diff --git a/charts/nr-k8s-otel-collector/Chart.yaml b/charts/nr-k8s-otel-collector/Chart.yaml index 735ae5d0c..d1c5bc23e 100644 --- a/charts/nr-k8s-otel-collector/Chart.yaml +++ b/charts/nr-k8s-otel-collector/Chart.yaml @@ -17,7 +17,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.2 +version: 0.3.3 dependencies: - name: common-library diff --git a/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml b/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml index 583e4aa0f..6cb690ba5 100644 --- a/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml +++ b/charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "newrelic.common.labels" . | nindent 4 }} data: - otel-collector-config.yaml: | + daemonset-config.yaml: | receivers: hostmetrics: # TODO (chris): this is a linux specific configuration diff --git a/charts/nr-k8s-otel-collector/templates/daemonset.yaml b/charts/nr-k8s-otel-collector/templates/daemonset.yaml index 6544b1842..f24cac424 100644 --- a/charts/nr-k8s-otel-collector/templates/daemonset.yaml +++ b/charts/nr-k8s-otel-collector/templates/daemonset.yaml @@ -41,9 +41,7 @@ spec: {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /otelcol-contrib - - --config=/conf/otel-collector-config.yaml + args: ["--config", "/config/daemonset-config.yaml"] resources: {{- toYaml .Values.daemonset.resources | nindent 12 }} env: @@ -83,8 +81,8 @@ spec: mountPath: /var/log/pods readOnly: true {{- end }} - - name: config-volume - mountPath: /conf + - name: daemonset-config + mountPath: /config volumes: # TODO (chris): this is a linux specific configuration {{- if include "newrelic.common.privileged" . }} @@ -95,7 +93,7 @@ spec: hostPath: path: /var/log/pods {{- end }} - - name: config-volume + - name: daemonset-config configMap: name: {{ include "nrKubernetesOtel.daemonset.configmap.fullname" . }} {{- with include "nrKubernetesOtel.daemonset.nodeSelector" . }} diff --git a/charts/nr-k8s-otel-collector/templates/deployment.yaml b/charts/nr-k8s-otel-collector/templates/deployment.yaml index d570432fb..b236ac085 100644 --- a/charts/nr-k8s-otel-collector/templates/deployment.yaml +++ b/charts/nr-k8s-otel-collector/templates/deployment.yaml @@ -42,8 +42,8 @@ spec: {{- . | nindent 12 }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - args: ["--config", "/config/deployment-config.yaml"] imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["--config", "/config/deployment-config.yaml"] resources: {{- toYaml .Values.deployment.resources | nindent 12 }} env: diff --git a/charts/nr-k8s-otel-collector/tests/affinity_test.yaml b/charts/nr-k8s-otel-collector/tests/affinity_test.yaml new file mode 100644 index 000000000..6593d4746 --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/affinity_test.yaml @@ -0,0 +1,314 @@ +suite: affinity +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets affinity to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.spec.affinity + template: templates/deployment.yaml + - notExists: + path: spec.template.spec.affinity + template: templates/daemonset.yaml + - it: sets affinity from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/deployment.yaml + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/daemonset.yaml + - it: sets affinity from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/deployment.yaml + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/daemonset.yaml + - it: sets affinity from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + global: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/deployment.yaml + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/daemonset.yaml + - it: sets affinity from deployment values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: deploymentKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: deploymentKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/deployment.yaml + - it: sets affinity from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: daemonsetKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: daemonsetKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/daemonset.yaml + - it: sets affinity from deployment values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: deploymentKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + global: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: deploymentKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/deployment.yaml + - it: sets affinity from daemonset values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: daemonsetKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: topLevelKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + global: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: globalKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + asserts: + - equal: + path: spec.template.spec.affinity + value: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: daemonsetKey + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + template: templates/daemonset.yaml \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/tests/annotations_test.yaml b/charts/nr-k8s-otel-collector/tests/annotations_test.yaml new file mode 100644 index 000000000..4245a5fcc --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/annotations_test.yaml @@ -0,0 +1,56 @@ +suite: annotations +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets pod annotations to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - exists: + path: spec.template.metadata.annotations.checksum/config + template: templates/deployment.yaml + - exists: + path: spec.template.metadata.annotations.checksum/config + template: templates/daemonset.yaml + - it: sets pod annotations from values + set: + cluster: my-cluster + licenseKey: us-whatever + deployment: + podAnnotations: + deploymentKey1: "deploymentValue1" + deploymentKey2: "deploymentValue2" + daemonset: + podAnnotations: + daemonsetKey1: "daemonsetValue1" + daemonsetKey2: "daemonsetValue2" + asserts: + - exists: + path: spec.template.metadata.annotations.checksum/config + template: templates/deployment.yaml + - equal: + path: spec.template.metadata.annotations.deploymentKey1 + value: deploymentValue1 + template: templates/deployment.yaml + - equal: + path: spec.template.metadata.annotations.deploymentKey2 + value: deploymentValue2 + template: templates/deployment.yaml + - exists: + path: spec.template.metadata.annotations.checksum/config + template: templates/daemonset.yaml + - equal: + path: spec.template.metadata.annotations.daemonsetKey1 + value: daemonsetValue1 + template: templates/daemonset.yaml + - equal: + path: spec.template.metadata.annotations.daemonsetKey2 + value: daemonsetValue2 + template: templates/daemonset.yaml diff --git a/charts/nr-k8s-otel-collector/tests/images_test.yaml b/charts/nr-k8s-otel-collector/tests/images_test.yaml new file mode 100644 index 000000000..b59edde0f --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/images_test.yaml @@ -0,0 +1,48 @@ +suite: images +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: has a default image tag + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notMatchRegex: + path: spec.template.spec.containers[0].image + pattern: ".*nil.*" + template: templates/deployment.yaml + - notMatchRegex: + path: spec.template.spec.containers[0].image + pattern: ".*nil.*" + template: templates/daemonset.yaml + - it: loads image and version + set: + cluster: my-cluster + licenseKey: us-whatever + image: + repository: nr/dot + pullPolicy: Always + tag: "1.1.1" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: nr/dot:1.1.1 + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].image + value: nr/dot:1.1.1 + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + template: templates/daemonset.yaml \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/tests/node_selector_test.yaml b/charts/nr-k8s-otel-collector/tests/node_selector_test.yaml new file mode 100644 index 000000000..49725286a --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/node_selector_test.yaml @@ -0,0 +1,138 @@ +suite: nodeSelector +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets nodeSelector to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.spec.nodeSelector + template: templates/deployment.yaml + - notExists: + path: spec.template.spec.nodeSelector + template: templates/daemonset.yaml + - it: sets nodeSelector from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + nodeSelector: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + globalKey: globalValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.nodeSelector + value: + globalKey: globalValue + template: templates/daemonset.yaml + - it: sets nodeSelector from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + nodeSelector: + topLevelKey: topLevelValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.nodeSelector + value: + topLevelKey: topLevelValue + template: templates/daemonset.yaml + - it: sets nodeSelector from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + nodeSelector: + topLevelKey: topLevelValue + global: + nodeSelector: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.nodeSelector + value: + topLevelKey: topLevelValue + template: templates/daemonset.yaml + - it: sets nodeSelector from deployment values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + nodeSelector: + deploymentKey: deploymentValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets nodeSelector from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + nodeSelector: + daemonsetKey: daemonsetValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + daemonsetKey: daemonsetValue + template: templates/daemonset.yaml + - it: sets nodeSelector from deployment values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + nodeSelector: + deploymentKey: deploymentValue + nodeSelector: + topLevelKey: topLevelValue + global: + nodeSelector: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets nodeSelector from daemonset values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + nodeSelector: + daemonsetKey: daemonsetValue + nodeSelector: + topLevelKey: topLevelValue + global: + nodeSelector: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + daemonsetKey: daemonsetValue + template: templates/daemonset.yaml \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/tests/privileged_test.yaml b/charts/nr-k8s-otel-collector/tests/privileged_test.yaml new file mode 100644 index 000000000..d18d06e73 --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/privileged_test.yaml @@ -0,0 +1,88 @@ +suite: privileged +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets privileged to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - name: host-fs + mountPath: /hostfs + readOnly: true + - name: varlogpods + mountPath: /var/log/pods + readOnly: true + - name: daemonset-config + mountPath: /config + template: templates/daemonset.yaml + - lengthEqual: + path: spec.template.spec.volumes + count: 3 + template: templates/daemonset.yaml + - it: does not set privileged from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + privileged: false + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - name: host-fs + mountPath: /hostfs + readOnly: true + - name: varlogpods + mountPath: /var/log/pods + readOnly: true + - name: daemonset-config + mountPath: /config + template: templates/daemonset.yaml + - lengthEqual: + path: spec.template.spec.volumes + count: 3 + template: templates/daemonset.yaml + - it: sets privileged from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + privileged: false + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - name: daemonset-config + mountPath: /config + template: templates/daemonset.yaml + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + template: templates/daemonset.yaml + - it: sets privileged from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + privileged: false + global: + privileged: true + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - name: daemonset-config + mountPath: /config + template: templates/daemonset.yaml + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + template: templates/daemonset.yaml diff --git a/charts/nr-k8s-otel-collector/tests/rbac_test.yaml b/charts/nr-k8s-otel-collector/tests/rbac_test.yaml new file mode 100644 index 000000000..487759fa6 --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/rbac_test.yaml @@ -0,0 +1,59 @@ +suite: rbac +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml + - templates/secret.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: points RBAC to the service account created by default + set: + licenseKey: test + cluster: test + rbac.create: true + serviceAccount.create: true + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: my-release-nr-k8s-otel-collector + template: templates/deployment.yaml + - equal: + path: spec.template.spec.serviceAccountName + value: my-release-nr-k8s-otel-collector + template: templates/daemonset.yaml + + - it: points RBAC to the service account the user supplies when serviceAccount is disabled + set: + licenseKey: test + cluster: test + rbac.create: true + serviceAccount.create: false + serviceAccount.name: sa-test + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: sa-test + template: templates/deployment.yaml + - equal: + path: spec.template.spec.serviceAccountName + value: sa-test + template: templates/daemonset.yaml + + - it: points RBAC to the default service account when the user disables serviceAccount creation + set: + licenseKey: test + cluster: test + rbac.create: true + serviceAccount.create: false + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: default + template: templates/deployment.yaml + - equal: + path: spec.template.spec.serviceAccountName + value: default + template: templates/daemonset.yaml diff --git a/charts/nr-k8s-otel-collector/tests/resources_test.yaml b/charts/nr-k8s-otel-collector/tests/resources_test.yaml new file mode 100644 index 000000000..dec2914ce --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/resources_test.yaml @@ -0,0 +1,62 @@ +suite: resources +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets pod resources to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.metadata.resources + template: templates/deployment.yaml + - notExists: + path: spec.template.metadata.resources + template: templates/daemonset.yaml + - it: sets pod resources from values + set: + cluster: my-cluster + licenseKey: us-whatever + deployment: + resources: + requests: + memory: "64Mi" + cpu: "250m" + limits: + memory: "128Mi" + cpu: "500m" + daemonset: + resources: + requests: + memory: "32Mi" + cpu: "125m" + limits: + memory: "64Mi" + cpu: "250m" + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + memory: "64Mi" + cpu: "250m" + limits: + memory: "128Mi" + cpu: "500m" + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + memory: "32Mi" + cpu: "125m" + limits: + memory: "64Mi" + cpu: "250m" + template: templates/daemonset.yaml diff --git a/charts/nr-k8s-otel-collector/tests/security_context_test.yaml b/charts/nr-k8s-otel-collector/tests/security_context_test.yaml new file mode 100644 index 000000000..88e0e271d --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/security_context_test.yaml @@ -0,0 +1,285 @@ +suite: securityContext +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets pod securityContext set to defaults when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.spec.securityContext + template: templates/deployment.yaml + - notExists: + path: spec.template.spec.securityContext + template: templates/daemonset.yaml + - it: sets pod securityContext from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + podSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + globalKey: globalValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.securityContext + value: + globalKey: globalValue + template: templates/daemonset.yaml + - it: sets pod securityContext from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + podSecurityContext: + topLevelKey: topLevelValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.securityContext + value: + topLevelKey: topLevelValue + template: templates/daemonset.yaml + - it: sets pod securityContext from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + podSecurityContext: + topLevelKey: topLevelValue + global: + podSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.securityContext + value: + topLevelKey: topLevelValue + template: templates/daemonset.yaml + - it: sets pod securityContext from deployment values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + podSecurityContext: + deploymentKey: deploymentValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets pod securityContext from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + podSecurityContext: + daemonsetKey: daemonsetValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + daemonsetKey: daemonsetValue + template: templates/daemonset.yaml + - it: sets pod securityContext from deployment values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + podSecurityContext: + deploymentKey: deploymentValue + podSecurityContext: + topLevelKey: topLevelValue + global: + podSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets pod securityContext from daemonset values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + podSecurityContext: + daemonsetKey: daemonsetValue + podSecurityContext: + topLevelKey: topLevelValue + global: + podSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.securityContext + value: + daemonsetKey: daemonsetValue + template: templates/daemonset.yaml + - it: sets container securityContext set to defaults when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.spec.containers[0].securityContext + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].securityContext + value: + privileged: true + template: templates/daemonset.yaml + - it: sets container securityContext from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + containerSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + globalKey: globalValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].securityContext + value: + privileged: true + template: templates/daemonset.yaml + - it: sets container securityContext from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + containerSecurityContext: + topLevelKey: topLevelValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].securityContext + value: + privileged: true + template: templates/daemonset.yaml + - it: sets container securityContext from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + containerSecurityContext: + topLevelKey: topLevelValue + global: + containerSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + topLevelKey: topLevelValue + template: templates/deployment.yaml + - equal: + path: spec.template.spec.containers[0].securityContext + value: + privileged: true + template: templates/daemonset.yaml + - it: sets container securityContext from deployment values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + containerSecurityContext: + deploymentKey: deploymentValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets container securityContext from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + containerSecurityContext: + daemonsetKey: daemonsetValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + daemonsetKey: daemonsetValue + privileged: true + template: templates/daemonset.yaml + - it: sets container securityContext from deployment values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + containerSecurityContext: + deploymentKey: deploymentValue + containerSecurityContext: + topLevelKey: topLevelValue + global: + containerSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + deploymentKey: deploymentValue + template: templates/deployment.yaml + - it: sets container securityContext from daemonset values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + containerSecurityContext: + daemonsetKey: daemonsetValue + containerSecurityContext: + topLevelKey: topLevelValue + global: + containerSecurityContext: + globalKey: globalValue + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + daemonsetKey: daemonsetValue + privileged: true + template: templates/daemonset.yaml + - it: overrides container securityContext from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + containerSecurityContext: + daemonsetKey: daemonsetValue + privileged: false + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + daemonsetKey: daemonsetValue + privileged: false + template: templates/daemonset.yaml \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/tests/serviceaccount_test.yaml b/charts/nr-k8s-otel-collector/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..c110bf1f2 --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/serviceaccount_test.yaml @@ -0,0 +1,91 @@ +suite: serviceAccount +templates: + - templates/serviceaccount.yaml +release: + licenseKey: test + cluster: test +tests: + - it: by default creates a service account + set: + licenseKey: test + cluster: test + asserts: + - hasDocuments: + count: 1 + + - it: creates a service account if there are no global values + set: + licenseKey: test + cluster: test + global: null + asserts: + - hasDocuments: + count: 1 + + - it: creates a global a service account + set: + licenseKey: test + cluster: test + global: + serviceAccount: + create: true + asserts: + - hasDocuments: + count: 1 + + - it: create a local service account + set: + licenseKey: test + cluster: test + serviceAccount: + create: true + asserts: + - hasDocuments: + count: 1 + + - it: disables a global a service account + set: + licenseKey: test + cluster: test + global: + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 + + - it: disables a local a service account + set: + licenseKey: test + cluster: test + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 + + - it: allows overriding the global enabling of a service account + set: + licenseKey: test + cluster: test + global: + serviceAccount: + create: true + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 + + - it: allows overriding the global disabling of a service account + set: + licenseKey: test + cluster: test + global: + serviceAccount: + create: false + serviceAccount: + create: true + asserts: + - hasDocuments: + count: 1 diff --git a/charts/nr-k8s-otel-collector/tests/tolerations_test.yaml b/charts/nr-k8s-otel-collector/tests/tolerations_test.yaml new file mode 100644 index 000000000..4e7fa291f --- /dev/null +++ b/charts/nr-k8s-otel-collector/tests/tolerations_test.yaml @@ -0,0 +1,182 @@ +suite: tolerations +templates: + - templates/deployment.yaml + - templates/deployment-configmap.yaml + - templates/daemonset.yaml + - templates/daemonset-configmap.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: sets tolerations to default when no values provided + set: + cluster: my-cluster + licenseKey: us-whatever + asserts: + - notExists: + path: spec.template.spec.tolerations + template: templates/deployment.yaml + - notExists: + path: spec.template.spec.tolerations + template: templates/daemonset.yaml + - it: sets tolerations from global by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + global: + tolerations: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/deployment.yaml + - equal: + path: spec.template.spec.tolerations + value: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/daemonset.yaml + - it: sets tolerations from values by common-library + set: + cluster: test-cluster + licenseKey: us-whatever + tolerations: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/deployment.yaml + - equal: + path: spec.template.spec.tolerations + value: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/daemonset.yaml + - it: sets tolerations from values by common-library overriding global values + set: + cluster: test-cluster + licenseKey: us-whatever + tolerations: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + global: + tolerations: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/deployment.yaml + - equal: + path: spec.template.spec.tolerations + value: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/daemonset.yaml + - it: sets tolerations from deployment values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + tolerations: + - key: "deploymentKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "deploymentKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/deployment.yaml + - it: sets tolerations from daemonset values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + tolerations: + - key: "daemonsetKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "daemonsetKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/daemonset.yaml + - it: sets tolerations from deployment values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + deployment: + tolerations: + - key: "deploymentKey" + operator: "Exists" + effect: "NoSchedule" + tolerations: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + global: + tolerations: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "deploymentKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/deployment.yaml + - it: sets tolerations from daemonset values overriding top level and global values + set: + cluster: test-cluster + licenseKey: us-whatever + daemonset: + tolerations: + - key: "daemonsetKey" + operator: "Exists" + effect: "NoSchedule" + tolerations: + - key: "topLevelKey" + operator: "Exists" + effect: "NoSchedule" + global: + tolerations: + - key: "globalKey" + operator: "Exists" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "daemonsetKey" + operator: "Exists" + effect: "NoSchedule" + template: templates/daemonset.yaml \ No newline at end of file diff --git a/charts/nr-k8s-otel-collector/values.yaml b/charts/nr-k8s-otel-collector/values.yaml index 6b072dfda..42c0c4c55 100644 --- a/charts/nr-k8s-otel-collector/values.yaml +++ b/charts/nr-k8s-otel-collector/values.yaml @@ -39,6 +39,11 @@ priorityClassName: "" # -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` dnsConfig: {} +# -- Run the integration with full access to the host filesystem and network. +# Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes. +# @default -- `true` +privileged: true + daemonset: # -- Sets daemonset pod node selector. Overrides `nodeSelector` and `global.nodeSelector` nodeSelector: {} @@ -131,8 +136,3 @@ receivers: # -- (bool) Specifies whether the `filelog` receiver is enabled # @default -- `true` enabled: true - -# -- Run the integration with full access to the host filesystem and network. -# Running in this mode allows reporting fine-grained cpu, memory, process and network metrics for your nodes. -# @default -- `true` -privileged: true