382 lines
10 KiB
YAML
382 lines
10 KiB
YAML
suite: Proxy Service
|
|
templates:
|
|
- proxy/service.yaml
|
|
tests:
|
|
- it: uses a LoadBalancer by default
|
|
set:
|
|
clusterName: teleport.example.com
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: LoadBalancer
|
|
|
|
- it: uses a ClusterIP when service.type=ClusterIP
|
|
set:
|
|
clusterName: teleport.example.com
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: ClusterIP
|
|
|
|
- it: uses a ClusterIP when proxy.service.type=ClusterIP
|
|
set:
|
|
clusterName: teleport.example.com
|
|
service:
|
|
type: NodePort
|
|
proxy:
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: ClusterIP
|
|
|
|
- it: fails to deploy when ingress.enabled=true and proxy.service.type is set to LoadBalancer (default)
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
asserts:
|
|
- failedTemplate:
|
|
errorMessage: "proxy.service.type must not be LoadBalancer when using an ingress - any load balancer should be provisioned by your ingress controller. Set proxy.service.type=ClusterIP instead"
|
|
|
|
- it: uses a ClusterIP when ingress.enabled=true and service.type=ClusterIP
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: ClusterIP
|
|
|
|
- it: uses a ClusterIP when ingress.enabled=true and proxy.service.type=ClusterIP
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
proxy:
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: ClusterIP
|
|
|
|
- it: uses a NodePort when ingress.enabled=true and proxy.service.type=NodePort
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
proxy:
|
|
service:
|
|
type: NodePort
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: NodePort
|
|
|
|
- it: uses a NodePort when ingress.enabled=true and service.type=NodePort
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
service:
|
|
type: NodePort
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: NodePort
|
|
|
|
- it: uses a NodePort when ingress.enabled=true and proxy.service.type is overridden
|
|
set:
|
|
clusterName: teleport.example.com
|
|
ingress:
|
|
enabled: true
|
|
proxy:
|
|
service:
|
|
type: NodePort
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: NodePort
|
|
|
|
- it: sets AWS annotations when chartMode=aws
|
|
set:
|
|
clusterName: teleport.example.com
|
|
chartMode: aws
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Service
|
|
- equal:
|
|
path: spec.type
|
|
value: LoadBalancer
|
|
- equal:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-type
|
|
value: nlb
|
|
- equal:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
|
|
value: tcp
|
|
- equal:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled
|
|
value: "true"
|
|
|
|
- it: sets service annotations when specified
|
|
values:
|
|
- ../.lint/annotations.yaml
|
|
asserts:
|
|
- equal:
|
|
path: metadata.annotations.kubernetes\.io/service
|
|
value: test-annotation
|
|
- equal:
|
|
path: metadata.annotations.kubernetes\.io/service-different
|
|
value: 5
|
|
|
|
- it: adds a separate Postgres listener port when separatePostgresListener is true
|
|
values:
|
|
- ../.lint/separate-postgres-listener.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.ports
|
|
content:
|
|
name: postgres
|
|
port: 5432
|
|
targetPort: 5432
|
|
protocol: TCP
|
|
|
|
- it: does not add a separate Postgres listener port when separatePostgresListener is true and ingress.enabled=true
|
|
values:
|
|
- ../.lint/separate-postgres-listener.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
proxyListenerMode: multiplex
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- notContains:
|
|
path: spec.ports
|
|
content:
|
|
name: postgres
|
|
port: 5432
|
|
targetPort: 5432
|
|
protocol: TCP
|
|
|
|
- it: adds a separate Mongo listener port when separateMongoListener is true
|
|
values:
|
|
- ../.lint/separate-mongo-listener.yaml
|
|
asserts:
|
|
- contains:
|
|
path: spec.ports
|
|
content:
|
|
name: mongo
|
|
port: 27017
|
|
targetPort: 27017
|
|
protocol: TCP
|
|
|
|
- it: does not add a separate Mongo listener port when separateMongoListener is true and ingress.enabled=true
|
|
values:
|
|
- ../.lint/separate-mongo-listener.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
proxyListenerMode: multiplex
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- notContains:
|
|
path: spec.ports
|
|
content:
|
|
name: mongo
|
|
port: 27017
|
|
targetPort: 27017
|
|
protocol: TCP
|
|
|
|
- it: sets AWS backend protocol annotation to ssl when in AWS mode and ACM annotation is set
|
|
values:
|
|
- ../.lint/aws-ha.yaml
|
|
set:
|
|
annotations:
|
|
service:
|
|
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:1234567890:certificate/a857a76c-51d0-4d3d-8000-465bb3e9829b
|
|
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
|
|
asserts:
|
|
- equal:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
|
|
value: ssl
|
|
|
|
- it: does not add AWS backend protocol annotation when in AWS mode, ACM annotation is set and ingress is enabled
|
|
values:
|
|
- ../.lint/aws-ha.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
service:
|
|
type: ClusterIP
|
|
annotations:
|
|
service:
|
|
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:1234567890:certificate/a857a76c-51d0-4d3d-8000-465bb3e9829b
|
|
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
|
|
asserts:
|
|
- isNull:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
|
|
|
|
- it: sets AWS backend protocol annotation to tcp when in AWS mode and ACM annotation is not set
|
|
values:
|
|
- ../.lint/aws-ha.yaml
|
|
asserts:
|
|
- equal:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
|
|
value: tcp
|
|
|
|
- it: does not set AWS backend protocol annotation when in AWS mode, ACM annotation is not set and ingress is enabled
|
|
values:
|
|
- ../.lint/aws-ha.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
service:
|
|
type: ClusterIP
|
|
annotations:
|
|
service:
|
|
# required so at least one service annotation exists, to avoid non map type error
|
|
service.beta.kubernetes.io/random-annotation: helm-lint
|
|
asserts:
|
|
- isNull:
|
|
path: metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol
|
|
|
|
- it: exposes separate listener ports by default
|
|
values:
|
|
- ../.lint/example-minimal-standalone.yaml
|
|
asserts:
|
|
- matchSnapshot:
|
|
path: spec.ports
|
|
|
|
- it: does not expose separate listener ports by default when ingress.enabled=true
|
|
values:
|
|
- ../.lint/example-minimal-standalone.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
proxyListenerMode: multiplex
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- notContains:
|
|
path: spec.ports
|
|
content:
|
|
- name: sshproxy
|
|
port: 3023
|
|
targetPort: 3023
|
|
protocol: TCP
|
|
- name: k8s
|
|
port: 3026
|
|
targetPort: 3026
|
|
protocol: TCP
|
|
- name: sshtun
|
|
port: 3024
|
|
targetPort: 3024
|
|
protocol: TCP
|
|
- name: mysql
|
|
port: 3036
|
|
targetPort: 3036
|
|
protocol: TCP
|
|
- matchSnapshot:
|
|
path: spec.ports
|
|
|
|
- it: exposes separate listener ports when running in separate mode
|
|
values:
|
|
- ../.lint/proxy-listener-mode-separate.yaml
|
|
asserts:
|
|
- matchSnapshot:
|
|
path: spec.ports
|
|
|
|
- it: does not expose separate listener ports when running in separate mode and ingress.enabled=true
|
|
values:
|
|
- ../.lint/proxy-listener-mode-separate.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
proxyListenerMode: multiplex
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- notContains:
|
|
path: spec.ports
|
|
content:
|
|
- name: sshproxy
|
|
port: 3023
|
|
targetPort: 3023
|
|
protocol: TCP
|
|
- name: k8s
|
|
port: 3026
|
|
targetPort: 3026
|
|
protocol: TCP
|
|
- name: sshtun
|
|
port: 3024
|
|
targetPort: 3024
|
|
protocol: TCP
|
|
- name: mysql
|
|
port: 3036
|
|
targetPort: 3036
|
|
protocol: TCP
|
|
- matchSnapshot:
|
|
path: spec.ports
|
|
|
|
- it: exposes a single port when running in multiplex mode
|
|
values:
|
|
- ../.lint/proxy-listener-mode-multiplex.yaml
|
|
asserts:
|
|
- matchSnapshot:
|
|
path: spec.ports
|
|
|
|
- it: exposes a single port when running in multiplex mode and ingress.enabled=true
|
|
values:
|
|
- ../.lint/proxy-listener-mode-multiplex.yaml
|
|
set:
|
|
ingress:
|
|
enabled: true
|
|
service:
|
|
type: ClusterIP
|
|
asserts:
|
|
- matchSnapshot:
|
|
path: spec.ports
|