Add --preserve-state flag (#794)

integration/init/grafana-preserve-state/expected/.ship/state.json

@@ -0,0 +1,28 @@
+{
+  "v1": {
+    "config": {},
+    "helmValues": "rbac:\n  create: true\n  pspEnabled: true\nserviceAccount:\n  create: true\n  name: null\nreplicas: 3\ndeploymentStrategy: RollingUpdate\nreadinessProbe:\n  httpGet:\n    path: /api/health\n    port: 3000\nlivenessProbe:\n  httpGet:\n    path: /api/health\n    port: 3000\n  initialDelaySeconds: 60\n  timeoutSeconds: 30\n  failureThreshold: 10\nimage:\n  repository: grafana/grafana\n  tag: test-tag\n  pullPolicy: Always\nsecurityContext:\n  runAsUser: 472\n  fsGroup: 472\ndownloadDashboardsImage:\n  repository: appropriate/curl\n  tag: latest\n  pullPolicy: IfNotPresent\nservice:\n  type: ClusterIP\n  port: 80\n  annotations: {}\n  labels: {}\ningress:\n  enabled: false\n  annotations: {}\n  labels: {}\n  path: /\n  hosts:\n  - chart-example.local\n  tls: []\nresources: {}\nnodeSelector: {}\ntolerations: []\naffinity: {}\npersistence:\n  enabled: false\nadminUser: admin\nenv: {}\nenvFromSecret: \"\"\nextraSecretMounts: []\nplugins: []\ndatasources: {}\ndashboardProviders: {}\ndashboards: {}\ndashboardsConfigMaps: {}\ngrafana.ini:\n  paths:\n    data: /var/lib/grafana/data\n    logs: /var/log/grafana\n    plugins: /var/lib/grafana/plugins\n    provisioning: /etc/grafana/provisioning\n  analytics:\n    check_for_updates: true\n  log:\n    mode: console\n  grafana_net:\n    url: https://grafana.net\nldap:\n  existingSecret: \"\"\n  config: \"\"\nsmtp:\n  existingSecret: \"\"\nsidecar:\n  image: kiwigrid/k8s-sidecar:0.0.6\n  imagePullPolicy: IfNotPresent\n  resources: null\n  dashboards:\n    enabled: false\n    label: grafana_dashboard\n    folder: /tmp/dashboards\n    searchNamespace: null\n  datasources:\n    enabled: false\n    label: grafana_datasource\n    searchNamespace: null\nadminPassword: strongpassword\n",
+    "releaseName": "grafana",
+    "helmValuesDefaults": "rbac:\n  create: true\n  pspEnabled: true\nserviceAccount:\n  create: true\n  name:\n\nreplicas: 1\n\ndeploymentStrategy: RollingUpdate\n\nreadinessProbe:\n  httpGet:\n    path: /api/health\n    port: 3000\n\nlivenessProbe:\n  httpGet:\n    path: /api/health\n    port: 3000\n  initialDelaySeconds: 60\n  timeoutSeconds: 30\n  failureThreshold: 10\n\nimage:\n  repository: grafana/grafana\n  tag: 5.3.4\n  pullPolicy: IfNotPresent\n\n  ## Optionally specify an array of imagePullSecrets.\n  ## Secrets must be manually created in the namespace.\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n  ##\n  # pullSecrets:\n  #   - myRegistrKeySecretName\n\nsecurityContext:\n  runAsUser: 472\n  fsGroup: 472\n\n## Assign a PriorityClassName to pods if set\n# priorityClassName:\n\ndownloadDashboardsImage:\n  repository: appropriate/curl\n  tag: latest\n  pullPolicy: IfNotPresent\n\n## Pod Annotations\n# podAnnotations: {}\n\n## Deployment annotations\n# annotations: {}\n\n## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).\n## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.\n## ref: http://kubernetes.io/docs/user-guide/services/\n##\nservice:\n  type: ClusterIP\n  port: 80\n  annotations: {}\n  labels: {}\n\ningress:\n  enabled: false\n  annotations: {}\n    # kubernetes.io/ingress.class: nginx\n    # kubernetes.io/tls-acme: \"true\"\n  labels: {}\n  path: /\n  hosts:\n    - chart-example.local\n  tls: []\n  #  - secretName: chart-example-tls\n  #    hosts:\n  #      - chart-example.local\n\nresources: {}\n#  limits:\n#    cpu: 100m\n#    memory: 128Mi\n#  requests:\n#    cpu: 100m\n#    memory: 128Mi\n\n## Node labels for pod assignment\n## ref: https://kubernetes.io/docs/user-guide/node-selection/\n#\nnodeSelector: {}\n\n## Tolerations for pod assignment\n## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n##\ntolerations: []\n\n## Affinity for pod assignment\n## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n##\naffinity: {}\n\n## Enable persistence using Persistent Volume Claims\n## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/\n##\npersistence:\n  enabled: false\n  # storageClassName: default\n  # accessModes:\n  #   - ReadWriteOnce\n  # size: 10Gi\n  # annotations: {}\n  # subPath: \"\"\n  # existingClaim:\n\nadminUser: admin\n# adminPassword: strongpassword\n\n## Use an alternate scheduler, e.g. \"stork\".\n## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/\n##\n# schedulerName:\n\n## Extra environment variables that will be pass onto deployment pods\nenv: {}\n\n## The name of a secret in the same kubernetes namespace which contain values to be added to the environment\n## This can be useful for auth tokens, etc\nenvFromSecret: \"\"\n\n## Additional grafana server secret mounts\n# Defines additional mounts with secrets. Secrets must be manually created in the namespace.\nextraSecretMounts: []\n  # - name: secret-files\n  #   mountPath: /etc/secrets\n  #   secretName: grafana-secret-files\n  #   readOnly: true\n\n## Pass the plugins you want installed as a list.\n##\nplugins: []\n  # - digrich-bubblechart-panel\n  # - grafana-clock-panel\n\n## Configure grafana datasources\n## ref: http://docs.grafana.org/administration/provisioning/#datasources\n##\ndatasources: {}\n#  datasources.yaml:\n#    apiVersion: 1\n#    datasources:\n#    - name: Prometheus\n#      type: prometheus\n#      url: http://prometheus-prometheus-server\n#      access: proxy\n#      isDefault: true\n\n## Configure grafana dashboard providers\n## ref: http://docs.grafana.org/administration/provisioning/#dashboards\n##\n## `path` must be /var/lib/grafana/dashboards/\u003cprovider_name\u003e\n##\ndashboardProviders: {}\n#  dashboardproviders.yaml:\n#    apiVersion: 1\n#    providers:\n#    - name: 'default'\n#      orgId: 1\n#      folder: ''\n#      type: file\n#      disableDeletion: false\n#      editable: true\n#      options:\n#        path: /var/lib/grafana/dashboards/default\n\n## Configure grafana dashboard to import\n## NOTE: To use dashboards you must also enable/configure dashboardProviders\n## ref: https://grafana.com/dashboards\n##\n## dashboards per provider, use provider name as key.\n##\ndashboards: {}\n#  default:\n#    some-dashboard:\n#      json: |\n#        $RAW_JSON\n#    prometheus-stats:\n#      gnetId: 2\n#      revision: 2\n#      datasource: Prometheus\n#    local-dashboard:\n#      url: https://example.com/repository/test.json\n\n## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value.\n## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.\n## ConfigMap data example:\n##\n## data:\n##   example-dashboard.json: |\n##     RAW_JSON\n##\ndashboardsConfigMaps: {}\n#  default: \"\"\n\n## Grafana's primary configuration\n## NOTE: values in map will be converted to ini format\n## ref: http://docs.grafana.org/installation/configuration/\n##\ngrafana.ini:\n  paths:\n    data: /var/lib/grafana/data\n    logs: /var/log/grafana\n    plugins: /var/lib/grafana/plugins\n    provisioning: /etc/grafana/provisioning\n  analytics:\n    check_for_updates: true\n  log:\n    mode: console\n  grafana_net:\n    url: https://grafana.net\n## LDAP Authentication can be enabled with the following values on grafana.ini\n## NOTE: Grafana will fail to start if the value for ldap.toml is invalid\n  # auth.ldap:\n  #   enabled: true\n  #   allow_sign_up: true\n  #   config_file: /etc/grafana/ldap.toml\n\n## Grafana's LDAP configuration\n## Templated by the template in _helpers.tpl\n## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled\n## ref: http://docs.grafana.org/installation/configuration/#auth-ldap\n## ref: http://docs.grafana.org/installation/ldap/#configuration\nldap:\n  # `existingSecret` is a reference to an existing secret containing the ldap configuration\n  # for Grafana in a key `ldap-toml`.\n  existingSecret: \"\"\n  # `config` is the content of `ldap.toml` that will be stored in the created secret\n  config: \"\"\n  # config: |-\n  #   verbose_logging = true\n\n  #   [[servers]]\n  #   host = \"my-ldap-server\"\n  #   port = 636\n  #   use_ssl = true\n  #   start_tls = false\n  #   ssl_skip_verify = false\n  #   bind_dn = \"uid=%s,ou=users,dc=myorg,dc=com\"\n\n## Grafana's SMTP configuration\n## NOTE: To enable, grafana.ini must be configured with smtp.enabled\n## ref: http://docs.grafana.org/installation/configuration/#smtp\nsmtp:\n  # `existingSecret` is a reference to an existing secret containing the smtp configuration\n  # for Grafana in keys `user` and `password`.\n  existingSecret: \"\"\n\n## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders\n## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards\nsidecar:\n  image: kiwigrid/k8s-sidecar:0.0.6\n  imagePullPolicy: IfNotPresent\n  resources:\n#   limits:\n#     cpu: 100m\n#     memory: 100Mi\n#   requests:\n#     cpu: 50m\n#     memory: 50Mi\n  dashboards:\n    enabled: false\n    # label that the configmaps with dashboards are marked with\n    label: grafana_dashboard\n    # folder in the pod that should hold the collected dashboards\n    folder: /tmp/dashboards\n    # If specified, the sidecar will search for dashboard config-maps inside this namespace.\n    # Otherwise the namespace in which the sidecar is running will be used.\n    # It's also possible to specify ALL to search in all namespaces\n    searchNamespace: null\n  datasources:\n    enabled: false\n    # label that the configmaps with datasources are marked with\n    label: grafana_datasource\n    # If specified, the sidecar will search for datasource config-maps inside this namespace.\n    # Otherwise the namespace in which the sidecar is running will be used.\n    # It's also possible to specify ALL to search in all namespaces\n    searchNamespace: null\n",
+    "kustomize": {
+      "overlays": {
+        "ship": {
+          "patches": {
+            "/podsecuritypolicy.yaml": "apiVersion: extensions/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n  annotations:\n    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\n    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default\n    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default\n  labels:\n    app: grafana\n    release: grafana\n  name: grafana\nspec:\n  hostNetwork: true\n",
+            "/secret.yaml": "apiVersion: v1\ndata:\n  admin-password: applesandoranges\n  admin-user: notadmin\nkind: Secret\nmetadata:\n  labels:\n    app: grafana\n    release: grafana\n  name: grafana\n",
+            "/service.yaml": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app: grafana\n    release: grafana\n  name: grafana\nspec:\n  $setElementOrder/ports:\n  - port: 80\n  ports:\n  - port: 80\n    targetPort: 4444\n"
+          }
+        }
+      }
+    },
+    "upstream": "https://github.com/helm/charts/tree/353ba5ef6467fd64035b7d5446df426f86d60153/stable/grafana",
+    "metadata": {
+      "applicationType": "helm",
+      "icon": "https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png",
+      "name": "grafana",
+      "releaseNotes": "[stable/grafana] Add variable to optionally set priorityClassName (#9427)\n\n* Add variable to optionally set priorityClassName\n\nSigned-off-by: Chris O'Brien \u003cchrisob91@gmail.com\u003e\n\n* Bump minor version instead of patch version\n\nSigned-off-by: Chris O'Brien \u003cchrisob91@gmail.com\u003e",
+      "version": "1.19.0"
+    },
+    "contentSHA": "57d1bff21dcfaba3e91bbea9de1e8d1017293b89ae9a8eaedf852b5113fd2d89"
+  }
+}

integration/init/grafana-preserve-state/expected/base/clusterrole.yaml

@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana-clusterrole
+rules: []

integration/init/grafana-preserve-state/expected/base/clusterrolebinding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: grafana-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: grafana
+  namespace: default

integration/init/grafana-preserve-state/expected/base/configmap.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+data:
+  grafana.ini: |
+    [analytics]
+    check_for_updates = true
+    [grafana_net]
+    url = https://grafana.net
+    [log]
+    mode = console
+    [paths]
+    data = /var/lib/grafana/data
+    logs = /var/log/grafana
+    plugins = /var/lib/grafana/plugins
+    provisioning = /etc/grafana/provisioning
+kind: ConfigMap
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana

integration/init/grafana-preserve-state/expected/base/deployment.yaml

@@ -0,0 +1,81 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: grafana
+      release: grafana
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: grafana
+        release: grafana
+    spec:
+      containers:
+      - env:
+        - name: GF_SECURITY_ADMIN_USER
+          valueFrom:
+            secretKeyRef:
+              key: admin-user
+              name: grafana
+        - name: GF_SECURITY_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: admin-password
+              name: grafana
+        image: grafana/grafana:test-tag
+        imagePullPolicy: Always
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /api/health
+            port: 3000
+          initialDelaySeconds: 60
+          timeoutSeconds: 30
+        name: grafana
+        ports:
+        - containerPort: 80
+          name: service
+          protocol: TCP
+        - containerPort: 3000
+          name: grafana
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /api/health
+            port: 3000
+        resources: {}
+        volumeMounts:
+        - mountPath: /etc/grafana/grafana.ini
+          name: config
+          subPath: grafana.ini
+        - mountPath: /etc/grafana/ldap.toml
+          name: ldap
+          subPath: ldap.toml
+        - mountPath: /var/lib/grafana
+          name: storage
+          subPath: null
+      securityContext:
+        fsGroup: 472
+        runAsUser: 472
+      serviceAccountName: grafana
+      volumes:
+      - configMap:
+          name: grafana
+        name: config
+      - name: ldap
+        secret:
+          items:
+          - key: ldap-toml
+            path: ldap.toml
+          secretName: grafana
+      - emptyDir: {}
+        name: storage

integration/init/grafana-preserve-state/expected/base/kustomization.yaml

@@ -0,0 +1,13 @@
+kind: ""
+apiversion: ""
+resources:
+- clusterrole.yaml
+- clusterrolebinding.yaml
+- configmap.yaml
+- deployment.yaml
+- podsecuritypolicy.yaml
+- role.yaml
+- rolebinding.yaml
+- secret.yaml
+- service.yaml
+- serviceaccount.yaml

integration/init/grafana-preserve-state/expected/base/podsecuritypolicy.yaml

@@ -0,0 +1,36 @@
+apiVersion: extensions/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
+    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: false
+  hostNetwork: false
+  hostPID: false
+  privileged: false
+  readOnlyRootFilesystem: false
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim

integration/init/grafana-preserve-state/expected/base/role.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+rules:
+- apiGroups:
+  - extensions
+  resourceNames:
+  - grafana
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use

integration/init/grafana-preserve-state/expected/base/rolebinding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: grafana
+subjects:
+- kind: ServiceAccount
+  name: grafana

integration/init/grafana-preserve-state/expected/base/secret.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+data:
+  admin-password: c3Ryb25ncGFzc3dvcmQ=
+  admin-user: YWRtaW4=
+  ldap-toml: ""
+kind: Secret
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+type: Opaque

integration/init/grafana-preserve-state/expected/base/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+spec:
+  ports:
+  - name: service
+    port: 80
+    protocol: TCP
+    targetPort: 3000
+  selector:
+    app: grafana
+    release: grafana
+  type: ClusterIP

integration/init/grafana-preserve-state/expected/base/serviceaccount.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana

integration/init/grafana-preserve-state/expected/overlays/ship/kustomization.yaml

@@ -0,0 +1,8 @@
+kind: ""
+apiversion: ""
+bases:
+- ../../base
+patchesStrategicMerge:
+- podsecuritypolicy.yaml
+- secret.yaml
+- service.yaml

integration/init/grafana-preserve-state/expected/overlays/ship/podsecuritypolicy.yaml

@@ -0,0 +1,14 @@
+apiVersion: extensions/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
+    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+spec:
+  hostNetwork: true

integration/init/grafana-preserve-state/expected/overlays/ship/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  admin-password: applesandoranges
+  admin-user: notadmin
+kind: Secret
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana

integration/init/grafana-preserve-state/expected/overlays/ship/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: grafana
+    release: grafana
+  name: grafana
+spec:
+  $setElementOrder/ports:
+  - port: 80
+  ports:
+  - port: 80
+    targetPort: 4444