From aae12db39a40399eaa246e9ccffb838ae892c51b Mon Sep 17 00:00:00 2001 From: Zaid Albirawi Date: Fri, 15 Nov 2024 13:27:41 -0500 Subject: [PATCH 1/3] Add tests.enabled to values.yaml to allow tests to be turned off --- tyk-data-plane/templates/tests/data-plane-test.yaml | 2 ++ tyk-data-plane/templates/tests/script-configmap.yaml | 4 +++- tyk-data-plane/values.yaml | 2 ++ tyk-oss/templates/tests/oss-test.yaml | 2 ++ tyk-oss/templates/tests/script-configmap.yaml | 4 +++- tyk-oss/values.yaml | 2 ++ tyk-stack/templates/tests/script-configmap.yaml | 4 +++- tyk-stack/templates/tests/stack-test.yaml | 2 ++ tyk-stack/values.yaml | 2 ++ 9 files changed, 21 insertions(+), 3 deletions(-) diff --git a/tyk-data-plane/templates/tests/data-plane-test.yaml b/tyk-data-plane/templates/tests/data-plane-test.yaml index 07fee24b..d6fd6d0a 100644 --- a/tyk-data-plane/templates/tests/data-plane-test.yaml +++ b/tyk-data-plane/templates/tests/data-plane-test.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: Pod metadata: @@ -39,3 +40,4 @@ spec: configMap: name: test-tyk-data-plane-map defaultMode: 0777 +{{- end }} \ No newline at end of file diff --git a/tyk-data-plane/templates/tests/script-configmap.yaml b/tyk-data-plane/templates/tests/script-configmap.yaml index 726b7aed..5c089408 100644 --- a/tyk-data-plane/templates/tests/script-configmap.yaml +++ b/tyk-data-plane/templates/tests/script-configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +7,5 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook": test data: -{{ (.Files.Glob "scripts/tests/data-plane-test.sh").AsConfig | indent 2 }} \ No newline at end of file +{{ (.Files.Glob "scripts/tests/data-plane-test.sh").AsConfig | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/tyk-data-plane/values.yaml b/tyk-data-plane/values.yaml index 75265910..d0b18a02 100644 --- a/tyk-data-plane/values.yaml +++ b/tyk-data-plane/values.yaml @@ -766,3 +766,5 @@ tyk-pump: # mountPath: /etc/ssl/certs/ca-certs.crt # readOnly: true extraVolumeMounts: [] +tests: + enabled: true \ No newline at end of file diff --git a/tyk-oss/templates/tests/oss-test.yaml b/tyk-oss/templates/tests/oss-test.yaml index f61e2bee..0246ef45 100644 --- a/tyk-oss/templates/tests/oss-test.yaml +++ b/tyk-oss/templates/tests/oss-test.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: Pod metadata: @@ -40,3 +41,4 @@ spec: configMap: name: test-tyk-oss-map defaultMode: 0777 +{{- end }} \ No newline at end of file diff --git a/tyk-oss/templates/tests/script-configmap.yaml b/tyk-oss/templates/tests/script-configmap.yaml index e4ba56eb..2827d3a8 100644 --- a/tyk-oss/templates/tests/script-configmap.yaml +++ b/tyk-oss/templates/tests/script-configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +7,5 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook": test data: -{{ (.Files.Glob "scripts/tests/oss-test.sh").AsConfig | indent 2 }} \ No newline at end of file +{{ (.Files.Glob "scripts/tests/oss-test.sh").AsConfig | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml index ef6fea39..80185888 100644 --- a/tyk-oss/values.yaml +++ b/tyk-oss/values.yaml @@ -802,3 +802,5 @@ tyk-pump: # mountPath: /etc/ssl/certs/ca-certs.crt # readOnly: true extraVolumeMounts: [] +tests: + enabled: true diff --git a/tyk-stack/templates/tests/script-configmap.yaml b/tyk-stack/templates/tests/script-configmap.yaml index e6123382..5d4bb747 100644 --- a/tyk-stack/templates/tests/script-configmap.yaml +++ b/tyk-stack/templates/tests/script-configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +7,5 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook": test data: -{{ (.Files.Glob "scripts/tests/tyk-stack-test.sh").AsConfig | indent 2 }} \ No newline at end of file +{{ (.Files.Glob "scripts/tests/tyk-stack-test.sh").AsConfig | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/tyk-stack/templates/tests/stack-test.yaml b/tyk-stack/templates/tests/stack-test.yaml index f264e5d8..e3e56367 100644 --- a/tyk-stack/templates/tests/stack-test.yaml +++ b/tyk-stack/templates/tests/stack-test.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tests.enabled -}} apiVersion: v1 kind: Pod metadata: @@ -39,3 +40,4 @@ spec: configMap: name: test-tyk-stack-map defaultMode: 0777 +{{- end }} \ No newline at end of file diff --git a/tyk-stack/values.yaml b/tyk-stack/values.yaml index 60ff7a95..b9b20252 100644 --- a/tyk-stack/values.yaml +++ b/tyk-stack/values.yaml @@ -1446,3 +1446,5 @@ tyk-dev-portal: # podLabels specifies labels to be added in Tyk Developer Portal Pod podLabels: {} +tests: + enabled: true From 5b11c7a003cdee73b52d3e2f95eed5a996b3ad0a Mon Sep 17 00:00:00 2001 From: Zaid Albirawi Date: Fri, 15 Nov 2024 13:38:45 -0500 Subject: [PATCH 2/3] Fix lint --- tyk-data-plane/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyk-data-plane/values.yaml b/tyk-data-plane/values.yaml index d0b18a02..dc64f107 100644 --- a/tyk-data-plane/values.yaml +++ b/tyk-data-plane/values.yaml @@ -767,4 +767,4 @@ tyk-pump: # readOnly: true extraVolumeMounts: [] tests: - enabled: true \ No newline at end of file + enabled: true From fd188cf84b78c5a487ed219e887f077848c70458 Mon Sep 17 00:00:00 2001 From: Zaid Albirawi Date: Fri, 15 Nov 2024 14:57:52 -0500 Subject: [PATCH 3/3] Add more config options (#358) * Add more config options * fix tests --- .../scripts/tests/data-plane-test.sh | 2 - .../templates/tests/data-plane-test.yaml | 30 +++++++++++- tyk-data-plane/values.yaml | 46 +++++++++++++++++++ tyk-oss/scripts/tests/oss-test.sh | 2 - tyk-oss/templates/tests/oss-test.yaml | 30 +++++++++++- tyk-oss/values.yaml | 46 +++++++++++++++++++ tyk-stack/scripts/tests/tyk-stack-test.sh | 2 - tyk-stack/templates/tests/stack-test.yaml | 30 +++++++++++- tyk-stack/values.yaml | 46 +++++++++++++++++++ 9 files changed, 225 insertions(+), 9 deletions(-) diff --git a/tyk-data-plane/scripts/tests/data-plane-test.sh b/tyk-data-plane/scripts/tests/data-plane-test.sh index a3bfb286..76c64c7d 100644 --- a/tyk-data-plane/scripts/tests/data-plane-test.sh +++ b/tyk-data-plane/scripts/tests/data-plane-test.sh @@ -1,5 +1,3 @@ -apk --no-cache add curl jq - TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}" TYK_GW_SECRET=${TYK_GW_SECRET} diff --git a/tyk-data-plane/templates/tests/data-plane-test.yaml b/tyk-data-plane/templates/tests/data-plane-test.yaml index d6fd6d0a..fbb8e24c 100644 --- a/tyk-data-plane/templates/tests/data-plane-test.yaml +++ b/tyk-data-plane/templates/tests/data-plane-test.yaml @@ -5,13 +5,19 @@ metadata: name: "{{ include "tyk-data-plane.fullname" . }}-test-tyk-data-plane" labels: chart: {{ include "tyk-data-plane.chart" . }} +{{- if .Values.tests.podLabels }} +{{- toYaml .Values.tests.podLabels | nindent 4 }} +{{- end }} annotations: "helm.sh/hook": test +{{- if .Values.tests.podAnnotations }} +{{- toYaml .Values.tests.podAnnotations | nindent 4 }} +{{- end }} spec: restartPolicy: Never containers: - name: health-check-container - image: alpine:3.17 + image: zalbiraw/alpine-curl-jq command: - /bin/sh - -c @@ -35,6 +41,28 @@ spec: secretKeyRef: name: secrets-{{ include "tyk-data-plane.fullname" . }} key: APISecret +{{- if .Values.tests.containerSecurityContext }} + securityContext: +{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }} +{{- end }} + resources: +{{ toYaml .Values.tests.resources | indent 8 }} +{{- if .Values.tests.securityContext }} + securityContext: +{{- toYaml .Values.tests.securityContext | nindent 4 }} +{{- end }} +{{- if .Values.tests.nodeSelector }} + nodeSelector: +{{ toYaml .Values.tests.nodeSelector | indent 4 }} +{{- end }} +{{- if .Values.tests.tolerations }} + tolerations: +{{ toYaml .Values.tests.tolerations | indent 4 }} +{{- end }} +{{- if .Values.tests.affinity }} + affinity: +{{ toYaml .Values.tests.affinity | indent 4 }} +{{- end }} volumes: - name: test-tyk-data-plane configMap: diff --git a/tyk-data-plane/values.yaml b/tyk-data-plane/values.yaml index dc64f107..49b4675a 100644 --- a/tyk-data-plane/values.yaml +++ b/tyk-data-plane/values.yaml @@ -768,3 +768,49 @@ tyk-pump: extraVolumeMounts: [] tests: enabled: true + resources: {} + # We usually recommend not to specify default resources and to leave this + # as a conscious choice for the user. This also increases chances charts + # run on environments with little resources, such as Minikube. If you do + # want to specify resources, uncomment the following lines, adjust them + # as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here. + securityContext: + runAsUser: 1000 + fsGroup: 2000 + runAsNonRoot: true + # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here. + containerSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node. + nodeSelector: {} + # tolerations specifies tolerations to be applied on Tyk tests pods. + tolerations: [] + # affinity specifies affinity and anti-affinity constraints. + affinity: {} + # podAnnotations specifies annotations to be added in Tyk tests Pod. + # It takes key-value pairs. + # There are no required annotation field for Tyk tests Pod. + # + # podAnnotations: + # yourkey: value + # image: yourhub + podAnnotations: {} + # podLabels specifies labels to be added in Tyk tests Pod + podLabels: {} diff --git a/tyk-oss/scripts/tests/oss-test.sh b/tyk-oss/scripts/tests/oss-test.sh index 32fe6f4b..d25eb90e 100644 --- a/tyk-oss/scripts/tests/oss-test.sh +++ b/tyk-oss/scripts/tests/oss-test.sh @@ -1,5 +1,3 @@ -apk --no-cache add curl jq - TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}" TYK_GW_SECRET=${TYK_GW_SECRET} diff --git a/tyk-oss/templates/tests/oss-test.yaml b/tyk-oss/templates/tests/oss-test.yaml index 0246ef45..c63a4c6b 100644 --- a/tyk-oss/templates/tests/oss-test.yaml +++ b/tyk-oss/templates/tests/oss-test.yaml @@ -5,14 +5,20 @@ metadata: name: "{{ include "tyk-oss.fullname" . }}-test-tyk-oss" labels: chart: {{ include "tyk-oss.chart" . }} +{{- if .Values.tests.podLabels }} +{{- toYaml .Values.tests.podLabels | nindent 4 }} +{{- end }} annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": hook-succeeded +{{- if .Values.tests.podAnnotations }} +{{- toYaml .Values.tests.podAnnotations | nindent 4 }} +{{- end }} spec: restartPolicy: Never containers: - name: health-check-container - image: alpine:3.17 + image: zalbiraw/alpine-curl-jq command: - /bin/sh - -c @@ -36,6 +42,28 @@ spec: secretKeyRef: name: secrets-{{ include "tyk-oss.fullname" . }}-tyk-gateway key: APISecret +{{- if .Values.tests.containerSecurityContext }} + securityContext: +{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }} +{{- end }} + resources: +{{ toYaml .Values.tests.resources | indent 8 }} +{{- if .Values.tests.securityContext }} + securityContext: +{{- toYaml .Values.tests.securityContext | nindent 4 }} +{{- end }} +{{- if .Values.tests.nodeSelector }} + nodeSelector: +{{ toYaml .Values.tests.nodeSelector | indent 4 }} +{{- end }} +{{- if .Values.tests.tolerations }} + tolerations: +{{ toYaml .Values.tests.tolerations | indent 4 }} +{{- end }} +{{- if .Values.tests.affinity }} + affinity: +{{ toYaml .Values.tests.affinity | indent 4 }} +{{- end }} volumes: - name: test-tyk-oss configMap: diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml index 80185888..a2c78010 100644 --- a/tyk-oss/values.yaml +++ b/tyk-oss/values.yaml @@ -804,3 +804,49 @@ tyk-pump: extraVolumeMounts: [] tests: enabled: true + resources: {} + # We usually recommend not to specify default resources and to leave this + # as a conscious choice for the user. This also increases chances charts + # run on environments with little resources, such as Minikube. If you do + # want to specify resources, uncomment the following lines, adjust them + # as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here. + securityContext: + runAsUser: 1000 + fsGroup: 2000 + runAsNonRoot: true + # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here. + containerSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node. + nodeSelector: {} + # tolerations specifies tolerations to be applied on Tyk tests pods. + tolerations: [] + # affinity specifies affinity and anti-affinity constraints. + affinity: {} + # podAnnotations specifies annotations to be added in Tyk tests Pod. + # It takes key-value pairs. + # There are no required annotation field for Tyk tests Pod. + # + # podAnnotations: + # yourkey: value + # image: yourhub + podAnnotations: {} + # podLabels specifies labels to be added in Tyk tests Pod + podLabels: {} diff --git a/tyk-stack/scripts/tests/tyk-stack-test.sh b/tyk-stack/scripts/tests/tyk-stack-test.sh index 7e389e58..03e96fa2 100644 --- a/tyk-stack/scripts/tests/tyk-stack-test.sh +++ b/tyk-stack/scripts/tests/tyk-stack-test.sh @@ -1,5 +1,3 @@ -apk --no-cache add curl jq - TYK_GW_ADDR="${TYK_GW_PROTO}://${TYK_GW_SVC}.${TYK_POD_NAMESPACE}.svc:${TYK_GW_LISTENPORT}" TYK_GW_SECRET=${TYK_GW_SECRET} diff --git a/tyk-stack/templates/tests/stack-test.yaml b/tyk-stack/templates/tests/stack-test.yaml index e3e56367..0cd6fa24 100644 --- a/tyk-stack/templates/tests/stack-test.yaml +++ b/tyk-stack/templates/tests/stack-test.yaml @@ -5,13 +5,19 @@ metadata: name: "{{ include "tyk-stack.fullname" . }}-test-tyk-stack" labels: chart: {{ include "tyk-stack.chart" . }} +{{- if .Values.tests.podLabels }} +{{- toYaml .Values.tests.podLabels | nindent 4 }} +{{- end }} annotations: "helm.sh/hook": test +{{- if .Values.tests.podAnnotations }} +{{- toYaml .Values.tests.podAnnotations | nindent 4 }} +{{- end }} spec: restartPolicy: Never containers: - name: health-check-container - image: alpine:3.17 + image: zalbiraw/alpine-curl-jq command: - /bin/sh - -c @@ -35,6 +41,28 @@ spec: secretKeyRef: name: secret-{{ include "tyk-stack.fullname" . }} key: APISecret +{{- if .Values.tests.containerSecurityContext }} + securityContext: +{{- toYaml .Values.tests.containerSecurityContext | nindent 8 }} +{{- end }} + resources: +{{ toYaml .Values.tests.resources | indent 8 }} +{{- if .Values.tests.securityContext }} + securityContext: +{{- toYaml .Values.tests.securityContext | nindent 4 }} +{{- end }} +{{- if .Values.tests.nodeSelector }} + nodeSelector: +{{ toYaml .Values.tests.nodeSelector | indent 4 }} +{{- end }} +{{- if .Values.tests.tolerations }} + tolerations: +{{ toYaml .Values.tests.tolerations | indent 4 }} +{{- end }} +{{- if .Values.tests.affinity }} + affinity: +{{ toYaml .Values.tests.affinity | indent 4 }} +{{- end }} volumes: - name: test-tyk-stack configMap: diff --git a/tyk-stack/values.yaml b/tyk-stack/values.yaml index b9b20252..f43895ad 100644 --- a/tyk-stack/values.yaml +++ b/tyk-stack/values.yaml @@ -1448,3 +1448,49 @@ tyk-dev-portal: podLabels: {} tests: enabled: true + resources: {} + # We usually recommend not to specify default resources and to leave this + # as a conscious choice for the user. This also increases chances charts + # run on environments with little resources, such as Minikube. If you do + # want to specify resources, uncomment the following lines, adjust them + # as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # securityContext holds pod-level security attributes for Tyk tests pod. All fields from PodSecurityContext object can be added here. + securityContext: + runAsUser: 1000 + fsGroup: 2000 + runAsNonRoot: true + # containerSecurityContext holds container-level security attributes for Tyk tests pod. All fields from SecurityContext object can be added here. + containerSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + # nodeSelector is a selector which must be true for Tyk tests pod to fit on a specific node. + nodeSelector: {} + # tolerations specifies tolerations to be applied on Tyk tests pods. + tolerations: [] + # affinity specifies affinity and anti-affinity constraints. + affinity: {} + # podAnnotations specifies annotations to be added in Tyk tests Pod. + # It takes key-value pairs. + # There are no required annotation field for Tyk tests Pod. + # + # podAnnotations: + # yourkey: value + # image: yourhub + podAnnotations: {} + # podLabels specifies labels to be added in Tyk tests Pod + podLabels: {}