Add helm unittests (#380)

This commit is contained in:
Otto Bittner 2022-10-31 19:25:02 +01:00 committed by GitHub
parent 3933a97567
commit 30bdbd9b85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
68 changed files with 1217 additions and 105 deletions

View file

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: testNamespace

View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: testNamespace

View file

@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: join-service
name: join-service
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- create
- update

View file

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: join-service
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: join-service
subjects:
- kind: ServiceAccount
name: join-service
namespace: testNamespace

View file

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: join-config
namespace: kube-system
data:
enforcedPCRs: "[1,11]"
measurements: "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}"
binaryData:
measurementSalt: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

View file

@ -0,0 +1,69 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: join-service
namespace: testNamespace
labels:
component: join-service
k8s-app: join-service
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: join-service
template:
metadata:
labels:
k8s-app: join-service
spec:
priorityClassName: system-cluster-critical
serviceAccountName: join-service
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Equal
value: "true"
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
nodeSelector:
node-role.kubernetes.io/control-plane: ""
containers:
- name: join-service
image: joinServiceImage
args:
- --cloud-provider=QEMU
- --kms-endpoint=kms.kube-system:9000
volumeMounts:
- mountPath: /var/config
name: config
readOnly: true
- mountPath: /etc/kubernetes
name: kubeadm
readOnly: true
ports:
- containerPort: 9090
name: tcp
resources: {}
securityContext:
privileged: true
volumes:
- name: config
projected:
sources:
- configMap:
name: join-config
- configMap:
name: k8s-version
- configMap:
name: internal-config
- name: kubeadm
hostPath:
path: /etc/kubernetes
updateStrategy: {}

View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: join-service
namespace: testNamespace
spec:
type: NodePort
selector:
k8s-app: join-service
ports:
- name: grpc
protocol: TCP
port: 9090
targetPort: 9090
nodePort: 30090
status:
loadBalancer: {}

View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: join-service
namespace: testNamespace

View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: kms
name: kms
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get

View file

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kms
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kms
subjects:
- kind: ServiceAccount
name: kms
namespace: testNamespace

View file

@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: kms
k8s-app: kms
kubernetes.io/cluster-service: "true"
name: kms
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: kms
template:
metadata:
labels:
k8s-app: kms
spec:
containers:
- name: kms
image: kmsImage
args:
- --port=9000
volumeMounts:
- mountPath: /var/config
name: config
readOnly: true
resources: {}
nodeSelector:
node-role.kubernetes.io/control-plane: ""
priorityClassName: system-cluster-critical
serviceAccountName: kms
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Equal
value: "true"
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
volumes:
- name: config
projected:
sources:
- configMap:
items:
- key: measurements
path: measurements
name: join-config
- secret:
items:
- key: mastersecret
path: mastersecret
- key: salt
path: salt
name: constellation-mastersecret
updateStrategy: {}

View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: constellation-mastersecret
namespace: testNamespace
data:
mastersecret: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=
salt: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=

View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: kms
namespace: testNamespace
spec:
ports:
- name: grpc
port: 9000
protocol: TCP
targetPort: 9000
selector:
k8s-app: kms
type: ClusterIP
status:
loadBalancer: {}

View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kms
namespace: testNamespace