From e1ff2b59825be2de0ec487a08adcc1f7a1428fa4 Mon Sep 17 00:00:00 2001 From: Marc Campbell Date: Tue, 4 Dec 2018 13:11:42 -0800 Subject: [PATCH] Add integration test for deployment labels --- integration/update/integration_test.go | 5 +- .../expected/.ship/state.json | 26 ++ .../expected/base/config.yaml | 136 +++++++ .../expected/base/home-pvc.yaml | 15 + .../expected/base/jenkins-agent-svc.yaml | 16 + .../base/jenkins-master-deployment.yaml | 123 +++++++ .../expected/base/jenkins-master-svc.yaml | 20 ++ .../expected/base/jenkins-test.yaml | 39 ++ .../expected/base/kustomization.yaml | 10 + .../expected/base/secret.yaml | 13 + .../expected/base/test-config.yaml | 9 + .../expected/overlays/ship/kustomization.yaml | 4 + .../expected/rendered.yaml | 338 ++++++++++++++++++ .../input/.ship/state.json | 26 ++ .../jenkins-deployment-labels/metadata.yaml | 5 + 15 files changed, 783 insertions(+), 2 deletions(-) create mode 100644 integration/update/jenkins-deployment-labels/expected/.ship/state.json create mode 100644 integration/update/jenkins-deployment-labels/expected/base/config.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/home-pvc.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/jenkins-agent-svc.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/jenkins-master-deployment.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/jenkins-master-svc.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/jenkins-test.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/kustomization.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/secret.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/base/test-config.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/overlays/ship/kustomization.yaml create mode 100644 integration/update/jenkins-deployment-labels/expected/rendered.yaml create mode 100644 integration/update/jenkins-deployment-labels/input/.ship/state.json create mode 100644 integration/update/jenkins-deployment-labels/metadata.yaml diff --git a/integration/update/integration_test.go b/integration/update/integration_test.go index d854e1eb0..db0971e6c 100644 --- a/integration/update/integration_test.go +++ b/integration/update/integration_test.go @@ -23,7 +23,8 @@ type TestMetadata struct { Skip bool `yaml:"skip"` // debugging - SkipCleanup bool `yaml:"skip_cleanup"` + SkipCleanup bool `yaml:"skip_cleanup"` + IgnoredFiles []string `yaml:"ignoredFiles"` } func TestShipUpdate(t *testing.T) { @@ -115,7 +116,7 @@ var _ = Describe("ship update", func() { // compare the files in the temporary directory with those in the "expected" directory // TODO: text based comparison of state files is brittle because helm values are being merged. // they should really be compared using the versioned state object - result, err := integration.CompareDir(path.Join(testPath, "expected"), testOutputPath, map[string]string{}, []string{}, []map[string][]string{}) + result, err := integration.CompareDir(path.Join(testPath, "expected"), testOutputPath, map[string]string{}, testMetadata.IgnoredFiles, []map[string][]string{}) Expect(err).NotTo(HaveOccurred()) Expect(result).To(BeTrue()) }, 60) diff --git a/integration/update/jenkins-deployment-labels/expected/.ship/state.json b/integration/update/jenkins-deployment-labels/expected/.ship/state.json new file mode 100644 index 000000000..6b1e8c9d9 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/.ship/state.json @@ -0,0 +1,26 @@ +{ + "v1": { + "config": {}, + "helmValues": "Master:\n Name: jenkins-master\n Image: jenkins/jenkins\n ImageTag: lts\n ImagePullPolicy: Always\n Component: jenkins-master\n UseSecurity: true\n HostNetworking: false\n AdminUser: admin\n resources:\n requests:\n cpu: 50m\n memory: 256Mi\n limits:\n cpu: 2000m\n memory: 2048Mi\n UsePodSecurityContext: true\n ServicePort: 8080\n ServiceType: LoadBalancer\n ServiceAnnotations: {}\n HealthProbes: true\n HealthProbesLivenessTimeout: 90\n HealthProbesReadinessTimeout: 60\n HealthProbeLivenessFailureThreshold: 12\n SlaveListenerPort: 50000\n DisabledAgentProtocols:\n - JNLP-connect\n - JNLP2-connect\n CSRF:\n DefaultCrumbIssuer:\n Enabled: true\n ProxyCompatability: true\n CLI: false\n SlaveListenerServiceType: ClusterIP\n SlaveListenerServiceAnnotations: {}\n LoadBalancerSourceRanges:\n - 0.0.0.0/0\n ExtraPorts: null\n InstallPlugins:\n - kubernetes:1.12.4\n - workflow-job:2.24\n - workflow-aggregator:2.5\n - credentials-binding:1.16\n - git:3.9.1\n InitScripts: null\n CustomConfigMap: {}\n OverwriteConfig: false\n NodeSelector: {}\n Tolerations: {}\n PodAnnotations: {}\n Ingress:\n ApiVersion: extensions/v1beta1\n Annotations: {}\n TLS: null\n AdminPassword: secret\nAgent:\n Enabled: true\n Image: jenkins/jnlp-slave\n ImageTag: 3.10-1\n CustomJenkinsLabels: []\n Component: jenkins-slave\n Privileged: false\n resources:\n requests:\n cpu: 200m\n memory: 256Mi\n limits:\n cpu: 200m\n memory: 256Mi\n AlwaysPullImage: false\n PodRetention: Never\n volumes: null\n NodeSelector: {}\nPersistence:\n Enabled: true\n Annotations: {}\n AccessMode: ReadWriteOnce\n Size: 8Gi\n volumes: null\n mounts: null\nNetworkPolicy:\n Enabled: false\n ApiVersion: extensions/v1beta1\nrbac:\n install: false\n serviceAccountName: default\n roleRef: cluster-admin\n roleBindingKind: ClusterRoleBinding\n", + "releaseName": "jenkins", + "helmValuesDefaults": "# Default values for jenkins.\n# This is a YAML-formatted file.\n# Declare name/value pairs to be passed into your templates.\n# name: value\n\n## Overrides for generated resource names\n# See templates/_helpers.tpl\n# nameOverride:\n# fullnameOverride:\n\nMaster:\n Name: jenkins-master\n Image: \"jenkins/jenkins\"\n ImageTag: \"lts\"\n ImagePullPolicy: \"Always\"\n# ImagePullSecret: jenkins\n Component: \"jenkins-master\"\n UseSecurity: true\n HostNetworking: false\n AdminUser: admin\n # AdminPassword: \u003cdefaults to random\u003e\n resources:\n requests:\n cpu: \"50m\"\n memory: \"256Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n # Environment variables that get added to the init container (useful for e.g. http_proxy)\n # InitContainerEnv:\n # - name: http_proxy\n # value: \"http://192.168.64.1:3128\"\n # ContainerEnv:\n # - name: http_proxy\n # value: \"http://192.168.64.1:3128\"\n # Set min/max heap here if needed with:\n # JavaOpts: \"-Xms512m -Xmx512m\"\n # JenkinsOpts: \"\"\n # JenkinsUriPrefix: \"/jenkins\"\n # Enable pod security context (must be `true` if RunAsUser or FsGroup are set)\n UsePodSecurityContext: true\n # Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image.\n # When setting RunAsUser to a different value than 0 also set FsGroup to the same value:\n # RunAsUser: \u003cdefaults to 0\u003e\n # FsGroup: \u003cwill be omitted in deployment if RunAsUser is 0\u003e\n ServicePort: 8080\n # For minikube, set this to NodePort, elsewhere use LoadBalancer\n # Use ClusterIP if your setup includes ingress controller\n ServiceType: LoadBalancer\n # Master Service annotations\n ServiceAnnotations: {}\n # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https\n # Used to create Ingress record (should used with ServiceType: ClusterIP)\n # HostName: jenkins.cluster.local\n # NodePort: \u003cto set explicitly, choose port between 30000-32767\n # Enable Kubernetes Liveness and Readiness Probes\n # ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.\n HealthProbes: true\n HealthProbesLivenessTimeout: 90\n HealthProbesReadinessTimeout: 60\n HealthProbeLivenessFailureThreshold: 12\n SlaveListenerPort: 50000\n DisabledAgentProtocols:\n - JNLP-connect\n - JNLP2-connect\n CSRF:\n DefaultCrumbIssuer:\n Enabled: true\n ProxyCompatability: true\n CLI: false\n # Kubernetes service type for the JNLP slave service\n # SETTING THIS TO \"LoadBalancer\" IS A HUGE SECURITY RISK: https://github.com/kubernetes/charts/issues/1341\n SlaveListenerServiceType: ClusterIP\n SlaveListenerServiceAnnotations: {}\n LoadBalancerSourceRanges:\n - 0.0.0.0/0\n # Optionally assign a known public LB IP\n # LoadBalancerIP: 1.2.3.4\n # Optionally configure a JMX port\n # requires additional JavaOpts, ie\n # JavaOpts: \u003e\n # -Dcom.sun.management.jmxremote.port=4000\n # -Dcom.sun.management.jmxremote.authenticate=false\n # -Dcom.sun.management.jmxremote.ssl=false\n # JMXPort: 4000\n # Optionally configure other ports to expose in the Master container\n ExtraPorts:\n # - name: BuildInfoProxy\n # port: 9000\n # List of plugins to be install during Jenkins master start\n InstallPlugins:\n - kubernetes:1.12.4\n - workflow-job:2.24\n - workflow-aggregator:2.5\n - credentials-binding:1.16\n - git:3.9.1\n # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval\n # ScriptApproval:\n # - \"method groovy.json.JsonSlurperClassic parseText java.lang.String\"\n # - \"new groovy.json.JsonSlurperClassic\"\n # List of groovy init scripts to be executed during Jenkins master start\n InitScripts:\n # - |\n # print 'adding global pipeline libraries, register properties, bootstrap jobs...'\n # Kubernetes secret that contains a 'credentials.xml' for Jenkins\n # CredentialsXmlSecret: jenkins-credentials\n # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,\n # useful to manage encryption keys used for credentials.xml for instance (such as\n # master.key and hudson.util.Secret)\n # SecretsFilesSecret: jenkins-secrets\n # Jenkins XML job configs to provision\n # Jobs: |-\n # test: |-\n # \u003c\u003cxml here\u003e\u003e\n CustomConfigMap: false\n # By default, the configMap is only used to set the initial config the first time\n # that the chart is installed. Setting `OverwriteConfig` to `true` will overwrite\n # the jenkins config with the contents of the configMap every time the pod starts.\n OverwriteConfig: false\n # Node labels and tolerations for pod assignment\n # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature\n NodeSelector: {}\n Tolerations: {}\n PodAnnotations: {}\n\n Ingress:\n ApiVersion: extensions/v1beta1\n Annotations: {}\n # kubernetes.io/ingress.class: nginx\n # kubernetes.io/tls-acme: \"true\"\n\n TLS:\n # - secretName: jenkins.cluster.local\n # hosts:\n # - jenkins.cluster.local\n\nAgent:\n Enabled: true\n Image: jenkins/jnlp-slave\n ImageTag: 3.10-1\n CustomJenkinsLabels: []\n# ImagePullSecret: jenkins\n Component: \"jenkins-slave\"\n Privileged: false\n resources:\n requests:\n cpu: \"200m\"\n memory: \"256Mi\"\n limits:\n cpu: \"200m\"\n memory: \"256Mi\"\n # You may want to change this to true while testing a new image\n AlwaysPullImage: false\n # Controls how slave pods are retained after the Jenkins build completes\n # Possible values: Always, Never, OnFailure\n PodRetention: Never\n # You can define the volumes that you want to mount for this container\n # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret\n # Configure the attributes as they appear in the corresponding Java class for that type\n # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes\n volumes:\n # - type: Secret\n # secretName: mysecret\n # mountPath: /var/myapp/mysecret\n NodeSelector: {}\n # Key Value selectors. Ex:\n # jenkins-agent: v1\n\nPersistence:\n Enabled: true\n ## A manually managed Persistent Volume and Claim\n ## Requires Persistence.Enabled: true\n ## If defined, PVC must be created manually before volume will be bound\n # ExistingClaim:\n\n ## jenkins data Persistent Volume Storage Class\n ## If defined, storageClassName: \u003cstorageClass\u003e\n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS \u0026 OpenStack)\n ##\n # StorageClass: \"-\"\n\n Annotations: {}\n AccessMode: ReadWriteOnce\n Size: 8Gi\n volumes:\n # - name: nothing\n # emptyDir: {}\n mounts:\n # - mountPath: /var/nothing\n # name: nothing\n # readOnly: true\n\nNetworkPolicy:\n # Enable creation of NetworkPolicy resources.\n Enabled: false\n # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'\n # For Kubernetes v1.7, use 'networking.k8s.io/v1'\n ApiVersion: extensions/v1beta1\n\n## Install Default RBAC roles and bindings\nrbac:\n install: false\n serviceAccountName: default\n # Role reference\n roleRef: cluster-admin\n # Role kind (RoleBinding or ClusterRoleBinding)\n roleBindingKind: ClusterRoleBinding\n", + "kustomize": { + "overlays": { + "ship": { + "excludedBases": [ + "/jenkins-test.yaml" + ] + } + } + }, + "upstream": "github.com/helm/charts/tree/78858a2fb07aebe082efb11b8991b60e7fdd5d60/stable/jenkins", + "metadata": { + "applicationType": "helm", + "icon": "https://wiki.jenkins-ci.org/download/attachments/2916393/logo.png", + "name": "jenkins", + "releaseNotes": "Added ExtraPorts to open in the master pod (#7759)\n\n* Added ExtraPorts to open in the master pod\n\nSigned-off-by: ecejjar \u003cjesus.javier.arauz@ericsson.com\u003e\n\n* [stable/jenkins] Bumped up chart version\n\nSigned-off-by: ecejjar \u003cjesus.javier.arauz@ericsson.com\u003e", + "version": "0.20.1" + }, + "contentSHA": "c25b3cd58e801f1a642961c860c4162da2c171fa8a8cd33d32012c36631535e9" + } +} \ No newline at end of file diff --git a/integration/update/jenkins-deployment-labels/expected/base/config.yaml b/integration/update/jenkins-deployment-labels/expected/base/config.yaml new file mode 100644 index 000000000..8b4f76b06 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/config.yaml @@ -0,0 +1,136 @@ +apiVersion: v1 +data: + apply_config.sh: |- + mkdir -p /usr/share/jenkins/ref/secrets/; + echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch; + cp --no-clobber /var/jenkins_config/config.xml /var/jenkins_home; + cp --no-clobber /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; + cp --no-clobber /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; + # Install missing plugins + cp /var/jenkins_config/plugins.txt /var/jenkins_home; + rm -rf /usr/share/jenkins/ref/plugins/*.lock + /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`; + # Copy plugins to shared volume + cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins; + config.xml: |- + + + + lts + 0 + NORMAL + true + + true + + + false + + ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} + ${ITEM_ROOTDIR}/builds + + + + + + + kubernetes + + + + default + 2147483647 + 0 + + + NORMAL + + + + + jnlp + jenkins/jnlp-slave:3.10-1 + false + false + /home/jenkins + + ${computer.jnlpmac} ${computer.name} + false + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + 200m + 256Mi + 200m + 256Mi + + + JENKINS_URL + http://jenkins:8080 + + + + + + + + + + + https://kubernetes.default + false + default + http://jenkins:8080 + jenkins-agent:50000 + 10 + 5 + 0 + 0 + + + + 5 + 0 + + + + All + false + false + + + + All + 50000 + + JNLP-connect + JNLP2-connect + + + + true + + + + true + + jenkins.CLI.xml: |- + + + false + + jenkins.model.JenkinsLocationConfiguration.xml: |- + + + + http://jenkins:8080 + + plugins.txt: |- + kubernetes:1.12.4 + workflow-job:2.24 + workflow-aggregator:2.5 + credentials-binding:1.16 + git:3.9.1 +kind: ConfigMap +metadata: + name: jenkins diff --git a/integration/update/jenkins-deployment-labels/expected/base/home-pvc.yaml b/integration/update/jenkins-deployment-labels/expected/base/home-pvc.yaml new file mode 100644 index 000000000..188859dfb --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/home-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + heritage: Tiller + release: jenkins + name: jenkins +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/integration/update/jenkins-deployment-labels/expected/base/jenkins-agent-svc.yaml b/integration/update/jenkins-deployment-labels/expected/base/jenkins-agent-svc.yaml new file mode 100644 index 000000000..4909fee91 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/jenkins-agent-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + name: jenkins-agent +spec: + ports: + - name: slavelistener + port: 50000 + targetPort: 50000 + selector: + component: jenkins-jenkins-master + type: ClusterIP diff --git a/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-deployment.yaml b/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-deployment.yaml new file mode 100644 index 000000000..74e698819 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-deployment.yaml @@ -0,0 +1,123 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + component: jenkins-jenkins-master + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: 1bfd2c8a4cc2fc9a42e0f171f338f8cbb9a0d68c221cf6759c9afaecadec26ac + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + spec: + containers: + - args: + - --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD) + - --argumentsRealm.roles.$(ADMIN_USER)=admin + env: + - name: JAVA_TOOL_OPTIONS + value: "" + - name: JENKINS_OPTS + value: "" + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: jenkins-admin-password + name: jenkins + - name: ADMIN_USER + valueFrom: + secretKeyRef: + key: jenkins-admin-user + name: jenkins + image: jenkins/jenkins:lts + imagePullPolicy: Always + livenessProbe: + failureThreshold: 12 + httpGet: + path: /login + port: http + initialDelaySeconds: 90 + timeoutSeconds: 5 + name: jenkins + ports: + - containerPort: 8080 + name: http + - containerPort: 50000 + name: slavelistener + readinessProbe: + httpGet: + path: /login + port: http + initialDelaySeconds: 60 + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + readOnly: false + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + readOnly: false + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + readOnly: false + initContainers: + - command: + - sh + - /var/jenkins_config/apply_config.sh + image: jenkins/jenkins:lts + imagePullPolicy: Always + name: copy-default-config + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + - mountPath: /var/jenkins_plugins + name: plugin-dir + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + securityContext: + runAsUser: 0 + serviceAccountName: default + volumes: + - configMap: + name: jenkins + name: jenkins-config + - emptyDir: {} + name: plugin-dir + - emptyDir: {} + name: secrets-dir + - name: jenkins-home + persistentVolumeClaim: + claimName: jenkins diff --git a/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-svc.yaml b/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-svc.yaml new file mode 100644 index 000000000..469d63504 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/jenkins-master-svc.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + name: jenkins +spec: + loadBalancerSourceRanges: + - 0.0.0.0/0 + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + component: jenkins-jenkins-master + type: LoadBalancer diff --git a/integration/update/jenkins-deployment-labels/expected/base/jenkins-test.yaml b/integration/update/jenkins-deployment-labels/expected/base/jenkins-test.yaml new file mode 100644 index 000000000..52c9cc710 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/jenkins-test.yaml @@ -0,0 +1,39 @@ +--- +# Source: jenkins/templates/jenkins-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "jenkins-ui-test-fdrk2" + annotations: + "helm.sh/hook": test-success +spec: + initContainers: + - name: "test-framework" + image: "dduportal/bats:0.4.0" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: jenkins-ui-test + image: jenkins/jenkins:lts + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + volumes: + - name: tests + configMap: + name: jenkins-tests + - name: tools + emptyDir: {} + restartPolicy: Never diff --git a/integration/update/jenkins-deployment-labels/expected/base/kustomization.yaml b/integration/update/jenkins-deployment-labels/expected/base/kustomization.yaml new file mode 100644 index 000000000..2607eb9ba --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/kustomization.yaml @@ -0,0 +1,10 @@ +kind: "" +apiversion: "" +resources: +- config.yaml +- home-pvc.yaml +- jenkins-agent-svc.yaml +- jenkins-master-deployment.yaml +- jenkins-master-svc.yaml +- secret.yaml +- test-config.yaml diff --git a/integration/update/jenkins-deployment-labels/expected/base/secret.yaml b/integration/update/jenkins-deployment-labels/expected/base/secret.yaml new file mode 100644 index 000000000..72328da8c --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + jenkins-admin-password: c2VjcmV0 + jenkins-admin-user: YWRtaW4= +kind: Secret +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + heritage: Tiller + release: jenkins + name: jenkins +type: Opaque diff --git a/integration/update/jenkins-deployment-labels/expected/base/test-config.yaml b/integration/update/jenkins-deployment-labels/expected/base/test-config.yaml new file mode 100644 index 000000000..1959a4fe7 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/base/test-config.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + run.sh: |- + @test "Testing Jenkins UI is accessible" { + curl --retry 48 --retry-delay 10 jenkins:8080/login + } +kind: ConfigMap +metadata: + name: jenkins-tests diff --git a/integration/update/jenkins-deployment-labels/expected/overlays/ship/kustomization.yaml b/integration/update/jenkins-deployment-labels/expected/overlays/ship/kustomization.yaml new file mode 100644 index 000000000..c80bb2245 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/overlays/ship/kustomization.yaml @@ -0,0 +1,4 @@ +kind: "" +apiversion: "" +bases: +- ../../base diff --git a/integration/update/jenkins-deployment-labels/expected/rendered.yaml b/integration/update/jenkins-deployment-labels/expected/rendered.yaml new file mode 100644 index 000000000..2e70829b0 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/expected/rendered.yaml @@ -0,0 +1,338 @@ +apiVersion: v1 +data: + run.sh: |- + @test "Testing Jenkins UI is accessible" { + curl --retry 48 --retry-delay 10 jenkins:8080/login + } +kind: ConfigMap +metadata: + name: jenkins-tests +--- +apiVersion: v1 +data: + apply_config.sh: |- + mkdir -p /usr/share/jenkins/ref/secrets/; + echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch; + cp --no-clobber /var/jenkins_config/config.xml /var/jenkins_home; + cp --no-clobber /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; + cp --no-clobber /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; + # Install missing plugins + cp /var/jenkins_config/plugins.txt /var/jenkins_home; + rm -rf /usr/share/jenkins/ref/plugins/*.lock + /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`; + # Copy plugins to shared volume + cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins; + config.xml: |- + + + + lts + 0 + NORMAL + true + + true + + + false + + ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} + ${ITEM_ROOTDIR}/builds + + + + + + + kubernetes + + + + default + 2147483647 + 0 + + + NORMAL + + + + + jnlp + jenkins/jnlp-slave:3.10-1 + false + false + /home/jenkins + + ${computer.jnlpmac} ${computer.name} + false + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + 200m + 256Mi + 200m + 256Mi + + + JENKINS_URL + http://jenkins:8080 + + + + + + + + + + + https://kubernetes.default + false + default + http://jenkins:8080 + jenkins-agent:50000 + 10 + 5 + 0 + 0 + + + + 5 + 0 + + + + All + false + false + + + + All + 50000 + + JNLP-connect + JNLP2-connect + + + + true + + + + true + + jenkins.CLI.xml: |- + + + false + + jenkins.model.JenkinsLocationConfiguration.xml: |- + + + + http://jenkins:8080 + + plugins.txt: |- + kubernetes:1.12.4 + workflow-job:2.24 + workflow-aggregator:2.5 + credentials-binding:1.16 + git:3.9.1 +kind: ConfigMap +metadata: + name: jenkins +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + heritage: Tiller + release: jenkins + name: jenkins +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: v1 +data: + jenkins-admin-password: c2VjcmV0 + jenkins-admin-user: YWRtaW4= +kind: Secret +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + heritage: Tiller + release: jenkins + name: jenkins +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + name: jenkins-agent +spec: + ports: + - name: slavelistener + port: 50000 + targetPort: 50000 + selector: + component: jenkins-jenkins-master + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + name: jenkins +spec: + loadBalancerSourceRanges: + - 0.0.0.0/0 + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + component: jenkins-jenkins-master + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + component: jenkins-jenkins-master + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: 1bfd2c8a4cc2fc9a42e0f171f338f8cbb9a0d68c221cf6759c9afaecadec26ac + labels: + app: jenkins + chart: jenkins-0.20.1 + component: jenkins-jenkins-master + heritage: Tiller + release: jenkins + spec: + containers: + - args: + - --argumentsRealm.passwd.$(ADMIN_USER)=$(ADMIN_PASSWORD) + - --argumentsRealm.roles.$(ADMIN_USER)=admin + env: + - name: JAVA_TOOL_OPTIONS + value: "" + - name: JENKINS_OPTS + value: "" + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: jenkins-admin-password + name: jenkins + - name: ADMIN_USER + valueFrom: + secretKeyRef: + key: jenkins-admin-user + name: jenkins + image: jenkins/jenkins:lts + imagePullPolicy: Always + livenessProbe: + failureThreshold: 12 + httpGet: + path: /login + port: http + initialDelaySeconds: 90 + timeoutSeconds: 5 + name: jenkins + ports: + - containerPort: 8080 + name: http + - containerPort: 50000 + name: slavelistener + readinessProbe: + httpGet: + path: /login + port: http + initialDelaySeconds: 60 + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + readOnly: false + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + readOnly: false + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + readOnly: false + initContainers: + - command: + - sh + - /var/jenkins_config/apply_config.sh + image: jenkins/jenkins:lts + imagePullPolicy: Always + name: copy-default-config + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + - mountPath: /var/jenkins_plugins + name: plugin-dir + - mountPath: /usr/share/jenkins/ref/secrets/ + name: secrets-dir + securityContext: + runAsUser: 0 + serviceAccountName: default + volumes: + - configMap: + name: jenkins + name: jenkins-config + - emptyDir: {} + name: plugin-dir + - emptyDir: {} + name: secrets-dir + - name: jenkins-home + persistentVolumeClaim: + claimName: jenkins diff --git a/integration/update/jenkins-deployment-labels/input/.ship/state.json b/integration/update/jenkins-deployment-labels/input/.ship/state.json new file mode 100644 index 000000000..6b1e8c9d9 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/input/.ship/state.json @@ -0,0 +1,26 @@ +{ + "v1": { + "config": {}, + "helmValues": "Master:\n Name: jenkins-master\n Image: jenkins/jenkins\n ImageTag: lts\n ImagePullPolicy: Always\n Component: jenkins-master\n UseSecurity: true\n HostNetworking: false\n AdminUser: admin\n resources:\n requests:\n cpu: 50m\n memory: 256Mi\n limits:\n cpu: 2000m\n memory: 2048Mi\n UsePodSecurityContext: true\n ServicePort: 8080\n ServiceType: LoadBalancer\n ServiceAnnotations: {}\n HealthProbes: true\n HealthProbesLivenessTimeout: 90\n HealthProbesReadinessTimeout: 60\n HealthProbeLivenessFailureThreshold: 12\n SlaveListenerPort: 50000\n DisabledAgentProtocols:\n - JNLP-connect\n - JNLP2-connect\n CSRF:\n DefaultCrumbIssuer:\n Enabled: true\n ProxyCompatability: true\n CLI: false\n SlaveListenerServiceType: ClusterIP\n SlaveListenerServiceAnnotations: {}\n LoadBalancerSourceRanges:\n - 0.0.0.0/0\n ExtraPorts: null\n InstallPlugins:\n - kubernetes:1.12.4\n - workflow-job:2.24\n - workflow-aggregator:2.5\n - credentials-binding:1.16\n - git:3.9.1\n InitScripts: null\n CustomConfigMap: {}\n OverwriteConfig: false\n NodeSelector: {}\n Tolerations: {}\n PodAnnotations: {}\n Ingress:\n ApiVersion: extensions/v1beta1\n Annotations: {}\n TLS: null\n AdminPassword: secret\nAgent:\n Enabled: true\n Image: jenkins/jnlp-slave\n ImageTag: 3.10-1\n CustomJenkinsLabels: []\n Component: jenkins-slave\n Privileged: false\n resources:\n requests:\n cpu: 200m\n memory: 256Mi\n limits:\n cpu: 200m\n memory: 256Mi\n AlwaysPullImage: false\n PodRetention: Never\n volumes: null\n NodeSelector: {}\nPersistence:\n Enabled: true\n Annotations: {}\n AccessMode: ReadWriteOnce\n Size: 8Gi\n volumes: null\n mounts: null\nNetworkPolicy:\n Enabled: false\n ApiVersion: extensions/v1beta1\nrbac:\n install: false\n serviceAccountName: default\n roleRef: cluster-admin\n roleBindingKind: ClusterRoleBinding\n", + "releaseName": "jenkins", + "helmValuesDefaults": "# Default values for jenkins.\n# This is a YAML-formatted file.\n# Declare name/value pairs to be passed into your templates.\n# name: value\n\n## Overrides for generated resource names\n# See templates/_helpers.tpl\n# nameOverride:\n# fullnameOverride:\n\nMaster:\n Name: jenkins-master\n Image: \"jenkins/jenkins\"\n ImageTag: \"lts\"\n ImagePullPolicy: \"Always\"\n# ImagePullSecret: jenkins\n Component: \"jenkins-master\"\n UseSecurity: true\n HostNetworking: false\n AdminUser: admin\n # AdminPassword: \u003cdefaults to random\u003e\n resources:\n requests:\n cpu: \"50m\"\n memory: \"256Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n # Environment variables that get added to the init container (useful for e.g. http_proxy)\n # InitContainerEnv:\n # - name: http_proxy\n # value: \"http://192.168.64.1:3128\"\n # ContainerEnv:\n # - name: http_proxy\n # value: \"http://192.168.64.1:3128\"\n # Set min/max heap here if needed with:\n # JavaOpts: \"-Xms512m -Xmx512m\"\n # JenkinsOpts: \"\"\n # JenkinsUriPrefix: \"/jenkins\"\n # Enable pod security context (must be `true` if RunAsUser or FsGroup are set)\n UsePodSecurityContext: true\n # Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image.\n # When setting RunAsUser to a different value than 0 also set FsGroup to the same value:\n # RunAsUser: \u003cdefaults to 0\u003e\n # FsGroup: \u003cwill be omitted in deployment if RunAsUser is 0\u003e\n ServicePort: 8080\n # For minikube, set this to NodePort, elsewhere use LoadBalancer\n # Use ClusterIP if your setup includes ingress controller\n ServiceType: LoadBalancer\n # Master Service annotations\n ServiceAnnotations: {}\n # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https\n # Used to create Ingress record (should used with ServiceType: ClusterIP)\n # HostName: jenkins.cluster.local\n # NodePort: \u003cto set explicitly, choose port between 30000-32767\n # Enable Kubernetes Liveness and Readiness Probes\n # ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.\n HealthProbes: true\n HealthProbesLivenessTimeout: 90\n HealthProbesReadinessTimeout: 60\n HealthProbeLivenessFailureThreshold: 12\n SlaveListenerPort: 50000\n DisabledAgentProtocols:\n - JNLP-connect\n - JNLP2-connect\n CSRF:\n DefaultCrumbIssuer:\n Enabled: true\n ProxyCompatability: true\n CLI: false\n # Kubernetes service type for the JNLP slave service\n # SETTING THIS TO \"LoadBalancer\" IS A HUGE SECURITY RISK: https://github.com/kubernetes/charts/issues/1341\n SlaveListenerServiceType: ClusterIP\n SlaveListenerServiceAnnotations: {}\n LoadBalancerSourceRanges:\n - 0.0.0.0/0\n # Optionally assign a known public LB IP\n # LoadBalancerIP: 1.2.3.4\n # Optionally configure a JMX port\n # requires additional JavaOpts, ie\n # JavaOpts: \u003e\n # -Dcom.sun.management.jmxremote.port=4000\n # -Dcom.sun.management.jmxremote.authenticate=false\n # -Dcom.sun.management.jmxremote.ssl=false\n # JMXPort: 4000\n # Optionally configure other ports to expose in the Master container\n ExtraPorts:\n # - name: BuildInfoProxy\n # port: 9000\n # List of plugins to be install during Jenkins master start\n InstallPlugins:\n - kubernetes:1.12.4\n - workflow-job:2.24\n - workflow-aggregator:2.5\n - credentials-binding:1.16\n - git:3.9.1\n # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval\n # ScriptApproval:\n # - \"method groovy.json.JsonSlurperClassic parseText java.lang.String\"\n # - \"new groovy.json.JsonSlurperClassic\"\n # List of groovy init scripts to be executed during Jenkins master start\n InitScripts:\n # - |\n # print 'adding global pipeline libraries, register properties, bootstrap jobs...'\n # Kubernetes secret that contains a 'credentials.xml' for Jenkins\n # CredentialsXmlSecret: jenkins-credentials\n # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,\n # useful to manage encryption keys used for credentials.xml for instance (such as\n # master.key and hudson.util.Secret)\n # SecretsFilesSecret: jenkins-secrets\n # Jenkins XML job configs to provision\n # Jobs: |-\n # test: |-\n # \u003c\u003cxml here\u003e\u003e\n CustomConfigMap: false\n # By default, the configMap is only used to set the initial config the first time\n # that the chart is installed. Setting `OverwriteConfig` to `true` will overwrite\n # the jenkins config with the contents of the configMap every time the pod starts.\n OverwriteConfig: false\n # Node labels and tolerations for pod assignment\n # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature\n NodeSelector: {}\n Tolerations: {}\n PodAnnotations: {}\n\n Ingress:\n ApiVersion: extensions/v1beta1\n Annotations: {}\n # kubernetes.io/ingress.class: nginx\n # kubernetes.io/tls-acme: \"true\"\n\n TLS:\n # - secretName: jenkins.cluster.local\n # hosts:\n # - jenkins.cluster.local\n\nAgent:\n Enabled: true\n Image: jenkins/jnlp-slave\n ImageTag: 3.10-1\n CustomJenkinsLabels: []\n# ImagePullSecret: jenkins\n Component: \"jenkins-slave\"\n Privileged: false\n resources:\n requests:\n cpu: \"200m\"\n memory: \"256Mi\"\n limits:\n cpu: \"200m\"\n memory: \"256Mi\"\n # You may want to change this to true while testing a new image\n AlwaysPullImage: false\n # Controls how slave pods are retained after the Jenkins build completes\n # Possible values: Always, Never, OnFailure\n PodRetention: Never\n # You can define the volumes that you want to mount for this container\n # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret\n # Configure the attributes as they appear in the corresponding Java class for that type\n # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes\n volumes:\n # - type: Secret\n # secretName: mysecret\n # mountPath: /var/myapp/mysecret\n NodeSelector: {}\n # Key Value selectors. Ex:\n # jenkins-agent: v1\n\nPersistence:\n Enabled: true\n ## A manually managed Persistent Volume and Claim\n ## Requires Persistence.Enabled: true\n ## If defined, PVC must be created manually before volume will be bound\n # ExistingClaim:\n\n ## jenkins data Persistent Volume Storage Class\n ## If defined, storageClassName: \u003cstorageClass\u003e\n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS \u0026 OpenStack)\n ##\n # StorageClass: \"-\"\n\n Annotations: {}\n AccessMode: ReadWriteOnce\n Size: 8Gi\n volumes:\n # - name: nothing\n # emptyDir: {}\n mounts:\n # - mountPath: /var/nothing\n # name: nothing\n # readOnly: true\n\nNetworkPolicy:\n # Enable creation of NetworkPolicy resources.\n Enabled: false\n # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'\n # For Kubernetes v1.7, use 'networking.k8s.io/v1'\n ApiVersion: extensions/v1beta1\n\n## Install Default RBAC roles and bindings\nrbac:\n install: false\n serviceAccountName: default\n # Role reference\n roleRef: cluster-admin\n # Role kind (RoleBinding or ClusterRoleBinding)\n roleBindingKind: ClusterRoleBinding\n", + "kustomize": { + "overlays": { + "ship": { + "excludedBases": [ + "/jenkins-test.yaml" + ] + } + } + }, + "upstream": "github.com/helm/charts/tree/78858a2fb07aebe082efb11b8991b60e7fdd5d60/stable/jenkins", + "metadata": { + "applicationType": "helm", + "icon": "https://wiki.jenkins-ci.org/download/attachments/2916393/logo.png", + "name": "jenkins", + "releaseNotes": "Added ExtraPorts to open in the master pod (#7759)\n\n* Added ExtraPorts to open in the master pod\n\nSigned-off-by: ecejjar \u003cjesus.javier.arauz@ericsson.com\u003e\n\n* [stable/jenkins] Bumped up chart version\n\nSigned-off-by: ecejjar \u003cjesus.javier.arauz@ericsson.com\u003e", + "version": "0.20.1" + }, + "contentSHA": "c25b3cd58e801f1a642961c860c4162da2c171fa8a8cd33d32012c36631535e9" + } +} \ No newline at end of file diff --git a/integration/update/jenkins-deployment-labels/metadata.yaml b/integration/update/jenkins-deployment-labels/metadata.yaml new file mode 100644 index 000000000..0665f8981 --- /dev/null +++ b/integration/update/jenkins-deployment-labels/metadata.yaml @@ -0,0 +1,5 @@ +args: ["--prefer-git"] + +skip_cleanup: false +ignoredFiles: + - base/jenkins-test.yaml