From 719af57790bebac87148d6d978f3d80ff7156e75 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Fri, 14 Feb 2025 13:25:28 +0100 Subject: [PATCH 01/23] fix: create a unique prometheus chart per deployment --- src/mpyl/steps/deploy/k8s/chart.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index d7c12f681..98608022d 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -869,14 +869,16 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: def to_common_chart( self, deployment: Deployment ) -> dict[str, CustomResourceDefinition]: - chart = {"service-account": self.to_service_account(deployment)} + chart = { + "service-account": self.to_service_account(deployment) + } # should move out of Deployment? if deployment.properties and len(deployment.properties.sealed_secrets) > 0: chart["sealed-secrets"] = self.to_sealed_secrets( deployment.properties.sealed_secrets - ) + ) # should move out of Deployment? - role = deployment.kubernetes.role or {} + role = deployment.kubernetes.role or {} # should move out of Deployment? if role: chart["role"] = self.to_role(role) chart["rolebinding"] = self.to_role_binding() @@ -937,7 +939,9 @@ def _to_prometheus_chart(builder: ChartBuilder, deployment: Deployment): metrics = deployment.kubernetes.metrics prometheus_chart = ( { - "prometheus-rule": builder.to_prometheus_rule(alerts=metrics.alerts), + f"prometheus-rule-{deployment.name}": builder.to_prometheus_rule( + alerts=metrics.alerts + ), } if metrics and metrics.enabled else {} From e03ab9069cc8364c56c80966b79c6680f1b94e8d Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Fri, 14 Feb 2025 13:33:31 +0100 Subject: [PATCH 02/23] Fix the unit tests --- ...theus-rule.yaml => prometheus-rule-cronjob.yaml} | 0 ...rometheus-rule.yaml => prometheus-rule-job.yaml} | 0 ...us-rule.yaml => prometheus-rule-dockertest.yaml} | 0 tests/steps/deploy/k8s/test_k8s.py | 13 +++++++++---- 4 files changed, 9 insertions(+), 4 deletions(-) rename tests/steps/deploy/k8s/chart/templates/cronjob/{prometheus-rule.yaml => prometheus-rule-cronjob.yaml} (100%) rename tests/steps/deploy/k8s/chart/templates/job/{prometheus-rule.yaml => prometheus-rule-job.yaml} (100%) rename tests/steps/deploy/k8s/chart/templates/service/{prometheus-rule.yaml => prometheus-rule-dockertest.yaml} (100%) diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/job/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule.yaml b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/service/prometheus-rule.yaml rename to tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 13fd75958..ff2cb4fed 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -161,7 +161,7 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", - "prometheus-rule", + "prometheus-rule-dockertest", "service-monitor", "role", "rolebinding", @@ -191,7 +191,7 @@ def test_service_chart_roundtrip(self, template): "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", - "prometheus-rule", + "prometheus-rule-dockertest", "service-monitor", "role", "rolebinding", @@ -288,7 +288,7 @@ def test_production_ingress(self): @pytest.mark.parametrize( "template", - ["job-job", "service-account", "sealed-secrets", "prometheus-rule"], + ["job-job", "service-account", "sealed-secrets", "prometheus-rule-job"], ) def test_job_chart_roundtrip(self, template): job_project = get_job_project() @@ -300,7 +300,12 @@ def test_job_chart_roundtrip(self, template): @pytest.mark.parametrize( "template", - ["cronjob-cronjob", "service-account", "sealed-secrets", "prometheus-rule"], + [ + "cronjob-cronjob", + "service-account", + "sealed-secrets", + "prometheus-rule-cronjob", + ], ) def test_cron_job_chart_roundtrip(self, template): cron_job_project = get_cron_job_project() From 60d779028f9d23ad994b1edd82df93276720a90f Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Fri, 14 Feb 2025 13:36:57 +0100 Subject: [PATCH 03/23] fix: create a service chart per deployment --- src/mpyl/steps/deploy/k8s/chart.py | 2 +- .../service/{service.yaml => service-dockertest.yaml} | 0 tests/steps/deploy/k8s/test_k8s.py | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename tests/steps/deploy/k8s/chart/templates/service/{service.yaml => service-dockertest.yaml} (100%) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 98608022d..0c20af263 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -905,7 +905,7 @@ def to_service_chart( builder: ChartBuilder, deployment: Deployment ) -> dict[str, CustomResourceDefinition]: return ( - {"service": builder.to_service(deployment)} + {f"service-{deployment.name}": builder.to_service(deployment)} | {f"deployment-{deployment.name}": builder.to_deployment(deployment)} | _to_ingress_routes_charts(builder, deployment) | builder.to_middlewares(deployment) diff --git a/tests/steps/deploy/k8s/chart/templates/service/service.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/service/service.yaml rename to tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index ff2cb4fed..4fd222c71 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -148,7 +148,7 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "template", [ "deployment-dockertest", - "service", + "service-dockertest", "service-account", "sealed-secrets", "dockertest-ingress-0-https", @@ -180,7 +180,7 @@ def test_service_chart_roundtrip(self, template): "service-account", "sealed-secrets", "deployment-dockertest", - "service", + "service-dockertest", "dockertest-ingress-0-https", "dockertest-ingress-0-http", "dockertest-ingress-1-https", From 77b1ef6fc3dbaf8634692bfc9a1a062346e35cb5 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 13:59:43 +0100 Subject: [PATCH 04/23] chore: remove imagePullSecrets and generate sealed secrets per deployment --- mpyl_config.example.yml | 2 -- src/mpyl/project.py | 2 -- src/mpyl/schema/project.schema.yml | 6 ----- src/mpyl/steps/deploy/k8s/chart.py | 22 ++++++------------- .../templates/cronjob/service-account.yaml | 2 +- .../chart/templates/job/service-account.yaml | 2 +- .../templates/service/service-account.yaml | 2 +- .../steps/deploy/k8s/templates/manifest.yaml | 2 +- tests/test_resources/mpyl_config.yml | 2 +- 9 files changed, 12 insertions(+), 30 deletions(-) diff --git a/mpyl_config.example.yml b/mpyl_config.example.yml index d127e191b..efc25e5b2 100644 --- a/mpyl_config.example.yml +++ b/mpyl_config.example.yml @@ -57,8 +57,6 @@ project: # default values allowedMaintainers: [Team1, Team2, MPyL] deployment: kubernetes: - imagePullSecrets: - - name: acme-registry job: ttlSecondsAfterFinished: all: 3600 diff --git a/src/mpyl/project.py b/src/mpyl/project.py index 090033a6b..87761720b 100644 --- a/src/mpyl/project.py +++ b/src/mpyl/project.py @@ -316,7 +316,6 @@ class Kubernetes: metrics: Optional[Metrics] resources: Resources job: Optional[Job] - image_pull_secrets: dict role: Optional[dict] command: Optional[TargetProperty[str]] args: Optional[TargetProperty[str]] @@ -332,7 +331,6 @@ def from_config(values: dict): metrics=Metrics.from_config(values.get("metrics", {})), resources=Resources.from_config(values.get("resources", {})), job=Job.from_config(values.get("job", {})), - image_pull_secrets=values.get("imagePullSecrets", {}), role=values.get("role"), command=TargetProperty.from_config(values.get("command", {})), args=TargetProperty.from_config(values.get("args", {})), diff --git a/src/mpyl/schema/project.schema.yml b/src/mpyl/schema/project.schema.yml index e761cc647..35753c24c 100644 --- a/src/mpyl/schema/project.schema.yml +++ b/src/mpyl/schema/project.schema.yml @@ -759,12 +759,6 @@ definitions: additionalProperties: false portMappings: type: object - imagePullSecrets: - minItems: 1 - description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - $ref: k8s_api_core.schema.yml#/definitions/io.k8s.api.core.v1.LocalObjectReference - type: [array, null] job: type: object additionalProperties: true diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 0c20af263..42fb04080 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -177,7 +177,6 @@ class DeploymentDefaults: job_defaults: dict traefik_defaults: Traefik white_lists: DefaultWhitelists - image_pull_secrets: dict deployment_strategy: dict additional_routes: list[TraefikAdditionalRoute] traefik_config: TraefikConfig @@ -199,7 +198,6 @@ def from_config(config: dict): job_defaults=kubernetes.get("job", {}), traefik_defaults=Traefik.from_config(deployment_values.get("traefik", {})), white_lists=DefaultWhitelists.from_config(config.get("whiteLists", {})), - image_pull_secrets=kubernetes.get("imagePullSecrets", {}), deployment_strategy=config["kubernetes"]["deploymentStrategy"], additional_routes=list( map(TraefikAdditionalRoute.from_config, additional_routes) @@ -615,17 +613,12 @@ def to_metadata(host: HostWrapper) -> V1ObjectMeta: for host in hosts } | adjusted_middlewares - def to_service_account(self, deployment: Deployment) -> V1ServiceAccount: - image_pull_secrets_config = ( - deployment.kubernetes.image_pull_secrets - or self.config_defaults.image_pull_secrets - ) + def to_service_account(self) -> V1ServiceAccount: secrets = [ ChartBuilder._to_k8s_model( - secret, + {"name": "aws-ecr"}, V1LocalObjectReference, ) - for secret in image_pull_secrets_config ] return V1ServiceAccount( api_version="v1", @@ -869,16 +862,15 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: def to_common_chart( self, deployment: Deployment ) -> dict[str, CustomResourceDefinition]: - chart = { - "service-account": self.to_service_account(deployment) - } # should move out of Deployment? + chart = {"service-account": self.to_service_account()} if deployment.properties and len(deployment.properties.sealed_secrets) > 0: - chart["sealed-secrets"] = self.to_sealed_secrets( + chart[f"sealed-secrets-{deployment.name}"] = self.to_sealed_secrets( deployment.properties.sealed_secrets - ) # should move out of Deployment? + ) - role = deployment.kubernetes.role or {} # should move out of Deployment? + # role is only used for Keycloak which only has 1 deployment, can be removed soon + role = deployment.kubernetes.role or {} if role: chart["role"] = self.to_role(role) chart["rolebinding"] = self.to_role_binding() diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml index 7e9579602..6853c0741 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml index 02efaf1a8..512bb9d4a 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml index d9062d388..580f931fb 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-account.yaml @@ -1,6 +1,6 @@ apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/steps/deploy/k8s/templates/manifest.yaml b/tests/steps/deploy/k8s/templates/manifest.yaml index 5c1a0e8d1..4ff986a1a 100644 --- a/tests/steps/deploy/k8s/templates/manifest.yaml +++ b/tests/steps/deploy/k8s/templates/manifest.yaml @@ -440,7 +440,7 @@ spec: # service-account apiVersion: v1 imagePullSecrets: -- name: acme-registry +- name: aws-ecr kind: ServiceAccount metadata: labels: diff --git a/tests/test_resources/mpyl_config.yml b/tests/test_resources/mpyl_config.yml index 6ac6a230e..6c0ebd54e 100644 --- a/tests/test_resources/mpyl_config.yml +++ b/tests/test_resources/mpyl_config.yml @@ -85,7 +85,7 @@ project: # default values tls: "le-custom-prod-wildcard-cert" kubernetes: imagePullSecrets: - - name: 'acme-registry' + - name: 'aws-ecr' job: ttlSecondsAfterFinished: all: 3600 From dc5d9a205a2c9ed8179de16a968c54b9e01b1993 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 14:05:34 +0100 Subject: [PATCH 05/23] Fix the sealed secrets unit tests --- .../{sealed-secrets.yaml => sealed-secrets-cronjob.yaml} | 0 .../job/{sealed-secrets.yaml => sealed-secrets-job.yaml} | 0 ...sealed-secrets.yaml => sealed-secrets-dockertest.yaml} | 0 tests/steps/deploy/k8s/test_k8s.py | 8 ++++---- 4 files changed, 4 insertions(+), 4 deletions(-) rename tests/steps/deploy/k8s/chart/templates/cronjob/{sealed-secrets.yaml => sealed-secrets-cronjob.yaml} (100%) rename tests/steps/deploy/k8s/chart/templates/job/{sealed-secrets.yaml => sealed-secrets-job.yaml} (100%) rename tests/steps/deploy/k8s/chart/templates/service/{sealed-secrets.yaml => sealed-secrets-dockertest.yaml} (100%) diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/job/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets.yaml b/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/service/sealed-secrets.yaml rename to tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 4fd222c71..627f89ae0 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -150,7 +150,7 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "deployment-dockertest", "service-dockertest", "service-account", - "sealed-secrets", + "sealed-secrets-dockertest", "dockertest-ingress-0-https", "dockertest-ingress-0-http", "dockertest-ingress-1-https", @@ -178,7 +178,7 @@ def test_service_chart_roundtrip(self, template): print(key) assert chart.keys() == { "service-account", - "sealed-secrets", + "sealed-secrets-dockertest", "deployment-dockertest", "service-dockertest", "dockertest-ingress-0-https", @@ -288,7 +288,7 @@ def test_production_ingress(self): @pytest.mark.parametrize( "template", - ["job-job", "service-account", "sealed-secrets", "prometheus-rule-job"], + ["job-job", "service-account", "sealed-secrets-job", "prometheus-rule-job"], ) def test_job_chart_roundtrip(self, template): job_project = get_job_project() @@ -303,7 +303,7 @@ def test_job_chart_roundtrip(self, template): [ "cronjob-cronjob", "service-account", - "sealed-secrets", + "sealed-secrets-cronjob", "prometheus-rule-cronjob", ], ) From 92cfc480e1edabba89645a67d32b83877179d197 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 14:06:35 +0100 Subject: [PATCH 06/23] Use pr version docker image for testing purposes --- actions/discover-run-plan/action.yaml | 2 +- actions/generate-kubernetes-manifests/action.yaml | 2 +- actions/health-check/action.yaml | 2 +- actions/lint-projects/action.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/actions/discover-run-plan/action.yaml b/actions/discover-run-plan/action.yaml index 0df5afdc1..d0821165d 100644 --- a/actions/discover-run-plan/action.yaml +++ b/actions/discover-run-plan/action.yaml @@ -13,7 +13,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.1.0 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - plan - discover diff --git a/actions/generate-kubernetes-manifests/action.yaml b/actions/generate-kubernetes-manifests/action.yaml index d2742cbd1..be990c238 100644 --- a/actions/generate-kubernetes-manifests/action.yaml +++ b/actions/generate-kubernetes-manifests/action.yaml @@ -29,7 +29,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.1.0 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - build - --environment diff --git a/actions/health-check/action.yaml b/actions/health-check/action.yaml index d5afefb4a..28c952275 100644 --- a/actions/health-check/action.yaml +++ b/actions/health-check/action.yaml @@ -7,7 +7,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.1.0 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - health env: diff --git a/actions/lint-projects/action.yaml b/actions/lint-projects/action.yaml index c6659f31f..403c8265e 100644 --- a/actions/lint-projects/action.yaml +++ b/actions/lint-projects/action.yaml @@ -7,7 +7,7 @@ inputs: required: false runs: using: docker - image: docker://public.ecr.aws/vdb-public/gh-mpyl:v1.1.0 + image: docker://public.ecr.aws/vdb-public/gh-mpyl:pr-191 args: - projects - lint From f43448a57632fbf303764e41b521b5236605560b Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 14:45:11 +0100 Subject: [PATCH 07/23] chore: add labels per deployment when needed --- src/mpyl/steps/deploy/k8s/chart.py | 24 ++++++++++++------- ...ment-testDeploymentStrategyParameters.yaml | 2 ++ ...nt-testDeploymentsStrategyParameters1.yaml | 2 ++ ...nt-testDeploymentsStrategyParameters2.yaml | 2 ++ .../service/deployment-dockertest.yaml | 2 ++ .../templates/service/service-dockertest.yaml | 1 + tests/steps/deploy/k8s/test_k8s.py | 1 + 7 files changed, 26 insertions(+), 8 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 42fb04080..fafea354e 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -233,8 +233,9 @@ def __init__(self, step_input: Input): else project.namespace(step_input.run_properties.target) ) - def to_labels(self) -> dict: + def to_labels(self, deployment_name: Optional[str] = None) -> dict: run_properties = self.step_input.run_properties + app_labels = { "name": self.release_name, "app.kubernetes.io/version": run_properties.versioning.identifier, @@ -242,6 +243,9 @@ def to_labels(self) -> dict: "app.kubernetes.io/instance": self.release_name, } + if deployment_name: + app_labels.update({"vandebron.nl/deployment": deployment_name}) + if len(self.project.maintainer) > 0: app_labels["maintainers"] = ".".join(self.project.maintainer).replace( " ", "_" @@ -262,19 +266,23 @@ def _to_image_annotation(self) -> dict: return {"image": self._get_image()} def _to_object_meta( - self, name: Optional[str] = None, annotations: Optional[dict] = None + self, + name: Optional[str] = None, + annotations: Optional[dict] = None, + deployment_name: Optional[str] = None, ) -> V1ObjectMeta: return V1ObjectMeta( name=name if name else self.release_name, - labels=self.to_labels(), + labels=self.to_labels(deployment_name=deployment_name), annotations=annotations, ) - def _to_selector(self): + def _to_selector(self, deployment: Deployment): return V1LabelSelector( match_labels={ "app.kubernetes.io/instance": self.release_name, "app.kubernetes.io/name": self.release_name, + "vandebron.nl/deployment": deployment.name, } ) @@ -346,13 +354,13 @@ def to_service(self, deployment: Deployment) -> V1Service: kind="Service", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=self.release_name, + name=deployment.name, labels=self.to_labels(), ), spec=V1ServiceSpec( type="ClusterIP", ports=service_ports, - selector=self._to_selector().match_labels, + selector=self._to_selector(deployment).match_labels, ), ) @@ -847,7 +855,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: spec=V1DeploymentSpec( replicas=instances.get_value(target=self.target), template=V1PodTemplateSpec( - metadata=self._to_object_meta(), + metadata=self._to_object_meta(deployment_name=deployment.name), spec=V1PodSpec( containers=[container], service_account=self.release_name, @@ -855,7 +863,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: ), ), strategy=strategy, - selector=self._to_selector(), + selector=self._to_selector(deployment), ), ) diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index 421376177..b3b54cac0 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -20,6 +20,7 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentstrategyparameters app.kubernetes.io/name: testdeploymentstrategyparameters + vandebron.nl/deployment: testDeploymentStrategyParameters strategy: rollingUpdate: maxSurge: 100% @@ -32,6 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentstrategyparameters app.kubernetes.io/instance: testdeploymentstrategyparameters + vandebron.nl/deployment: testDeploymentStrategyParameters maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index ac4108322..5d0cca74b 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -20,6 +20,7 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters + vandebron.nl/deployment: testDeploymentsStrategyParameters1 strategy: rollingUpdate: maxSurge: 100% @@ -32,6 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters + vandebron.nl/deployment: testDeploymentsStrategyParameters1 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index ac4108322..05d94344f 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -20,6 +20,7 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters + vandebron.nl/deployment: testDeploymentsStrategyParameters2 strategy: rollingUpdate: maxSurge: 100% @@ -32,6 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters + vandebron.nl/deployment: testDeploymentsStrategyParameters2 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index b4e6cf73c..2086ce2fa 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -20,6 +20,7 @@ spec: matchLabels: app.kubernetes.io/instance: dockertest app.kubernetes.io/name: dockertest + vandebron.nl/deployment: dockertest strategy: rollingUpdate: maxSurge: 25% @@ -32,6 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml index 78102b840..169282f01 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml @@ -23,4 +23,5 @@ spec: selector: app.kubernetes.io/instance: dockertest app.kubernetes.io/name: dockertest + vandebron.nl/deployment: dockertest type: ClusterIP diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 627f89ae0..15659add3 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -236,6 +236,7 @@ def test_deployments_strategy_roundtrip(self): builder = self._get_builder(project) chart1 = to_service_chart(builder, project.deployments[0]) chart2 = to_service_chart(builder, project.deployments[1]) + print("chart1: ", chart1["service-testDeploymentsStrategyParameters1"]) self._roundtrip( self.template_path / "deployment", "deployment-testDeploymentsStrategyParameters1", From f06dbbee04463cfb3082451a26d82cc2c4664a4e Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 15:10:01 +0100 Subject: [PATCH 08/23] Fix the env var namespace replacement to account for multiple deployments --- src/mpyl/steps/deploy/k8s/__init__.py | 29 +++++++++++++++++++-------- src/mpyl/steps/deploy/k8s/chart.py | 6 +++--- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/__init__.py b/src/mpyl/steps/deploy/k8s/__init__.py index 9715e11f4..9494bdde4 100644 --- a/src/mpyl/steps/deploy/k8s/__init__.py +++ b/src/mpyl/steps/deploy/k8s/__init__.py @@ -66,18 +66,31 @@ def get_namespace_for_linked_project(project: Project) -> str: return f"pr-{pr_identifier}" return project.namespace(target) - def replace_namespace(env_value: str, project_name: str, namespace: str) -> str: - search_value = project_name + ".{namespace}" - replace_value = project_name + "." + namespace - return env_value.replace(search_value, replace_value) + def replace_namespace( + original_value: str, + service_name: str, + namespace: str, + ): + search_value = service_name + ".{namespace}" + replace_value = service_name + "." + namespace + replaced_namespace = original_value.replace(search_value, replace_value) + updated_pr = replace_pr_number(replaced_namespace, pr_identifier) + env[key] = updated_pr for project in all_projects: linked_project_namespace = get_namespace_for_linked_project(project) for key, value in env.items(): - replaced_namespace = replace_namespace( - value, project.name, linked_project_namespace + replace_namespace( + original_value=value, + service_name=project.name, + namespace=linked_project_namespace, ) - updated_pr = replace_pr_number(replaced_namespace, pr_identifier) - env[key] = updated_pr + + for deployment in project.deployments: + replace_namespace( + original_value=value, + service_name=deployment.name, + namespace=linked_project_namespace, + ) return env diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index fafea354e..0543701c1 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -513,7 +513,7 @@ def to_white_list( for idx, host in enumerate(hosts) ] - def _replace_placeholders(self, traefik_object: dict | list): + def _replace_traefik_placeholders(self, traefik_object: dict | list): traefik_object = replace_item( traefik_object, PR_NUMBER_PLACEHOLDER, @@ -530,7 +530,7 @@ def _replace_placeholders(self, traefik_object: dict | list): def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: """Converts the deployment traefik ingress routes configuration to a V1AlphaIngressRoute object.""" ingress_route_spec = ( - self._replace_placeholders( + self._replace_traefik_placeholders( deployment.traefik.ingress_routes.get_value(self.target) ) if deployment.traefik and deployment.traefik.ingress_routes @@ -592,7 +592,7 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware]: hosts: list[HostWrapper] = self.create_host_wrappers(deployment) middlewares = ( - self._replace_placeholders( + self._replace_traefik_placeholders( deployment.traefik.middlewares.get_value(self.target) ) if deployment.traefik and deployment.traefik.middlewares From f63e73808fe30882abce6eceb5beb904efa5205a Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 15:54:21 +0100 Subject: [PATCH 09/23] Only update the the env var if it's changed --- src/mpyl/steps/deploy/k8s/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mpyl/steps/deploy/k8s/__init__.py b/src/mpyl/steps/deploy/k8s/__init__.py index 9eac8c3ad..d5ddcb208 100644 --- a/src/mpyl/steps/deploy/k8s/__init__.py +++ b/src/mpyl/steps/deploy/k8s/__init__.py @@ -71,7 +71,8 @@ def replace_namespace( replace_value = service_name + "." + namespace replaced_namespace = original_value.replace(search_value, replace_value) updated_pr = replace_pr_number(replaced_namespace, pr_identifier) - env[key] = updated_pr + if updated_pr != original_value: + env[key] = updated_pr for project in all_projects: linked_project_namespace = get_namespace_for_linked_project(project) From b7ec2d0311b82467e37c14a01066102f4030269b Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 16:50:12 +0100 Subject: [PATCH 10/23] Use the lower case deployment name for deployments, sealed secrets and prometheus rules --- src/mpyl/steps/deploy/k8s/chart.py | 21 +++++++++++-------- .../steps/deploy/k8s/resources/dagster.py | 4 +++- ...ment-testDeploymentStrategyParameters.yaml | 4 ++-- ...nt-testDeploymentsStrategyParameters1.yaml | 6 +++--- ...nt-testDeploymentsStrategyParameters2.yaml | 6 +++--- tests/steps/deploy/k8s/test_k8s.py | 1 - 6 files changed, 23 insertions(+), 19 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 1939ab9b8..0d68186ec 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -243,7 +243,7 @@ def to_labels(self, deployment_name: Optional[str] = None) -> dict: } if deployment_name: - app_labels.update({"vandebron.nl/deployment": deployment_name}) + app_labels.update({"vandebron.nl/deployment": deployment_name.lower()}) if len(self.project.maintainer) > 0: app_labels["maintainers"] = ".".join(self.project.maintainer).replace( @@ -281,7 +281,7 @@ def _to_selector(self, deployment: Deployment): match_labels={ "app.kubernetes.io/instance": self.release_name, "app.kubernetes.io/name": self.release_name, - "vandebron.nl/deployment": deployment.name, + "vandebron.nl/deployment": deployment.name.lower(), } ) @@ -431,10 +431,12 @@ def to_cron_job(self, deployment: Deployment) -> V1CronJob: spec=v1_cron_job_spec, ) - def to_prometheus_rule(self, alerts: list[Alert]) -> V1PrometheusRule: + def to_prometheus_rule( + self, alerts: list[Alert], deployment_name: str + ) -> V1PrometheusRule: return V1PrometheusRule( metadata=self._to_object_meta( - name=f"{self.project.name.lower()}-prometheus-rule" + name=f"{deployment_name.lower()}-prometheus-rule" ), alerts=alerts, ) @@ -664,13 +666,13 @@ def to_role_binding(self) -> V1RoleBinding: ) def to_sealed_secrets( - self, sealed_secrets: list[KeyValueProperty] + self, sealed_secrets: list[KeyValueProperty], name: str ) -> V1SealedSecret: secrets: dict[str, str] = {} for secret in sealed_secrets: secrets[secret.key] = secret.get_value(self.target) - return V1SealedSecret(name=self.release_name, secrets=secrets) + return V1SealedSecret(name=name.lower(), secrets=secrets) @staticmethod def _to_resource_requirements( @@ -845,7 +847,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: kind="Deployment", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=self.release_name, + name=deployment.name.lower(), labels=self.to_labels(), ), spec=V1DeploymentSpec( @@ -870,7 +872,7 @@ def to_common_chart( if deployment.properties and len(deployment.properties.sealed_secrets) > 0: chart[f"sealed-secrets-{deployment.name}"] = self.to_sealed_secrets( - deployment.properties.sealed_secrets + deployment.properties.sealed_secrets, deployment.name ) # role is only used for Keycloak which only has 1 deployment, can be removed soon @@ -936,7 +938,8 @@ def _to_prometheus_chart(builder: ChartBuilder, deployment: Deployment): prometheus_chart = ( { f"prometheus-rule-{deployment.name}": builder.to_prometheus_rule( - alerts=metrics.alerts + alerts=metrics.alerts, + deployment_name=deployment.name, ), } if metrics and metrics.enabled diff --git a/src/mpyl/steps/deploy/k8s/resources/dagster.py b/src/mpyl/steps/deploy/k8s/resources/dagster.py index 2ee4e3ea3..428fd59c7 100644 --- a/src/mpyl/steps/deploy/k8s/resources/dagster.py +++ b/src/mpyl/steps/deploy/k8s/resources/dagster.py @@ -45,7 +45,9 @@ def to_user_code_values( sealed_secret_env.value_from.secret_key_ref.name = release_name sealed_secret_refs.append(to_dict(sealed_secret_env, skip_none=True)) - sealed_secret_manifest = builder.to_sealed_secrets(combined_sealed_secrets) + sealed_secret_manifest = builder.to_sealed_secrets( + combined_sealed_secrets, release_name + ) sealed_secret_manifest.metadata.name = release_name extra_manifests = ( diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index b3b54cac0..cafb22ddb 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -20,7 +20,7 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentstrategyparameters app.kubernetes.io/name: testdeploymentstrategyparameters - vandebron.nl/deployment: testDeploymentStrategyParameters + vandebron.nl/deployment: testdeploymentstrategyparameters strategy: rollingUpdate: maxSurge: 100% @@ -33,7 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentstrategyparameters app.kubernetes.io/instance: testdeploymentstrategyparameters - vandebron.nl/deployment: testDeploymentStrategyParameters + vandebron.nl/deployment: testdeploymentstrategyparameters maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index 5d0cca74b..4fb4826e5 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -13,14 +13,14 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters + name: testdeploymentsstrategyparameters1 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters - vandebron.nl/deployment: testDeploymentsStrategyParameters1 + vandebron.nl/deployment: testdeploymentsstrategyparameters1 strategy: rollingUpdate: maxSurge: 100% @@ -33,7 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testDeploymentsStrategyParameters1 + vandebron.nl/deployment: testdeploymentsstrategyparameters1 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index 05d94344f..e13af558f 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -13,14 +13,14 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters + name: testdeploymentsstrategyparameters2 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters - vandebron.nl/deployment: testDeploymentsStrategyParameters2 + vandebron.nl/deployment: testdeploymentsstrategyparameters2 strategy: rollingUpdate: maxSurge: 100% @@ -33,7 +33,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testDeploymentsStrategyParameters2 + vandebron.nl/deployment: testdeploymentsstrategyparameters2 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index f5befeecc..738806f66 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -233,7 +233,6 @@ def test_deployments_strategy_roundtrip(self): builder = self._get_builder(project) chart1 = to_service_chart(builder, project.deployments[0]) chart2 = to_service_chart(builder, project.deployments[1]) - print("chart1: ", chart1["service-testDeploymentsStrategyParameters1"]) self._roundtrip( self.template_path / "deployment", "deployment-testDeploymentsStrategyParameters1", From 9f7e26c012c6c78b5c80191afbdb57fb99c4590c Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 17:14:37 +0100 Subject: [PATCH 11/23] Also lower case the service name --- src/mpyl/steps/deploy/k8s/chart.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 0d68186ec..4f3c5967a 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -353,7 +353,7 @@ def to_service(self, deployment: Deployment) -> V1Service: kind="Service", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=deployment.name, + name=deployment.name.lower(), labels=self.to_labels(), ), spec=V1ServiceSpec( From e3ef2c4c222d00674c9917718fe472fa304d5ec1 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 19 Feb 2025 20:23:53 +0100 Subject: [PATCH 12/23] Also change the name of the sealed secrets key ref --- src/mpyl/steps/deploy/k8s/chart.py | 16 +++++++++++----- src/mpyl/steps/deploy/k8s/resources/dagster.py | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 4f3c5967a..eb2f0085c 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -725,14 +725,14 @@ def _get_resources(self, deployment: Deployment) -> V1ResourceRequirements: return ChartBuilder._to_resource_requirements(resources, defaults, self.target) def _create_sealed_secret_env_vars( - self, secret_list: list[KeyValueProperty] + self, secret_list: list[KeyValueProperty], secret_name: str ) -> list[V1EnvVar]: return [ V1EnvVar( name=e.key, value_from=V1EnvVarSource( secret_key_ref=V1SecretKeySelector( - key=e.key, name=self.release_name, optional=False + key=e.key, name=secret_name.lower(), optional=False ) ), ) @@ -755,12 +755,16 @@ def extract_raw_env(target: Target, env: list[KeyValueProperty]): return raw_env_vars def get_sealed_secret_as_env_vars( - self, sealed_secrets: list[KeyValueProperty] + self, + sealed_secrets: list[KeyValueProperty], + secret_name: str, ) -> list[V1EnvVar]: sealed_secrets_for_target = list( filter(lambda v: v.get_value(self.target) is not None, sealed_secrets) ) - return self._create_sealed_secret_env_vars(sealed_secrets_for_target) + return self._create_sealed_secret_env_vars( + sealed_secrets_for_target, secret_name + ) def _get_env_vars(self, deployment: Deployment) -> list[V1EnvVar]: raw_env_vars = ( @@ -792,7 +796,9 @@ def _get_env_vars(self, deployment: Deployment) -> list[V1EnvVar]: else [] ) sealed_secrets = ( - self.get_sealed_secret_as_env_vars(deployment.properties.sealed_secrets) + self.get_sealed_secret_as_env_vars( + deployment.properties.sealed_secrets, deployment.name + ) if deployment.properties else [] ) diff --git a/src/mpyl/steps/deploy/k8s/resources/dagster.py b/src/mpyl/steps/deploy/k8s/resources/dagster.py index 428fd59c7..40f40c1dd 100644 --- a/src/mpyl/steps/deploy/k8s/resources/dagster.py +++ b/src/mpyl/steps/deploy/k8s/resources/dagster.py @@ -40,7 +40,7 @@ def to_user_code_values( ) sealed_secret_refs = [] for sealed_secret_env in builder.get_sealed_secret_as_env_vars( - combined_sealed_secrets + combined_sealed_secrets, builder.release_name ): sealed_secret_env.value_from.secret_key_ref.name = release_name sealed_secret_refs.append(to_dict(sealed_secret_env, skip_none=True)) From 30a218344b544757b77c744d22d55ecb383f1beb Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Thu, 20 Feb 2025 13:58:42 +0100 Subject: [PATCH 13/23] Only add the vandebron.nl/deployment label to service charts --- src/mpyl/steps/deploy/k8s/chart.py | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index eb2f0085c..88c57d1d9 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -276,15 +276,6 @@ def _to_object_meta( annotations=annotations, ) - def _to_selector(self, deployment: Deployment): - return V1LabelSelector( - match_labels={ - "app.kubernetes.io/instance": self.release_name, - "app.kubernetes.io/name": self.release_name, - "vandebron.nl/deployment": deployment.name.lower(), - } - ) - @staticmethod def _to_k8s_model(values: dict, model_type): return ApiClient()._ApiClient__deserialize( # pylint: disable=protected-access @@ -359,7 +350,16 @@ def to_service(self, deployment: Deployment) -> V1Service: spec=V1ServiceSpec( type="ClusterIP", ports=service_ports, - selector=self._to_selector(deployment).match_labels, + selector=V1LabelSelector( + match_labels={ + "app.kubernetes.io/instance": self.release_name, + "app.kubernetes.io/name": self.release_name, + "vandebron.nl/deployment": deployment.name.lower(), + } + # Use the Deployment name as a label selector so that this Service points only to the Pods + # created by it, and not to all Pods in the application. + # Required for applications with multiple deployments. + ).match_labels, ), ) @@ -867,7 +867,12 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: ), ), strategy=strategy, - selector=self._to_selector(deployment), + selector=V1LabelSelector( + match_labels={ + "app.kubernetes.io/instance": self.release_name, + "app.kubernetes.io/name": self.release_name, + } + ), ), ) From 43bc80fa4409d6bc254fc811157f53c5dd70fd01 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Thu, 20 Feb 2025 14:05:33 +0100 Subject: [PATCH 14/23] Fix deployment chart tests --- .../deployment/deployment-testDeploymentStrategyParameters.yaml | 1 - .../deployment-testDeploymentsStrategyParameters1.yaml | 1 - .../deployment-testDeploymentsStrategyParameters2.yaml | 1 - .../k8s/chart/templates/service/deployment-dockertest.yaml | 1 - 4 files changed, 4 deletions(-) diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index cafb22ddb..73e7ed60b 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -20,7 +20,6 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentstrategyparameters app.kubernetes.io/name: testdeploymentstrategyparameters - vandebron.nl/deployment: testdeploymentstrategyparameters strategy: rollingUpdate: maxSurge: 100% diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index 4fb4826e5..e2bec8b0c 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -20,7 +20,6 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters1 strategy: rollingUpdate: maxSurge: 100% diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index e13af558f..09c97da83 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -20,7 +20,6 @@ spec: matchLabels: app.kubernetes.io/instance: testdeploymentsstrategyparameters app.kubernetes.io/name: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters2 strategy: rollingUpdate: maxSurge: 100% diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index 2086ce2fa..e7aae0cff 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -20,7 +20,6 @@ spec: matchLabels: app.kubernetes.io/instance: dockertest app.kubernetes.io/name: dockertest - vandebron.nl/deployment: dockertest strategy: rollingUpdate: maxSurge: 25% From a756e88d96c88efb8bbb5709b53b9a84c60c461b Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Thu, 20 Feb 2025 17:38:38 +0100 Subject: [PATCH 15/23] chore: use the deployment name for the ingress route and middlewaress --- src/mpyl/steps/deploy/k8s/chart.py | 15 +++++---- .../steps/deploy/k8s/resources/traefik.py | 2 +- ...ml => ingress-minimalService-https-0.yaml} | 4 +-- ...ml => ingress-minimalService-https-0.yaml} | 4 +-- ...tp.yaml => ingress-dockertest-http-0.yaml} | 4 +-- ...tp.yaml => ingress-dockertest-http-1.yaml} | 4 +-- ...s.yaml => ingress-dockertest-https-0.yaml} | 4 +-- ...s.yaml => ingress-dockertest-https-1.yaml} | 4 +-- ...ml => ingress-dockertest-whitelist-0.yaml} | 2 +- ...ml => ingress-dockertest-whitelist-1.yaml} | 2 +- ...ngress-intracloud-https-dockertest-0.yaml} | 2 +- tests/steps/deploy/k8s/test_k8s.py | 32 +++++++++---------- 12 files changed, 40 insertions(+), 39 deletions(-) rename tests/steps/deploy/k8s/chart/templates/ingress-prod/{minimalService-ingress-0-https.yaml => ingress-minimalService-https-0.yaml} (87%) rename tests/steps/deploy/k8s/chart/templates/ingress/{minimalService-ingress-0-https.yaml => ingress-minimalService-https-0.yaml} (87%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-0-http.yaml => ingress-dockertest-http-0.yaml} (88%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-1-http.yaml => ingress-dockertest-http-1.yaml} (88%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-0-https.yaml => ingress-dockertest-https-0.yaml} (89%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-1-https.yaml => ingress-dockertest-https-1.yaml} (88%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-0-whitelist.yaml => ingress-dockertest-whitelist-0.yaml} (91%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-1-whitelist.yaml => ingress-dockertest-whitelist-1.yaml} (93%) rename tests/steps/deploy/k8s/chart/templates/service/{dockertest-ingress-intracloud-https-0.yaml => ingress-intracloud-https-dockertest-0.yaml} (93%) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 88c57d1d9..082b5b7f7 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -486,7 +486,7 @@ def to_white_list( return [ HostWrapper( traefik_host=host, - name=self.release_name, + name=deployment.name.lower(), index=idx, service_port=( host.service_port @@ -542,7 +542,9 @@ def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: return None return V1AlphaIngressRoute.from_spec( - metadata=self._to_object_meta(name=f"ingress-routes-{self.release_name}"), + metadata=self._to_object_meta( + name=f"ingress-routes-{deployment.name.lower()}" + ), spec=ingress_route_spec, ) @@ -553,8 +555,7 @@ def to_ingress_routes( return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{self.release_name}-ingress-{i}-http" - + ("s" if https else "") + name=f"ingress-{deployment.name.lower()}-http{("s" if https else "")}-{i}" ), host=host, target=self.target, @@ -574,7 +575,7 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{self.release_name}-{host.additional_route.name}-{i}" + name=f"{host.additional_route.name}-{deployment.name}-{i}" ), host=host, target=self.target, @@ -924,11 +925,11 @@ def to_service_chart( def _to_ingress_routes_charts(builder: ChartBuilder, deployment: Deployment): ingress_https = { - f"{builder.project.name}-ingress-{i}-https": route + f"ingress-{deployment.name}-https-{i}": route for i, route in enumerate(builder.to_ingress_routes(deployment, https=True)) } ingress_http = { - f"{builder.project.name}-ingress-{i}-http": route + f"ingress-{deployment.name}-http-{i}": route for i, route in enumerate(builder.to_ingress_routes(deployment, https=False)) } ingress_routes = ( diff --git a/src/mpyl/steps/deploy/k8s/resources/traefik.py b/src/mpyl/steps/deploy/k8s/resources/traefik.py index 59f3f66c3..c50bc90fd 100644 --- a/src/mpyl/steps/deploy/k8s/resources/traefik.py +++ b/src/mpyl/steps/deploy/k8s/resources/traefik.py @@ -29,7 +29,7 @@ class HostWrapper: @property def full_name(self) -> str: - return f"{self.name}-ingress-{self.index}-whitelist" + return f"ingress-{self.name}-whitelist-{self.index}" class V1AlphaIngressRoute(CustomResourceDefinition): diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml similarity index 87% rename from tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index aab47eb7c..baef90149 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/minimalService-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: 20230829-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: minimalservice-ingress-0-https + name: ingress-minimalservice-https-0 spec: routes: - kind: Rule @@ -20,7 +20,7 @@ spec: kind: Service port: 8080 middlewares: - - name: minimalservice-ingress-0-whitelist + - name: ingress-minimalservice-whitelist-0 entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml similarity index 87% rename from tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 1b3115692..92e94ce4b 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/minimalService-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: minimalservice-ingress-0-https + name: ingress-minimalservice-https-0 spec: routes: - kind: Rule @@ -20,7 +20,7 @@ spec: kind: Service port: 8080 middlewares: - - name: minimalservice-ingress-0-whitelist + - name: ingress-minimalservice-whitelist-0 entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml similarity index 88% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index fc6f9755f..be0e3c1cc 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-http.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-http + name: ingress-dockertest-http-0 spec: routes: - kind: Rule @@ -21,7 +21,7 @@ spec: port: 8080 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: dockertest-ingress-0-whitelist + - name: ingress-dockertest-whitelist-0 syntax: v2 entryPoints: - web diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml similarity index 88% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index c5db328ba..f09dd038e 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-http.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-http + name: ingress-dockertest-http-1 spec: routes: - kind: Rule @@ -21,7 +21,7 @@ spec: port: 4091 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: dockertest-ingress-1-whitelist + - name: ingress-dockertest-whitelist-1 syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml similarity index 89% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index cfd7f3c48..00f77d1e0 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-https + name: ingress-dockertest-https-0 spec: routes: - kind: Rule @@ -20,7 +20,7 @@ spec: kind: Service port: 8080 middlewares: - - name: dockertest-ingress-0-whitelist + - name: ingress-dockertest-whitelist-0 syntax: v2 entryPoints: - websecure diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml similarity index 88% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index 8b299caea..f49d25300 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-https.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-https + name: ingress-dockertest-https-1 spec: routes: - kind: Rule @@ -20,7 +20,7 @@ spec: kind: Service port: 4091 middlewares: - - name: dockertest-ingress-1-whitelist + - name: ingress-dockertest-whitelist-1 syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml similarity index 91% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml index c22033c3b..856c94e88 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-0-whitelist.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml @@ -12,7 +12,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-0-whitelist + name: ingress-dockertest-whitelist-0 spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml similarity index 93% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml index b8bbc40a1..f43dfb003 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-1-whitelist.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml @@ -14,7 +14,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-1-whitelist + name: ingress-dockertest-whitelist-1 spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml similarity index 93% rename from tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml index f1aa7adca..bf282457e 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/dockertest-ingress-intracloud-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-ingress-intracloud-https-0 + name: ingress-intracloud-https-dockertest-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 738806f66..4546d5a6c 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -148,13 +148,13 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "service-dockertest", "service-account", "sealed-secrets-dockertest", - "dockertest-ingress-0-https", - "dockertest-ingress-0-http", - "dockertest-ingress-1-https", - "dockertest-ingress-1-http", - "dockertest-ingress-intracloud-https-0", - "dockertest-ingress-0-whitelist", - "dockertest-ingress-1-whitelist", + "ingress-dockertest-https-0", + "ingress-dockertest-http-0", + "ingress-dockertest-https-1", + "ingress-dockertest-http-1", + "ingress-intracloud-https-dockertest-0", + "ingress-dockertest-whitelist-0", + "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", @@ -178,13 +178,13 @@ def test_service_chart_roundtrip(self, template): "sealed-secrets-dockertest", "deployment-dockertest", "service-dockertest", - "dockertest-ingress-0-https", - "dockertest-ingress-0-http", - "dockertest-ingress-1-https", - "dockertest-ingress-1-http", - "dockertest-ingress-intracloud-https-0", - "dockertest-ingress-0-whitelist", - "dockertest-ingress-1-whitelist", + "ingress-dockertest-https-0", + "ingress-dockertest-http-0", + "ingress-dockertest-https-1", + "ingress-dockertest-http-1", + "ingress-intracloud-https-dockertest-0", + "ingress-dockertest-whitelist-0", + "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", @@ -263,7 +263,7 @@ def test_default_ingress(self): builder = self._get_builder(project) chart = to_service_chart(builder, project.deployments[0]) self._roundtrip( - self.template_path / "ingress", "minimalService-ingress-0-https", chart + self.template_path / "ingress", "ingress-minimalService-https-0", chart ) def test_production_ingress(self): @@ -280,7 +280,7 @@ def test_production_ingress(self): builder = self._get_builder(project, run_properties_prod) chart = to_service_chart(builder, project.deployments[0]) self._roundtrip( - self.template_path / "ingress-prod", "minimalService-ingress-0-https", chart + self.template_path / "ingress-prod", "ingress-minimalService-https-0", chart ) @pytest.mark.parametrize( From 4d1b82054c7449a3d9ac9bd07f469430a009a60d Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Wed, 26 Feb 2025 14:25:37 +0100 Subject: [PATCH 16/23] Make sure resources have unique names in non pr namespaces --- src/mpyl/project.py | 4 +- src/mpyl/steps/deploy/k8s/chart.py | 54 ++++++++++++------- .../templates/cronjob/cronjob-cronjob.yaml | 6 +-- .../cronjob/prometheus-rule-cronjob.yaml | 4 +- .../cronjob/sealed-secrets-cronjob.yaml | 2 +- ...ment-testDeploymentStrategyParameters.yaml | 6 +-- ...nt-testDeploymentsStrategyParameters1.yaml | 6 +-- ...nt-testDeploymentsStrategyParameters2.yaml | 6 +-- .../cronjob-cronJobDeployment.yaml | 6 +-- .../deployments/job-jobDeployment.yaml | 4 +- .../ingress-minimalService-https-0.yaml | 2 +- .../ingress-minimalService-https-0.yaml | 2 +- .../k8s/chart/templates/job/job-job.yaml | 4 +- .../templates/job/prometheus-rule-job.yaml | 4 +- .../templates/job/sealed-secrets-job.yaml | 2 +- .../service/deployment-dockertest.yaml | 6 +-- .../service/ingress-dockertest-http-0.yaml | 2 +- .../service/ingress-dockertest-http-1.yaml | 2 +- .../service/ingress-dockertest-https-0.yaml | 2 +- .../service/ingress-dockertest-https-1.yaml | 2 +- ...ockertest-ingress-intracloud-https-0.yaml} | 2 +- .../ingress-dockertest-whitelist-0.yaml | 2 +- .../ingress-dockertest-whitelist-1.yaml | 2 +- .../service/ingress-routes-dockertest.yaml | 2 +- .../middleware-strip-prefix-dockertest.yaml | 2 +- .../service/middleware-strip-prefix.yaml | 2 +- .../service/prometheus-rule-dockertest.yaml | 4 +- .../service/sealed-secrets-dockertest.yaml | 2 +- .../templates/service/service-dockertest.yaml | 2 +- ...r.yaml => service-monitor-dockertest.yaml} | 2 +- tests/steps/deploy/k8s/test_k8s.py | 8 +-- 31 files changed, 85 insertions(+), 71 deletions(-) rename tests/steps/deploy/k8s/chart/templates/service/{ingress-intracloud-https-dockertest-0.yaml => ingress-dockertest-ingress-intracloud-https-0.yaml} (93%) rename tests/steps/deploy/k8s/chart/templates/service/{service-monitor.yaml => service-monitor-dockertest.yaml} (93%) diff --git a/src/mpyl/project.py b/src/mpyl/project.py index 87761720b..40c39cb0e 100644 --- a/src/mpyl/project.py +++ b/src/mpyl/project.py @@ -546,8 +546,8 @@ def project_overrides_yaml_file_pattern() -> str: return "project-override-*.yml" @staticmethod - def traefik_yaml_file_name(service_name: str) -> str: - return f"{service_name}-traefik.yml" + def traefik_yaml_file_name(deployment_name: str) -> str: + return f"{deployment_name}-traefik.yml" @property def root_path(self) -> Path: diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 9fa05f3c1..129376046 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -344,7 +344,7 @@ def to_service(self, deployment: Deployment) -> V1Service: kind="Service", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=deployment.name.lower(), + name=f"{self.release_name}-{deployment.name.lower()}", labels=self.to_labels(), ), spec=V1ServiceSpec( @@ -364,8 +364,9 @@ def to_service(self, deployment: Deployment) -> V1Service: ) def to_job(self, deployment: Deployment) -> V1Job: + job_name = f"{self.release_name}-{deployment.name.lower()}" job_container = V1Container( - name=self.release_name, + name=job_name, image=self._get_image(), env=self._get_env_vars(deployment), image_pull_policy="Always", @@ -383,7 +384,9 @@ def to_job(self, deployment: Deployment) -> V1Job: ) pod_template = V1PodTemplateSpec( - metadata=self._to_object_meta(annotations=self._to_image_annotation()), + metadata=self._to_object_meta( + annotations=self._to_image_annotation(), name=job_name + ), spec=V1PodSpec( containers=[job_container], service_account=self.release_name, @@ -427,7 +430,9 @@ def to_cron_job(self, deployment: Deployment) -> V1CronJob: return V1CronJob( api_version="batch/v1", kind="CronJob", - metadata=self._to_object_meta(), + metadata=self._to_object_meta( + name=f"{self.release_name}-{deployment.name.lower()}" + ), spec=v1_cron_job_spec, ) @@ -436,17 +441,17 @@ def to_prometheus_rule( ) -> V1PrometheusRule: return V1PrometheusRule( metadata=self._to_object_meta( - name=f"{deployment_name.lower()}-prometheus-rule" + name=f"{self.release_name}-{deployment_name.lower()}" ), alerts=alerts, ) def to_service_monitor( - self, metrics: Metrics, default_port: int + self, metrics: Metrics, default_port: int, deployment_name: str ) -> V1ServiceMonitor: return V1ServiceMonitor( metadata=self._to_object_meta( - name=f"{self.project.name.lower()}-service-monitor" + name=f"{self.release_name}-{deployment_name.lower()}" ), metrics=metrics, default_port=default_port, @@ -543,7 +548,7 @@ def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: return V1AlphaIngressRoute.from_spec( metadata=self._to_object_meta( - name=f"ingress-routes-{deployment.name.lower()}" + name=f"{self.release_name}-{deployment.name.lower()}" ), spec=ingress_route_spec, ) @@ -555,7 +560,7 @@ def to_ingress_routes( return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"ingress-{deployment.name.lower()}-http{("s" if https else "")}-{i}" + name=f"{deployment.name.lower()}-{host.name.lower()}-http{("s" if https else "")}-{i}" ), host=host, target=self.target, @@ -575,7 +580,7 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{host.additional_route.name}-{deployment.name}-{i}" + name=f"{deployment.name.lower()}-{host.additional_route.name}-{i}" ), host=host, target=self.target, @@ -602,21 +607,25 @@ def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware] ) adjusted_middlewares = { f'middleware-{middleware["metadata"]["name"]}': V1AlphaMiddleware.from_spec( - metadata=self._to_object_meta(name=middleware["metadata"]["name"]), + metadata=self._to_object_meta( + name=f"{self.release_name}-{deployment.name.lower()}-{middleware["metadata"]["name"]}" + ), spec=middleware["spec"], ) for middleware in middlewares } def to_metadata(host: HostWrapper) -> V1ObjectMeta: - metadata = self._to_object_meta(name=host.full_name) + metadata = self._to_object_meta( + name=f"{deployment.name.lower()}-{host.name}-whitelist-{host.index}" + ) metadata.annotations = { k: ", ".join(v) for k, v in host.white_lists.items() } return metadata return { - host.full_name: V1AlphaMiddleware.from_source_ranges( + f"ingress-{host.name}-whitelist-{host.index}": V1AlphaMiddleware.from_source_ranges( metadata=to_metadata(host), source_ranges=list(itertools.chain(*host.white_lists.values())), ) @@ -821,7 +830,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: liveness_probe, startup_probe = self._construct_probes(deployment) container = V1Container( - name="service", + name=f"{self.release_name}-{deployment.name.lower()}", image=self._get_image(), env=self._get_env_vars(deployment), ports=ports, @@ -854,13 +863,15 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: kind="Deployment", metadata=V1ObjectMeta( annotations=self._to_annotations(), - name=deployment.name.lower(), + name=f"{self.release_name}-{deployment.name.lower()}", labels=self.to_labels(), ), spec=V1DeploymentSpec( replicas=instances.get_value(target=self.target), template=V1PodTemplateSpec( - metadata=self._to_object_meta(deployment_name=deployment.name), + metadata=self._to_object_meta( + deployment_name=f"{self.release_name}-{deployment.name.lower()}" + ), spec=V1PodSpec( containers=[container], service_account=self.release_name, @@ -884,7 +895,8 @@ def to_common_chart( if deployment.properties and len(deployment.properties.sealed_secrets) > 0: chart[f"sealed-secrets-{deployment.name}"] = self.to_sealed_secrets( - deployment.properties.sealed_secrets, deployment.name + deployment.properties.sealed_secrets, + f"{self.release_name}-{deployment.name.lower()}", ) # role is only used for Keycloak which only has 1 deployment, can be removed soon @@ -903,7 +915,9 @@ def to_metrics(builder: ChartBuilder, deployment: Deployment): metrics = deployment.kubernetes.metrics service_monitor = ( { - "service-monitor": builder.to_service_monitor(metrics, default_port), + f"service-monitor-{deployment.name}": builder.to_service_monitor( + metrics, default_port, deployment.name.lower() + ), } if metrics and metrics.enabled else {} @@ -938,7 +952,7 @@ def _to_ingress_routes_charts(builder: ChartBuilder, deployment: Deployment): else {} ) additional_routes = { - route.metadata.name: route + f"ingress-{route.metadata.name}": route for i, route in enumerate(builder.to_additional_routes(deployment)) } @@ -951,7 +965,7 @@ def _to_prometheus_chart(builder: ChartBuilder, deployment: Deployment): { f"prometheus-rule-{deployment.name}": builder.to_prometheus_rule( alerts=metrics.alerts, - deployment_name=deployment.name, + deployment_name=deployment.name.lower(), ), } if metrics and metrics.enabled diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml index ddce8bd65..0acd5c3b4 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob + name: cronjob-cronjob spec: concurrencyPolicy: Allow failedJobsHistoryLimit: 1 @@ -30,7 +30,7 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob + name: cronjob-cronjob spec: containers: - args: @@ -48,7 +48,7 @@ spec: optional: false image: registry/image:123 imagePullPolicy: Always - name: cronjob + name: cronjob-cronjob resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml index 102faf6a1..6ae1d2aeb 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml @@ -10,10 +10,10 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: cronjob-prometheus-rule + name: cronjob-cronjob spec: groups: - - name: cronjob-prometheus-rule-group + - name: cronjob-cronjob-group rules: - alert: JobError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml index b4e7edfbe..04466e3bb 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/sealed-secrets-cronjob.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: cronjob + name: cronjob-cronjob spec: encryptedData: SOME_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index 73e7ed60b..ba1d45787 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentstrategyparameters + name: testdeploymentstrategyparameters-testdeploymentstrategyparameters spec: replicas: 1 selector: @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentstrategyparameters app.kubernetes.io/instance: testdeploymentstrategyparameters - vandebron.nl/deployment: testdeploymentstrategyparameters + vandebron.nl/deployment: testdeploymentstrategyparameters-testdeploymentstrategyparameters maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -56,7 +56,7 @@ spec: periodSeconds: 30 successThreshold: 0 timeoutSeconds: 20 - name: service + name: testdeploymentstrategyparameters-testdeploymentstrategyparameters ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index e2bec8b0c..ce480d2ed 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters1 + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 spec: replicas: 1 selector: @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters1 + vandebron.nl/deployment: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -45,7 +45,7 @@ spec: value: PullRequest image: registry/image:123 imagePullPolicy: Always - name: service + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index 09c97da83..de4d55fa0 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: testdeploymentsstrategyparameters2 + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 spec: replicas: 1 selector: @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters2 + vandebron.nl/deployment: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -45,7 +45,7 @@ spec: value: PullRequest image: registry/image:123 imagePullPolicy: Always - name: service + name: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 ports: - containerPort: 8080 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml b/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml index 9cdc344b0..44ca5e905 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployments/cronjob-cronJobDeployment.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-cronjobdeployment spec: failedJobsHistoryLimit: 3 jobTemplate: @@ -29,13 +29,13 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-cronjobdeployment spec: containers: - env: [] image: registry/image:123 imagePullPolicy: Always - name: deploymentsproject + name: deploymentsproject-cronjobdeployment resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml b/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml index 5a51e8ff5..d98b8da10 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployments/job-jobDeployment.yaml @@ -28,13 +28,13 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: deploymentsproject + name: deploymentsproject-jobdeployment spec: containers: - env: [] image: registry/image:123 imagePullPolicy: Always - name: deploymentsproject + name: deploymentsproject-jobdeployment resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index baef90149..2f7c74194 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: 20230829-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-minimalservice-https-0 + name: minimalservice-minimalservice-https-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 92e94ce4b..38ab4219a 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-minimalservice-https-0 + name: minimalservice-minimalservice-https-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml index cde0e228e..51589c41a 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml @@ -28,7 +28,7 @@ spec: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: job + name: job-job spec: containers: - args: @@ -46,7 +46,7 @@ spec: optional: false image: registry/image:123 imagePullPolicy: Always - name: job + name: job-job resources: limits: cpu: 500m diff --git a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml index fa91f9efa..8d4466858 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml @@ -10,10 +10,10 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: job-prometheus-rule + name: job-job spec: groups: - - name: job-prometheus-rule-group + - name: job-job-group rules: - alert: JobError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml index d14ab3aee..92170395f 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/sealed-secrets-job.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: job + name: job-job spec: encryptedData: SOME_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index e7aae0cff..1e34657ee 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest + name: dockertest-dockertest spec: replicas: 3 selector: @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest - vandebron.nl/deployment: dockertest + vandebron.nl/deployment: dockertest-dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 @@ -83,7 +83,7 @@ spec: periodSeconds: 30 successThreshold: 0 timeoutSeconds: 20 - name: service + name: dockertest-dockertest ports: - containerPort: 80 name: port-0 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index be0e3c1cc..97fe04a54 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-http-0 + name: dockertest-dockertest-http-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index f09dd038e..ddaefb3e2 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-http-1 + name: dockertest-dockertest-http-1 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index 00f77d1e0..8beb3a1b1 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-https-0 + name: dockertest-dockertest-https-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index f49d25300..28544f6f5 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-https-1 + name: dockertest-dockertest-https-1 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml similarity index 93% rename from tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml index bf282457e..f1aa7adca 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-intracloud-https-dockertest-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-intracloud-https-dockertest-0 + name: dockertest-ingress-intracloud-https-0 spec: routes: - kind: Rule diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml index 856c94e88..23d56035b 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml @@ -12,7 +12,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-whitelist-0 + name: dockertest-dockertest-whitelist-0 spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml index f43dfb003..ced532e5d 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml @@ -14,7 +14,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-dockertest-whitelist-1 + name: dockertest-dockertest-whitelist-1 spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml index cd126c9c2..1fe98447c 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: ingress-routes-dockertest + name: dockertest-dockertest spec: entryPoints: - web diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml index 8ad96a54a..7aeb64c98 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: strip-prefix-dockertest + name: dockertest-dockertest-strip-prefix-dockertest spec: stripPrefix: prefixes: diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml index 8bf6f0409..d549bb511 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: strip-prefix + name: dockertest-dockertest-strip-prefix spec: stripPrefix: prefixes: diff --git a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml index fb4b022e4..6aeec2a82 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml @@ -10,10 +10,10 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-prometheus-rule + name: dockertest-dockertest spec: groups: - - name: dockertest-prometheus-rule-group + - name: dockertest-dockertest-group rules: - alert: ServiceError annotations: diff --git a/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml index d540b576a..44537de95 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/sealed-secrets-dockertest.yaml @@ -5,7 +5,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: 'true' labels: chart: service-0.1.0 - name: dockertest + name: dockertest-dockertest spec: encryptedData: SOME_SEALED_SECRET_ENV: diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml index 169282f01..9b92d16a9 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest + name: dockertest-dockertest spec: ports: - name: 8080-webservice-port diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml similarity index 93% rename from tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml rename to tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml index 97ef347a0..72b930522 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-monitor.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml @@ -10,7 +10,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-service-monitor + name: dockertest-dockertest spec: endpoints: - honorLabels: true diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 4546d5a6c..621efbadb 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -152,14 +152,14 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "ingress-dockertest-http-0", "ingress-dockertest-https-1", "ingress-dockertest-http-1", - "ingress-intracloud-https-dockertest-0", + "ingress-dockertest-ingress-intracloud-https-0", "ingress-dockertest-whitelist-0", "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", "prometheus-rule-dockertest", - "service-monitor", + "service-monitor-dockertest", "role", "rolebinding", ], @@ -182,14 +182,14 @@ def test_service_chart_roundtrip(self, template): "ingress-dockertest-http-0", "ingress-dockertest-https-1", "ingress-dockertest-http-1", - "ingress-intracloud-https-dockertest-0", + "ingress-dockertest-ingress-intracloud-https-0", "ingress-dockertest-whitelist-0", "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", "prometheus-rule-dockertest", - "service-monitor", + "service-monitor-dockertest", "role", "rolebinding", } From 0f2b9b11b6449da7541ce1fbe2236856c6473b49 Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Thu, 27 Feb 2025 14:39:35 +0100 Subject: [PATCH 17/23] Use the new name for the sealed secret refs --- src/mpyl/steps/deploy/k8s/chart.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 129376046..30e036fa3 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -807,7 +807,8 @@ def _get_env_vars(self, deployment: Deployment) -> list[V1EnvVar]: ) sealed_secrets = ( self.get_sealed_secret_as_env_vars( - deployment.properties.sealed_secrets, deployment.name + deployment.properties.sealed_secrets, + f"{self.release_name}-{deployment.name.lower()}", ) if deployment.properties else [] From 0f8f68d9f8eadcac7014e5b8f0cef847e93e0c3b Mon Sep 17 00:00:00 2001 From: Jorg88 Date: Thu, 27 Feb 2025 14:43:22 +0100 Subject: [PATCH 18/23] Also update the unit tests --- .../deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml | 2 +- tests/steps/deploy/k8s/chart/templates/job/job-job.yaml | 2 +- .../k8s/chart/templates/service/deployment-dockertest.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml index 0acd5c3b4..79785fc76 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/cronjob-cronjob.yaml @@ -44,7 +44,7 @@ spec: valueFrom: secretKeyRef: key: SOME_SECRET_ENV - name: cronjob + name: cronjob-cronjob optional: false image: registry/image:123 imagePullPolicy: Always diff --git a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml index 51589c41a..26e760230 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/job-job.yaml @@ -42,7 +42,7 @@ spec: valueFrom: secretKeyRef: key: SOME_SECRET_ENV - name: job + name: job-job optional: false image: registry/image:123 imagePullPolicy: Always diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index 1e34657ee..95abbf26b 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -52,7 +52,7 @@ spec: valueFrom: secretKeyRef: key: SOME_SEALED_SECRET_ENV - name: dockertest + name: dockertest-dockertest optional: false - name: SOME_SECRET_ENV valueFrom: From 6a993d60f89222046256e458333f846ab9e85540 Mon Sep 17 00:00:00 2001 From: Pedro Taborda Date: Thu, 27 Feb 2025 23:09:46 +0100 Subject: [PATCH 19/23] replace SERVICE-NAME with the actual project name during traefik chart creation (instead of the deployment name) --- src/mpyl/steps/deploy/k8s/chart.py | 2 ++ src/mpyl/steps/deploy/k8s/resources/traefik.py | 6 +++--- tests/steps/deploy/k8s/test_k8s.py | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 30e036fa3..417a3069f 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -564,6 +564,7 @@ def to_ingress_routes( ), host=host, target=self.target, + release_name=self.release_name, namespace=self.namespace, pr_number=self.step_input.run_properties.versioning.pr_number, https=https, @@ -584,6 +585,7 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou ), host=host, target=self.target, + release_name=self.release_name, namespace=self.namespace, pr_number=self.step_input.run_properties.versioning.pr_number, https=True, diff --git a/src/mpyl/steps/deploy/k8s/resources/traefik.py b/src/mpyl/steps/deploy/k8s/resources/traefik.py index c50bc90fd..f1bac8f1d 100644 --- a/src/mpyl/steps/deploy/k8s/resources/traefik.py +++ b/src/mpyl/steps/deploy/k8s/resources/traefik.py @@ -39,6 +39,7 @@ def from_hosts( # pylint: disable=too-many-arguments,too-many-positional-argume metadata: V1ObjectMeta, host: HostWrapper, target: Target, + release_name: str, namespace: str, pr_number: Optional[int], middlewares_override: list[str], @@ -47,8 +48,8 @@ def from_hosts( # pylint: disable=too-many-arguments,too-many-positional-argume default_tls: str, https: bool = True, ): - def _interpolate_names(host: str, name: str) -> str: - host = host.replace(SERVICE_NAME_PLACEHOLDER, name) + def _interpolate_names(host: str) -> str: + host = host.replace(SERVICE_NAME_PLACEHOLDER, release_name) host = host.replace(NAMESPACE_PLACEHOLDER, namespace) host = replace_pr_number(host, pr_number) return host @@ -66,7 +67,6 @@ def _interpolate_names(host: str, name: str) -> str: "kind": "Rule", "match": _interpolate_names( host=host.traefik_host.host.get_value(target), - name=host.name, ), "services": [ {"name": host.name, "kind": "Service", "port": host.service_port} diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 621efbadb..dbba84abd 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -120,6 +120,7 @@ def test_should_validate_against_crd_schema(self): host=wrappers[0], target=Target.PRODUCTION, pr_number=1234, + release_name="dockertest", namespace="pr-1234", middlewares_override=[], entrypoints_override=[], From 4e3b09bb1777802b619c5c44c1325b5fd6ca1d63 Mon Sep 17 00:00:00 2001 From: Pedro Taborda Date: Thu, 27 Feb 2025 23:29:30 +0100 Subject: [PATCH 20/23] include the service name in the hostwrapper name to fix all references to services and middlewares --- src/mpyl/steps/deploy/k8s/chart.py | 8 +++----- .../ingress-prod/ingress-minimalService-https-0.yaml | 4 ++-- .../ingress/ingress-minimalService-https-0.yaml | 4 ++-- ...> ingress-dockertest-dockertest-whitelist-0.yaml} | 0 ...> ingress-dockertest-dockertest-whitelist-1.yaml} | 0 .../templates/service/ingress-dockertest-http-0.yaml | 4 ++-- .../templates/service/ingress-dockertest-http-1.yaml | 4 ++-- .../service/ingress-dockertest-https-0.yaml | 4 ++-- .../service/ingress-dockertest-https-1.yaml | 4 ++-- ...ngress-dockertest-ingress-intracloud-https-0.yaml | 2 +- tests/steps/deploy/k8s/test_k8s.py | 12 +++++------- 11 files changed, 21 insertions(+), 25 deletions(-) rename tests/steps/deploy/k8s/chart/templates/service/{ingress-dockertest-whitelist-0.yaml => ingress-dockertest-dockertest-whitelist-0.yaml} (100%) rename tests/steps/deploy/k8s/chart/templates/service/{ingress-dockertest-whitelist-1.yaml => ingress-dockertest-dockertest-whitelist-1.yaml} (100%) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 417a3069f..20651d61e 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -491,7 +491,7 @@ def to_white_list( return [ HostWrapper( traefik_host=host, - name=deployment.name.lower(), + name=f"{self.release_name}-{deployment.name.lower()}", index=idx, service_port=( host.service_port @@ -560,7 +560,7 @@ def to_ingress_routes( return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{deployment.name.lower()}-{host.name.lower()}-http{("s" if https else "")}-{i}" + name=f"{host.name.lower()}-http{("s" if https else "")}-{i}" ), host=host, target=self.target, @@ -618,9 +618,7 @@ def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware] } def to_metadata(host: HostWrapper) -> V1ObjectMeta: - metadata = self._to_object_meta( - name=f"{deployment.name.lower()}-{host.name}-whitelist-{host.index}" - ) + metadata = self._to_object_meta(name=f"{host.name}-whitelist-{host.index}") metadata.annotations = { k: ", ".join(v) for k, v in host.white_lists.items() } diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index 2f7c74194..cb75e44b0 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -16,11 +16,11 @@ spec: - kind: Rule match: Host(`mpyl-minimalservice.prod-backend.nl`) services: - - name: minimalservice + - name: minimalservice-minimalservice kind: Service port: 8080 middlewares: - - name: ingress-minimalservice-whitelist-0 + - name: ingress-minimalservice-minimalservice-whitelist-0 entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 38ab4219a..56dbecf2a 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -16,11 +16,11 @@ spec: - kind: Rule match: Host(`minimalservice-1234.test-backend.nl`) services: - - name: minimalservice + - name: minimalservice-minimalservice kind: Service port: 8080 middlewares: - - name: ingress-minimalservice-whitelist-0 + - name: ingress-minimalservice-minimalservice-whitelist-0 entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml similarity index 100% rename from tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml rename to tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index 97fe04a54..5740ab6b1 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -16,12 +16,12 @@ spec: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: ingress-dockertest-whitelist-0 + - name: ingress-dockertest-dockertest-whitelist-0 syntax: v2 entryPoints: - web diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index ddaefb3e2..cd6672e20 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -16,12 +16,12 @@ spec: - kind: Rule match: Host(`some.other.host.com`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 4091 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: ingress-dockertest-whitelist-1 + - name: ingress-dockertest-dockertest-whitelist-1 syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index 8beb3a1b1..49ba2dfb4 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -16,11 +16,11 @@ spec: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: - - name: ingress-dockertest-whitelist-0 + - name: ingress-dockertest-dockertest-whitelist-0 syntax: v2 entryPoints: - websecure diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index 28544f6f5..0fd512a16 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -16,11 +16,11 @@ spec: - kind: Rule match: Host(`some.other.host.com`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 4091 middlewares: - - name: ingress-dockertest-whitelist-1 + - name: ingress-dockertest-dockertest-whitelist-1 syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml index f1aa7adca..4aaba7772 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml @@ -16,7 +16,7 @@ spec: - kind: Rule match: Host(`payments-1234.test.nl`) services: - - name: dockertest + - name: dockertest-dockertest kind: Service port: 8080 middlewares: diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index dbba84abd..6ccdcacdf 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -154,8 +154,8 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-whitelist-0", - "ingress-dockertest-whitelist-1", + "ingress-dockertest-dockertest-whitelist-0", + "ingress-dockertest-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", @@ -172,9 +172,7 @@ def test_service_chart_roundtrip(self, template): traefik_project.deployments[0] ) | to_service_chart(builder, builder.project.deployments[0]) self._roundtrip(self.template_path / "service", template, chart) - for key in chart.keys(): - print(key) - assert chart.keys() == { + assert set(chart.keys()) == { "service-account", "sealed-secrets-dockertest", "deployment-dockertest", @@ -184,8 +182,8 @@ def test_service_chart_roundtrip(self, template): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-whitelist-0", - "ingress-dockertest-whitelist-1", + "ingress-dockertest-dockertest-whitelist-0", + "ingress-dockertest-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", From f71eb2c50a9cafc19f5cb05d261cd8246391f465 Mon Sep 17 00:00:00 2001 From: Pedro Taborda Date: Thu, 27 Feb 2025 23:39:32 +0100 Subject: [PATCH 21/23] aligned the filename for the generated whitelist --- src/mpyl/steps/deploy/k8s/chart.py | 2 +- .../steps/deploy/k8s/resources/traefik.py | 6 +---- ...ess-dockertest-dockertest-whitelist-0.yaml | 19 --------------- ...ess-dockertest-dockertest-whitelist-1.yaml | 24 ------------------- tests/steps/deploy/k8s/test_k8s.py | 8 +++---- 5 files changed, 6 insertions(+), 53 deletions(-) delete mode 100644 tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml delete mode 100644 tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 20651d61e..ca55c6971 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -625,7 +625,7 @@ def to_metadata(host: HostWrapper) -> V1ObjectMeta: return metadata return { - f"ingress-{host.name}-whitelist-{host.index}": V1AlphaMiddleware.from_source_ranges( + f"ingress-{deployment.name}-whitelist-{host.index}": V1AlphaMiddleware.from_source_ranges( metadata=to_metadata(host), source_ranges=list(itertools.chain(*host.white_lists.values())), ) diff --git a/src/mpyl/steps/deploy/k8s/resources/traefik.py b/src/mpyl/steps/deploy/k8s/resources/traefik.py index f1bac8f1d..e000b34be 100644 --- a/src/mpyl/steps/deploy/k8s/resources/traefik.py +++ b/src/mpyl/steps/deploy/k8s/resources/traefik.py @@ -27,10 +27,6 @@ class HostWrapper: additional_route: Optional[TraefikAdditionalRoute] insecure: bool = False - @property - def full_name(self) -> str: - return f"ingress-{self.name}-whitelist-{self.index}" - class V1AlphaIngressRoute(CustomResourceDefinition): @classmethod @@ -57,7 +53,7 @@ def _interpolate_names(host: str) -> str: combined_middlewares = ( [ {"name": http_middleware} if not https else None, - {"name": host.full_name}, + {"name": f"ingress-{host.name}-whitelist-{host.index}"}, ] if len(middlewares_override) == 0 else [{"name": m for m in middlewares_override}] diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml deleted file mode 100644 index 23d56035b..000000000 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-0.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - annotations: - VPN: 10.0.0.1 - labels: - name: dockertest - app.kubernetes.io/version: pr-1234 - app.kubernetes.io/name: dockertest - app.kubernetes.io/instance: dockertest - maintainers: MPyL - maintainer: MPyL - version: pr-1234 - revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-whitelist-0 -spec: - ipAllowList: - sourceRange: - - 10.0.0.1 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml deleted file mode 100644 index ced532e5d..000000000 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-dockertest-whitelist-1.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - annotations: - VPN: 10.0.0.1 - K8s-Test: 1.2.3.0, 1.2.3.1 - TargetSpecificWhitelist: 1.2.3.4 - labels: - name: dockertest - app.kubernetes.io/version: pr-1234 - app.kubernetes.io/name: dockertest - app.kubernetes.io/instance: dockertest - maintainers: MPyL - maintainer: MPyL - version: pr-1234 - revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-whitelist-1 -spec: - ipAllowList: - sourceRange: - - 10.0.0.1 - - 1.2.3.0 - - 1.2.3.1 - - 1.2.3.4 diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 6ccdcacdf..8db825641 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -154,8 +154,8 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-dockertest-whitelist-0", - "ingress-dockertest-dockertest-whitelist-1", + "ingress-dockertest-whitelist-0", + "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", @@ -182,8 +182,8 @@ def test_service_chart_roundtrip(self, template): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-dockertest-whitelist-0", - "ingress-dockertest-dockertest-whitelist-1", + "ingress-dockertest-whitelist-0", + "ingress-dockertest-whitelist-1", "ingress-routes-dockertest", "middleware-strip-prefix", "middleware-strip-prefix-dockertest", From efdcf1ce7616153fa76b01fd122fbada2cda6f1e Mon Sep 17 00:00:00 2001 From: Pedro Taborda Date: Fri, 28 Feb 2025 00:15:48 +0100 Subject: [PATCH 22/23] added the vandebron.nl/deployment label to every resource that is owned by a deployment --- src/mpyl/steps/deploy/k8s/chart.py | 32 ++++++++++++------- .../cronjob/prometheus-rule-cronjob.yaml | 1 + ...ment-testDeploymentStrategyParameters.yaml | 2 +- ...nt-testDeploymentsStrategyParameters1.yaml | 2 +- ...nt-testDeploymentsStrategyParameters2.yaml | 2 +- .../ingress-minimalService-https-0.yaml | 1 + .../ingress-minimalService-https-0.yaml | 1 + .../templates/job/prometheus-rule-job.yaml | 1 + .../service/deployment-dockertest.yaml | 2 +- .../service/ingress-dockertest-http-0.yaml | 1 + .../service/ingress-dockertest-http-1.yaml | 1 + .../service/ingress-dockertest-https-0.yaml | 1 + .../service/ingress-dockertest-https-1.yaml | 1 + ...dockertest-ingress-intracloud-https-0.yaml | 1 + .../ingress-dockertest-whitelist-0.yaml | 20 ++++++++++++ .../ingress-dockertest-whitelist-1.yaml | 25 +++++++++++++++ .../service/ingress-routes-dockertest.yaml | 1 + .../middleware-strip-prefix-dockertest.yaml | 1 + .../service/middleware-strip-prefix.yaml | 1 + .../service/prometheus-rule-dockertest.yaml | 1 + .../templates/service/service-dockertest.yaml | 1 + .../service/service-monitor-dockertest.yaml | 1 + 22 files changed, 84 insertions(+), 16 deletions(-) create mode 100644 tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml create mode 100644 tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index ca55c6971..3b29ad7f6 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -234,7 +234,6 @@ def __init__(self, step_input: Input): def to_labels(self, deployment_name: Optional[str] = None) -> dict: run_properties = self.step_input.run_properties - app_labels = { "name": self.release_name, "app.kubernetes.io/version": run_properties.versioning.identifier, @@ -345,7 +344,7 @@ def to_service(self, deployment: Deployment) -> V1Service: metadata=V1ObjectMeta( annotations=self._to_annotations(), name=f"{self.release_name}-{deployment.name.lower()}", - labels=self.to_labels(), + labels=self.to_labels(deployment_name=deployment.name.lower()), ), spec=V1ServiceSpec( type="ClusterIP", @@ -441,7 +440,8 @@ def to_prometheus_rule( ) -> V1PrometheusRule: return V1PrometheusRule( metadata=self._to_object_meta( - name=f"{self.release_name}-{deployment_name.lower()}" + name=f"{self.release_name}-{deployment_name.lower()}", + deployment_name=deployment_name.lower(), ), alerts=alerts, ) @@ -451,7 +451,8 @@ def to_service_monitor( ) -> V1ServiceMonitor: return V1ServiceMonitor( metadata=self._to_object_meta( - name=f"{self.release_name}-{deployment_name.lower()}" + name=f"{self.release_name}-{deployment_name.lower()}", + deployment_name=deployment_name.lower(), ), metrics=metrics, default_port=default_port, @@ -548,7 +549,8 @@ def to_ingress(self, deployment: Deployment) -> Optional[V1AlphaIngressRoute]: return V1AlphaIngressRoute.from_spec( metadata=self._to_object_meta( - name=f"{self.release_name}-{deployment.name.lower()}" + name=f"{self.release_name}-{deployment.name.lower()}", + deployment_name=deployment.name.lower(), ), spec=ingress_route_spec, ) @@ -560,7 +562,8 @@ def to_ingress_routes( return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{host.name.lower()}-http{("s" if https else "")}-{i}" + name=f"{host.name.lower()}-http{("s" if https else "")}-{i}", + deployment_name=deployment.name.lower(), ), host=host, target=self.target, @@ -581,7 +584,8 @@ def to_additional_routes(self, deployment: Deployment) -> list[V1AlphaIngressRou return [ V1AlphaIngressRoute.from_hosts( metadata=self._to_object_meta( - name=f"{deployment.name.lower()}-{host.additional_route.name}-{i}" + name=f"{deployment.name.lower()}-{host.additional_route.name}-{i}", + deployment_name=deployment.name.lower(), ), host=host, target=self.target, @@ -610,15 +614,19 @@ def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware] adjusted_middlewares = { f'middleware-{middleware["metadata"]["name"]}': V1AlphaMiddleware.from_spec( metadata=self._to_object_meta( - name=f"{self.release_name}-{deployment.name.lower()}-{middleware["metadata"]["name"]}" + name=f"{self.release_name}-{deployment.name.lower()}-{middleware["metadata"]["name"]}", + deployment_name=deployment.name.lower(), ), spec=middleware["spec"], ) for middleware in middlewares } - def to_metadata(host: HostWrapper) -> V1ObjectMeta: - metadata = self._to_object_meta(name=f"{host.name}-whitelist-{host.index}") + def to_metadata(deployment: Deployment, host: HostWrapper) -> V1ObjectMeta: + metadata = self._to_object_meta( + name=f"{host.name}-whitelist-{host.index}", + deployment_name=deployment.name.lower(), + ) metadata.annotations = { k: ", ".join(v) for k, v in host.white_lists.items() } @@ -626,7 +634,7 @@ def to_metadata(host: HostWrapper) -> V1ObjectMeta: return { f"ingress-{deployment.name}-whitelist-{host.index}": V1AlphaMiddleware.from_source_ranges( - metadata=to_metadata(host), + metadata=to_metadata(deployment, host), source_ranges=list(itertools.chain(*host.white_lists.values())), ) for host in hosts @@ -871,7 +879,7 @@ def to_deployment(self, deployment: Deployment) -> V1Deployment: replicas=instances.get_value(target=self.target), template=V1PodTemplateSpec( metadata=self._to_object_meta( - deployment_name=f"{self.release_name}-{deployment.name.lower()}" + deployment_name=deployment.name.lower() ), spec=V1PodSpec( containers=[container], diff --git a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml index 6ae1d2aeb..4a930adf6 100644 --- a/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml +++ b/tests/steps/deploy/k8s/chart/templates/cronjob/prometheus-rule-cronjob.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: cronjob app.kubernetes.io/instance: cronjob + vandebron.nl/deployment: cronjob maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml index ba1d45787..5dc2f398c 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentStrategyParameters.yaml @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentstrategyparameters app.kubernetes.io/instance: testdeploymentstrategyparameters - vandebron.nl/deployment: testdeploymentstrategyparameters-testdeploymentstrategyparameters + vandebron.nl/deployment: testdeploymentstrategyparameters maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml index ce480d2ed..f6d9a0f7b 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters1.yaml @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters1 + vandebron.nl/deployment: testdeploymentsstrategyparameters1 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml index de4d55fa0..4f3639880 100644 --- a/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml +++ b/tests/steps/deploy/k8s/chart/templates/deployment/deployment-testDeploymentsStrategyParameters2.yaml @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: testdeploymentsstrategyparameters app.kubernetes.io/instance: testdeploymentsstrategyparameters - vandebron.nl/deployment: testdeploymentsstrategyparameters-testdeploymentsstrategyparameters2 + vandebron.nl/deployment: testdeploymentsstrategyparameters2 maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index cb75e44b0..792458277 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: 20230829-1234 app.kubernetes.io/name: minimalservice app.kubernetes.io/instance: minimalservice + vandebron.nl/deployment: minimalservice maintainers: MPyL maintainer: MPyL version: 20230829-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 56dbecf2a..7bc7f6935 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: minimalservice app.kubernetes.io/instance: minimalservice + vandebron.nl/deployment: minimalservice maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml index 8d4466858..f42a6e7ed 100644 --- a/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml +++ b/tests/steps/deploy/k8s/chart/templates/job/prometheus-rule-job.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: job app.kubernetes.io/instance: job + vandebron.nl/deployment: job maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml index 95abbf26b..f0bb977fa 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/deployment-dockertest.yaml @@ -32,7 +32,7 @@ spec: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest - vandebron.nl/deployment: dockertest-dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index 5740ab6b1..df5188d04 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index cd6672e20..a7a3dc04e 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index 49ba2dfb4..19cc3ac22 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index 0fd512a16..bdad4eddf 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml index 4aaba7772..9e7eb0993 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-ingress-intracloud-https-0.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml new file mode 100644 index 000000000..3b22da102 --- /dev/null +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml @@ -0,0 +1,20 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + annotations: + VPN: 10.0.0.1 + labels: + name: dockertest + app.kubernetes.io/version: pr-1234 + app.kubernetes.io/name: dockertest + app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest + maintainers: MPyL + maintainer: MPyL + version: pr-1234 + revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f + name: dockertest-dockertest-whitelist-0 +spec: + ipAllowList: + sourceRange: + - 10.0.0.1 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml new file mode 100644 index 000000000..794f500d2 --- /dev/null +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml @@ -0,0 +1,25 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + annotations: + VPN: 10.0.0.1 + K8s-Test: 1.2.3.0, 1.2.3.1 + TargetSpecificWhitelist: 1.2.3.4 + labels: + name: dockertest + app.kubernetes.io/version: pr-1234 + app.kubernetes.io/name: dockertest + app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest + maintainers: MPyL + maintainer: MPyL + version: pr-1234 + revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f + name: dockertest-dockertest-whitelist-1 +spec: + ipAllowList: + sourceRange: + - 10.0.0.1 + - 1.2.3.0 + - 1.2.3.1 + - 1.2.3.4 diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml index 1fe98447c..53e853650 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml index 7aeb64c98..96e317eff 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml index d549bb511..a7f884c9a 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml index 6aeec2a82..aacdd5186 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/prometheus-rule-dockertest.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml index 9b92d16a9..afc952f4e 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-dockertest.yaml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 diff --git a/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml index 72b930522..a42553b28 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/service-monitor-dockertest.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/version: pr-1234 app.kubernetes.io/name: dockertest app.kubernetes.io/instance: dockertest + vandebron.nl/deployment: dockertest maintainers: MPyL maintainer: MPyL version: pr-1234 From 7baecf322c0cf99488131a67159b154aae6df270 Mon Sep 17 00:00:00 2001 From: Pedro Taborda Date: Fri, 28 Feb 2025 16:00:18 +0100 Subject: [PATCH 23/23] aligned all middleware names --- src/mpyl/steps/deploy/k8s/chart.py | 10 ++++---- .../steps/deploy/k8s/resources/traefik.py | 2 +- .../ingress-minimalService-https-0.yaml | 2 +- .../ingress-minimalService-https-0.yaml | 2 +- .../service/ingress-dockertest-http-0.yaml | 2 +- .../service/ingress-dockertest-http-1.yaml | 2 +- .../service/ingress-dockertest-https-0.yaml | 2 +- .../service/ingress-dockertest-https-1.yaml | 2 +- .../service/ingress-routes-dockertest.yaml | 2 +- .../middleware-strip-prefix-dockertest.yaml | 2 +- .../service/middleware-strip-prefix.yaml | 18 --------------- ...=> middleware-whitelist-0-dockertest.yaml} | 2 +- ...=> middleware-whitelist-1-dockertest.yaml} | 2 +- tests/steps/deploy/k8s/test_k8s.py | 23 +++++++++---------- .../traefik/dockertest-traefik.yml | 4 ++-- 15 files changed, 30 insertions(+), 47 deletions(-) delete mode 100644 tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml rename tests/steps/deploy/k8s/chart/templates/service/{ingress-dockertest-whitelist-0.yaml => middleware-whitelist-0-dockertest.yaml} (91%) rename tests/steps/deploy/k8s/chart/templates/service/{ingress-dockertest-whitelist-1.yaml => middleware-whitelist-1-dockertest.yaml} (93%) diff --git a/src/mpyl/steps/deploy/k8s/chart.py b/src/mpyl/steps/deploy/k8s/chart.py index 3b29ad7f6..8e50aee3b 100644 --- a/src/mpyl/steps/deploy/k8s/chart.py +++ b/src/mpyl/steps/deploy/k8s/chart.py @@ -612,9 +612,11 @@ def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware] else [] ) adjusted_middlewares = { - f'middleware-{middleware["metadata"]["name"]}': V1AlphaMiddleware.from_spec( + f'middleware-{middleware["metadata"]["name"]}-{deployment.name}': V1AlphaMiddleware.from_spec( metadata=self._to_object_meta( - name=f"{self.release_name}-{deployment.name.lower()}-{middleware["metadata"]["name"]}", + # this needs to be the exact name selected by the developer, + # otherwise they won't be able to match it in the ingress + name=middleware["metadata"]["name"], deployment_name=deployment.name.lower(), ), spec=middleware["spec"], @@ -624,7 +626,7 @@ def to_middlewares(self, deployment: Deployment) -> dict[str, V1AlphaMiddleware] def to_metadata(deployment: Deployment, host: HostWrapper) -> V1ObjectMeta: metadata = self._to_object_meta( - name=f"{host.name}-whitelist-{host.index}", + name=f"whitelist-{host.index}-{host.name}", deployment_name=deployment.name.lower(), ) metadata.annotations = { @@ -633,7 +635,7 @@ def to_metadata(deployment: Deployment, host: HostWrapper) -> V1ObjectMeta: return metadata return { - f"ingress-{deployment.name}-whitelist-{host.index}": V1AlphaMiddleware.from_source_ranges( + f"middleware-whitelist-{host.index}-{deployment.name}": V1AlphaMiddleware.from_source_ranges( metadata=to_metadata(deployment, host), source_ranges=list(itertools.chain(*host.white_lists.values())), ) diff --git a/src/mpyl/steps/deploy/k8s/resources/traefik.py b/src/mpyl/steps/deploy/k8s/resources/traefik.py index e000b34be..9584222f8 100644 --- a/src/mpyl/steps/deploy/k8s/resources/traefik.py +++ b/src/mpyl/steps/deploy/k8s/resources/traefik.py @@ -53,7 +53,7 @@ def _interpolate_names(host: str) -> str: combined_middlewares = ( [ {"name": http_middleware} if not https else None, - {"name": f"ingress-{host.name}-whitelist-{host.index}"}, + {"name": f"whitelist-{host.index}-{host.name}"}, ] if len(middlewares_override) == 0 else [{"name": m for m in middlewares_override}] diff --git a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml index 792458277..6c5d3002e 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress-prod/ingress-minimalService-https-0.yaml @@ -21,7 +21,7 @@ spec: kind: Service port: 8080 middlewares: - - name: ingress-minimalservice-minimalservice-whitelist-0 + - name: whitelist-0-minimalservice-minimalservice entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml index 7bc7f6935..1d2a9bc4e 100644 --- a/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/ingress/ingress-minimalService-https-0.yaml @@ -21,7 +21,7 @@ spec: kind: Service port: 8080 middlewares: - - name: ingress-minimalservice-minimalservice-whitelist-0 + - name: whitelist-0-minimalservice-minimalservice entryPoints: - websecure tls: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml index df5188d04..e29e10c2c 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-0.yaml @@ -22,7 +22,7 @@ spec: port: 8080 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: ingress-dockertest-dockertest-whitelist-0 + - name: whitelist-0-dockertest-dockertest syntax: v2 entryPoints: - web diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml index a7a3dc04e..29acf24bf 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-http-1.yaml @@ -22,7 +22,7 @@ spec: port: 4091 middlewares: - name: traefik-https-redirect@kubernetescrd - - name: ingress-dockertest-dockertest-whitelist-1 + - name: whitelist-1-dockertest-dockertest syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml index 19cc3ac22..23f3e27ca 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-0.yaml @@ -21,7 +21,7 @@ spec: kind: Service port: 8080 middlewares: - - name: ingress-dockertest-dockertest-whitelist-0 + - name: whitelist-0-dockertest-dockertest syntax: v2 entryPoints: - websecure diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml index bdad4eddf..5be39a932 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-https-1.yaml @@ -21,7 +21,7 @@ spec: kind: Service port: 4091 middlewares: - - name: ingress-dockertest-dockertest-whitelist-1 + - name: whitelist-1-dockertest-dockertest syntax: v3 priority: 1000 entryPoints: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml index 53e853650..5706cf7a9 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/ingress-routes-dockertest.yaml @@ -19,4 +19,4 @@ spec: - kind: Rule match: placeholder-test-pr-1234-1234-test middlewares: - - name: strip-prefix-dockertest + - name: strip-prefix diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml index 96e317eff..906074f40 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix-dockertest.yaml @@ -11,7 +11,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-strip-prefix-dockertest + name: strip-prefix spec: stripPrefix: prefixes: diff --git a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml deleted file mode 100644 index a7f884c9a..000000000 --- a/tests/steps/deploy/k8s/chart/templates/service/middleware-strip-prefix.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - labels: - name: dockertest - app.kubernetes.io/version: pr-1234 - app.kubernetes.io/name: dockertest - app.kubernetes.io/instance: dockertest - vandebron.nl/deployment: dockertest - maintainers: MPyL - maintainer: MPyL - version: pr-1234 - revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-strip-prefix -spec: - stripPrefix: - prefixes: - - /service diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml similarity index 91% rename from tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml rename to tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml index 3b22da102..002fb1f79 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-0.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-0-dockertest.yaml @@ -13,7 +13,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-whitelist-0 + name: whitelist-0-dockertest-dockertest spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml similarity index 93% rename from tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml rename to tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml index 794f500d2..b15ed5bcb 100644 --- a/tests/steps/deploy/k8s/chart/templates/service/ingress-dockertest-whitelist-1.yaml +++ b/tests/steps/deploy/k8s/chart/templates/service/middleware-whitelist-1-dockertest.yaml @@ -15,7 +15,7 @@ metadata: maintainer: MPyL version: pr-1234 revision: 2ad3293a7675d08bc037ef0846ef55897f38ec8f - name: dockertest-dockertest-whitelist-1 + name: whitelist-1-dockertest-dockertest spec: ipAllowList: sourceRange: diff --git a/tests/steps/deploy/k8s/test_k8s.py b/tests/steps/deploy/k8s/test_k8s.py index 8db825641..9a321f565 100644 --- a/tests/steps/deploy/k8s/test_k8s.py +++ b/tests/steps/deploy/k8s/test_k8s.py @@ -49,12 +49,12 @@ class TestKubernetesChart: @staticmethod def _roundtrip( file_name: Path, - chart: str, + filename: str, resources: dict[str, Union[CustomResourceDefinition, V1Job, V1CronJob]], overwrite: bool = False, ): - name_chart = file_name / f"{chart}.yaml" - resource = resources[chart] + name_chart = file_name / f"{filename}.yaml" + resource = resources[filename] assert_roundtrip(name_chart, to_yaml(resource), overwrite) @staticmethod @@ -154,10 +154,9 @@ def test_should_not_extend_whitelists_if_none_defined_for_target(self): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-whitelist-0", - "ingress-dockertest-whitelist-1", + "middleware-whitelist-0-dockertest", + "middleware-whitelist-1-dockertest", "ingress-routes-dockertest", - "middleware-strip-prefix", "middleware-strip-prefix-dockertest", "prometheus-rule-dockertest", "service-monitor-dockertest", @@ -171,7 +170,9 @@ def test_service_chart_roundtrip(self, template): chart = builder.to_common_chart( traefik_project.deployments[0] ) | to_service_chart(builder, builder.project.deployments[0]) - self._roundtrip(self.template_path / "service", template, chart) + self._roundtrip( + self.template_path / "service", filename=template, resources=chart + ) assert set(chart.keys()) == { "service-account", "sealed-secrets-dockertest", @@ -182,10 +183,9 @@ def test_service_chart_roundtrip(self, template): "ingress-dockertest-https-1", "ingress-dockertest-http-1", "ingress-dockertest-ingress-intracloud-https-0", - "ingress-dockertest-whitelist-0", - "ingress-dockertest-whitelist-1", + "middleware-whitelist-0-dockertest", + "middleware-whitelist-1-dockertest", "ingress-routes-dockertest", - "middleware-strip-prefix", "middleware-strip-prefix-dockertest", "prometheus-rule-dockertest", "service-monitor-dockertest", @@ -201,8 +201,7 @@ def test_ingress_routes_placeholder_replacement(self): == "placeholder-test-pr-1234-1234-test" ) assert ( - ingress_routes.spec["routes"][0]["middlewares"][0]["name"] - == "strip-prefix-dockertest" + ingress_routes.spec["routes"][0]["middlewares"][0]["name"] == "strip-prefix" ) def test_middlewares_placeholder_replacement(self): diff --git a/tests/test_resources/test_projects/traefik/dockertest-traefik.yml b/tests/test_resources/test_projects/traefik/dockertest-traefik.yml index 9ec1d8b48..b403af0ee 100644 --- a/tests/test_resources/test_projects/traefik/dockertest-traefik.yml +++ b/tests/test_resources/test_projects/traefik/dockertest-traefik.yml @@ -7,7 +7,7 @@ traefik: - kind: Rule match: placeholder-test-{namespace}-{PR-NUMBER}-test middlewares: - - name: "strip-prefix-{SERVICE-NAME}" + - name: "strip-prefix" middlewares: all: - metadata: @@ -17,7 +17,7 @@ traefik: prefixes: - "/service" - metadata: - name: "strip-prefix-{SERVICE-NAME}" + name: "strip-prefix" spec: stripPrefix: prefixes: