sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Teleport Chart 업데이트

Browse Source
This commit is contained in:
ByeonJungHun
2024-01-22 12:12:36 +09:00
parent fde2f5f8a7
commit 7c1afcf6d7
163 changed files with 15784 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

538
helm/old/teleport-cluster/tests/ingress_test.yaml Normal file
View File

@@ -0,0 +1,538 @@
suite: Proxy Ingress
templates:
- proxy/ingress.yaml
tests:
- it: does not create an Ingress by default
set:
clusterName: teleport.example.com
asserts:
- hasDocuments:
count: 0
- it: creates an Ingress when ingress.enabled=true and proxyListenerMode=multiplex
values:
- ../.lint/ingress.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: Ingress
- it: fails to deploy an Ingress when ingress.enabled=true and proxyListenerMode is not set
values:
- ../.lint/ingress.yaml
set:
proxyListenerMode: ""
asserts:
- failedTemplate:
errorMessage: "Use of an ingress requires TLS multiplexing to be enabled, so you must also set proxyListenerMode=multiplex - see https://goteleport.com/docs/architecture/tls-routing/"
- it: fails to deploy an Ingress when ingress.enabled=true and proxyListenerMode=separate
values:
- ../.lint/ingress.yaml
set:
proxyListenerMode: separate
asserts:
- failedTemplate:
errorMessage: "Use of an ingress requires TLS multiplexing to be enabled, so you must also set proxyListenerMode=multiplex - see https://goteleport.com/docs/architecture/tls-routing/"
- it: wears annotations when set
values:
- ../.lint/ingress.yaml
set:
annotations:
ingress:
test-annotation: test-annotation-value
another-annotation: some-other-value
asserts:
- hasDocuments:
count: 1
- isKind:
of: Ingress
- equal:
path: metadata.annotations.test-annotation
value: test-annotation-value
- equal:
path: metadata.annotations.another-annotation
value: some-other-value
- it: sets the clusterName and wildcard of clusterName as hostnames when Ingress is enabled
values:
- ../.lint/ingress.yaml
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "teleport.example.com"
- contains:
path: spec.tls
content:
hosts:
- "teleport.example.com"
- "*.teleport.example.com"
- equal:
path: spec.rules[0].host
value: "teleport.example.com"
- contains:
path: spec.rules
content:
host: "teleport.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- equal:
path: spec.rules[1].host
value: "*.teleport.example.com"
- contains:
path: spec.rules
content:
host: "*.teleport.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: does not set a wildcard of clusterName as a hostname when Ingress is enabled and ingress.suppressAutomaticWildcards is true
values:
- ../.lint/ingress.yaml
set:
ingress:
suppressAutomaticWildcards: true
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "teleport.example.com"
- contains:
path: spec.tls
content:
hosts:
- "teleport.example.com"
- equal:
path: spec.rules[0].host
value: "teleport.example.com"
- contains:
path: spec.rules
content:
host: "teleport.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- notContains:
path: spec.rules
content:
host: "*.teleport.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: sets the publicAddr and wildcard of publicAddr as hostnames when Ingress is enabled and publicAddr is set
values:
- ../.lint/ingress.yaml
set:
publicAddr: ["helm-lint.example.com"]
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "helm-lint.example.com"
- contains:
path: spec.tls
content:
hosts:
- "helm-lint.example.com"
- "*.helm-lint.example.com"
- equal:
path: spec.rules[0].host
value: helm-lint.example.com
- contains:
path: spec.rules
content:
host: "helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- equal:
path: spec.rules[1].host
value: "*.helm-lint.example.com"
- contains:
path: spec.rules
content:
host: "*.helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: does not set a wildcard of publicAddr as a hostname when Ingress is enabled, publicAddr is set and ingress.suppressAutomaticWildcards is true
values:
- ../.lint/ingress.yaml
set:
publicAddr: ["helm-lint.example.com"]
ingress:
suppressAutomaticWildcards: true
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "helm-lint.example.com"
- contains:
path: spec.tls
content:
hosts:
- "helm-lint.example.com"
- equal:
path: spec.rules[0].host
value: helm-lint.example.com
- contains:
path: spec.rules
content:
host: "helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- notContains:
path: spec.rules
content:
host: "*.helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: trims ports from publicAddr and uses it as the hostname when Ingress is enabled and publicAddr is set
values:
- ../.lint/ingress.yaml
set:
publicAddr: ["helm-lint.example.com:443"]
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "helm-lint.example.com"
- contains:
path: spec.tls
content:
hosts:
- "helm-lint.example.com"
- "*.helm-lint.example.com"
- equal:
path: spec.rules[0].host
value: "helm-lint.example.com"
- contains:
path: spec.rules
content:
host: helm-lint.example.com
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- equal:
path: spec.rules[1].host
value: "*.helm-lint.example.com"
- contains:
path: spec.rules
content:
host: "*.helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: exposes all publicAddrs and wildcard publicAddrs as hostnames when Ingress is enabled and multiple publicAddrs are set
values:
- ../.lint/ingress.yaml
set:
publicAddr: ["helm-lint.example.com", "helm-lint-second-domain.example.com"]
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "helm-lint.example.com"
- equal:
path: spec.tls[0].hosts[1]
value: "helm-lint-second-domain.example.com"
- contains:
path: spec.tls
content:
hosts:
- "helm-lint.example.com"
- "helm-lint-second-domain.example.com"
- "*.helm-lint.example.com"
- "*.helm-lint-second-domain.example.com"
- equal:
path: spec.rules[0].host
value: "helm-lint.example.com"
- equal:
path: spec.rules[1].host
value: "helm-lint-second-domain.example.com"
- equal:
path: spec.rules[2].host
value: "*.helm-lint.example.com"
- equal:
path: spec.rules[3].host
value: "*.helm-lint-second-domain.example.com"
- contains:
path: spec.rules
content:
host: "helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "helm-lint-second-domain.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "*.helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "*.helm-lint-second-domain.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
# this is a very contrived example which wouldn't even work in reality
# it's just to test the logic in the hostname generation code
- it: does not add additional wildcard publicAddrs when Ingress is enabled and a publicAddr already contains a wildcard
values:
- ../.lint/ingress.yaml
set:
publicAddr: ["helm-lint.example.com", "*.helm-lint.example.com", "helm-lint-second-domain.example.com:443"]
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: "helm-lint.example.com"
- equal:
path: spec.tls[0].hosts[1]
value: "*.helm-lint.example.com"
- equal:
path: spec.tls[0].hosts[2]
value: "helm-lint-second-domain.example.com"
- equal:
path: spec.tls[0].hosts[3]
value: "*.helm-lint-second-domain.example.com"
- contains:
path: spec.tls
content:
hosts:
- "helm-lint.example.com"
- "*.helm-lint.example.com"
- "helm-lint-second-domain.example.com"
- "*.helm-lint-second-domain.example.com"
- equal:
path: spec.rules[0].host
value: "helm-lint.example.com"
- equal:
path: spec.rules[1].host
value: "*.helm-lint.example.com"
- equal:
path: spec.rules[2].host
value: "helm-lint-second-domain.example.com"
- equal:
path: spec.rules[3].host
value: "*.helm-lint-second-domain.example.com"
- contains:
path: spec.rules
content:
host: "helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "*.helm-lint.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "helm-lint-second-domain.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- contains:
path: spec.rules
content:
host: "*.helm-lint-second-domain.example.com"
http:
paths:
- backend:
service:
name: RELEASE-NAME
port:
number: 443
path: /
pathType: Prefix
- matchSnapshot:
path: spec.tls
- it: sets spec when passed
values:
- ../.lint/ingress.yaml
set:
ingress:
spec:
ingressClassName: nginx
otherSpecStuff: lint
asserts:
- hasDocuments:
count: 1
- isKind:
of: Ingress
- equal:
path: spec.ingressClassName
value: nginx
- equal:
path: spec.otherSpecStuff
value: lint
- it: does not set tls.secretName by default
values:
- ../.lint/ingress.yaml
asserts:
- isEmpty:
path: spec.tls[0].secretName
- matchSnapshot:
path: spec.tls
- it: sets tls.secretName when cert-manager is enabled
values:
- ../.lint/ingress.yaml
set:
highAvailability:
certManager:
enabled: true
asserts:
- equal:
path: spec.tls[0].secretName
value: teleport-tls
- matchSnapshot:
path: spec.tls
- it: sets tls.secretName the value of tls.existingSecretName when set
values:
- ../.lint/ingress.yaml
set:
tls:
existingSecretName: helm-lint-tls-secret
asserts:
- equal:
path: spec.tls[0].secretName
value: helm-lint-tls-secret
- matchSnapshot:
path: spec.tls