diff --git a/actions/discover-run-plan/action.yaml b/actions/discover-run-plan/action.yaml index c77849957..d0821165d 100644 --- a/actions/discover-run-plan/action.yaml +++ b/actions/discover-run-plan/action.yaml @@ -13,7 +13,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.2.2 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - plan - discover diff --git a/actions/generate-kubernetes-manifests/action.yaml b/actions/generate-kubernetes-manifests/action.yaml index 80fdb74b6..be990c238 100644 --- a/actions/generate-kubernetes-manifests/action.yaml +++ b/actions/generate-kubernetes-manifests/action.yaml @@ -29,7 +29,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.2.2 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - build - --environment diff --git a/actions/health-check/action.yaml b/actions/health-check/action.yaml index d05ea5860..28c952275 100644 --- a/actions/health-check/action.yaml +++ b/actions/health-check/action.yaml @@ -7,7 +7,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.2.2 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - health env: diff --git a/actions/lint-projects/action.yaml b/actions/lint-projects/action.yaml index 67a677ec9..403c8265e 100644 --- a/actions/lint-projects/action.yaml +++ b/actions/lint-projects/action.yaml @@ -7,7 +7,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.2.2 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - projects - lint diff --git a/mpyl_config.example.yml b/mpyl_config.example.yml index d127e191b..efc25e5b2 100644 --- a/mpyl_config.example.yml +++ b/mpyl_config.example.yml @@ -57,8 +57,6 @@ project: # default values allowedMaintainers: [Team1, Team2, MPyL] deployment: kubernetes: - imagePullSecrets: - - name: acme-registry job: ttlSecondsAfterFinished: all: 3600 diff --git a/src/mpyl/project.py b/src/mpyl/project.py index 090033a6b..40c39cb0e 100644 --- a/src/mpyl/project.py +++ b/src/mpyl/project.py @@ -316,7 +316,6 @@ class Kubernetes: metrics: Optional[Metrics] resources: Resources job: Optional[Job] - image_pull_secrets: dict role: Optional[dict] command: Optional[TargetProperty[str]] args: Optional[TargetProperty[str]] @@ -332,7 +331,6 @@ def from_config(values: dict): metrics=Metrics.from_config(values.get("metrics", {})), resources=Resources.from_config(values.get("resources", {})), job=Job.from_config(values.get("job", {})), - image_pull_secrets=values.get("imagePullSecrets", {}), role=values.get("role"), command=TargetProperty.from_config(values.get("command", {})), args=TargetProperty.from_config(values.get("args", {})), @@ -548,8 +546,8 @@ def project_overrides_yaml_file_pattern() -> str: return "project-override-*.yml" @staticmethod - def traefik_yaml_file_name(service_name: str) -> str: - return f"{service_name}-traefik.yml" + def traefik_yaml_file_name(deployment_name: str) -> str: + return f"{deployment_name}-traefik.yml" @property def root_path(self) -> Path: diff --git a/src/mpyl/schema/project.schema.yml b/src/mpyl/schema/project.schema.yml index e761cc647..35753c24c 100644 --- a/src/mpyl/schema/project.schema.yml +++ b/src/mpyl/schema/project.schema.yml @@ -759,12 +759,6 @@ definitions: additionalProperties: false portMappings: type: object - imagePullSecrets: - minItems: 1 - description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - $ref: k8s_api_core.schema.yml#/definitions/io.k8s.api.core.v1.LocalObjectReference - type: [array, null] job: type: object additionalProperties: true diff --git a/src/mpyl/steps/deploy/k8s/__init__.py b/src/mpyl/steps/deploy/k8s/__init__.py index c4da74696..d5ddcb208 100644 --- a/src/mpyl/steps/deploy/k8s/__init__.py +++ b/src/mpyl/steps/deploy/k8s/__init__.py @@ -62,18 +62,32 @@ def get_namespace_for_linked_project(project: Project) -> str: return f"pr-{pr_identifier}" return project.namespace(target) - def replace_namespace(env_value: str, project_name: str, namespace: str) -> str: - search_value = project_name + ".{namespace}" - replace_value = project_name + "." + namespace - return env_value.replace(search_value, replace_value) + def replace_namespace( + original_value: str, + service_name: str, + namespace: str, + ): + search_value = service_name + ".{namespace}" + replace_value = service_name + "." + namespace + replaced_namespace = original_value.replace(search_value, replace_value) + updated_pr = replace_pr_number(replaced_namespace, pr_identifier) + if updated_pr != original_value: + env[key] = updated_pr for project in all_projects: linked_project_namespace = get_namespace_for_linked_project(project) for key, value in env.items(): - replaced_namespace = replace_namespace( - value, project.name, linked_project_namespace + replace_namespace( + original_value=value, + service_name=project.name, + namespace=linked_project_namespace, ) - updated_pr = replace_pr_number(replaced_namespace, pr_identifier) - env[key] = updated_pr + + for deployment in project.deployments: + replace_namespace( + original_value=value, + service_name=deployment.name, + namespace=linked_project_namespace, + ) return env diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index e75ef71f0..8e50aee3b 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -177,7 +177,6 @@ class DeploymentDefaults: job_defaults: dict traefik_defaults: Traefik white_lists: DefaultWhitelists - image_pull_secrets: dict deployment_strategy: dict additional_routes: list[TraefikAdditionalRoute] traefik_config: TraefikConfig @@ -199,7 +198,6 @@ def from_config(config: dict): job_defaults=kubernetes.get("job", {}), traefik_defaults=Traefik.from_config(deployment_values.get("traefik", {})), white_lists=DefaultWhitelists.from_config(config.get("whiteLists", {})), - image_pull_secrets=kubernetes.get("imagePullSecrets", {}), deployment_strategy=config["kubernetes"]["deploymentStrategy"], additional_routes=list( map(TraefikAdditionalRoute.from_config, additional_routes) @@ -234,7 +232,7 @@ def __init__(self, step_input: Input): else self.project.namespace(step_input.run_properties.target) ) - def to_labels(self) -> dict: + def to_labels(self, deployment_name: Optional[str] = None) -> dict: run_properties = self.step_input.run_properties app_labels = { "name": self.release_name, @@ -243,6 +241,9 @@ def to_labels(self) -> dict: "app.kubernetes.io/instance": self.release_name, } + if deployment_name: + app_labels.update({"vandebron.nl/deployment": deployment_name.lower()}) + if len(self.project.maintainer) > 0: app_labels["maintainers"] = ".".join(self.project.maintainer).replace( " ", "_" @@ -263,22 +264,17 @@ def _to_image_annotation(self) -> dict: return {"image": self._get_image()} def _to_object_meta( - self, name: Optional[str] = None, annotations: Optional[dict] = None + self, + name: Optional[str] = None, + annotations: Optional[dict] = None, + deployment_name: Optional[str] = None, ) -> V1ObjectMeta: return V1ObjectMeta( name=name if name else self.release_name, - labels=self.to_labels(), + labels=self.to_labels(deployment_name=deployment_name), annotations=annotations, ) - def _to_selector(self): - return V1LabelSelector( - match_labels={ - "app.kubernetes.io/instance": self.release_name, - "app.kubernetes.io/name": self.release_name, - } - ) - @staticmethod def _to_k8s_model(values: dict, model_type): return ApiClient()._ApiClient__deserialize( # pylint: disable=protected-access @@ -347,19 +343,29 @@ def to_service(self, deployment: Deployment) -> V1Service: kind="Service", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=self.release_name, - labels=self.to_labels(), + name=f"{self.release_name}-{deployment.name.lower()}", + labels=self.to_labels(deployment_name=deployment.name.lower()), ), spec=V1ServiceSpec( type="ClusterIP", ports=service_ports, - selector=self._to_selector().match_labels, + selector=V1LabelSelector( + match_labels={ + "app.kubernetes.io/instance": self.release_name, + "app.kubernetes.io/name": self.release_name, + "vandebron.nl/deployment": deployment.name.lower(), + } + # Use the Deployment name as a label selector so that this Service points only to the Pods + # created by it, and not to all Pods in the application. + # Required for applications with multiple deployments. + ).match_labels, ), ) def to_job(self, deployment: Deployment) -> V1Job: + job_name = f"{self.release_name}-{deployment.name.lower()}" job_container = V1Container( - name=self.release_name, + name=job_name, image=self._get_image(), env=self._get_env_vars(deployment), image_pull_policy="Always", @@ -377,7 +383,9 @@ def to_job(self, deployment: Deployment) -> V1Job: ) pod_template = V1PodTemplateSpec( - metadata=self._to_object_meta(annotations=self._to_image_annotation()), + metadata=self._to_object_meta( + annotations=self._to_image_annotation(), name=job_name + ), spec=V1PodSpec( containers=[job_container], service_account=self.release_name, @@ -421,24 +429,30 @@ def to_cron_job(self, deployment: Deployment) -> V1CronJob: return V1CronJob( api_version="batch/v1", kind="CronJob", - metadata=self._to_object_meta(), + metadata=self._to_object_meta( + name=f"{self.release_name}-{deployment.name.lower()}" + ), spec=v1_cron_job_spec, ) - def to_prometheus_rule(self, alerts: list[Alert]) -> V1PrometheusRule: + def to_prometheus_rule( + self, alerts: list[Alert], deployment_name: str + ) -> V1PrometheusRule: return V1PrometheusRule( metadata=self._to_object_meta( - name=f"{self.project.name.lower()}-prometheus-rule" + name=f"{self.release_name}-{deployment_name.lower()}", + deployment_name=deployment_name.lower(), ), alerts=alerts, ) def to_service_monitor( - self, metrics: Metrics, default_port: int + self, metrics: Metrics, default_port: int, deployment_name: str ) -> V1ServiceMonitor: return V1ServiceMonitor( metadata=self._to_object_meta( - name=f"{self.project.name.lower()}-service-monitor" + name=f"{self.release_name}-{deployment_name.lower()}", + deployment_name=deployment_name.lower(), ), metrics=metrics, default_port=default_port, @@ -478,7 +492,7 @@ def to_white_list( return [ HostWrapper( traefik_host=host, - name=self.release_name, + name=f"{self.release_name}-{deployment.name.lower()}", index=idx, service_port=( host.service_port @@ -506,7 +520,7 @@ def to_white_list( for idx, host in enumerate(hosts) ] - def _replace_placeholders(self, traefik_object: dict | list): + def _replace_traefik_placeholders(self, traefik_object: dict | list): traefik_object = replace_item( traefik_object, PR_NUMBER_PLACEHOLDER, @@ -523,7 +537,7 @@ def _replace_placeholders(self, traefik_object: dict | list): def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: """Converts the deployment traefik ingress routes configuration to a V1AlphaIngressRoute object.""" ingress_route_spec = ( - self._replace_placeholders( + self._replace_traefik_placeholders( deployment.traefik.ingress_routes.get_value(self.target) ) if deployment.traefik and deployment.traefik.ingress_routes @@ -534,7 +548,10 @@ def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: return None return V1AlphaIngressRoute.from_spec( - metadata=self._to_object_meta(name=f"ingress-routes-{self.release_name}"), + metadata=self._to_object_meta( + name=f"{self.release_name}-{deployment.name.lower()}", + deployment_name=deployment.name.lower(), + ), spec=ingress_route_spec, ) @@ -545,11 +562,12 @@ def to_ingress_routes( return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{self.release_name}-ingress-{i}-http" - + ("s" if https else "") + name=f"{host.name.lower()}-http{("s" if https else "")}-{i}", + deployment_name=deployment.name.lower(), ), host=host, target=self.target, + release_name=self.release_name, namespace=self.namespace, pr_number=self.step_input.run_properties.versioning.pr_number, https=https, @@ -566,10 +584,12 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{self.release_name}-{host.additional_route.name}-{i}" + name=f"{deployment.name.lower()}-{host.additional_route.name}-{i}", + deployment_name=deployment.name.lower(), ), host=host, target=self.target, + release_name=self.release_name, namespace=self.namespace, pr_number=self.step_input.run_properties.versioning.pr_number, https=True, @@ -585,46 +605,49 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware]: hosts: list[HostWrapper] = self.create_host_wrappers(deployment) middlewares = ( - self._replace_placeholders( + self._replace_traefik_placeholders( deployment.traefik.middlewares.get_value(self.target) ) if deployment.traefik and deployment.traefik.middlewares else [] ) adjusted_middlewares = { - f'middleware-{middleware["metadata"]["name"]}': V1AlphaMiddleware.from_spec( - metadata=self._to_object_meta(name=middleware["metadata"]["name"]), + f'middleware-{middleware["metadata"]["name"]}-{deployment.name}': V1AlphaMiddleware.from_spec( + metadata=self._to_object_meta( + # this needs to be the exact name selected by the developer, + # otherwise they won't be able to match it in the ingress + name=middleware["metadata"]["name"], + deployment_name=deployment.name.lower(), + ), spec=middleware["spec"], ) for middleware in middlewares } - def to_metadata(host: HostWrapper) -> V1ObjectMeta: - metadata = self._to_object_meta(name=host.full_name) + def to_metadata(deployment: Deployment, host: HostWrapper) -> V1ObjectMeta: + metadata = self._to_object_meta( + name=f"whitelist-{host.index}-{host.name}", + deployment_name=deployment.name.lower(), + ) metadata.annotations = { k: ", ".join(v) for k, v in host.white_lists.items() } return metadata return { - host.full_name: V1AlphaMiddleware.from_source_ranges( - metadata=to_metadata(host), + f"middleware-whitelist-{host.index}-{deployment.name}": V1AlphaMiddleware.from_source_ranges( + metadata=to_metadata(deployment, host), source_ranges=list(itertools.chain(*host.white_lists.values())), ) for host in hosts } | adjusted_middlewares - def to_service_account(self, deployment: Deployment) -> V1ServiceAccount: - image_pull_secrets_config = ( - deployment.kubernetes.image_pull_secrets - or self.config_defaults.image_pull_secrets - ) + def to_service_account(self) -> V1ServiceAccount: secrets = [ ChartBuilder._to_k8s_model( - secret, + {"name": "aws-ecr"}, V1LocalObjectReference, ) - for secret in image_pull_secrets_config ] return V1ServiceAccount( api_version="v1", @@ -663,13 +686,13 @@ def to_role_binding(self) -> V1RoleBinding: ) def to_sealed_secrets( - self, sealed_secrets: list[KeyValueProperty] + self, sealed_secrets: list[KeyValueProperty], name: str ) -> V1SealedSecret: secrets: dict[str, str] = {} for secret in sealed_secrets: secrets[secret.key] = secret.get_value(self.target) - return V1SealedSecret(name=self.release_name, secrets=secrets) + return V1SealedSecret(name=name.lower(), secrets=secrets) @staticmethod def _to_resource_requirements( @@ -722,14 +745,14 @@ def _get_resources(self, deployment: Deployment) -> V1ResourceRequirements: return ChartBuilder._to_resource_requirements(resources, defaults, self.target) def _create_sealed_secret_env_vars( - self, secret_list: list[KeyValueProperty] + self, secret_list: list[KeyValueProperty], secret_name: str ) -> list[V1EnvVar]: return [ V1EnvVar( name=e.key, value_from=V1EnvVarSource( secret_key_ref=V1SecretKeySelector( - key=e.key, name=self.release_name, optional=False + key=e.key, name=secret_name.lower(), optional=False ) ), ) @@ -752,12 +775,16 @@ def extract_raw_env(target: Target, env: list[KeyValueProperty]): return raw_env_vars def get_sealed_secret_as_env_vars( - self, sealed_secrets: list[KeyValueProperty] + self, + sealed_secrets: list[KeyValueProperty], + secret_name: str, ) -> list[V1EnvVar]: sealed_secrets_for_target = list( filter(lambda v: v.get_value(self.target) is not None, sealed_secrets) ) - return self._create_sealed_secret_env_vars(sealed_secrets_for_target) + return self._create_sealed_secret_env_vars( + sealed_secrets_for_target, secret_name + ) def _get_env_vars(self, deployment: Deployment) -> list[V1EnvVar]: raw_env_vars = ( @@ -789,7 +816,10 @@ def _get_env_vars(self, deployment: Deployment) -> list[V1EnvVar]: else [] ) sealed_secrets = ( - self.get_sealed_secret_as_env_vars(deployment.properties.sealed_secrets) + self.get_sealed_secret_as_env_vars( + deployment.properties.sealed_secrets, + f"{self.release_name}-{deployment.name.lower()}", + ) if deployment.properties else [] ) @@ -811,7 +841,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: liveness_probe, startup_probe = self._construct_probes(deployment) container = V1Container( - name="service", + name=f"{self.release_name}-{deployment.name.lower()}", image=self._get_image(), env=self._get_env_vars(deployment), ports=ports, @@ -844,13 +874,15 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: kind="Deployment", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=self.release_name, + name=f"{self.release_name}-{deployment.name.lower()}", labels=self.to_labels(), ), spec=V1DeploymentSpec( replicas=instances.get_value(target=self.target), template=V1PodTemplateSpec( - metadata=self._to_object_meta(), + metadata=self._to_object_meta( + deployment_name=deployment.name.lower() + ), spec=V1PodSpec( containers=[container], service_account=self.release_name, @@ -858,20 +890,27 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: ), ), strategy=strategy, - selector=self._to_selector(), + selector=V1LabelSelector( + match_labels={ + "app.kubernetes.io/instance": self.release_name, + "app.kubernetes.io/name": self.release_name, + } + ), ), ) def to_common_chart( self, deployment: Deployment ) -> dict[str, CustomResourceDefinition]: - chart = {"service-account": self.to_service_account(deployment)} + chart = {"service-account": self.to_service_account()} if deployment.properties and len(deployment.properties.sealed_secrets) > 0: - chart["sealed-secrets"] = self.to_sealed_secrets( - deployment.properties.sealed_secrets + chart[f"sealed-secrets-{deployment.name}"] = self.to_sealed_secrets( + deployment.properties.sealed_secrets, + f"{self.release_name}-{deployment.name.lower()}", ) + # role is only used for Keycloak which only has 1 deployment, can be removed soon role = deployment.kubernetes.role or {} if role: chart["role"] = self.to_role(role) @@ -887,7 +926,9 @@ def to_metrics(builder: ChartBuilder, deployment: Deployment): metrics = deployment.kubernetes.metrics service_monitor = ( { - "service-monitor": builder.to_service_monitor(metrics, default_port), + f"service-monitor-{deployment.name}": builder.to_service_monitor( + metrics, default_port, deployment.name.lower() + ), } if metrics and metrics.enabled else {} @@ -899,7 +940,7 @@ def to_service_chart( builder: ChartBuilder, deployment: Deployment ) -> dict[str, CustomResourceDefinition]: return ( - {"service": builder.to_service(deployment)} + {f"service-{deployment.name}": builder.to_service(deployment)} | {f"deployment-{deployment.name}": builder.to_deployment(deployment)} | _to_ingress_routes_charts(builder, deployment) | builder.to_middlewares(deployment) @@ -909,11 +950,11 @@ def to_service_chart( def _to_ingress_routes_charts(builder: ChartBuilder, deployment: Deployment): ingress_https = { - f"{builder.project.name}-ingress-{i}-https": route + f"ingress-{deployment.name}-https-{i}": route for i, route in enumerate(builder.to_ingress_routes(deployment, https=True)) } ingress_http = { - f"{builder.project.name}-ingress-{i}-http": route + f"ingress-{deployment.name}-http-{i}": route for i, route in enumerate(builder.to_ingress_routes(deployment, https=False)) } ingress_routes = ( @@ -922,7 +963,7 @@ def _to_ingress_routes_charts(builder: ChartBuilder, deployment: Deployment): else {} ) additional_routes = { - route.metadata.name: route + f"ingress-{route.metadata.name}": route for i, route in enumerate(builder.to_additional_routes(deployment)) } @@ -933,7 +974,10 @@ def _to_prometheus_chart(builder: ChartBuilder, deployment: Deployment): metrics = deployment.kubernetes.metrics prometheus_chart = ( { - "prometheus-rule": builder.to_prometheus_rule(alerts=metrics.alerts), + f"prometheus-rule-{deployment.name}": builder.to_prometheus_rule( + alerts=metrics.alerts, + deployment_name=deployment.name.lower(), + ), } if metrics and metrics.enabled else {} diff --git a/src/mpyl/steps/deploy/k8s/resources/dagster.py b/src/mpyl/steps/deploy/k8s/resources/dagster.py index 2ee4e3ea3..40f40c1dd 100644 --- a/src/mpyl/steps/deploy/k8s/resources/dagster.py +++ b/src/mpyl/steps/deploy/k8s/resources/dagster.py @@ -40,12 +40,14 @@ def to_user_code_values( ) sealed_secret_refs = [] for sealed_secret_env in builder.get_sealed_secret_as_env_vars( - combined_sealed_secrets + combined_sealed_secrets, builder.release_name ): sealed_secret_env.value_from.secret_key_ref.name = release_name sealed_secret_refs.append(to_dict(sealed_secret_env, skip_none=True)) - sealed_secret_manifest = builder.to_sealed_secrets(combined_sealed_secrets) + sealed_secret_manifest = builder.to_sealed_secrets( + combined_sealed_secrets, release_name + ) sealed_secret_manifest.metadata.name = release_name extra_manifests = ( diff --git a/src/mpyl/steps/deploy/k8s/resources/traefik.py b/src/mpyl/steps/deploy/k8s/resources/traefik.py index 59f3f66c3..9584222f8 100644 --- a/src/mpyl/steps/deploy/k8s/resources/traefik.py +++ b/src/mpyl/steps/deploy/k8s/resources/traefik.py @@ -27,10 +27,6 @@ class HostWrapper: additional_route: Optional[TraefikAdditionalRoute] insecure: bool = False - @property - def full_name(self) -> str: - return f"{self.name}-ingress-{self.index}-whitelist" - class V1AlphaIngressRoute(CustomResourceDefinition): @classmethod @@ -39,6 +35,7 @@ def from_hosts( # pylint: disable=too-many-arguments,too-many-positional-argume metadata: V1ObjectMeta, host: HostWrapper, target: Target, + release_name: str, namespace: str, pr_number: Optional[int], middlewares_override: list[str], @@ -47,8 +44,8 @@ def from_hosts( # pylint: disable=too-many-arguments,too-many-positional-argume default_tls: str, https: bool = True, ): - def _interpolate_names(host: str, name: str) -> str: - host = host.replace(SERVICE_NAME_PLACEHOLDER, name) + def _interpolate_names(host: str) -> str: + host = host.replace(SERVICE_NAME_PLACEHOLDER, release_name) host = host.replace(NAMESPACE_PLACEHOLDER, namespace) host = replace_pr_number(host, pr_number) return host @@ -56,7 +53,7 @@ def _interpolate_names(host: str, name: str) -> str: combined_middlewares = ( [ {"name": http_middleware} if not https else None, - {"name": host.full_name}, + {"name": f"whitelist-{host.index}-{host.name}"}, ] if len(middlewares_override) == 0 else [{"name": m for m in middlewares_override}] @@ -66,7 +63,6 @@ def _interpolate_names(host: str, name: str) -> str: "kind": "Rule", "match": _interpolate_names( host=host.traefik_host.host.get_value(target), - name=host.name, ), "services": [ {"name": host.name, "kind": "Service", "port": host.service_port} diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml index ddce8bd65..79785fc76 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob + name: cronjob-cronjob spec: concurrencyPolicy: Allow failedJobsHistoryLimit: 1 @@ -30,7 +30,7 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob + name: cronjob-cronjob spec: containers: - args: @@ -44,11 +44,11 @@ spec: valueFrom: secretKeyRef: key: SOME_SECRET_ENV - name: cronjob + name: cronjob-cronjob optional: false image: registry/image:123 imagePullPolicy: Always - name: cronjob + name: cronjob-cronjob resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml similarity index 90% rename from tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml index 102faf6a1..4a930adf6 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml @@ -6,14 +6,15 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: cronjob app.kubernetes.io/instance: cronjob + vandebron.nl/deployment: cronjob maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob-prometheus-rule + name: cronjob-cronjob spec: groups: - - name: cronjob-prometheus-rule-group + - name: cronjob-cronjob-group rules: - alert: JobError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml similarity index 97% rename from tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml index b4e7edfbe..04466e3bb 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: cronjob + name: cronjob-cronjob spec: encryptedData: SOME_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml index 7e9579602..6853c0741 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index 421376177..5dc2f398c 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentstrategyparameters + name: testdeploymentstrategyparameters-testdeploymentstrategyparameters spec: replicas: 1 selector: @@ -32,6 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentstrategyparameters app.kubernetes.io/instance: testdeploymentstrategyparameters + vandebron.nl/deployment: testdeploymentstrategyparameters maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -55,7 +56,7 @@ spec: periodSeconds: 30 successThreshold: 0 timeoutSeconds: 20 - name: service + name: testdeploymentstrategyparameters-testdeploymentstrategyparameters ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index ac4108322..f6d9a0f7b 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 spec: replicas: 1 selector: @@ -32,6 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters + vandebron.nl/deployment: testdeploymentsstrategyparameters1 maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -44,7 +45,7 @@ spec: value: PullRequest image: registry/image:123 imagePullPolicy: Always - name: service + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index ac4108322..4f3639880 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 spec: replicas: 1 selector: @@ -32,6 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters + vandebron.nl/deployment: testdeploymentsstrategyparameters2 maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -44,7 +45,7 @@ spec: value: PullRequest image: registry/image:123 imagePullPolicy: Always - name: service + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml b/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml index 9cdc344b0..44ca5e905 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-cronjobdeployment spec: failedJobsHistoryLimit: 3 jobTemplate: @@ -29,13 +29,13 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-cronjobdeployment spec: containers: - env: [] image: registry/image:123 imagePullPolicy: Always - name: deploymentsproject + name: deploymentsproject-cronjobdeployment resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml b/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml index 5a51e8ff5..d98b8da10 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml @@ -28,13 +28,13 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-jobdeployment spec: containers: - env: [] image: registry/image:123 imagePullPolicy: Always - name: deploymentsproject + name: deploymentsproject-jobdeployment resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml similarity index 76% rename from tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index aab47eb7c..6c5d3002e 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -6,21 +6,22 @@ metadata: app.kubernetes.io/version: 20230829-1234 app.kubernetes.io/name: minimalservice app.kubernetes.io/instance: minimalservice + vandebron.nl/deployment: minimalservice maintainers: MPyL maintainer: MPyL version: 20230829-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: minimalservice-ingress-0-https + name: minimalservice-minimalservice-https-0 spec: routes: - kind: Rule match: Host(`mpyl-minimalservice.prod-backend.nl`) services: - - name: minimalservice + - name: minimalservice-minimalservice kind: Service port: 8080 middlewares: - - name: minimalservice-ingress-0-whitelist + - name: whitelist-0-minimalservice-minimalservice entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml similarity index 75% rename from tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 1b3115692..1d2a9bc4e 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -6,21 +6,22 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: minimalservice app.kubernetes.io/instance: minimalservice + vandebron.nl/deployment: minimalservice maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: minimalservice-ingress-0-https + name: minimalservice-minimalservice-https-0 spec: routes: - kind: Rule match: Host(`minimalservice-1234.test-backend.nl`) services: - - name: minimalservice + - name: minimalservice-minimalservice kind: Service port: 8080 middlewares: - - name: minimalservice-ingress-0-whitelist + - name: whitelist-0-minimalservice-minimalservice entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml index cde0e228e..26e760230 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml @@ -28,7 +28,7 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: job + name: job-job spec: containers: - args: @@ -42,11 +42,11 @@ spec: valueFrom: secretKeyRef: key: SOME_SECRET_ENV - name: job + name: job-job optional: false image: registry/image:123 imagePullPolicy: Always - name: job + name: job-job resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml similarity index 92% rename from tests/steps/deploy/k8s/chart/templates/job/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml index fa91f9efa..f42a6e7ed 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml @@ -6,14 +6,15 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: job app.kubernetes.io/instance: job + vandebron.nl/deployment: job maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: job-prometheus-rule + name: job-job spec: groups: - - name: job-prometheus-rule-group + - name: job-job-group rules: - alert: JobError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml similarity index 98% rename from tests/steps/deploy/k8s/chart/templates/job/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml index d14ab3aee..92170395f 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: job + name: job-job spec: encryptedData: SOME_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml index 02efaf1a8..512bb9d4a 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index b4e6cf73c..f0bb977fa 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest + name: dockertest-dockertest spec: replicas: 3 selector: @@ -32,6 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -51,7 +52,7 @@ spec: valueFrom: secretKeyRef: key: SOME_SEALED_SECRET_ENV - name: dockertest + name: dockertest-dockertest optional: false - name: SOME_SECRET_ENV valueFrom: @@ -82,7 +83,7 @@ spec: periodSeconds: 30 successThreshold: 0 timeoutSeconds: 20 - name: service + name: dockertest-dockertest ports: - containerPort: 80 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml similarity index 78% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index fc6f9755f..e29e10c2c 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -6,22 +6,23 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-http + name: dockertest-dockertest-http-0 spec: routes: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: dockertest-ingress-0-whitelist + - name: whitelist-0-dockertest-dockertest syntax: v2 entryPoints: - web diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml similarity index 78% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index c5db328ba..29acf24bf 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -6,22 +6,23 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-http + name: dockertest-dockertest-http-1 spec: routes: - kind: Rule match: Host(`some.other.host.com`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 4091 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: dockertest-ingress-1-whitelist + - name: whitelist-1-dockertest-dockertest syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml similarity index 80% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index cfd7f3c48..23f3e27ca 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -6,21 +6,22 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-https + name: dockertest-dockertest-https-0 spec: routes: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: - - name: dockertest-ingress-0-whitelist + - name: whitelist-0-dockertest-dockertest syntax: v2 entryPoints: - websecure diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml similarity index 78% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index 8b299caea..5be39a932 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -6,21 +6,22 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-https + name: dockertest-dockertest-https-1 spec: routes: - kind: Rule match: Host(`some.other.host.com`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 4091 middlewares: - - name: dockertest-ingress-1-whitelist + - name: whitelist-1-dockertest-dockertest syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml similarity index 90% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml index f1aa7adca..9e7eb0993 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -16,7 +17,7 @@ spec: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml index cd126c9c2..5706cf7a9 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml @@ -6,11 +6,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-routes-dockertest + name: dockertest-dockertest spec: entryPoints: - web @@ -18,4 +19,4 @@ spec: - kind: Rule match: placeholder-test-pr-1234-1234-test middlewares: - - name: strip-prefix-dockertest + - name: strip-prefix diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml index 8ad96a54a..906074f40 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml @@ -6,11 +6,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: strip-prefix-dockertest + name: strip-prefix spec: stripPrefix: prefixes: diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml deleted file mode 100644 index 8bf6f0409..000000000 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - labels: - name: dockertest - app.kubernetes.io/version: pr-1234 - app.kubernetes.io/name: dockertest - app.kubernetes.io/instance: dockertest - maintainers: MPyL - maintainer: MPyL - version: pr-1234 - revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: strip-prefix -spec: - stripPrefix: - prefixes: - - /service diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml similarity index 83% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml rename to tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml index c22033c3b..002fb1f79 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml @@ -8,11 +8,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-whitelist + name: whitelist-0-dockertest-dockertest spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml similarity index 86% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml rename to tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml index b8bbc40a1..b15ed5bcb 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml @@ -10,11 +10,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-whitelist + name: whitelist-1-dockertest-dockertest spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml similarity index 89% rename from tests/steps/deploy/k8s/chart/templates/service/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml index fb4b022e4..aacdd5186 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml @@ -6,14 +6,15 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-prometheus-rule + name: dockertest-dockertest spec: groups: - - name: dockertest-prometheus-rule-group + - name: dockertest-dockertest-group rules: - alert: ServiceError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml similarity index 96% rename from tests/steps/deploy/k8s/chart/templates/service/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml index d540b576a..44537de95 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: dockertest + name: dockertest-dockertest spec: encryptedData: SOME_SEALED_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml index d9062d388..580f931fb 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/chart/templates/service/service.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml similarity index 85% rename from tests/steps/deploy/k8s/chart/templates/service/service.yaml rename to tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml index 78102b840..afc952f4e 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml @@ -9,11 +9,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest + name: dockertest-dockertest spec: ports: - name: 8080-webservice-port @@ -23,4 +24,5 @@ spec: selector: app.kubernetes.io/instance: dockertest app.kubernetes.io/name: dockertest + vandebron.nl/deployment: dockertest type: ClusterIP diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml similarity index 88% rename from tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml rename to tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml index 97ef347a0..a42553b28 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml @@ -6,11 +6,12 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-service-monitor + name: dockertest-dockertest spec: endpoints: - honorLabels: true diff --git a/tests/steps/deploy/k8s/templates/manifest.yaml b/tests/steps/deploy/k8s/templates/manifest.yaml index 5c1a0e8d1..4ff986a1a 100644 --- a/tests/steps/deploy/k8s/templates/manifest.yaml +++ b/tests/steps/deploy/k8s/templates/manifest.yaml @@ -440,7 +440,7 @@ spec: # service-account apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 52e734cc5..9a321f565 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -49,12 +49,12 @@ class TestKubernetesChart: @staticmethod def _roundtrip( file_name: Path, - chart: str, + filename: str, resources: dict[str, Union[CustomResourceDefinition, V1Job, V1CronJob]], overwrite: bool = False, ): - name_chart = file_name / f"{chart}.yaml" - resource = resources[chart] + name_chart = file_name / f"{filename}.yaml" + resource = resources[filename] assert_roundtrip(name_chart, to_yaml(resource), overwrite) @staticmethod @@ -120,6 +120,7 @@ def test_should_validate_against_crd_schema(self): host=wrappers[0], target=Target.PRODUCTION, pr_number=1234, + release_name="dockertest", namespace="pr-1234", middlewares_override=[], entrypoints_override=[], @@ -145,21 +146,20 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "template", [ "deployment-dockertest", - "service", + "service-dockertest", "service-account", - "sealed-secrets", - "dockertest-ingress-0-https", - "dockertest-ingress-0-http", - "dockertest-ingress-1-https", - "dockertest-ingress-1-http", - "dockertest-ingress-intracloud-https-0", - "dockertest-ingress-0-whitelist", - "dockertest-ingress-1-whitelist", + "sealed-secrets-dockertest", + "ingress-dockertest-https-0", + "ingress-dockertest-http-0", + "ingress-dockertest-https-1", + "ingress-dockertest-http-1", + "ingress-dockertest-ingress-intracloud-https-0", + "middleware-whitelist-0-dockertest", + "middleware-whitelist-1-dockertest", "ingress-routes-dockertest", - "middleware-strip-prefix", "middleware-strip-prefix-dockertest", - "prometheus-rule", - "service-monitor", + "prometheus-rule-dockertest", + "service-monitor-dockertest", "role", "rolebinding", ], @@ -170,26 +170,25 @@ def test_service_chart_roundtrip(self, template): chart = builder.to_common_chart( traefik_project.deployments[0] ) | to_service_chart(builder, builder.project.deployments[0]) - self._roundtrip(self.template_path / "service", template, chart) - for key in chart.keys(): - print(key) - assert chart.keys() == { + self._roundtrip( + self.template_path / "service", filename=template, resources=chart + ) + assert set(chart.keys()) == { "service-account", - "sealed-secrets", + "sealed-secrets-dockertest", "deployment-dockertest", - "service", - "dockertest-ingress-0-https", - "dockertest-ingress-0-http", - "dockertest-ingress-1-https", - "dockertest-ingress-1-http", - "dockertest-ingress-intracloud-https-0", - "dockertest-ingress-0-whitelist", - "dockertest-ingress-1-whitelist", + "service-dockertest", + "ingress-dockertest-https-0", + "ingress-dockertest-http-0", + "ingress-dockertest-https-1", + "ingress-dockertest-http-1", + "ingress-dockertest-ingress-intracloud-https-0", + "middleware-whitelist-0-dockertest", + "middleware-whitelist-1-dockertest", "ingress-routes-dockertest", - "middleware-strip-prefix", "middleware-strip-prefix-dockertest", - "prometheus-rule", - "service-monitor", + "prometheus-rule-dockertest", + "service-monitor-dockertest", "role", "rolebinding", } @@ -202,8 +201,7 @@ def test_ingress_routes_placeholder_replacement(self): == "placeholder-test-pr-1234-1234-test" ) assert ( - ingress_routes.spec["routes"][0]["middlewares"][0]["name"] - == "strip-prefix-dockertest" + ingress_routes.spec["routes"][0]["middlewares"][0]["name"] == "strip-prefix" ) def test_middlewares_placeholder_replacement(self): @@ -263,7 +261,7 @@ def test_default_ingress(self): builder = self._get_builder(project) chart = to_service_chart(builder, project.deployments[0]) self._roundtrip( - self.template_path / "ingress", "minimalService-ingress-0-https", chart + self.template_path / "ingress", "ingress-minimalService-https-0", chart ) def test_production_ingress(self): @@ -280,12 +278,12 @@ def test_production_ingress(self): builder = self._get_builder(project, run_properties_prod) chart = to_service_chart(builder, project.deployments[0]) self._roundtrip( - self.template_path / "ingress-prod", "minimalService-ingress-0-https", chart + self.template_path / "ingress-prod", "ingress-minimalService-https-0", chart ) @pytest.mark.parametrize( "template", - ["job-job", "service-account", "sealed-secrets", "prometheus-rule"], + ["job-job", "service-account", "sealed-secrets-job", "prometheus-rule-job"], ) def test_job_chart_roundtrip(self, template): job_project = get_job_project() @@ -297,7 +295,12 @@ def test_job_chart_roundtrip(self, template): @pytest.mark.parametrize( "template", - ["cronjob-cronjob", "service-account", "sealed-secrets", "prometheus-rule"], + [ + "cronjob-cronjob", + "service-account", + "sealed-secrets-cronjob", + "prometheus-rule-cronjob", + ], ) def test_cron_job_chart_roundtrip(self, template): cron_job_project = get_cron_job_project() diff --git a/tests/test_resources/mpyl_config.yml b/tests/test_resources/mpyl_config.yml index 6ac6a230e..6c0ebd54e 100644 --- a/tests/test_resources/mpyl_config.yml +++ b/tests/test_resources/mpyl_config.yml @@ -85,7 +85,7 @@ project: # default values tls: "le-custom-prod-wildcard-cert" kubernetes: imagePullSecrets: - - name: 'acme-registry' + - name: 'aws-ecr' job: ttlSecondsAfterFinished: all: 3600 diff --git a/tests/test_resources/test_projects/traefik/dockertest-traefik.yml b/tests/test_resources/test_projects/traefik/dockertest-traefik.yml index 9ec1d8b48..b403af0ee 100644 --- a/tests/test_resources/test_projects/traefik/dockertest-traefik.yml +++ b/tests/test_resources/test_projects/traefik/dockertest-traefik.yml @@ -7,7 +7,7 @@ traefik: - kind: Rule match: placeholder-test-{namespace}-{PR-NUMBER}-test middlewares: - - name: "strip-prefix-{SERVICE-NAME}" + - name: "strip-prefix" middlewares: all: - metadata: @@ -17,7 +17,7 @@ traefik: prefixes: - "/service" - metadata: - name: "strip-prefix-{SERVICE-NAME}" + name: "strip-prefix" spec: stripPrefix: prefixes: