add support for hostAliases in pod templates (#153)

gruntwork-io · Feb 1, 2023 · 628c207 · 628c207
1 parent 60b626c
commit 628c207
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 6 deletions.
diff --git a/charts/k8s-service/README.md b/charts/k8s-service/README.md
@@ -1034,10 +1034,10 @@ To configure a canary deployment, set `canary.enabled = true` and define the `co
 
 ```yaml
 canary:
-  enabled: true
+    enabled: true
     containerImage:
-      repository: nginx
-      tag: 1.15.9
+        repository: nginx
+        tag: 1.15.9
 ```
 Once deployed, your service will route traffic across both your stable and canary deployments, allowing you to monitor for and catch any issues early.
 

diff --git a/charts/k8s-service/templates/_deployment_spec.tpl b/charts/k8s-service/templates/_deployment_spec.tpl
@@ -140,6 +140,10 @@ spec:
       securityContext:
 {{ toYaml .Values.podSecurityContext | indent 8 }}
       {{- end}}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
+      {{- end }}
 
       containers:
         {{- if .isCanary }}

diff --git a/charts/k8s-service/values.yaml b/charts/k8s-service/values.yaml
@@ -110,16 +110,40 @@ livenessProbe: {}
 #     port: http
 readinessProbe: {}
 
-# securityContext is a map that specified the privillege and access control settings for a Pod of Container. Security Context
+# hostAliases is a list of maps that specify additional entries to be added to the pod's `/etc/hosts` file. This is useful
+# for adding custom DNS entries to the pod. The items in the list are maps with the following keys:
+#   - ip        (string)       (required) : The IP address of the host.
+#   - hostnames (list[string]) (required) : A list of hostnames that should be resolved to the IP address.
+#
+# Refer to https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ for more details.
+#
+# EXAMPLE:
+#
+# The following example specifies two aliases to be added to the pod's /etc/hosts file in a new section at the bottom:
+#
+# hostAliases:
+#   - ip: 127.0.0.1
+#     hostnames:
+#      - foo.local
+#      - bar.local
+#   - ip: 10.1.2.3
+#     hostnames:
+#      - foo.remote
+#      - bar.remote
+#
+# NOTE: This variable is injected directly into the deployment spec.
+hostAliases: []
+
+# securityContext is a map that specified the privilege and access control settings for a Pod of Container. Security Context
 # can be specified when the application requires additional access control permissions. More details on securityContext and supported
 # settings can be found at https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 # similar to the podSecurityContext {} however, this sets security attributes at the container level rather than at the pod level scope.
 
 #
 # EXAMPLE:
-# 1) To run a container in privilleged mode
+# 1) To run a container in privileged mode
 # securityContext:
-#   privilleged: true
+#   privileged: true
 #
 # 2) To run a container as a specific user
 # securityContext:

diff --git a/test/k8s_service_template_test.go b/test/k8s_service_template_test.go
@@ -628,6 +628,39 @@ func TestK8SServiceWithContainerArgsHasArgsSpec(t *testing.T) {
 	assert.Equal(t, appContainer.Args, []string{"echo", "Hello world"})
 }
 
+// Test that omitting hostAliases does not set hostAliases attribute on the Deployment container spec.
+func TestK8SServiceDefaultHasNullHostAliasesSpec(t *testing.T) {
+	t.Parallel()
+
+	deployment := renderK8SServiceDeploymentWithSetValues(t, map[string]string{})
+	renderedPodSpec := deployment.Spec.Template.Spec
+	assert.Nil(t, renderedPodSpec.HostAliases)
+}
+
+// Test that setting hostAliases sets the hostAliases attribute on the Deployment container spec.
+func TestK8SServiceWithHostAliasesHasHostAliasesSpec(t *testing.T) {
+	t.Parallel()
+
+	deployment := renderK8SServiceDeploymentWithSetValues(
+		t,
+		map[string]string{
+			"hostAliases[0].ip":           "127.0.0.1",
+			"hostAliases[0].hostnames[0]": "foo.local",
+			"hostAliases[0].hostnames[1]": "bar.local",
+			"hostAliases[1].ip":           "10.1.2.3",
+			"hostAliases[1].hostnames[0]": "foo.remote",
+			"hostAliases[1].hostnames[1]": "bar.remote",
+		},
+	)
+	renderedPodSpec := deployment.Spec.Template.Spec
+	assert.Equal(t, len(renderedPodSpec.HostAliases), 2)
+	// order should be preserved, since order is important for /etc/hosts
+	assert.Equal(t, renderedPodSpec.HostAliases[0].IP, "127.0.0.1")
+	assert.Equal(t, renderedPodSpec.HostAliases[0].Hostnames, []string{"foo.local", "bar.local"})
+	assert.Equal(t, renderedPodSpec.HostAliases[1].IP, "10.1.2.3")
+	assert.Equal(t, renderedPodSpec.HostAliases[1].Hostnames, []string{"foo.remote", "bar.remote"})
+}
+
 // Test that providing tls configuration to Ingress renders correctly
 func TestK8SServiceIngressMultiCert(t *testing.T) {
 	t.Parallel()