sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
helm/jenkins/unittests/__snapshot__/jenkins-controller-statefulset-test.yaml.snap Normal file
View File

@@ -0,0 +1,5 @@
render pod annotations:
1: |
checksum/config: d00c6603a9397bc202be5072a81644630af27fe47c7e542ea6b066073458af83
fixed-annotation: some-fixed-annotation
templated-annotations: my-release

19
helm/jenkins/unittests/config-init-scripts-test.yaml Normal file
View File

@@ -0,0 +1,19 @@
suite: ConfigMap
templates:
- config-init-scripts.yaml
tests:
- it: config templates
set:
some.val: val here
controller.initScripts:
test: |-
my script here {{ .Values.some.val }}
asserts:
- isKind:
of: ConfigMap
- hasDocuments:
count: 1
- equal:
path: data.inittest\.groovy
value: |-
my script here val here

128
helm/jenkins/unittests/config-test.yaml Normal file
View File

@@ -0,0 +1,128 @@
suite: ConfigMap
templates:
- config.yaml
tests:
- it: default config
asserts:
- isKind:
of: ConfigMap
- hasDocuments:
count: 1
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- equal:
path: data.apply_config\.sh
value: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "download plugins"
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then
jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true;
else
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
fi
echo "copy plugins to shared volume"
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
echo "finished initialization"
- equal:
path: data.plugins\.txt
value: |-
kubernetes:3734.v562b_b_a_627ea_c
workflow-aggregator:590.v6a_d052e5a_a_b_5
git:4.13.0
configuration-as-code:1569.vb_72405b_80249
- it: no plugins
set:
controller.installPlugins: []
asserts:
- equal:
path: data.apply_config\.sh
value: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "finished initialization"
- equal:
path: data.plugins\.txt
value: ""
- it: additional plugins config
set:
controller:
additionalPlugins:
- kubernetes-credentials-provider
asserts:
- equal:
path: data.plugins\.txt
value: |-
kubernetes:3734.v562b_b_a_627ea_c
workflow-aggregator:590.v6a_d052e5a_a_b_5
git:4.13.0
configuration-as-code:1569.vb_72405b_80249
kubernetes-credentials-provider
- it: install latest plugins
set:
controller.installLatestPlugins: false
asserts:
- equal:
path: data.apply_config\.sh
value: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "download plugins"
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then
jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest false;
else
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
fi
echo "copy plugins to shared volume"
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
echo "finished initialization"
- it: install latest specified plugins
set:
controller.installLatestSpecifiedPlugins: true
asserts:
- equal:
path: data.apply_config\.sh
value: |-
set -e
echo "disable Setup Wizard"
# Prevent Setup Wizard when JCasC is enabled
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state
echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion
echo "download plugins"
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then
jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true --latest-specified;
else
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
fi
echo "copy plugins to shared volume"
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
echo "finished initialization"

94
helm/jenkins/unittests/home-pvc-test.yaml Normal file
View File

@@ -0,0 +1,94 @@
suite: PersistentVolumeClaim
release:
name: my-release
namespace: my-namespace
templates:
- home-pvc.yaml
tests:
- it: tests defaults
asserts:
- isKind:
of: PersistentVolumeClaim
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- contains:
path: spec.accessModes
content: ReadWriteOnce
- equal:
path: spec.resources.requests
value:
storage: 8Gi
- isNull:
path: spec.storageClassName
- it: test different values
set:
persistence:
annotations:
my-annotation: value
accessMode: ReadWriteMany
size: 20Gi
storageClass: gp2
asserts:
- equal:
path: metadata.annotations
value:
my-annotation: value
- contains:
path: spec.accessModes
content: ReadWriteMany
- equal:
path: spec.resources.requests
value:
storage: 20Gi
- equal:
path: spec.storageClassName
value: gp2
- it: existing claim
set:
persistence:
existingClaim: my-pvc
asserts:
- hasDocuments:
count: 0
- it: disable helm.sh label
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: add label
set:
renderHelmLabels: false
persistence:
labels:
test-label: test-value
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
test-label: test-value

2636
helm/jenkins/unittests/jcasc-config-test.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

130
helm/jenkins/unittests/jenkins-agent-svc-test.yaml Normal file
View File

@@ -0,0 +1,130 @@
suite: Jenkins Agent Service
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-agent-svc.yaml
tests:
- it: default tests
asserts:
- isKind:
of: Service
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins-agent
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ports:
- name: agent-listener
port: 50000
targetPort: 50000
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: ClusterIP
- it: other values
set:
controller:
agentListenerServiceAnnotations:
key: value
agentListenerPort: 55555
asserts:
- equal:
path: metadata.annotations
value:
key: value
- equal:
path: spec
value:
ports:
- name: agent-listener
port: 55555
targetPort: 55555
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: ClusterIP
- it: node port random
set:
controller:
agentListenerServiceType: NodePort
asserts:
- equal:
path: spec
value:
ports:
- name: agent-listener
port: 50000
targetPort: 50000
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: NodePort
- it: node port defined
set:
controller:
agentListenerServiceType: NodePort
agentListenerNodePort: 32123
asserts:
- equal:
path: spec
value:
ports:
- name: agent-listener
port: 50000
targetPort: 50000
nodePort: 32123
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: NodePort
- it: load balancer
set:
controller:
agentListenerServiceType: LoadBalancer
agentListenerLoadBalancerIP: 10.10.10.10
asserts:
- equal:
path: spec
value:
ports:
- name: agent-listener
port: 50000
targetPort: 50000
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: LoadBalancer
loadBalancerIP: 10.10.10.10
loadBalancerSourceRanges:
- 0.0.0.0/0
- it: disable helm.sh label
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: disable agent service
set:
controller:
agentListenerEnabled: false
asserts:
- hasDocuments:
count: 0

62
helm/jenkins/unittests/jenkins-backup-cronjob-test.yaml Normal file
View File

@@ -0,0 +1,62 @@
suite: Jenkins Backup Cronjob
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-backup-cronjob.yaml
tests:
- it: test default values
set:
backup:
enabled: true
asserts:
- isKind:
of: CronJob
- equal:
path: spec.jobTemplate.spec.template.spec.securityContext
value:
fsGroup: 1000
runAsUser: 1000
- it: test empty backup.podSecurityContextOverride
set:
backup:
enabled: true
podSecurityContextOverride: {}
asserts:
- equal:
path: spec.jobTemplate.spec.template.spec.securityContext
value: {}
- it: test backup.podSecurityContextOverride
set:
backup:
enabled: true
podSecurityContextOverride:
runAsNonRoot: true
runAsUser: 4444
supplementalGroups: [5555]
asserts:
- equal:
path: spec.jobTemplate.spec.template.spec.securityContext
value:
runAsNonRoot: true
runAsUser: 4444
supplementalGroups:
- 5555
- it: test empty backup.imagePullSecretName
set:
backup:
enabled: true
imagePullSecretName:
asserts:
- isNull:
path: spec.jobTemplate.spec.template.spec.imagePullSecrets
- it: test backup.imagePullSecretName
set:
backup:
enabled: true
imagePullSecretName: my-secret
asserts:
- equal:
path: spec.jobTemplate.spec.template.spec.imagePullSecrets
value:
- name: my-secret

79
helm/jenkins/unittests/jenkins-controller-alerting-rules-test.yaml Normal file
View File

@@ -0,0 +1,79 @@
suite: Controller Prometheus PrometheusRule
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-alerting-rules.yaml
tests:
- it: defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.prometheus:
enabled: true
alertingrules:
- name: ./jenkins.rules
rules:
- alert: JenkinsFailedPlugins
expr: jenkins_plugins_failed > 0
for: 10m
labels:
severity: warning
annotations:
message: Some Jenkins plugins failed to load
asserts:
- isKind:
of: PrometheusRule
- equal:
path: apiVersion
value: monitoring.coreos.com/v1
- equal:
path: metadata.name
value: my-release-jenkins
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- equal:
path: spec
value:
groups:
- name: ./jenkins.rules
rules:
- alert: JenkinsFailedPlugins
expr: jenkins_plugins_failed > 0
for: 10m
labels:
severity: warning
annotations:
message: Some Jenkins plugins failed to load
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.prometheus:
enabled: true
alertingrules:
- name: ./jenkins.rules
rules:
- alert: JenkinsFailedPlugins
expr: jenkins_plugins_failed > 0
for: 10m
labels:
severity: warning
annotations:
message: Some Jenkins plugins failed to load
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

148
helm/jenkins/unittests/jenkins-controller-ingress-1.19-test.yaml Normal file
View File

@@ -0,0 +1,148 @@
suite: Controller Primary Ingress
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-ingress.yaml
capabilities:
majorVersion: 1
minorVersion: 19
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
service:
name: my-release-jenkins
port:
number: 8080
pathType: ImplementationSpecific
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: other values
set:
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
paths:
- backend:
service:
name: ssl-redirect
port:
number: use-annotation
pathType: ImplementationSpecific
- backend:
service:
name: >-
{{ template "jenkins.fullname" . }}
port:
number: 8080
pathType: ImplementationSpecific
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- equal:
path: metadata.annotations
value:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
service:
name: ssl-redirect
port:
number: use-annotation
pathType: ImplementationSpecific
- backend:
service:
name: my-release-jenkins
port:
number: 8080
pathType: ImplementationSpecific
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: empty paths
set:
controller.ingress:
enabled: true
paths:
asserts:
- equal:
path: spec.rules
value:
- http:
paths:
- backend:
service:
name: my-release-jenkins
port:
number: 8080
pathType: ImplementationSpecific

145
helm/jenkins/unittests/jenkins-controller-ingress-test.yaml Normal file
View File

@@ -0,0 +1,145 @@
suite: Controller Primary Ingress
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-ingress.yaml
capabilities:
majorVersion: 1
minorVersion: 18
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1beta1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
serviceName: my-release-jenkins
servicePort: 8080
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: other values
set:
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
paths:
- backend:
serviceName: ssl-redirect
servicePort: use-annotation
- backend:
serviceName: >-
{{ template "jenkins.fullname" . }}
servicePort: 8080
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- equal:
path: metadata.annotations
value:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
serviceName: ssl-redirect
servicePort: use-annotation
- backend:
serviceName: my-release-jenkins
servicePort: 8080
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.ingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: empty paths
set:
controller.ingress:
enabled: true
paths:
asserts:
- equal:
path: spec.rules
value:
- http:
paths:
- backend:
serviceName: my-release-jenkins
servicePort: 8080
- it: single path
set:
controller.ingress:
enabled: true
path: /jenkins/
asserts:
- equal:
path: spec.rules
value:
- http:
paths:
- path: /jenkins/
backend:
serviceName: my-release-jenkins
servicePort: 8080

94
helm/jenkins/unittests/jenkins-controller-networkpolicy-test.yaml Normal file
View File

@@ -0,0 +1,94 @@
suite: Network Policy
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-networkpolicy.yaml
tests:
- it: tests defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
networkPolicy.enabled: true
asserts:
- hasDocuments:
count: 2
- isKind:
of: NetworkPolicy
- equal:
path: apiVersion
value: networking.k8s.io/v1
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: metadata.name
value: my-release-jenkins-controller
documentIndex: 0
- equal:
path: spec
value:
ingress:
- ports:
- port: 8080
- from:
- podSelector:
matchLabels:
jenkins/my-release-jenkins-agent: "true"
ports:
- port: 50000
podSelector:
matchLabels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
documentIndex: 0
- equal:
path: spec
value:
podSelector:
matchLabels:
jenkins/my-release-jenkins-agent: "true"
documentIndex: 1
- equal:
path: metadata.name
value: my-release-jenkins-agent
documentIndex: 1
- it: disable helm.sh label
set:
renderHelmLabels: false
networkPolicy.enabled: true
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: disable agent listener
set:
networkPolicy.enabled: true
controller.agentListenerEnabled: false
asserts:
- hasDocuments:
count: 2
- isKind:
of: NetworkPolicy
- equal:
path: spec
value:
ingress:
- ports:
- port: 8080
podSelector:
matchLabels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
documentIndex: 0

44
helm/jenkins/unittests/jenkins-controller-pdb-1.21-test.yaml Normal file
View File

@@ -0,0 +1,44 @@
suite: Controller Pod Disruption Budget
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-pdb.yaml
capabilities:
majorVersion: 1
minorVersion: 21
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.podDisruptionBudget:
enabled: true
maxUnavailable: "0"
asserts:
- isKind:
of: PodDisruptionBudget
- equal:
path: apiVersion
value: policy/v1
- equal:
path: metadata.name
value: my-release-jenkins-pdb
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
maxUnavailable: 0
selector:
matchLabels:
"app.kubernetes.io/instance": "my-release"
"app.kubernetes.io/name": "jenkins"

57
helm/jenkins/unittests/jenkins-controller-pdb-test.yaml Normal file
View File

@@ -0,0 +1,57 @@
suite: Controller Pod Disruption Budget
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-pdb.yaml
capabilities:
majorVersion: 1
minorVersion: 18
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.podDisruptionBudget:
enabled: true
maxUnavailable: "0"
asserts:
- isKind:
of: PodDisruptionBudget
- equal:
path: apiVersion
value: policy/v1beta1
- equal:
path: metadata.name
value: my-release-jenkins-pdb
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
maxUnavailable: 0
selector:
matchLabels:
"app.kubernetes.io/instance": "my-release"
"app.kubernetes.io/name": "jenkins"
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.podDisruptionBudget:
enabled: true
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

78
helm/jenkins/unittests/jenkins-controller-secondary-ingress-1.19-test.yaml Normal file
View File

@@ -0,0 +1,78 @@
suite: Controller Secondary Ingress
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-secondary-ingress.yaml
capabilities:
majorVersion: 1
minorVersion: 19
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.secondaryingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
paths:
- /github-webhook
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-secondary
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
service:
name: my-release-jenkins
port:
number: 8080
path: /github-webhook
pathType: ImplementationSpecific
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.secondaryingress:
enabled: true
hostName: jenkins.example.com
paths:
- /github-webhook
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

76
helm/jenkins/unittests/jenkins-controller-secondary-ingress-test.yaml Normal file
View File

@@ -0,0 +1,76 @@
suite: Controller Secondary Ingress
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-secondary-ingress.yaml
capabilities:
majorVersion: 1
minorVersion: 18
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.secondaryingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
paths:
- /github-webhook
tls:
- secretName: tlsSecret
hosts:
- jenkins.example.com
asserts:
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1beta1
- equal:
path: metadata.name
value: my-release-jenkins-secondary
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: jenkins.example.com
http:
paths:
- backend:
serviceName: my-release-jenkins
servicePort: 8080
path: /github-webhook
tls:
- hosts:
- jenkins.example.com
secretName: tlsSecret
- it: disable helm.sh label
set:
renderHelmLabels: false
controller.secondaryingress:
enabled: true
hostName: jenkins.example.com
ingressClassName: nginx
paths:
- /github-webhook
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

82
helm/jenkins/unittests/jenkins-controller-servicemonitor_test.yaml Normal file
View File

@@ -0,0 +1,82 @@
suite: Controller Prometheus ServiceMonitor
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-servicemonitor.yaml
tests:
- it: defaults
asserts:
- hasDocuments:
count: 0
- it: enabled
set:
controller.prometheus.enabled: true
asserts:
- isKind:
of: ServiceMonitor
- equal:
path: apiVersion
value: monitoring.coreos.com/v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- equal:
path: spec
value:
endpoints:
- interval: 60s
port: http
path: /prometheus
jobLabel: my-release-jenkins
namespaceSelector:
matchNames:
- "my-namespace"
selector:
matchLabels:
"app.kubernetes.io/instance": "my-release"
"app.kubernetes.io/component": "jenkins-controller"
- it: custom values
set:
controller:
jenkinsUriPrefix: /prefix
prometheus:
enabled: true
scrapeInterval: 120s
scrapeEndpoint: /monitoring
asserts:
- equal:
path: spec
value:
endpoints:
- interval: 120s
port: http
path: /prefix/monitoring
jobLabel: my-release-jenkins
namespaceSelector:
matchNames:
- "my-namespace"
selector:
matchLabels:
"app.kubernetes.io/instance": "my-release"
"app.kubernetes.io/component": "jenkins-controller"
- it: disable helm.sh label
set:
renderHelmLabels: false
controller:
prometheus:
enabled: true
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

700
helm/jenkins/unittests/jenkins-controller-statefulset-test.yaml Normal file
View File

@@ -0,0 +1,700 @@
suite: Jenkins Controller
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-statefulset.yaml
- config.yaml
tests:
- it: default values
template: jenkins-controller-statefulset.yaml
asserts:
- isKind:
of: StatefulSet
- equal:
path: apiVersion
value: apps/v1beta1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec.replicas
value: 1
- equal:
path: spec.selector
value:
matchLabels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
- equal:
path: spec
value:
serviceName: my-release-jenkins
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
template:
metadata:
annotations:
checksum/config: d00c6603a9397bc202be5072a81644630af27fe47c7e542ea6b066073458af83
labels:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
spec:
containers:
- args:
- --httpPort=8080
env:
- name: SECRETS
value: /run/secrets/additional
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: JAVA_OPTS
value: "-Dcasc.reload.token=$(POD_NAME) "
- name: JENKINS_OPTS
value: "--webroot=/var/jenkins_cache/war "
- name: JENKINS_SLAVE_AGENT_PORT
value: "50000"
- name: CASC_JENKINS_CONFIG
value: /var/jenkins_home/casc_configs
image: jenkins/jenkins:2.375.1-jdk11
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
livenessProbe:
failureThreshold: 5
httpGet:
path: /login
port: http
periodSeconds: 10
timeoutSeconds: 5
name: jenkins
ports:
- containerPort: 8080
name: http
- containerPort: 50000
name: agent-listener
readinessProbe:
failureThreshold: 3
httpGet:
path: /login
port: http
periodSeconds: 10
timeoutSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
startupProbe:
httpGet:
path: "/login"
port: http
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 12
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
readOnly: false
- mountPath: /var/jenkins_config
name: jenkins-config
readOnly: true
- mountPath: /usr/share/jenkins/ref/plugins/
name: plugin-dir
readOnly: false
- mountPath: /var/jenkins_home/casc_configs
name: sc-config-volume
- mountPath: /run/secrets/additional
name: jenkins-secrets
readOnly: true
- mountPath: /var/jenkins_cache
name: jenkins-cache
- mountPath: /tmp
name: tmp-volume
- env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: LABEL
value: my-release-jenkins-jenkins-config
- name: FOLDER
value: /var/jenkins_home/casc_configs
- name: NAMESPACE
value: my-namespace
- name: REQ_URL
value: http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)
- name: REQ_METHOD
value: POST
- name: REQ_RETRY_CONNECT
value: "10"
image: kiwigrid/k8s-sidecar:1.15.0
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
name: config-reload
resources: {}
volumeMounts:
- mountPath: /var/jenkins_home/casc_configs
name: sc-config-volume
- mountPath: /var/jenkins_home
name: jenkins-home
initContainers:
- command:
- sh
- /var/jenkins_config/apply_config.sh
image: jenkins/jenkins:2.375.1-jdk11
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
name: init
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 256Mi
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins-home
- mountPath: /var/jenkins_config
name: jenkins-config
- mountPath: /usr/share/jenkins/ref/plugins
name: plugins
- mountPath: /var/jenkins_plugins
name: plugin-dir
- mountPath: /tmp
name: tmp-volume
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsNonRoot: true
serviceAccountName: my-release-jenkins
volumes:
- emptyDir: {}
name: plugins
- configMap:
name: my-release-jenkins
name: jenkins-config
- emptyDir: {}
name: plugin-dir
- name: jenkins-secrets
projected:
sources:
- secret:
name: my-release-jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- emptyDir: {}
name: jenkins-cache
- name: jenkins-home
persistentVolumeClaim:
claimName: my-release-jenkins
- emptyDir: {}
name: sc-config-volume
- emptyDir: {}
name: tmp-volume
- it: test different values
template: jenkins-controller-statefulset.yaml
capabilities:
apiVersions:
- scheduling.k8s.io/v1beta1
set:
controller:
statefulSetAnnotations:
my-annotation: value
schedulerName: my-scheduler
nodeSelector:
nodeLabel: value
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
affinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
terminationGracePeriodSeconds: 120
priorityClassName: important
runAsUser: 2000
fsGroup: 4000
securityContextCapabilities:
drop:
- NET_RAW
hostNetworking: true
terminationMessagePath: /tmp/termination-log-diff
terminationMessagePolicy: FallbackToLogsOnError
hostAliases:
- ip: 192.168.50.50
hostnames:
- something.local
updateStrategy:
type: OnDelete
serviceAccount.name: my-serviceaccount
asserts:
- equal:
path: metadata.annotations
value:
my-annotation: value
- equal:
path: spec.template.spec.schedulerName
value: my-scheduler
- equal:
path: spec.template.spec.nodeSelector
value:
nodeLabel: value
- equal:
path: spec.template.spec.tolerations
value:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
- equal:
path: spec.template.spec.affinity
value:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
- equal:
path: spec.template.spec.priorityClassName
value: important
- equal:
path: spec.template.spec.securityContext
value:
runAsUser: 2000
fsGroup: 4000
runAsNonRoot: true
capabilities:
drop:
- NET_RAW
- equal:
path: spec.template.spec.serviceAccountName
value: my-serviceaccount
- equal:
path: spec.template.spec.hostNetwork
value: true
- equal:
path: spec.template.spec.containers[0].terminationMessagePath
value: /tmp/termination-log-diff
- equal:
path: spec.template.spec.containers[0].terminationMessagePolicy
value: FallbackToLogsOnError
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirstWithHostNet
- equal:
path: spec.template.spec.hostAliases
value:
- ip: 192.168.50.50
hostnames:
- something.local
- equal:
path: spec.updateStrategy.type
value: OnDelete
- it: configure image tag
template: jenkins-controller-statefulset.yaml
set:
controller.tag: 2.249.1-slim
controller.imagePullPolicy: IfNotPresent
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: jenkins/jenkins:2.249.1-slim
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
- it: configure image tag label
template: jenkins-controller-statefulset.yaml
set:
controller.tagLabel: alpine
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: jenkins/jenkins:2.375.1-alpine
- it: configure empty image tag label
template: jenkins-controller-statefulset.yaml
set:
controller.tagLabel:
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: jenkins/jenkins:2.375.1
- it: custom image
template: jenkins-controller-statefulset.yaml
set:
controller:
image: registry/image
tag: my-tag
javaOpts: -Dio.jenkins.plugins.kubernetes.disableNoDelayProvisioning=true
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry/image:my-tag
- contains:
path: spec.template.spec.containers[0].env
content:
name: JAVA_OPTS
value: >-
-Dcasc.reload.token=$(POD_NAME) -Dio.jenkins.plugins.kubernetes.disableNoDelayProvisioning=true
- it: disable helm.sh label
template: jenkins-controller-statefulset.yaml
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: java & jenkins opts with quotes
template: jenkins-controller-statefulset.yaml
set:
controller:
javaOpts: >-
-Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self';"
jenkinsOpts: >-
-Dtest="custom: 'true'"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: JAVA_OPTS
value: >-
-Dcasc.reload.token=$(POD_NAME) -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self';"
- contains:
path: spec.template.spec.containers[0].env
content:
name: JENKINS_OPTS
value: >-
--webroot=/var/jenkins_cache/war -Dtest="custom: 'true'"
- it: test empty controller.podSecurityContextOverride
template: jenkins-controller-statefulset.yaml
set:
controller:
podSecurityContextOverride: {}
asserts:
- equal:
path: spec.template.spec.securityContext
value: {}
- it: test controller.podSecurityContextOverride
template: jenkins-controller-statefulset.yaml
set:
controller:
podSecurityContextOverride:
runAsNonRoot: true
runAsUser: 4444
supplementalGroups: [5555]
asserts:
- equal:
path: spec.template.spec.securityContext
value:
runAsNonRoot: true
runAsUser: 4444
supplementalGroups:
- 5555
- it: test 2 additional secrets
template: jenkins-controller-statefulset.yaml
set:
controller.additionalSecrets:
- name: something
value: secret
- name: anotherthing
value: anothersecret
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts[4]
value:
mountPath: /run/secrets/additional
name: jenkins-secrets
readOnly: true
- equal:
path: spec.template.spec.volumes[3]
value:
name: jenkins-secrets
projected:
sources:
- secret:
name: my-release-jenkins-additional-secrets
- secret:
name: my-release-jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- it: test existing secret without additionalExistingSecrets
template: jenkins-controller-statefulset.yaml
set:
controller.existingSecret: my-exisiting-credentials
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts[4]
value:
mountPath: /run/secrets/additional
name: jenkins-secrets
readOnly: true
- equal:
path: spec.template.spec.volumes[3]
value:
name: jenkins-secrets
projected:
sources:
- secret:
name: my-release-jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- secret:
name: my-exisiting-credentials
- it: test existing secret with additionalExistingSecrets
template: jenkins-controller-statefulset.yaml
set:
controller.existingSecret: my-exisiting-credentials
controller.additionalExistingSecrets:
- name: my-exisiting-credentials
keyName: github-username
- name: my-exisiting-credentials
keyName: github-password
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts[4]
value:
mountPath: /run/secrets/additional
name: jenkins-secrets
readOnly: true
- equal:
path: spec.template.spec.volumes[3]
value:
name: jenkins-secrets
projected:
sources:
- secret:
items:
- key: github-username
path: my-exisiting-credentials-github-username
name: my-exisiting-credentials
- secret:
items:
- key: github-password
path: my-exisiting-credentials-github-password
name: my-exisiting-credentials
- secret:
name: my-release-jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- secret:
name: my-exisiting-credentials
- it: test templated environment variables
template: jenkins-controller-statefulset.yaml
set:
testValue: some-value
controller.initContainerEnv:
- name: "TEST_ENV_VAR_INIT"
value: "test-env-var-init"
- name: "TEST_ENV_VAR_INIT_TEMPLATED"
value: "{{ .Values.testValue }}"
controller.sidecars.configAutoReload.env:
- name: "TEST_ENV_VAR_CONFIG"
value: "test-env-var-config"
- name: "TEST_ENV_VAR_CONFIG_TEMPLATED"
value: "{{ .Values.testValue }}"
controller.containerEnv:
- name: "TEST_ENV_VAR_CONTAINER"
value: "test-env-var-container"
- name: "TEST_ENV_VAR__CONTAINER_TEMPLATED"
value: "{{ .Values.testValue }}"
controller.initContainerEnvFrom:
- configMapRef:
name: special-config
controller.sidecars.configAutoReload.envFrom:
- configMapRef:
name: special-config
controller.containerEnvFrom:
- configMapRef:
name: special-config
asserts:
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: "TEST_ENV_VAR_INIT"
value: "test-env-var-init"
- contains:
path: spec.template.spec.initContainers[0].env
content:
name: "TEST_ENV_VAR_INIT_TEMPLATED"
value: "some-value"
- contains:
path: spec.template.spec.containers[1].env
content:
name: "TEST_ENV_VAR_CONFIG"
value: "test-env-var-config"
- contains:
path: spec.template.spec.containers[1].env
content:
name: "TEST_ENV_VAR_CONFIG_TEMPLATED"
value: "some-value"
- contains:
path: spec.template.spec.containers[0].env
content:
name: "TEST_ENV_VAR_CONTAINER"
value: "test-env-var-container"
- contains:
path: spec.template.spec.containers[0].env
content:
name: "TEST_ENV_VAR__CONTAINER_TEMPLATED"
value: "some-value"
- contains:
path: spec.template.spec.initContainers[0].envFrom
content:
configMapRef:
name: special-config
- contains:
path: spec.template.spec.containers[0].envFrom
content:
configMapRef:
name: special-config
- contains:
path: spec.template.spec.containers[1].envFrom
content:
configMapRef:
name: special-config
- it: overrides container args
template: jenkins-controller-statefulset.yaml
set:
controller.overrideArgs:
- --httpPort=8080
- --requestHeaderSize=32768
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --httpPort=8080
- --requestHeaderSize=32768
- it: allows templating in container args overrides
template: jenkins-controller-statefulset.yaml
set:
controller.overrideArgs:
- --httpPort={{.Values.controller.targetPort}}
- --requestHeaderSize=32768
asserts:
- equal:
path: spec.template.spec.containers[0].args
value:
- --httpPort=8080
- --requestHeaderSize=32768
- it: render pod annotations
template: jenkins-controller-statefulset.yaml
set:
controller:
podAnnotations:
templated-annotations: "{{ .Release.Name }}"
fixed-annotation: some-fixed-annotation
asserts:
- matchSnapshot:
path: spec.template.metadata.annotations
- it:
template: jenkins-controller-statefulset.yaml
set:
controller:
installPlugins: false
asserts:
- notContains:
path: spec.template.spec.volumes
content:
name: plugins
emptyDir: {}
- notContains:
path: spec.template.spec.initContainers[0].volumeMounts
content:
name: plugins
- it:
template: jenkins-controller-statefulset.yaml
set:
controller:
JCasC:
configUrls:
- https://acme.org/jenkins.yaml
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: "CASC_JENKINS_CONFIG"
value: "/var/jenkins_home/casc_configs,https://acme.org/jenkins.yaml"
- it:
template: jenkins-controller-statefulset.yaml
set:
controller:
JCasC:
configUrls:
- https://acme.org/jenkins.yaml
- https://foobar.org/jenkins.yaml
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: "CASC_JENKINS_CONFIG"
value: "/var/jenkins_home/casc_configs,https://acme.org/jenkins.yaml,https://foobar.org/jenkins.yaml"
- it:
template: jenkins-controller-statefulset.yaml
set:
controller:
JCasC:
configUrls: []
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: "CASC_JENKINS_CONFIG"
value: "/var/jenkins_home/casc_configs"

158
helm/jenkins/unittests/jenkins-controller-svc-test.yaml Normal file
View File

@@ -0,0 +1,158 @@
suite: Jenkins Controller
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-svc.yaml
tests:
- it: default tests
asserts:
- isKind:
of: Service
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: spec
value:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: ClusterIP
- it: other values
set:
controller:
serviceLabels:
label: label-value
serviceAnnotations:
key: value
clusterIP: 10.10.10.11
servicePort: 8888
targetPort: 7777
extraPorts:
- name: BuildInfoProxy
port: 9000
asserts:
- equal:
path: metadata.labels.label
value: label-value
- equal:
path: metadata.annotations
value:
key: value
- equal:
path: spec
value:
clusterIP: 10.10.10.11
ports:
- name: http
port: 8888
targetPort: 7777
- name: BuildInfoProxy
port: 9000
targetPort: 9000
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: ClusterIP
- it: extraPort with targetPort
set:
controller:
serviceLabels:
label: label-value
serviceAnnotations:
key: value
clusterIP: 10.10.10.11
servicePort: 8888
targetPort: 7777
extraPorts:
- name: https
port: 443
targetPort: 8080
asserts:
- equal:
path: metadata.labels.label
value: label-value
- equal:
path: metadata.annotations
value:
key: value
- equal:
path: spec
value:
clusterIP: 10.10.10.11
ports:
- name: http
port: 8888
targetPort: 7777
- name: https
port: 443
targetPort: 8080
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: ClusterIP
- it: node port
set:
controller:
serviceType: NodePort
nodePort: 11111
asserts:
- equal:
path: spec
value:
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 11111
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: NodePort
- it: load balancer
set:
controller:
serviceType: LoadBalancer
loadBalancerIP: 10.10.10.10
asserts:
- equal:
path: spec
value:
loadBalancerIP: 10.10.10.10
loadBalancerSourceRanges:
- 0.0.0.0/0
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
type: LoadBalancer
- it: disable helm.sh label
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins

217
helm/jenkins/unittests/rbac-test.yaml Normal file
View File

@@ -0,0 +1,217 @@
suite: Role Based Access Control
release:
name: my-release
namespace: my-namespace
templates:
- rbac.yaml
tests:
- it: test default number of documents
asserts:
- hasDocuments:
count: 4
- it: disable auto reload
set:
controller.sidecars.configAutoReload.enabled: false
asserts:
- hasDocuments:
count: 2
- it: disable rbac create
set:
rbac.create: false
asserts:
- hasDocuments:
count: 0
- it: Role schedule-agents
documentIndex: 0
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-schedule-agents
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims", "events"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "persistentvolumeclaims"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- it: RoleBinding schedule-agents
documentIndex: 1
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-schedule-agents
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-schedule-agents
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
- it: Separate Agent Namespace
set:
agent.namespace: agent-namespace
asserts:
- equal:
path: metadata.namespace
value: agent-namespace
documentIndex: 0
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
documentIndex: 1
- it: Role casc-reload
documentIndex: 2
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-casc-reload
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "watch", "list"]
- it: RoleBinding casc-reload
documentIndex: 3
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-watch-configmaps
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-casc-reload
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
- it: enable read secrets
set:
rbac.readSecrets: true
asserts:
- hasDocuments:
count: 6
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- it: disable helm.sh label
set:
renderHelmLabels: false
rbac.readSecrets: true
asserts:
- hasDocuments:
count: 6
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: Role read-secrets
set:
rbac.readSecrets: true
documentIndex: 2
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-read-secrets
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
- it: RoleBinding read-secrets
set:
rbac.readSecrets: true
documentIndex: 3
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-read-secrets
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-read-secrets
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace

41
helm/jenkins/unittests/secret-additional-test.yaml Normal file
View File

@@ -0,0 +1,41 @@
suite: Controller Admin Additional Secrets
release:
name: my-release
namespace: my-namespace
templates:
- secret-additional.yaml
tests:
- it: tests defaults
asserts:
- hasDocuments:
count: 0
- it: tests 2 additional secrets
set:
controller.additionalSecrets:
- name: something
value: secret
- name: anotherthing
value: anothersecret
asserts:
- isKind:
of: Secret
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins-additional-secrets
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: data.something
value: c2VjcmV0
- equal:
path: data.anotherthing
value: YW5vdGhlcnNlY3JldA==

82
helm/jenkins/unittests/secret-claims-test.yaml Normal file
View File

@@ -0,0 +1,82 @@
suite: Controller Secret Claims
release:
name: my-release
namespace: my-namespace
templates:
- secret-claims.yaml
tests:
- it: tests defaults
asserts:
- hasDocuments:
count: 0
- it: tests 2 secret claims
set:
controller.secretClaims:
- name: simple-secret
path: secret/path
- name: complex-secret
path: secret/complex
type: kubernetes.io/tls
renew: 60
asserts:
- hasDocuments:
count: 2
- documentIndex: 0
isKind:
of: SecretClaim
- documentIndex: 0
equal:
path: apiVersion
value: vaultproject.io/v1
- documentIndex: 0
equal:
path: metadata.name
value: my-release-jenkins-simple-secret
- documentIndex: 0
matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- documentIndex: 0
isNull:
path: metadata.annotations
- documentIndex: 0
equal:
path: spec.type
value: Opaque
- documentIndex: 0
equal:
path: spec.path
value: secret/path
- documentIndex: 0
isNull:
path: spec.renew
- documentIndex: 1
isKind:
of: SecretClaim
- documentIndex: 1
equal:
path: apiVersion
value: vaultproject.io/v1
- documentIndex: 1
equal:
path: metadata.name
value: my-release-jenkins-complex-secret
- documentIndex: 1
matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- documentIndex: 1
isNull:
path: metadata.annotations
- documentIndex: 1
equal:
path: spec.type
value: kubernetes.io/tls
- documentIndex: 1
equal:
path: spec.path
value: secret/complex
- documentIndex: 1
equal:
path: spec.renew
value: 60

52
helm/jenkins/unittests/secret-existing-test.yaml Normal file
View File

@@ -0,0 +1,52 @@
suite: Controller Additional Existing Secrets
release:
name: my-release
namespace: my-namespace
templates:
- jenkins-controller-statefulset.yaml
- config.yaml
tests:
- it: test additional existing secrets StatefulSet
template: jenkins-controller-statefulset.yaml
set:
controller.additionalExistingSecrets:
- name: "{{ .Release.Name }}-secret"
keyName: username
- name: "{{ .Release.Name }}-secret"
keyName: password
controller.existingSecret: my-existing-credentials
asserts:
- isKind:
of: StatefulSet
- equal:
path: spec.template.spec.containers[0].volumeMounts[4]
value:
mountPath: /run/secrets/additional
name: jenkins-secrets
readOnly: true
- equal:
path: spec.template.spec.volumes[3]
value:
name: jenkins-secrets
projected:
sources:
- secret:
name: my-release-secret
items:
- key: username
path: my-release-secret-username
- secret:
name: my-release-secret
items:
- key: password
path: my-release-secret-password
- secret:
name: my-release-jenkins
items:
- key: jenkins-admin-user
path: chart-admin-username
- key: jenkins-admin-password
path: chart-admin-password
- secret:
name: my-existing-credentials

65
helm/jenkins/unittests/secret-test.yaml Normal file
View File

@@ -0,0 +1,65 @@
suite: Controller Admin Credentials
release:
name: my-release
namespace: my-namespace
templates:
- secret.yaml
tests:
- it: tests defaults
asserts:
- isKind:
of: Secret
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- equal:
path: data.jenkins-admin-user
value: YWRtaW4=
- isNotNull:
path: data.jenkins-admin-password
- it: set admin password
set:
controller.adminPassword: secret
asserts:
- equal:
path: data.jenkins-admin-user
value: YWRtaW4=
- equal:
path: data.jenkins-admin-password
value: c2VjcmV0
- it: disable helm.sh label
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: disable
set:
controller:
adminSecret: false
asserts:
- hasDocuments:
count: 0
- it: disable
set:
controller.admin.existingSecret: my-secret
asserts:
- hasDocuments:
count: 0

83
helm/jenkins/unittests/service-account-agent-test.yaml Normal file
View File

@@ -0,0 +1,83 @@
suite: Controller Service Account
release:
name: my-release
namespace: my-namespace
templates:
- service-account-agent.yaml
tests:
- it: test defaults
asserts:
- hasDocuments:
count: 0
- it: create service account for agents
set:
serviceAccountAgent:
create: true
asserts:
- isKind:
of: ServiceAccount
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins-agent
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- it: agent namespace
set:
serviceAccountAgent:
create: true
annotations:
key: value
agent:
namespace: agents
asserts:
- isKind:
of: ServiceAccount
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins-agent
- equal:
path: metadata.namespace
value: agents
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- equal:
path: metadata.annotations
value:
key: value
- it: disable helm.sh label
set:
renderHelmLabels: false
serviceAccountAgent:
create: true
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: agent image pull secret
set:
renderHelmLabels: false
serviceAccountAgent:
create: true
imagePullSecretName: ips-name
asserts:
- equal:
path: imagePullSecrets
value:
- name: ips-name

58
helm/jenkins/unittests/service-account-test.yaml Normal file
View File

@@ -0,0 +1,58 @@
suite: Controller Service Account
release:
name: my-release
namespace: my-namespace
templates:
- service-account.yaml
tests:
- it: tests defaults
asserts:
- isKind:
of: ServiceAccount
- equal:
path: apiVersion
value: v1
- equal:
path: metadata.name
value: my-release-jenkins
- equal:
path: metadata.namespace
value: my-namespace
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- isNull:
path: metadata.annotations
- it: disable helm.sh label
set:
renderHelmLabels: false
asserts:
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: disabled
set:
serviceAccount:
create: false
asserts:
- hasDocuments:
count: 0
- it: controller image pull secret
set:
renderHelmLabels: false
serviceAccount:
create: true
imagePullSecretName: ips-name
asserts:
- equal:
path: imagePullSecrets
value:
- name: ips-name