From 0a0889e123517354695114cf70ea3cdac0334ef3 Mon Sep 17 00:00:00 2001 From: Tennison Yu Date: Thu, 11 Jul 2024 19:20:50 -0400 Subject: [PATCH] updates to iam jupyter operator charts --- .github/workflows/unittest.yaml | 61 ++++++++++ datalayer-iam/templates/deployment.yaml | 107 ++++-------------- .../templates/traefik-middleware.yaml | 2 + datalayer-iam/tests/deployment_test.yaml | 96 ++++++++++++++++ .../tests/traefik-middleware_test.yaml | 10 ++ .../tests/values/alternate_ingressclass.yaml | 2 + datalayer-iam/values.yaml | 28 ++++- datalayer-jupyter/templates/deployment.yaml | 69 ++++------- datalayer-jupyter/tests/deployment_test.yaml | 59 ++++++++++ datalayer-jupyter/values.yaml | 27 ++++- datalayer-operator/templates/deployment.yaml | 61 ++++------ datalayer-operator/templates/roles.yaml | 3 +- datalayer-operator/tests/deployment_test.yaml | 51 +++++++++ datalayer-operator/tests/roles_test.yaml | 11 ++ datalayer-operator/values.yaml | 17 ++- 15 files changed, 414 insertions(+), 190 deletions(-) create mode 100644 .github/workflows/unittest.yaml create mode 100644 datalayer-iam/tests/deployment_test.yaml create mode 100644 datalayer-iam/tests/traefik-middleware_test.yaml create mode 100644 datalayer-iam/tests/values/alternate_ingressclass.yaml create mode 100644 datalayer-jupyter/tests/deployment_test.yaml create mode 100644 datalayer-operator/tests/deployment_test.yaml create mode 100644 datalayer-operator/tests/roles_test.yaml diff --git a/.github/workflows/unittest.yaml b/.github/workflows/unittest.yaml new file mode 100644 index 0000000..689c4c9 --- /dev/null +++ b/.github/workflows/unittest.yaml @@ -0,0 +1,61 @@ +name: Unit tests + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + +jobs: + unittests: + runs-on: + labels: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@cc733854b1f224978ef800d29e4709d5ee2883e4 # v44.5.5 + with: + files: "./**" + dir_names: "true" + dir_names_max_depth: "2" + dir_names_deleted_files_include_only_deleted_dirs: "true" + + - name: List all changed files + id: modify-changed-files + run: | + echo "Number of changed files: ${{ steps.changed-files.outputs.all_modified_files_count }}" + + folders="" + counter=0 + + for folder in ${{ steps.changed-files.outputs.all_modified_files }}; do + echo "$folder was changed" + + # Check if overall chart folder still exists + if [[ -d "$folder" ]]; then + folders+="$folder " + counter=$((counter+1)) + else + echo "$folder no longer exists and will not be tested" + fi + done + + modified_folders=$(echo "$folders" | sed 's/ *$//') + + echo "folder_string=$modified_folders" >> "$GITHUB_OUTPUT" + echo "folder_count=$counter" >> "$GITHUB_OUTPUT" + + - name: Setup up Helm and unittest + uses: d3adb5/helm-unittest-action@66140cd099aa6c4f2ebc59735b8e421135a6d4e3 # v2.4 + if: steps.modify-changed-files.outputs.folder_count > 0 + with: + helm-version: v3.12.2 + charts: ${{ steps.changed-files.outputs.folder_string }} diff --git a/datalayer-iam/templates/deployment.yaml b/datalayer-iam/templates/deployment.yaml index be28605..f2159dc 100644 --- a/datalayer-iam/templates/deployment.yaml +++ b/datalayer-iam/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }} - namespace: {{ .Values.namespace }} + namespace: {{ default .Release.Namespace .Values.namespace }} labels: app: {{ template "iam.name" . }} spec: @@ -21,17 +21,11 @@ spec: datalayer.io/app: {{ template "iam.name" . }} spec: terminationGracePeriodSeconds: 0 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: role.datalayer.io/api - operator: In - values: - - "true" + {{- with .Values.iam.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: - - name: reg-creds + - name: reg-creds containers: - name: iam image: {{ .Values.iam.image }} @@ -39,82 +33,23 @@ spec: ports: - containerPort: {{ .Values.iam.port }} protocol: TCP + {{- if or .Values.iam.env .Values.iam.envValueFrom }} env: - - name: DATALAYER_RUNTIME_ENV - value: {{ .Values.iam.env.DATALAYER_RUNTIME_ENV }} - - name: DATALAYER_RUN_HOST - value: {{ .Values.iam.env.DATALAYER_RUN_HOST }} - - name: DATALAYER_CDN_URL - value: {{ .Values.iam.env.DATALAYER_CDN_URL }} - - name: DATALAYER_JWT_ISSUER - value: {{ .Values.iam.env.DATALAYER_JWT_ISSUER }} - - name: DATALAYER_JWT_SECRET - value: {{ .Values.iam.env.DATALAYER_JWT_SECRET }} - - name: DATALAYER_JWT_ALLOWED_ISSUERS - value: {{ .Values.iam.env.DATALAYER_JWT_ALLOWED_ISSUERS }} - - name: DATALAYER_JWT_ALGORITHM - value: {{ .Values.iam.env.DATALAYER_JWT_ALGORITHM }} - - name: DATALAYER_JWT_DEFAULT_KID_ISSUER - value: {{ .Values.iam.env.DATALAYER_JWT_DEFAULT_KID_ISSUER }} - - name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION - value: {{ .Values.iam.env.DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION | quote }} - - name: DATALAYER_AUTHZ_ENGINE - value: {{ .Values.iam.env.DATALAYER_AUTHZ_ENGINE }} - - name: DATALAYER_OPENFGA_REST_URL - value: {{ .Values.iam.env.DATALAYER_OPENFGA_REST_URL }} - - name: DATALAYER_OPENFGA_STORE_ID - value: {{ .Values.iam.env.DATALAYER_OPENFGA_STORE_ID }} - - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID - value: {{ .Values.iam.env.DATALAYER_OPENFGA_AUTHZ_MODEL_ID }} - - name: DATALAYER_SOLR_ZK_HOST - value: {{ .Values.iam.env.DATALAYER_SOLR_ZK_HOST }} - - name: DATALAYER_SOLR_USERNAME - valueFrom: - secretKeyRef: - name: solr-basic-auth - key: username - - name: DATALAYER_SOLR_PASSWORD - valueFrom: - secretKeyRef: - name: solr-basic-auth - key: password - - name: DATALAYER_SUPPORT_EMAIL - value: {{ .Values.iam.env.DATALAYER_SUPPORT_EMAIL }} - - name: DATALAYER_SMTP_HOST - value: {{ .Values.iam.env.DATALAYER_SMTP_HOST }} - - name: DATALAYER_SMTP_PORT - value: {{ .Values.iam.env.DATALAYER_SMTP_PORT | quote }} - - name: DATALAYER_SMTP_USERNAME - value: {{ .Values.iam.env.DATALAYER_SMTP_USERNAME }} - - name: DATALAYER_SMTP_PASSWORD - value: {{ .Values.iam.env.DATALAYER_SMTP_PASSWORD }} - - name: DATALAYER_GITHUB_CLIENT_ID - value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_ID }} - - name: DATALAYER_GITHUB_CLIENT_SECRET - value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_SECRET }} - - name: DATALAYER_CREDITS_PROVIDER - value: {{ .Values.iam.env.DATALAYER_CREDITS_PROVIDER }} - - name: DATALAYER_IAM_API_KEY - value: {{ .Values.iam.env.DATALAYER_IAM_API_KEY }} - - name: DATALAYER_PUB_SUB_ENGINE - value: {{ .Values.iam.env.DATALAYER_PUB_SUB_ENGINE }} - - name: DATALAYER_PULSAR_URL - value: {{ .Values.iam.env.DATALAYER_PULSAR_URL }} - # Addons - {{ if eq .Values.iam.env.DATALAYER_CREDITS_PROVIDER "stripe" }} - - name: DATALAYER_STRIPE_API_KEY - value: {{ .Values.iam.env.DATALAYER_STRIPE_API_KEY }} - - name: DATALAYER_STRIPE_JS_API_KEY - value: {{ .Values.iam.env.DATALAYER_STRIPE_JS_API_KEY }} - - name: DATALAYER_STRIPE_PRODUCT_ID - value: {{ .Values.iam.env.DATALAYER_STRIPE_PRODUCT_ID }} - - name: DATALAYER_STRIPE_BILLING_ROUTE - value: {{ .Values.iam.env.DATALAYER_STRIPE_BILLING_ROUTE }} - - name: DATALAYER_STRIPE_WEBHOOK_SECRET - value: {{ .Values.iam.env.DATALAYER_STRIPE_WEBHOOK_SECRET }}{{ end }} - volumeMounts: - resources: -{{ toYaml .Values.iam.resources | indent 12 }} + {{- range $key, $value := .Values.iam.envValueFrom }} + - name: {{ $key }} + valueFrom: {{- $value | toYaml | nindent 16 }} + {{- end }} + {{- range $key, $value := .Values.iam.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with .Values.iam.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.iam.volumeMounts }} + volumeMounts: {{- toYaml . | nindent 12 }} + {{- end }} # - name: iam-sidecar # image: {{ .Values.iam.sidecar.image }} # imagePullPolicy: {{ .Values.iam.imagePullPolicy }} diff --git a/datalayer-iam/templates/traefik-middleware.yaml b/datalayer-iam/templates/traefik-middleware.yaml index 59fa158..99fd790 100644 --- a/datalayer-iam/templates/traefik-middleware.yaml +++ b/datalayer-iam/templates/traefik-middleware.yaml @@ -1,3 +1,4 @@ +{{- if eq .Values.ingressClass "datalayer-traefik" }} apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: @@ -9,3 +10,4 @@ spec: trustForwardHeader: true # authRequestHeaders: # - "Authorization" +{{- end }} \ No newline at end of file diff --git a/datalayer-iam/tests/deployment_test.yaml b/datalayer-iam/tests/deployment_test.yaml new file mode 100644 index 0000000..d4c047b --- /dev/null +++ b/datalayer-iam/tests/deployment_test.yaml @@ -0,0 +1,96 @@ +suite: test deployment +templates: + - templates/deployment.yaml +tests: + - it: "test affinity" + asserts: + - isSubset: + path: spec.template.spec + content: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" + - it: "test environment variables" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: DATALAYER_SOLR_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: solr-basic-auth + - name: DATALAYER_SOLR_USERNAME + valueFrom: + secretKeyRef: + key: username + name: solr-basic-auth + - name: DATALAYER_AUTHZ_ENGINE + value: "openfga" + - name: DATALAYER_CDN_URL + value: "" + - name: DATALAYER_CREDITS_PROVIDER + value: "" + - name: DATALAYER_GITHUB_CLIENT_ID + value: "" + - name: DATALAYER_GITHUB_CLIENT_SECRET + value: "" + - name: DATALAYER_IAM_API_KEY + value: "" + - name: DATALAYER_JWT_ALGORITHM + value: "" + - name: DATALAYER_JWT_ALLOWED_ISSUERS + value: "" + - name: DATALAYER_JWT_DEFAULT_KID_ISSUER + value: "" + - name: DATALAYER_JWT_ISSUER + value: "https://id.datalayer.run" + - name: DATALAYER_JWT_SECRET + value: "" + - name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION + value: "false" + - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID + value: "" + - name: DATALAYER_OPENFGA_REST_URL + value: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080" + - name: DATALAYER_OPENFGA_STORE_ID + value: "" + - name: DATALAYER_PUB_SUB_ENGINE + value: "pulsar" + - name: DATALAYER_PULSAR_URL + value: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" + - name: DATALAYER_RUNTIME_ENV + value: "prod" + - name: DATALAYER_RUN_HOST + value: "" + - name: DATALAYER_SMTP_HOST + value: "" + - name: DATALAYER_SMTP_PASSWORD + value: "" + - name: DATALAYER_SMTP_PORT + value: "0" + - name: DATALAYER_SMTP_USERNAME + value: "" + - name: DATALAYER_SOLR_ZK_HOST + value: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local" + - name: DATALAYER_STRIPE_API_KEY + value: "" + - name: DATALAYER_STRIPE_BILLING_ROUTE + value: "/usage/billing" + - name: DATALAYER_STRIPE_JS_API_KEY + value: "" + - name: DATALAYER_STRIPE_PRODUCT_ID + value: "" + - name: DATALAYER_STRIPE_WEBHOOK_SECRET + value: "" + - name: DATALAYER_SUPPORT_EMAIL + value: "" + + diff --git a/datalayer-iam/tests/traefik-middleware_test.yaml b/datalayer-iam/tests/traefik-middleware_test.yaml new file mode 100644 index 0000000..4303e92 --- /dev/null +++ b/datalayer-iam/tests/traefik-middleware_test.yaml @@ -0,0 +1,10 @@ +suite: test traefik-middleware +templates: + - templates/traefik-middleware.yaml +tests: + - it: "test traefik middleware resource" + values: + - ./values/alternate_ingressclass.yaml + asserts: + - hasDocuments: + count: 0 diff --git a/datalayer-iam/tests/values/alternate_ingressclass.yaml b/datalayer-iam/tests/values/alternate_ingressclass.yaml new file mode 100644 index 0000000..ae17a64 --- /dev/null +++ b/datalayer-iam/tests/values/alternate_ingressclass.yaml @@ -0,0 +1,2 @@ +iam: + ingressClass: "nginx" \ No newline at end of file diff --git a/datalayer-iam/values.yaml b/datalayer-iam/values.yaml index f240a6e..39d1b2d 100644 --- a/datalayer-iam/values.yaml +++ b/datalayer-iam/values.yaml @@ -7,10 +7,24 @@ iam: clusterType: any certificateIssuer: letsencrypt ingressClass: datalayer-traefik -# resources: -# limits: -# memory: "8192Mi" -# cpu: "3000m" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" + envValueFrom: + DATALAYER_SOLR_USERNAME: + secretKeyRef: + name: solr-basic-auth + key: username + DATALAYER_SOLR_PASSWORD: + secretKeyRef: + name: solr-basic-auth + key: password env: DATALAYER_AUTHZ_ENGINE: "openfga" DATALAYER_CDN_URL: "" @@ -27,7 +41,6 @@ iam: DATALAYER_OPENFGA_AUTHZ_MODEL_ID: "" DATALAYER_OPENFGA_REST_URL: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080" DATALAYER_OPENFGA_STORE_ID: "" - DATALAYER_OPENFGA_AUTHZ_MODEL_ID: "" DATALAYER_PUB_SUB_ENGINE: "pulsar" DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" DATALAYER_RUNTIME_ENV: "prod" @@ -43,3 +56,8 @@ iam: DATALAYER_STRIPE_PRODUCT_ID: "" DATALAYER_STRIPE_WEBHOOK_SECRET: "" DATALAYER_SUPPORT_EMAIL: "" + +# resources: +# limits: +# memory: "8192Mi" +# cpu: "3000m" \ No newline at end of file diff --git a/datalayer-jupyter/templates/deployment.yaml b/datalayer-jupyter/templates/deployment.yaml index c080540..2d3589d 100644 --- a/datalayer-jupyter/templates/deployment.yaml +++ b/datalayer-jupyter/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }} - namespace: {{ .Values.namespace }} + namespace: {{ default .Release.Namespace .Values.namespace }} labels: app: {{ template "jupyter.name" . }} spec: @@ -21,15 +21,9 @@ spec: datalayer.io/app: {{ template "jupyter.name" . }} spec: terminationGracePeriodSeconds: 0 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: role.datalayer.io/api - operator: In - values: - - "true" + {{- with .Values.jupyter.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: - name: reg-creds containers: @@ -39,46 +33,23 @@ spec: ports: - containerPort: {{ .Values.jupyter.port }} protocol: TCP + {{- if or .Values.jupyter.env .Values.jupyter.envValueFrom }} env: - - name: DATALAYER_RUN_HOST - value: {{ .Values.jupyter.env.DATALAYER_RUN_HOST }} - - name: DATALAYER_CDN_URL - value: {{ .Values.jupyter.env.DATALAYER_CDN_URL }} - - name: DATALAYER_RUNTIME_ENV - value: {{ .Values.jupyter.env.DATALAYER_RUNTIME_ENV }} - - name: DATALAYER_JWT_ISSUER - value: {{ .Values.jupyter.env.DATALAYER_JWT_ISSUER }} - - name: DATALAYER_JWT_SECRET - value: {{ .Values.jupyter.env.DATALAYER_JWT_SECRET }} - - name: DATALAYER_JWT_ALGORITHM - value: {{ .Values.jupyter.env.DATALAYER_JWT_ALGORITHM }} - - name: DATALAYER_AUTHZ_ENGINE - value: {{ .Values.jupyter.env.DATALAYER_AUTHZ_ENGINE }} - - name: DATALAYER_OPENFGA_REST_URL - value: {{ .Values.jupyter.env.DATALAYER_OPENFGA_REST_URL }} - - name: DATALAYER_OPENFGA_STORE_ID - value: {{ .Values.jupyter.env.DATALAYER_OPENFGA_STORE_ID }} - - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID - value: {{ .Values.jupyter.env.DATALAYER_OPENFGA_AUTHZ_MODEL_ID }} - - name: DATALAYER_SOLR_ZK_HOST - value: {{ .Values.jupyter.env.DATALAYER_SOLR_ZK_HOST }} - - name: DATALAYER_SOLR_USERNAME - valueFrom: - secretKeyRef: - name: solr-basic-auth - key: username - - name: DATALAYER_SOLR_PASSWORD - valueFrom: - secretKeyRef: - name: solr-basic-auth - key: password - - name: DATALAYER_OPERATOR_API_KEY - value: {{ .Values.jupyter.env.DATALAYER_OPERATOR_API_KEY }} - - name: DATALAYER_JWT_CACHE_VALIDATE - value: "false" - volumeMounts: - resources: -{{ toYaml .Values.jupyter.resources | indent 12 }} + {{- range $key, $value := .Values.jupyter.envValueFrom }} + - name: {{ $key }} + valueFrom: {{- $value | toYaml | nindent 16 }} + {{- end }} + {{- range $key, $value := .Values.jupyter.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with .Values.jupyter.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.jupyter.volumeMounts }} + volumeMounts: {{- toYaml . | nindent 12 }} + {{- end }} # - name: jupyter-sidecar # image: {{ .Values.jupyter.sidecar.image }} # imagePullPolicy: {{ .Values.jupyter.imagePullPolicy }} diff --git a/datalayer-jupyter/tests/deployment_test.yaml b/datalayer-jupyter/tests/deployment_test.yaml new file mode 100644 index 0000000..3c37564 --- /dev/null +++ b/datalayer-jupyter/tests/deployment_test.yaml @@ -0,0 +1,59 @@ +suite: test deployment +templates: + - templates/deployment.yaml +tests: + - it: "test affinity" + asserts: + - isSubset: + path: spec.template.spec + content: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" + - it: "test environment variables" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: DATALAYER_SOLR_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: solr-basic-auth + - name: DATALAYER_SOLR_USERNAME + valueFrom: + secretKeyRef: + key: username + name: solr-basic-auth + - name: DATALAYER_AUTHZ_ENGINE + value: "" + - name: DATALAYER_CDN_URL + value: "" + - name: DATALAYER_JWT_ALGORITHM + value: "" + - name: DATALAYER_JWT_ISSUER + value: "https://id.datalayer.run" + - name: DATALAYER_JWT_SECRET + value: "" + - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID + value: "" + - name: DATALAYER_OPENFGA_REST_URL + value: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080" + - name: DATALAYER_OPENFGA_STORE_ID + value: "" + - name: DATALAYER_OPERATOR_API_KEY + value: "" + - name: DATALAYER_RUNTIME_ENV + value: "prod" + - name: DATALAYER_RUN_HOST + value: "" + - name: DATALAYER_SOLR_ZK_HOST + value: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local" + diff --git a/datalayer-jupyter/values.yaml b/datalayer-jupyter/values.yaml index 440b91a..62cab1f 100644 --- a/datalayer-jupyter/values.yaml +++ b/datalayer-jupyter/values.yaml @@ -7,10 +7,24 @@ jupyter: certificateIssuer: letsencrypt ingressClass: datalayer-traefik port: 9500 -# resources: -# limits: -# memory: "8192Mi" -# cpu: "3000m" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" + envValueFrom: + DATALAYER_SOLR_USERNAME: + secretKeyRef: + name: solr-basic-auth + key: username + DATALAYER_SOLR_PASSWORD: + secretKeyRef: + name: solr-basic-auth + key: password env: DATALAYER_AUTHZ_ENGINE: "" DATALAYER_CDN_URL: "" @@ -24,3 +38,8 @@ jupyter: DATALAYER_RUNTIME_ENV: "prod" DATALAYER_RUN_HOST: "" DATALAYER_SOLR_ZK_HOST: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local" + +# resources: +# limits: +# memory: "8192Mi" +# cpu: "3000m" \ No newline at end of file diff --git a/datalayer-operator/templates/deployment.yaml b/datalayer-operator/templates/deployment.yaml index af90177..0ad17cd 100644 --- a/datalayer-operator/templates/deployment.yaml +++ b/datalayer-operator/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }} - namespace: {{ .Values.namespace }} + namespace: {{ default .Release.Namespace .Values.namespace }} labels: app: {{ template "operator.name" . }} spec: @@ -21,17 +21,11 @@ spec: datalayer.io/app: {{ template "operator.name" . }} spec: terminationGracePeriodSeconds: 0 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: role.datalayer.io/api - operator: In - values: - - "true" + {{- with .Values.operator.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: - - name: reg-creds + - name: reg-creds containers: - name: operator image: {{ .Values.operator.image }} @@ -39,33 +33,17 @@ spec: ports: - containerPort: {{ .Values.operator.port }} protocol: TCP + {{- if or .Values.operator.env .Values.operator.envValueFrom }} env: - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.operator.env.AWS_ACCESS_KEY_ID }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.operator.env.AWS_SECRET_ACCESS_KEY }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.operator.env.AWS_DEFAULT_REGION }} - - name: DATALAYER_RUN_HOST - value: {{ .Values.operator.env.DATALAYER_RUN_HOST }} - - name: DATALAYER_INGRESS_CLASS_NAME - value: {{ .Values.operator.env.DATALAYER_INGRESS_CLASS_NAME }} - - name: DATALAYER_CERT_ISSUER - value: {{ .Values.operator.env.DATALAYER_CERT_ISSUER }} - - name: DATALAYER_DOCKER_REGISTRY - value: {{ .Values.operator.env.DATALAYER_DOCKER_REGISTRY }} - - name: DATALAYER_AUTHZ_ENGINE - value: {{ .Values.operator.env.DATALAYER_AUTHZ_ENGINE }} - - name: DATALAYER_OPERATOR_API_KEY - value: {{ .Values.operator.env.DATALAYER_OPERATOR_API_KEY }} - - name: DATALAYER_IAM_API_KEY - value: {{ .Values.operator.env.DATALAYER_IAM_API_KEY }} - - name: DATALAYER_IAM_HOST - value: {{ .Values.operator.env.DATALAYER_IAM_HOST }} - - name: DATALAYER_PUB_SUB_ENGINE - value: {{ .Values.operator.env.DATALAYER_PUB_SUB_ENGINE }} - - name: DATALAYER_PULSAR_URL - value: {{ .Values.operator.env.DATALAYER_PULSAR_URL }} + {{- range $key, $value := .Values.operator.envValueFrom }} + - name: {{ $key }} + valueFrom: {{- $value | toYaml | nindent 16 }} + {{- end }} + {{- range $key, $value := .Values.operator.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} readinessProbe: httpGet: path: /api/operator/version @@ -74,9 +52,12 @@ spec: failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 - volumeMounts: - resources: -{{ toYaml .Values.operator.resources | indent 12 }} + {{- with .Values.operator.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.operator.volumeMounts }} + volumeMounts: {{- toYaml . | nindent 12 }} + {{- end }} # - name: operator-sidecar # image: {{ .Values.operator.sidecar.image }} # imagePullPolicy: {{ .Values.operator.imagePullPolicy }} diff --git a/datalayer-operator/templates/roles.yaml b/datalayer-operator/templates/roles.yaml index ad115ba..1e3edca 100644 --- a/datalayer-operator/templates/roles.yaml +++ b/datalayer-operator/templates/roles.yaml @@ -15,5 +15,4 @@ roleRef: subjects: - kind: ServiceAccount name: default -# TODO FIX ME - Should be {{ .Values.namespace }} !!! - namespace: datalayer-api + namespace: {{ default .Release.Namespace .Values.namespace }} diff --git a/datalayer-operator/tests/deployment_test.yaml b/datalayer-operator/tests/deployment_test.yaml new file mode 100644 index 0000000..d8ce712 --- /dev/null +++ b/datalayer-operator/tests/deployment_test.yaml @@ -0,0 +1,51 @@ +suite: test deployment +templates: + - templates/deployment.yaml +tests: + - it: "test affinity" + asserts: + - isSubset: + path: spec.template.spec + content: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" + - it: "test environment variables" + asserts: + - isSubset: + path: spec.template.spec.containers[0] + content: + env: + - name: AWS_ACCESS_KEY_ID + value: "" + - name: AWS_DEFAULT_REGION + value: "" + - name: AWS_SECRET_ACCESS_KEY + value: "" + - name: DATALAYER_AUTHZ_ENGINE + value: "openfga" + - name: DATALAYER_CERT_ISSUER + value: "letsencrypt" + - name: DATALAYER_DOCKER_REGISTRY + value: "" + - name: DATALAYER_IAM_API_KEY + value: "" + - name: DATALAYER_IAM_HOST + value: "datalayer-iam-svc.datalayer-api.svc.cluster.local:9700" + - name: DATALAYER_INGRESS_CLASS_NAME + value: "datalayer-traefik" + - name: DATALAYER_OPERATOR_API_KEY + value: "" + - name: DATALAYER_PUB_SUB_ENGINE + value: "pulsar" + - name: DATALAYER_PULSAR_URL + value: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" + - name: DATALAYER_RUN_HOST + value: "" + diff --git a/datalayer-operator/tests/roles_test.yaml b/datalayer-operator/tests/roles_test.yaml new file mode 100644 index 0000000..e5be05f --- /dev/null +++ b/datalayer-operator/tests/roles_test.yaml @@ -0,0 +1,11 @@ +suite: test roles +templates: + - templates/roles.yaml +tests: + - it: "test ClusterRoleBinding subjects" + release: + namespace: default + asserts: + - equal: + path: subjects[0].namespace + value: default \ No newline at end of file diff --git a/datalayer-operator/values.yaml b/datalayer-operator/values.yaml index 5c64eab..b5afc47 100644 --- a/datalayer-operator/values.yaml +++ b/datalayer-operator/values.yaml @@ -5,10 +5,15 @@ operator: imagePullPolicy: Always crds: true port: 2111 -# resources: -# limits: -# memory: "8192Mi" -# cpu: "3000m" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role.datalayer.io/api + operator: In + values: + - "true" env: AWS_ACCESS_KEY_ID: "" AWS_DEFAULT_REGION: "" @@ -23,3 +28,7 @@ operator: DATALAYER_PUB_SUB_ENGINE: "pulsar" DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" DATALAYER_RUN_HOST: "" + # resources: + # limits: + # memory: "8192Mi" + # cpu: "3000m"