From b37703ad88eaa42e9ef02a7fe6547b9390135f35 Mon Sep 17 00:00:00 2001 From: Tim Chan Date: Fri, 19 Jul 2024 16:47:05 -0700 Subject: [PATCH] Added custom image pull secrets integ test --- .changelog/3808.1.changed.txt | 1 + .changelog/3808.2.changed.txt | 1 + .changelog/3808.3.changed.txt | 1 + .changelog/3808.4.changed.txt | 1 + .changelog/3808.changed.txt | 1 + .../templates/events/otelcol/statefulset.yaml | 6 ++ .../otelcol-instrumentation/statefulset.yaml | 6 ++ .../traces-gateway/deployment.yaml | 6 ++ .../traces-sampler/deployment.yaml | 6 ++ .../logs/collector/otelcol/daemonset.yaml | 6 ++ .../collector/otellogswindows/daemonset.yaml | 6 ++ .../templates/logs/otelcol/statefulset.yaml | 6 ++ .../metrics/otelcol/statefulset.yaml | 6 ++ .../helm/sumologic/templates/setup/job.yaml | 6 ++ deploy/helm/sumologic/values.yaml | 2 +- docs/working-with-container-registries.md | 2 +- tests/helm/common_test.go | 63 +++++++++++++++++++ tests/helm/const.go | 2 + .../custom-global-config-attributes.yaml | 28 ++++++++- 19 files changed, 153 insertions(+), 3 deletions(-) create mode 100644 .changelog/3808.1.changed.txt create mode 100644 .changelog/3808.2.changed.txt create mode 100644 .changelog/3808.3.changed.txt create mode 100644 .changelog/3808.4.changed.txt create mode 100644 .changelog/3808.changed.txt diff --git a/.changelog/3808.1.changed.txt b/.changelog/3808.1.changed.txt new file mode 100644 index 0000000000..0998c75317 --- /dev/null +++ b/.changelog/3808.1.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets for statefulset \ No newline at end of file diff --git a/.changelog/3808.2.changed.txt b/.changelog/3808.2.changed.txt new file mode 100644 index 0000000000..d0231c5c2e --- /dev/null +++ b/.changelog/3808.2.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets for deployments \ No newline at end of file diff --git a/.changelog/3808.3.changed.txt b/.changelog/3808.3.changed.txt new file mode 100644 index 0000000000..7f76ae1988 --- /dev/null +++ b/.changelog/3808.3.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets for daemonset \ No newline at end of file diff --git a/.changelog/3808.4.changed.txt b/.changelog/3808.4.changed.txt new file mode 100644 index 0000000000..5d4d108937 --- /dev/null +++ b/.changelog/3808.4.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets for jobs \ No newline at end of file diff --git a/.changelog/3808.changed.txt b/.changelog/3808.changed.txt new file mode 100644 index 0000000000..0ca38c8a28 --- /dev/null +++ b/.changelog/3808.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets tests for global configuration attributes \ No newline at end of file diff --git a/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml index 2050170386..fe1e29b1c4 100644 --- a/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml @@ -35,6 +35,12 @@ spec: {{ toYaml .Values.otelevents.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "events.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml b/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml index c2f0a76d87..a28e61c14f 100644 --- a/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml @@ -45,6 +45,12 @@ spec: {{ toYaml $otelcolInstrumentation.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "otelcolInstrumentation.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml index 2d06d143e8..8d98559536 100644 --- a/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml @@ -46,6 +46,12 @@ spec: {{ toYaml $tracesGateway.deployment.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "tracesGateway.deployment.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml index 85c7114213..e91bfcc6d6 100644 --- a/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml +++ b/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml $tracesSampler.deployment.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "tracesSampler.deployment.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml index 9fc2e63e4c..8225a41277 100644 --- a/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml +++ b/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml @@ -65,6 +65,12 @@ spec: {{ toYaml $daemonset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} {{- if $nodeSelector }} nodeSelector: {{ $nodeSelector | indent 8 }} diff --git a/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml index ccadf4189f..55929e97e2 100644 --- a/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml +++ b/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml @@ -65,6 +65,12 @@ spec: {{ toYaml $daemonset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} {{- if $nodeSelector }} nodeSelector: {{ $nodeSelector | indent 8 }} diff --git a/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml index 5b60d50b81..e1101a5085 100644 --- a/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml .Values.metadata.logs.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "metadata.logs.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml index 99b4e05495..227a260bad 100644 --- a/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml +++ b/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml @@ -42,6 +42,12 @@ spec: {{ toYaml .Values.metadata.metrics.statefulset.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }} {{- if not (empty (include "metadata.metrics.statefulset.nodeSelector" .)) }} nodeSelector: diff --git a/deploy/helm/sumologic/templates/setup/job.yaml b/deploy/helm/sumologic/templates/setup/job.yaml index 9a1093cdc9..7a3f0e47d1 100644 --- a/deploy/helm/sumologic/templates/setup/job.yaml +++ b/deploy/helm/sumologic/templates/setup/job.yaml @@ -34,6 +34,12 @@ spec: {{ toYaml .Values.sumologic.setup.job.podLabels | indent 8 }} {{- end }} spec: + {{- if $.Values.sumologic.pullSecrets }} + imagePullSecrets: + {{- range $.Values.sumologic.pullSecrets }} + - name: {{ .name }} + {{- end }} + {{- end }} restartPolicy: OnFailure serviceAccountName: {{ template "sumologic.metadata.name.setup.roles.serviceaccount" . }} {{- if not (empty (include "setup.job.nodeSelector" .)) }} diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml index 516a0d409d..cd1a89665d 100644 --- a/deploy/helm/sumologic/values.yaml +++ b/deploy/helm/sumologic/values.yaml @@ -2347,7 +2347,7 @@ telegraf-operator: ## Configure Falco ## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it ## This is an experimental configuration and shouldn't be used in production environment -## https://github.com/falcosecurity/charts/tree/master/falco +## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml falco: enabled: false diff --git a/docs/working-with-container-registries.md b/docs/working-with-container-registries.md index 383c5c87d9..2829d27f51 100644 --- a/docs/working-with-container-registries.md +++ b/docs/working-with-container-registries.md @@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \ --docker-password=$(aws ecr-public --region us-east-1 get-login-password) ``` -After creating the secret one can use it in the following way: +After creating the secret, one can use it in the following way: ```yaml sumologic: diff --git a/tests/helm/common_test.go b/tests/helm/common_test.go index d8ed4f9a20..6c9fae9b5e 100644 --- a/tests/helm/common_test.go +++ b/tests/helm/common_test.go @@ -475,6 +475,15 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro return nil, nil } +func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool { + for _, secret := range imagePullSecrets { + if secret.Name == expectedSecret { + return true + } + } + return false +} + func TestNamespaceOverride(t *testing.T) { valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml") namespaceOverride := "override" @@ -692,3 +701,57 @@ func TestCustomServiceAccountAnnotations(t *testing.T) { } } } + +func TestCustomImagePullSecrets(t *testing.T) { + t.Parallel() + valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml") + renderedYamlString := RenderTemplate( + t, + &helm.Options{ + ValuesFiles: []string{valuesFilePath}, + SetStrValues: map[string]string{ + "sumologic.accessId": "accessId", + "sumologic.accessKey": "accessKey", + }, + Logger: logger.Discard, + }, + chartDirectory, + releaseName, + []string{}, + true, + "--namespace", + defaultNamespace, + ) + + renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString) + + for _, renderedObject := range renderedObjects { + kind := renderedObject.GetObjectKind().GroupVersionKind().Kind + + // have a test for service account pull secrets: TestServiceAccountPullSecrets + if kind == "ServiceAccount" { + continue + } + + podTemplateSpec, err := GetPodTemplateSpec(renderedObject) + if err != nil { + t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err) + continue + } + + if podTemplateSpec == nil { + t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName()) + continue + } + + require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName()) + assert.True( + t, + ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets), + "Expected imagePullSecret %v not found in %s %s", + customImagePullSecrets, + kind, + renderedObject.GetName(), + ) + } +} diff --git a/tests/helm/const.go b/tests/helm/const.go index c43b3e027d..fc295846ed 100644 --- a/tests/helm/const.go +++ b/tests/helm/const.go @@ -23,6 +23,8 @@ const ( customLabelValue = "customLabelValue" customAnnotationsKey = "customAnnotationsKey" customAnnotationsValue = "customAnnotationsValue" + customImagePullSecrets = "customImagePullSecrets" + customImagePullSecrets2 = "customImagePullSecrets2" ) var subChartNames []string = []string{ diff --git a/tests/helm/testdata/custom-global-config-attributes.yaml b/tests/helm/testdata/custom-global-config-attributes.yaml index 864e18330f..32a104c0b5 100644 --- a/tests/helm/testdata/custom-global-config-attributes.yaml +++ b/tests/helm/testdata/custom-global-config-attributes.yaml @@ -1,8 +1,10 @@ sumologic: + pullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 metrics: remoteWriteProxy: enabled: true - podLabels: customLabelKey: customLabelValue podAnnotations: @@ -10,13 +12,25 @@ sumologic: serviceAccount: annotations: customServiceAccountAnnotationKey: customServiceAccountAnnotationValue + setup: + job: + pullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 kube-prometheus-stack: + global: + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 kube-state-metrics: customLabels: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 prometheus: enabled: true prometheusSpec: @@ -26,6 +40,9 @@ kube-prometheus-stack: annotations: customAnnotationsKey: customAnnotationsValue prometheus-node-exporter: + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 podLabels: customLabelKey: customLabelValue podAnnotations: @@ -37,9 +54,15 @@ opentelemetry-operator: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 falco: enabled: true + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2 podLabels: customLabelKey: customLabelValue podAnnotations: @@ -51,3 +74,6 @@ prometheus-windows-exporter: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + imagePullSecrets: + - name: customImagePullSecrets + - name: customImagePullSecrets2