[v14] teleport-kube-agent: Propagate resources to post-install and po…

…st-delete Jobs (#47748) * teleport-kube-agent: Propagate resources to post-install and post-delete Jobs (#47677) * Update snapshots * Update snapshots
gravitational · Nov 12, 2024 · ce5c1b4 · ce5c1b4
1 parent 882ee26
commit ce5c1b4
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 0 deletions.
diff --git a/examples/chart/teleport-kube-agent/templates/delete_hook.yaml b/examples/chart/teleport-kube-agent/templates/delete_hook.yaml
@@ -118,3 +118,6 @@ spec:
         {{- if .Values.securityContext }}
         securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
         {{- end }}
+        {{- if .Values.resources }}
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        {{- end }}
diff --git a/examples/chart/teleport-kube-agent/templates/hook.yaml b/examples/chart/teleport-kube-agent/templates/hook.yaml
@@ -103,4 +103,7 @@ spec:
         {{- if .Values.securityContext }}
         securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
         {{- end }}
+        {{- if .Values.resources }}
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        {{- end }}
 {{- end}}
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -177,6 +177,41 @@ should set nodeSelector in post-delete hook:
       gravitational.io/k8s-role: node
     restartPolicy: OnFailure
     serviceAccountName: RELEASE-NAME-delete-hook
+should set resources in the Job's pod spec if resources is set in values:
+  1: |
+    containers:
+    - args:
+      - kube-state
+      - delete
+      command:
+      - teleport
+      env:
+      - name: KUBE_NAMESPACE
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.namespace
+      - name: RELEASE_NAME
+        value: RELEASE-NAME
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
+      imagePullPolicy: IfNotPresent
+      name: post-delete-job
+      resources:
+        limits:
+          cpu: 2
+          memory: 4Gi
+        requests:
+          cpu: 1
+          memory: 2Gi
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - all
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 9807
+    restartPolicy: OnFailure
+    serviceAccountName: RELEASE-NAME-delete-hook
 should set securityContext in post-delete hook:
   1: |
     containers:

diff --git a/examples/chart/teleport-kube-agent/tests/job_test.yaml b/examples/chart/teleport-kube-agent/tests/job_test.yaml
@@ -275,3 +275,35 @@ tests:
           value:
             app: RELEASE-NAME
             testLabel: testValue
+
+  - it: should set resources in the Job's pod spec if resources is set in values
+    template: delete_hook.yaml
+    # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+    documentIndex: 3
+    values:
+      - ../.lint/backwards-compatibility.yaml
+    set:
+      # These are just sample values to test the chart.
+      # They are not intended to be guidelines or suggestions for running teleport.
+      resources:
+        limits:
+          cpu: 2
+          memory: 4Gi
+        requests:
+          cpu: 1
+          memory: 2Gi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.cpu
+          value: 2
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.memory
+          value: 4Gi
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.cpu
+          value: 1
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.memory
+          value: 2Gi
+      - matchSnapshot:
+          path: spec.template.spec