feat(chart-app): sidecars

SocialGouv · Mar 12, 2024 · 053857c · 053857c
1 parent cd9b1f0
commit 053857c
Show file tree

Hide file tree

Showing 5 changed files with 320 additions and 6 deletions.
diff --git a/packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml b/packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml
@@ -0,0 +1,270 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`test build manifests with snapshots app-sidecar.dev 1`] = `
+"apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    field.cattle.io/projectId: \\"1234\\"
+    kontinuous/gitBranch: feature-branch-1
+    kontinuous/mainNamespace: \\"true\\"
+    kapp.k14s.io/exists: \\"\\"
+    kontinuous/chartPath: project.fabrique.contrib.rancher-namespace
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/rancher-namespace/templates/namespace.yaml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    janitor/ttl: 7d
+  labels:
+    application: test-app-sidecar
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: namespace-test-app-sidecar-feature-branch-1-5cjgrbn6
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+    cert: wildcard
+  name: test-app-sidecar-feature-branch-1
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: netpol-ingress
+  namespace: test-app-sidecar-feature-branch-1
+  annotations:
+    kontinuous/chartPath: project.fabrique.contrib.security-policies
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/security-policies/templates/network-policy.yml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+  labels:
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: networkpolicy-netpol-ingress-61ndxljw
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+spec:
+  ingress:
+    - from:
+        - podSelector: {}
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              network-policy/source: ingress-controller
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              network-policy/source: monitoring
+  podSelector: {}
+  policyTypes:
+    - Ingress
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: default
+  annotations:
+    kontinuous/chartPath: project.fabrique.contrib.security-policies
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/security-policies/templates/service-account.yaml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+  labels:
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: serviceaccount-default-2g5dmk74
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+  namespace: test-app-sidecar-feature-branch-1
+automountServiceAccountToken: false
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: app
+    application: test-app-sidecar
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: deployment-app-55fzcjih
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+  name: app
+  namespace: test-app-sidecar-feature-branch-1
+  annotations:
+    kontinuous/chartPath: project.fabrique.contrib.app
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/deployment.yaml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/depname.full: project.fabrique.contrib.app.deployment.app
+    kontinuous/depname.chartResource: app.deployment.app
+    kontinuous/depname.chartName: app
+    kontinuous/depname.chartPath: project.fabrique.contrib.app
+    kontinuous/depname.resourcePath: deployment.app
+    kontinuous/depname.resourceName: app
+    kontinuous/depname.chartNameTopFull: app
+    kontinuous/depname.chartNameTop: app
+    kontinuous/plugin.log: \\"false\\"
+    reloader.stakater.com/auto: \\"true\\"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: app
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        component: app
+        application: test-app-sidecar
+        namespace: test-app-sidecar-feature-branch-1
+        kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+        kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+        kontinuous/ref: feature-branch-1
+        kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+        kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+        kontinuous/resourceName: deployment-app-55fzcjih
+        app.kubernetes.io/manifest-managed-by: kontinuous
+        app.kubernetes.io/manifest-created-by: kontinuous
+      annotations:
+        kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 1
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: namespace
+                      operator: In
+                      values:
+                        - test-app-sidecar-feature-branch-1
+                    - key: component
+                      operator: In
+                      values:
+                        - app
+                topologyKey: kubernetes.io/hostname
+      containers:
+        - image: harbor.fabrique.social.gouv.fr/test-app-sidecar/app:sha-ffac537e6cbbf934b08745a378932722df287a53
+          name: app
+          ports:
+            - containerPort: 3000
+              name: http
+          livenessProbe:
+            failureThreshold: 15
+            httpGet:
+              path: /index.html
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            failureThreshold: 15
+            httpGet:
+              path: /index.html
+              port: http
+            initialDelaySeconds: 1
+            periodSeconds: 5
+            successThreshold: 1
+            timeoutSeconds: 1
+          startupProbe:
+            failureThreshold: 12
+            httpGet:
+              path: /index.html
+              port: http
+            periodSeconds: 5
+          resources:
+            limits:
+              cpu: 1
+              memory: 1Gi
+            requests:
+              cpu: 21m
+              memory: 61Mi
+        - name: cronjob
+          image: test/background-cronjob
+          command:
+            - /bin/sh
+            - -c
+            - |
+              run-background-cronjob
+          securityContext:
+            runAsUser: 1000
+          resources:
+            requests:
+              cpu: 21m
+              memory: 61Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    component: app
+    application: test-app-sidecar
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: service-app-46z2o1vv
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+  name: app
+  namespace: test-app-sidecar-feature-branch-1
+  annotations:
+    kontinuous/chartPath: project.fabrique.contrib.app
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/service.yaml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+  selector:
+    component: app
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kontinuous/chartPath: project.fabrique.contrib.app
+    kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/ingress.yaml
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+  labels:
+    component: app
+    application: test-app-sidecar
+    kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3
+    kontinuous/deployment.env: test-app-sidecar-feature-branch-1
+    kontinuous/ref: feature-branch-1
+    kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
+    kontinuous/resourceName: ingress-app-b4kcj2bx
+    app.kubernetes.io/manifest-managed-by: kontinuous
+    app.kubernetes.io/manifest-created-by: kontinuous
+  name: app
+  namespace: test-app-sidecar-feature-branch-1
+spec:
+  rules:
+    - host: test-app-sidecar-feature-branch-1.dev.fabrique.social.gouv.fr
+      http:
+        paths:
+          - backend:
+              service:
+                name: app
+                port:
+                  name: http
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - test-app-sidecar-feature-branch-1.dev.fabrique.social.gouv.fr
+      secretName: wildcard-crt
+"
+`;
diff --git a/packages/kontinuous/tests/samples/app-sidecar/config.yaml b/packages/kontinuous/tests/samples/app-sidecar/config.yaml
@@ -0,0 +1,3 @@
+dependencies:
+  fabrique:
+    import: socialgouv/kontinuous/plugins/fabrique
diff --git a/packages/kontinuous/tests/samples/app-sidecar/values.yaml b/packages/kontinuous/tests/samples/app-sidecar/values.yaml
@@ -0,0 +1,13 @@
+app:
+  enabled: true
+  sidecars:
+  - name: cronjob
+    image: test/background-cronjob
+    command:
+    - /bin/sh
+    - -c
+    - |
+      run-background-cronjob
+    extraSpec:
+      securityContext:
+        runAsUser: 1000
diff --git a/plugins/contrib/charts/app/templates/deployment.yaml b/plugins/contrib/charts/app/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{- $registry := or .Values.registry .Values.global.registry -}}
+{{- $imageProject := or .Values.imageProject .Values.global.imageProject -}}
+{{- $imageRepository := or .Values.imageRepository .Values.global.imageRepository -}}
+{{- $imagePackage := .Values.imagePackage -}}
+{{- $imageTag := or .Values.imageTag .Values.global.imageTag -}}
+
+
+{{ $imagePath := "" }}
+{{- if .Values.image }}
+{{- $imagePath = .Values.image }}
+{{ else }}
+{{- $imagePathList := list -}}
+{{- if $registry }}{{- $imagePathList = append $imagePathList $registry -}}{{- end -}}
+{{- if $imageProject }}{{- $imagePathList = append $imagePathList (print $imageProject) -}}{{- end -}}
+{{- if $imageRepository }}{{- $imagePathList = append $imagePathList (print $imageRepository) -}}{{- end -}}
+{{- if $imagePackage }}{{- $imagePathList = append $imagePathList (print $imagePackage) -}}{{- end -}}
+{{- $fullImagePath := join "/" $imagePathList -}}
+{{- $imagePath = printf "%s:%s" $fullImagePath $imageTag -}}
+{{ end }}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -41,11 +61,7 @@ spec:
             claimName: "{{ tpl $volumeName $ }}"
         {{- end }}
       containers:
-        - {{- if .Values.image }}
-          image: "{{ .Values.image }}"
-          {{- else }}
-          image: "{{ or .Values.registry .Values.global.registry }}{{ if (or .Values.imageProject .Values.global.imageProject) }}{{ (print "/" (or .Values.imageProject .Values.global.imageProject)) }}{{ end }}{{ if (or .Values.imageRepository .Values.global.imageRepository) }}{{ (print "/" (or .Values.imageRepository .Values.global.imageRepository)) }}{{ end }}{{ if .Values.imagePackage }}{{ (print "/" .Values.imagePackage) }}{{ end }}:{{ or .Values.imageTag .Values.global.imageTag }}"
-          {{- end }}
+        - image: "{{ $imagePath }}"
           {{- if .Values.securityContext }}
           securityContext:
             allowPrivilegeEscalation: false
@@ -100,4 +116,14 @@ spec:
             {{- range $volumeName := .Values.addVolumes }}
             - name: "{{ tpl $volumeName $ }}"
               mountPath: "/mnt/{{ tpl $volumeName $ }}"
-            {{- end }}
+            {{- end }}
+        {{- range $sidecar := .Values.sidecars }}
+        - name: {{ $sidecar.name }}
+          image: {{ or $sidecar.image $imagePath }}
+          {{ if $sidecar.command }}
+          command: {{ $sidecar.command | toYaml | nindent 12 }}
+          {{- end }}
+          {{- with $sidecar.extraSpec }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
diff --git a/plugins/contrib/charts/app/values.yaml b/plugins/contrib/charts/app/values.yaml
@@ -63,3 +63,5 @@ securityContext:
 #   runAsGroup: 26
 #   runAsNonRoot: true
 #   runAsUser: 26
+
+sidecars: []