From 1f922a623f1b4eaa0976cd6d3f0188be741a258c Mon Sep 17 00:00:00 2001 From: Tim Chan Date: Fri, 19 Jul 2024 16:47:05 -0700 Subject: [PATCH] Added custom image pull secrets integ test --- .changelog/3808.changed.txt | 1 + .../templates/events/otelcol/statefulset.yaml | 6 ++ .../otelcol-instrumentation/statefulset.yaml | 6 ++ .../traces-gateway/deployment.yaml | 6 ++ .../traces-sampler/deployment.yaml | 6 ++ .../logs/collector/otelcol/daemonset.yaml | 6 ++ .../collector/otellogswindows/daemonset.yaml | 6 ++ .../templates/logs/otelcol/statefulset.yaml | 6 ++ .../metrics/otelcol/statefulset.yaml | 6 ++ .../helm/sumologic/templates/setup/job.yaml | 6 ++ deploy/helm/sumologic/values.yaml | 2 +- docs/working-with-container-registries.md | 2 +- tests/helm/common_test.go | 83 +++++++++++++++++++ tests/helm/const.go | 1 + .../custom-global-config-attributes.yaml | 22 ++++- 15 files changed, 162 insertions(+), 3 deletions(-) create mode 100644 .changelog/3808.changed.txt diff --git a/.changelog/3808.changed.txt b/.changelog/3808.changed.txt new file mode 100644 index 0000000000..0ca38c8a28 --- /dev/null +++ b/.changelog/3808.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets tests for global configuration attributes \ No newline at end of file diff --git a/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml index 2050170386..fe1e29b1c4 100644 --- a/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml @@ -35,6 +35,12 @@ spec: {{ toYaml .Values.otelevents.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "events.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml b/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml index c2f0a76d87..a28e61c14f 100644 --- a/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml @@ -45,6 +45,12 @@ spec: {{ toYaml $otelcolInstrumentation.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "otelcolInstrumentation.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml index 2d06d143e8..8d98559536 100644 --- a/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml @@ -46,6 +46,12 @@ spec: {{ toYaml $tracesGateway.deployment.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "tracesGateway.deployment.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml index 85c7114213..e91bfcc6d6 100644 --- a/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml $tracesSampler.deployment.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "tracesSampler.deployment.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml index 9fc2e63e4c..8225a41277 100644 --- a/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml +++ b/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml @@ -65,6 +65,12 @@ spec: {{ toYaml $daemonset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} {{- if $nodeSelector }} nodeSelector: {{ $nodeSelector | indent 8 }} diff --git a/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml index ccadf4189f..55929e97e2 100644 --- a/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml +++ b/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml @@ -65,6 +65,12 @@ spec: {{ toYaml $daemonset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} {{- if $nodeSelector }} nodeSelector: {{ $nodeSelector | indent 8 }} diff --git a/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml index 5b60d50b81..e1101a5085 100644 --- a/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml .Values.metadata.logs.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "metadata.logs.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml index 99b4e05495..227a260bad 100644 --- a/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml .Values.metadata.metrics.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "metadata.metrics.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/setup/job.yaml b/deploy/helm/sumologic/templates/setup/job.yaml index 9a1093cdc9..7a3f0e47d1 100644 --- a/deploy/helm/sumologic/templates/setup/job.yaml +++ b/deploy/helm/sumologic/templates/setup/job.yaml @@ -34,6 +34,12 @@ spec: {{ toYaml .Values.sumologic.setup.job.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ template "sumologic.metadata.name.setup.roles.serviceaccount" . }} {{- if not (empty (include "setup.job.nodeSelector" .)) }} diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml index 516a0d409d..cd1a89665d 100644 --- a/deploy/helm/sumologic/values.yaml +++ b/deploy/helm/sumologic/values.yaml @@ -2347,7 +2347,7 @@ telegraf-operator: ## Configure Falco ## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it ## This is an experimental configuration and shouldn't be used in production environment -## https://github.com/falcosecurity/charts/tree/master/falco +## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml falco: enabled: false diff --git a/docs/working-with-container-registries.md b/docs/working-with-container-registries.md index 383c5c87d9..2829d27f51 100644 --- a/docs/working-with-container-registries.md +++ b/docs/working-with-container-registries.md @@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \ --docker-password=$(aws ecr-public --region us-east-1 get-login-password) ``` -After creating the secret one can use it in the following way: +After creating the secret, one can use it in the following way: ```yaml sumologic: diff --git a/tests/helm/common_test.go b/tests/helm/common_test.go index d8ed4f9a20..5c948df740 100644 --- a/tests/helm/common_test.go +++ b/tests/helm/common_test.go @@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro return nil, nil } +func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool { + for _, secret := range imagePullSecrets { + if secret.Name == expectedSecret { + return true + } + } + return false +} + +// func ObjectUsesPullSecrets(objectName string, namesToCheck map[string]struct{}) bool { +// for name := range namesToCheck { +// if strings.Contains(objectName, name) { +// return true +// } +// } +// return false +// } + func TestNamespaceOverride(t *testing.T) { valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml") namespaceOverride := "override" @@ -692,3 +710,68 @@ func TestCustomServiceAccountAnnotations(t *testing.T) { } } } + +func TestCustomImagePullSecrets(t *testing.T) { + t.Parallel() + valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml") + renderedYamlString := RenderTemplate( + t, + &helm.Options{ + ValuesFiles: []string{valuesFilePath}, + SetStrValues: map[string]string{ + "sumologic.accessId": "accessId", + "sumologic.accessKey": "accessKey", + }, + Logger: logger.Discard, + }, + chartDirectory, + releaseName, + []string{}, + true, + "--namespace", + defaultNamespace, + ) + + renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString) + + for _, renderedObject := range renderedObjects { + kind := renderedObject.GetObjectKind().GroupVersionKind().Kind + // name := renderedObject.GetName() + + /** + 1. objects that uses pull secrets + https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/working-with-container-registries.md?plain=1#L37-L50 + + 2. have a test for service account pull secrets: TestServiceAccountPullSecrets + */ + // if !ObjectUsesPullSecrets(name, namesToCheck) || kind == "ServiceAccount" { + // continue + // } + + // have a test for service account pull secrets: TestServiceAccountPullSecrets + if kind == "ServiceAccount" { + continue + } + + podTemplateSpec, err := GetPodTemplateSpec(renderedObject) + if err != nil { + t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err) + continue + } + + if podTemplateSpec == nil { + t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName()) + continue + } + + require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName()) + assert.True( + t, + ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets), + "Expected imagePullSecret %v not found in %s %s", + customImagePullSecrets, + kind, + renderedObject.GetName(), + ) + } +} diff --git a/tests/helm/const.go b/tests/helm/const.go index c43b3e027d..4b782a248a 100644 --- a/tests/helm/const.go +++ b/tests/helm/const.go @@ -23,6 +23,7 @@ const ( customLabelValue = "customLabelValue" customAnnotationsKey = "customAnnotationsKey" customAnnotationsValue = "customAnnotationsValue" + customImagePullSecrets = "customImagePullSecrets" ) var subChartNames []string = []string{ diff --git a/tests/helm/testdata/custom-global-config-attributes.yaml b/tests/helm/testdata/custom-global-config-attributes.yaml index 864e18330f..b79941eaf3 100644 --- a/tests/helm/testdata/custom-global-config-attributes.yaml +++ b/tests/helm/testdata/custom-global-config-attributes.yaml @@ -1,8 +1,9 @@ sumologic: + pullSecrets: + - name: customImagePullSecrets metrics: remoteWriteProxy: enabled: true - podLabels: customLabelKey: customLabelValue podAnnotations: @@ -10,13 +11,22 @@ sumologic: serviceAccount: annotations: customServiceAccountAnnotationKey: customServiceAccountAnnotationValue + setup: + job: + pullSecrets: + - name: customImagePullSecrets kube-prometheus-stack: + global: + imagePullSecrets: + - name: customImagePullSecrets kube-state-metrics: customLabels: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + imagePullSecrets: + - name: customImagePullSecrets prometheus: enabled: true prometheusSpec: @@ -26,6 +36,8 @@ kube-prometheus-stack: annotations: customAnnotationsKey: customAnnotationsValue prometheus-node-exporter: + imagePullSecrets: + - name: customImagePullSecrets podLabels: customLabelKey: customLabelValue podAnnotations: @@ -40,6 +52,8 @@ opentelemetry-operator: falco: enabled: true + imagePullSecrets: + - name: customImagePullSecrets podLabels: customLabelKey: customLabelValue podAnnotations: @@ -51,3 +65,9 @@ prometheus-windows-exporter: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + imagePullSecrets: + - name: customImagePullSecrets + +opentelemetry-operator: + imagePullSecrets: + - name: customImagePullSecrets