployment=dev-coder.nicecorp.org" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/labels.golden b/helm/tests/testdata/labels.golden deleted file mode 100644 index baf2529..0000000 --- a/helm/tests/testdata/labels.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - label-one: turtle - label-two: cat - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/labels.yaml b/helm/tests/testdata/labels.yaml deleted file mode 100644 index 77113ae..0000000 --- a/helm/tests/testdata/labels.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -labels: - label-one: turtle - label-two: cat diff --git a/helm/tests/testdata/labels_coder.golden b/helm/tests/testdata/labels_coder.golden deleted file mode 100644 index 96e8c56..0000000 --- a/helm/tests/testdata/labels_coder.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - label-one: turtle - label-two: cat - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/metrics.golden b/helm/tests/testdata/metrics.golden deleted file mode 100644 index 734b662..0000000 --- a/helm/tests/testdata/metrics.golden +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9998" - prometheus.io/path: "/metrics" - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - ports: - - name: metrics - containerPort: 9998 - protocol: TCP - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: ":9998" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/metrics.yaml b/helm/tests/testdata/metrics.yaml deleted file mode 100644 index 0d6b132..0000000 --- a/helm/tests/testdata/metrics.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -metrics: - enabled: true - port: 9998 diff --git a/helm/tests/testdata/metrics_coder.golden b/helm/tests/testdata/metrics_coder.golden deleted file mode 100644 index 8cc2b7b..0000000 --- a/helm/tests/testdata/metrics_coder.golden +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9998" - prometheus.io/path: "/metrics" - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - ports: - - name: metrics - containerPort: 9998 - protocol: TCP - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: ":9998" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/namespaces.golden b/helm/tests/testdata/namespaces.golden deleted file mode 100644 index 3c8c915..0000000 --- a/helm/tests/testdata/namespaces.golden +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-logstream-kube-role - namespace: coder -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-logstream-kube-role - namespace: coder-workloads -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: coder-logstream-kube-rolebinding - namespace: coder -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: coder-logstream-kube-rolebinding - namespace: coder-workloads -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_NAMESPACES - value: coder,coder-workloads - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/namespaces.yaml b/helm/tests/testdata/namespaces.yaml deleted file mode 100644 index aea5444..0000000 --- a/helm/tests/testdata/namespaces.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -namespaces: - - coder - - coder-workloads diff --git a/helm/tests/testdata/namespaces_coder.golden b/helm/tests/testdata/namespaces_coder.golden deleted file mode 100644 index 4bd763b..0000000 --- a/helm/tests/testdata/namespaces_coder.golden +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-logstream-kube-role - namespace: coder -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-logstream-kube-role - namespace: coder-workloads -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: coder-logstream-kube-rolebinding - namespace: coder -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: coder-logstream-kube-rolebinding - namespace: coder-workloads -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - - name: CODER_NAMESPACES - value: coder,coder-workloads - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/node_selector.golden b/helm/tests/testdata/node_selector.golden deleted file mode 100644 index bf061a6..0000000 --- a/helm/tests/testdata/node_selector.golden +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - nodeSelector: - kubernetes.io/os: linux - topology.kubernetes.io/zone: us-east-1a - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/node_selector.yaml b/helm/tests/testdata/node_selector.yaml deleted file mode 100644 index 747e443..0000000 --- a/helm/tests/testdata/node_selector.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -nodeSelector: - kubernetes.io/os: linux - topology.kubernetes.io/zone: us-east-1a diff --git a/helm/tests/testdata/node_selector_coder.golden b/helm/tests/testdata/node_selector_coder.golden deleted file mode 100644 index 79969c6..0000000 --- a/helm/tests/testdata/node_selector_coder.golden +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - nodeSelector: - kubernetes.io/os: linux - topology.kubernetes.io/zone: us-east-1a - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/pod_security_context.golden b/helm/tests/testdata/pod_security_context.golden deleted file mode 100644 index 0b1f767..0000000 --- a/helm/tests/testdata/pod_security_context.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - podSecurityContext: - fsGroup: 655 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/pod_security_context.yaml b/helm/tests/testdata/pod_security_context.yaml deleted file mode 100644 index 52b5d12..0000000 --- a/helm/tests/testdata/pod_security_context.yaml +++ /dev/null @@ -1,3 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -podSecurityContext: - fsGroup: 655 diff --git a/helm/tests/testdata/pod_security_context_coder.golden b/helm/tests/testdata/pod_security_context_coder.golden deleted file mode 100644 index 6b51f5c..0000000 --- a/helm/tests/testdata/pod_security_context_coder.golden +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - podSecurityContext: - fsGroup: 655 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/rbac.golden b/helm/tests/testdata/rbac.golden deleted file mode 100644 index d4d5cff..0000000 --- a/helm/tests/testdata/rbac.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-custom-role-name -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding-custom-rb-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-custom-role-name -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/rbac.yaml b/helm/tests/testdata/rbac.yaml deleted file mode 100644 index eee4459..0000000 --- a/helm/tests/testdata/rbac.yaml +++ /dev/null @@ -1,4 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -rbac: - roleName: coder-logstream-kube-custom-role-name - roleBindingName: coder-logstream-kube-rolebinding-custom-rb-name diff --git a/helm/tests/testdata/rbac_coder.golden b/helm/tests/testdata/rbac_coder.golden deleted file mode 100644 index af373c7..0000000 --- a/helm/tests/testdata/rbac_coder.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-custom-role-name -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding-custom-rb-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-custom-role-name -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/resources.golden b/helm/tests/testdata/resources.golden deleted file mode 100644 index f460c47..0000000 --- a/helm/tests/testdata/resources.golden +++ /dev/null @@ -1,83 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 2000m - memory: 2000Mi - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/resources.yaml b/helm/tests/testdata/resources.yaml deleted file mode 100644 index 29ecb43..0000000 --- a/helm/tests/testdata/resources.yaml +++ /dev/null @@ -1,8 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 2000m - memory: 2000Mi diff --git a/helm/tests/testdata/resources_coder.golden b/helm/tests/testdata/resources_coder.golden deleted file mode 100644 index 7ea2300..0000000 --- a/helm/tests/testdata/resources_coder.golden +++ /dev/null @@ -1,83 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 2000m - memory: 2000Mi - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/security_context.golden b/helm/tests/testdata/security_context.golden deleted file mode 100644 index d51edac..0000000 --- a/helm/tests/testdata/security_context.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 655 - runAsNonRoot: true - runAsUser: 655 diff --git a/helm/tests/testdata/security_context.yaml b/helm/tests/testdata/security_context.yaml deleted file mode 100644 index e2701c7..0000000 --- a/helm/tests/testdata/security_context.yaml +++ /dev/null @@ -1,6 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -securityContext: - runAsNonRoot: true - runAsUser: 655 - runAsGroup: 655 - allowPrivilegeEscalation: true diff --git a/helm/tests/testdata/security_context_coder.golden b/helm/tests/testdata/security_context_coder.golden deleted file mode 100644 index d584b41..0000000 --- a/helm/tests/testdata/security_context_coder.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 655 - runAsNonRoot: true - runAsUser: 655 diff --git a/helm/tests/testdata/service_account.golden b/helm/tests/testdata/service_account.golden deleted file mode 100644 index 727e479..0000000 --- a/helm/tests/testdata/service_account.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube-custom-name" - annotations: - golden: test - labels: - testing: golden ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube-custom-name" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube-custom-name" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/service_account.yaml b/helm/tests/testdata/service_account.yaml deleted file mode 100644 index 63c7fd9..0000000 --- a/helm/tests/testdata/service_account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -serviceAccount: - annotations: - golden: test - labels: - testing: golden - name: coder-logstream-kube-custom-name diff --git a/helm/tests/testdata/service_account_coder.golden b/helm/tests/testdata/service_account_coder.golden deleted file mode 100644 index f8f170c..0000000 --- a/helm/tests/testdata/service_account_coder.golden +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube-custom-name" - annotations: - golden: test - labels: - testing: golden ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube-custom-name" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube-custom-name" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/tolerations.golden b/helm/tests/testdata/tolerations.golden deleted file mode 100644 index dfeef59..0000000 --- a/helm/tests/testdata/tolerations.golden +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - tolerations: - - effect: NoSchedule - key: dedicated - operator: Equal - value: monitoring - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/tolerations.yaml b/helm/tests/testdata/tolerations.yaml deleted file mode 100644 index 4d3a287..0000000 --- a/helm/tests/testdata/tolerations.yaml +++ /dev/null @@ -1,10 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -tolerations: - - key: "dedicated" - operator: "Equal" - value: "monitoring" - effect: "NoSchedule" - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 30 diff --git a/helm/tests/testdata/tolerations_coder.golden b/helm/tests/testdata/tolerations_coder.golden deleted file mode 100644 index d7b5454..0000000 --- a/helm/tests/testdata/tolerations_coder.golden +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - tolerations: - - effect: NoSchedule - key: dedicated - operator: Equal - value: monitoring - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:0.1.0" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 diff --git a/helm/tests/testdata/volumes.golden b/helm/tests/testdata/volumes.golden deleted file mode 100644 index bc18c63..0000000 --- a/helm/tests/testdata/volumes.golden +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: default ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:latest" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - volumeMounts: - - mountPath: /etc/ssl/custom - name: custom-ca - readOnly: true - volumes: - - configMap: - name: custom-ca-cert - name: custom-ca diff --git a/helm/tests/testdata/volumes.yaml b/helm/tests/testdata/volumes.yaml deleted file mode 100644 index 0afe150..0000000 --- a/helm/tests/testdata/volumes.yaml +++ /dev/null @@ -1,11 +0,0 @@ -url: "http://coder.coder.svc.cluster.local" -image: - tag: latest -volumes: - - name: custom-ca - configMap: - name: custom-ca-cert -volumeMounts: - - name: custom-ca - mountPath: /etc/ssl/custom - readOnly: true diff --git a/helm/tests/testdata/volumes_coder.golden b/helm/tests/testdata/volumes_coder.golden deleted file mode 100644 index e424d23..0000000 --- a/helm/tests/testdata/volumes_coder.golden +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-logstream-kube" - annotations: - {} - labels: - {} ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: coder-logstream-kube-role -rules: - - - apiGroups: [""] - resources: ["pods", "events"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["replicasets", "events"] - verbs: ["get", "watch", "list"] ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: coder-logstream-kube-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coder-logstream-kube-role -subjects: -- kind: ServiceAccount - name: "coder-logstream-kube" - namespace: coder ---- -# Source: coder-logstream-kube/templates/service.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name -spec: - # This must remain at 1 otherwise duplicate logs can occur! - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - app.kubernetes.io/instance: release-name - spec: - serviceAccountName: "coder-logstream-kube" - restartPolicy: Always - containers: - - name: coder-logstream-kube - image: "ghcr.io/coder/coder-logstream-kube:latest" - imagePullPolicy: IfNotPresent - command: - - /coder-logstream-kube - resources: - {} - env: - - name: CODER_URL - value: http://coder.coder.svc.cluster.local - - name: CODER_LOGSTREAM_METRICS_ADDR - value: "" - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - volumeMounts: - - mountPath: /etc/ssl/custom - name: custom-ca - readOnly: true - volumes: - - configMap: - name: custom-ca-cert - name: custom-ca