From 053857c62f3962a448bd8d6367e94b9a2e6741ac Mon Sep 17 00:00:00 2001 From: devthejo Date: Tue, 12 Mar 2024 10:52:25 +0100 Subject: [PATCH] feat(chart-app): sidecars --- .../tests/__snapshots__/app-sidecar.dev.yaml | 270 ++++++++++++++++++ .../tests/samples/app-sidecar/config.yaml | 3 + .../tests/samples/app-sidecar/values.yaml | 13 + .../charts/app/templates/deployment.yaml | 38 ++- plugins/contrib/charts/app/values.yaml | 2 + 5 files changed, 320 insertions(+), 6 deletions(-) create mode 100644 packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml create mode 100644 packages/kontinuous/tests/samples/app-sidecar/config.yaml create mode 100644 packages/kontinuous/tests/samples/app-sidecar/values.yaml diff --git a/packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml b/packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml new file mode 100644 index 0000000000..87a3c3f118 --- /dev/null +++ b/packages/kontinuous/tests/__snapshots__/app-sidecar.dev.yaml @@ -0,0 +1,270 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`test build manifests with snapshots app-sidecar.dev 1`] = ` +"apiVersion: v1 +kind: Namespace +metadata: + annotations: + field.cattle.io/projectId: \\"1234\\" + kontinuous/gitBranch: feature-branch-1 + kontinuous/mainNamespace: \\"true\\" + kapp.k14s.io/exists: \\"\\" + kontinuous/chartPath: project.fabrique.contrib.rancher-namespace + kontinuous/source: project/charts/fabrique/charts/contrib/charts/rancher-namespace/templates/namespace.yaml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + janitor/ttl: 7d + labels: + application: test-app-sidecar + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: namespace-test-app-sidecar-feature-branch-1-5cjgrbn6 + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + cert: wildcard + name: test-app-sidecar-feature-branch-1 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: netpol-ingress + namespace: test-app-sidecar-feature-branch-1 + annotations: + kontinuous/chartPath: project.fabrique.contrib.security-policies + kontinuous/source: project/charts/fabrique/charts/contrib/charts/security-policies/templates/network-policy.yml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + labels: + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: networkpolicy-netpol-ingress-61ndxljw + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous +spec: + ingress: + - from: + - podSelector: {} + - from: + - namespaceSelector: + matchLabels: + network-policy/source: ingress-controller + - from: + - namespaceSelector: + matchLabels: + network-policy/source: monitoring + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default + annotations: + kontinuous/chartPath: project.fabrique.contrib.security-policies + kontinuous/source: project/charts/fabrique/charts/contrib/charts/security-policies/templates/service-account.yaml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + labels: + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: serviceaccount-default-2g5dmk74 + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + namespace: test-app-sidecar-feature-branch-1 +automountServiceAccountToken: false +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: app + application: test-app-sidecar + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: deployment-app-55fzcjih + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + name: app + namespace: test-app-sidecar-feature-branch-1 + annotations: + kontinuous/chartPath: project.fabrique.contrib.app + kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/deployment.yaml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/depname.full: project.fabrique.contrib.app.deployment.app + kontinuous/depname.chartResource: app.deployment.app + kontinuous/depname.chartName: app + kontinuous/depname.chartPath: project.fabrique.contrib.app + kontinuous/depname.resourcePath: deployment.app + kontinuous/depname.resourceName: app + kontinuous/depname.chartNameTopFull: app + kontinuous/depname.chartNameTop: app + kontinuous/plugin.log: \\"false\\" + reloader.stakater.com/auto: \\"true\\" +spec: + replicas: 1 + selector: + matchLabels: + component: app + strategy: + type: RollingUpdate + template: + metadata: + labels: + component: app + application: test-app-sidecar + namespace: test-app-sidecar-feature-branch-1 + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: deployment-app-55fzcjih + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + annotations: + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: namespace + operator: In + values: + - test-app-sidecar-feature-branch-1 + - key: component + operator: In + values: + - app + topologyKey: kubernetes.io/hostname + containers: + - image: harbor.fabrique.social.gouv.fr/test-app-sidecar/app:sha-ffac537e6cbbf934b08745a378932722df287a53 + name: app + ports: + - containerPort: 3000 + name: http + livenessProbe: + failureThreshold: 15 + httpGet: + path: /index.html + port: http + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 15 + httpGet: + path: /index.html + port: http + initialDelaySeconds: 1 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + startupProbe: + failureThreshold: 12 + httpGet: + path: /index.html + port: http + periodSeconds: 5 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 21m + memory: 61Mi + - name: cronjob + image: test/background-cronjob + command: + - /bin/sh + - -c + - | + run-background-cronjob + securityContext: + runAsUser: 1000 + resources: + requests: + cpu: 21m + memory: 61Mi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + component: app + application: test-app-sidecar + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: service-app-46z2o1vv + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + name: app + namespace: test-app-sidecar-feature-branch-1 + annotations: + kontinuous/chartPath: project.fabrique.contrib.app + kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/service.yaml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 +spec: + ports: + - name: http + port: 80 + targetPort: 3000 + selector: + component: app + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + kontinuous/chartPath: project.fabrique.contrib.app + kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/ingress.yaml + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + labels: + component: app + application: test-app-sidecar + kontinuous/deployment: test-app-sidecar-feature-branch-1-ffac537e6cbbf934b08-1n2l4sz3 + kontinuous/deployment.env: test-app-sidecar-feature-branch-1 + kontinuous/ref: feature-branch-1 + kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53 + kontinuous/resourceName: ingress-app-b4kcj2bx + app.kubernetes.io/manifest-managed-by: kontinuous + app.kubernetes.io/manifest-created-by: kontinuous + name: app + namespace: test-app-sidecar-feature-branch-1 +spec: + rules: + - host: test-app-sidecar-feature-branch-1.dev.fabrique.social.gouv.fr + http: + paths: + - backend: + service: + name: app + port: + name: http + path: / + pathType: Prefix + tls: + - hosts: + - test-app-sidecar-feature-branch-1.dev.fabrique.social.gouv.fr + secretName: wildcard-crt +" +`; diff --git a/packages/kontinuous/tests/samples/app-sidecar/config.yaml b/packages/kontinuous/tests/samples/app-sidecar/config.yaml new file mode 100644 index 0000000000..ff779aad47 --- /dev/null +++ b/packages/kontinuous/tests/samples/app-sidecar/config.yaml @@ -0,0 +1,3 @@ +dependencies: + fabrique: + import: socialgouv/kontinuous/plugins/fabrique \ No newline at end of file diff --git a/packages/kontinuous/tests/samples/app-sidecar/values.yaml b/packages/kontinuous/tests/samples/app-sidecar/values.yaml new file mode 100644 index 0000000000..5b1ae21720 --- /dev/null +++ b/packages/kontinuous/tests/samples/app-sidecar/values.yaml @@ -0,0 +1,13 @@ +app: + enabled: true + sidecars: + - name: cronjob + image: test/background-cronjob + command: + - /bin/sh + - -c + - | + run-background-cronjob + extraSpec: + securityContext: + runAsUser: 1000 \ No newline at end of file diff --git a/plugins/contrib/charts/app/templates/deployment.yaml b/plugins/contrib/charts/app/templates/deployment.yaml index c7e6992997..76f8ea82aa 100644 --- a/plugins/contrib/charts/app/templates/deployment.yaml +++ b/plugins/contrib/charts/app/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{- $registry := or .Values.registry .Values.global.registry -}} +{{- $imageProject := or .Values.imageProject .Values.global.imageProject -}} +{{- $imageRepository := or .Values.imageRepository .Values.global.imageRepository -}} +{{- $imagePackage := .Values.imagePackage -}} +{{- $imageTag := or .Values.imageTag .Values.global.imageTag -}} + + +{{ $imagePath := "" }} +{{- if .Values.image }} +{{- $imagePath = .Values.image }} +{{ else }} +{{- $imagePathList := list -}} +{{- if $registry }}{{- $imagePathList = append $imagePathList $registry -}}{{- end -}} +{{- if $imageProject }}{{- $imagePathList = append $imagePathList (print $imageProject) -}}{{- end -}} +{{- if $imageRepository }}{{- $imagePathList = append $imagePathList (print $imageRepository) -}}{{- end -}} +{{- if $imagePackage }}{{- $imagePathList = append $imagePathList (print $imagePackage) -}}{{- end -}} +{{- $fullImagePath := join "/" $imagePathList -}} +{{- $imagePath = printf "%s:%s" $fullImagePath $imageTag -}} +{{ end }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -41,11 +61,7 @@ spec: claimName: "{{ tpl $volumeName $ }}" {{- end }} containers: - - {{- if .Values.image }} - image: "{{ .Values.image }}" - {{- else }} - image: "{{ or .Values.registry .Values.global.registry }}{{ if (or .Values.imageProject .Values.global.imageProject) }}{{ (print "/" (or .Values.imageProject .Values.global.imageProject)) }}{{ end }}{{ if (or .Values.imageRepository .Values.global.imageRepository) }}{{ (print "/" (or .Values.imageRepository .Values.global.imageRepository)) }}{{ end }}{{ if .Values.imagePackage }}{{ (print "/" .Values.imagePackage) }}{{ end }}:{{ or .Values.imageTag .Values.global.imageTag }}" - {{- end }} + - image: "{{ $imagePath }}" {{- if .Values.securityContext }} securityContext: allowPrivilegeEscalation: false @@ -100,4 +116,14 @@ spec: {{- range $volumeName := .Values.addVolumes }} - name: "{{ tpl $volumeName $ }}" mountPath: "/mnt/{{ tpl $volumeName $ }}" - {{- end }} \ No newline at end of file + {{- end }} + {{- range $sidecar := .Values.sidecars }} + - name: {{ $sidecar.name }} + image: {{ or $sidecar.image $imagePath }} + {{ if $sidecar.command }} + command: {{ $sidecar.command | toYaml | nindent 12 }} + {{- end }} + {{- with $sidecar.extraSpec }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/plugins/contrib/charts/app/values.yaml b/plugins/contrib/charts/app/values.yaml index 87637041e1..67fcba1f78 100644 --- a/plugins/contrib/charts/app/values.yaml +++ b/plugins/contrib/charts/app/values.yaml @@ -63,3 +63,5 @@ securityContext: # runAsGroup: 26 # runAsNonRoot: true # runAsUser: 26 + +sidecars: [] \ No newline at end of file