diff --git a/charts/guac/README.md b/charts/guac/README.md index b0a1d95..cc2df67 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -102,7 +102,8 @@ This section contains parameters for configuring the different GUAC components. | `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | | `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | | `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | -| `guac.common.env` | Environment variables common apply for all guac services | `""` | +| `guac.common.env` | common environment variables apply to all guac services | `""` | +| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | | `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | | `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | | `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | @@ -111,6 +112,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | | `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | | `guac.ociCollector.tolerations` | | `[]` | +| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | | `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | | `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | | `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | @@ -121,6 +123,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | | `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | | `guac.depsDevCollector.tolerations` | | `[]` | +| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | | `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | | `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | | `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | @@ -131,6 +134,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` | | `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | | `guac.osvCertifier.tolerations` | | `[]` | +| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | | `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | | `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | | `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | @@ -140,6 +144,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | | `guac.ingestor.env` | Environment variables for ingestor. | `[]` | | `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | | `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | | `guac.ingestor.tolerations` | | `[]` | | `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | @@ -155,6 +160,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | | `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | | `guac.collectSub.tolerations` | | `[]` | +| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | | `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | | `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | | `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | @@ -171,6 +177,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | | `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | | `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | | `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | | `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | | `guac.graphqlServer.additionalVolumeMounts` | | `[]` | @@ -187,6 +194,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | | `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | | `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | | `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | | `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | | `guac.restApi.tolerations` | | `[]` | diff --git a/charts/guac/schema.json b/charts/guac/schema.json index cc22866..7e30f31 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -48,7 +48,12 @@ "properties": { "env": { "type": "string", - "description": "Environment variables common apply for all guac services", + "description": "common environment variables apply to all guac services", + "default": "\"\"" + }, + "tolerations": { + "type": "string", + "description": "common tolerations apply to all guac services", "default": "\"\"" } } @@ -108,6 +113,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create OCI Collector service account", + "default": true + }, "annotations": { "type": "object", "description": "- OCI Collector service account annotations", @@ -177,6 +187,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create depsDevCollector service account", + "default": true + }, "annotations": { "type": "object", "description": "", @@ -246,6 +261,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create osvCertifier service account", + "default": true + }, "annotations": { "type": "object", "description": "- OSV Certifier service account annotations", @@ -309,6 +329,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create ingestor service account", + "default": true + }, "annotations": { "type": "object", "description": "- Ingestor service account annotations", @@ -418,6 +443,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create collectSub service account", + "default": true + }, "annotations": { "type": "object", "description": "- CollectSub service account annotations", @@ -525,6 +555,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create graphqlServer service account", + "default": true + }, "annotations": { "type": "object", "description": "- graphql server service account annotations", @@ -645,6 +680,11 @@ "serviceAccount": { "type": "object", "properties": { + "create": { + "type": "boolean", + "description": "- whether to create restApi service account", + "default": true + }, "annotations": { "type": "object", "description": "- graphql server service account annotations", diff --git a/charts/guac/templates/collectsub-deployment.yaml b/charts/guac/templates/collectsub-deployment.yaml index f84344b..4e56aae 100644 --- a/charts/guac/templates/collectsub-deployment.yaml +++ b/charts/guac/templates/collectsub-deployment.yaml @@ -74,9 +74,15 @@ spec: nodeSelector: {{ toYaml .Values.guac.collectSub.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.collectSub.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.collectSub.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.collectSub.tolerations }} {{ toYaml .Values.guac.collectSub.tolerations | indent 8 }} {{- end }} +{{- end }} {{- end }} diff --git a/charts/guac/templates/collectsub-sa.yaml b/charts/guac/templates/collectsub-sa.yaml index 2723199..8bec572 100644 --- a/charts/guac/templates/collectsub-sa.yaml +++ b/charts/guac/templates/collectsub-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.collectSub.enabled }} +{{ if .Values.guac.collectSub.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.collectSub.name }} app.kubernetes.io/component: {{ .Values.guac.collectSub.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/depsdev-collector-deployment.yaml b/charts/guac/templates/depsdev-collector-deployment.yaml index 5ddfd2b..42c623c 100644 --- a/charts/guac/templates/depsdev-collector-deployment.yaml +++ b/charts/guac/templates/depsdev-collector-deployment.yaml @@ -75,9 +75,16 @@ spec: nodeSelector: {{ toYaml .Values.guac.depsDevCollector.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.depsDevCollector.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.depsDevCollector.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.depsDevCollector.tolerations }} {{ toYaml .Values.guac.depsDevCollector.tolerations | indent 8 }} {{- end }} +{{- end }} + {{- end }} diff --git a/charts/guac/templates/depsdev-collector-sa.yaml b/charts/guac/templates/depsdev-collector-sa.yaml index 75b52a1..bf72be9 100644 --- a/charts/guac/templates/depsdev-collector-sa.yaml +++ b/charts/guac/templates/depsdev-collector-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.depsDevCollector.enabled }} +{{ if .Values.guac.depsDevCollector.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }} app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml index 2865338..79afa20 100644 --- a/charts/guac/templates/graphql-server-deployment.yaml +++ b/charts/guac/templates/graphql-server-deployment.yaml @@ -80,9 +80,15 @@ spec: nodeSelector: {{ toYaml .Values.guac.graphqlServer.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.graphqlServer.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.graphqlServer.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.graphqlServer.tolerations }} {{ toYaml .Values.guac.graphqlServer.tolerations | indent 8 }} {{- end }} +{{- end }} {{- end }} diff --git a/charts/guac/templates/graphql-server-sa.yaml b/charts/guac/templates/graphql-server-sa.yaml index 19febbd..e79e736 100644 --- a/charts/guac/templates/graphql-server-sa.yaml +++ b/charts/guac/templates/graphql-server-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.graphqlServer.enabled }} +{{ if .Values.guac.graphqlServer.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/guacrest-deployment.yaml b/charts/guac/templates/guacrest-deployment.yaml index f3a856a..d754556 100644 --- a/charts/guac/templates/guacrest-deployment.yaml +++ b/charts/guac/templates/guacrest-deployment.yaml @@ -70,9 +70,16 @@ spec: nodeSelector: {{ toYaml .Values.guac.restApi.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.restApi.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.restApi.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.restApi.tolerations }} {{ toYaml .Values.guac.restApi.tolerations | indent 8 }} {{- end }} +{{- end }} + {{- end }} diff --git a/charts/guac/templates/guacrest-sa.yaml b/charts/guac/templates/guacrest-sa.yaml index 3dabb80..5309b9c 100644 --- a/charts/guac/templates/guacrest-sa.yaml +++ b/charts/guac/templates/guacrest-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.restApi.enabled }} +{{ if .Values.guac.restApi.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.restApi.name }} app.kubernetes.io/component: {{ .Values.guac.restApi.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/ingestor-deployment.yaml b/charts/guac/templates/ingestor-deployment.yaml index 7fd093d..9341d06 100644 --- a/charts/guac/templates/ingestor-deployment.yaml +++ b/charts/guac/templates/ingestor-deployment.yaml @@ -74,9 +74,16 @@ spec: nodeSelector: {{ toYaml .Values.guac.ingestor.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.ingestor.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.ingestor.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.ingestor.tolerations }} {{ toYaml .Values.guac.ingestor.tolerations | indent 8 }} {{- end }} +{{- end }} + {{- end }} diff --git a/charts/guac/templates/ingestor-sa.yaml b/charts/guac/templates/ingestor-sa.yaml index 5895e9b..c08789f 100644 --- a/charts/guac/templates/ingestor-sa.yaml +++ b/charts/guac/templates/ingestor-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.ingestor.enabled }} +{{ if .Values.guac.ingestor.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.ingestor.name }} app.kubernetes.io/component: {{ .Values.guac.ingestor.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/oci-collector-deployment.yaml b/charts/guac/templates/oci-collector-deployment.yaml index 1e16868..02b7fe6 100644 --- a/charts/guac/templates/oci-collector-deployment.yaml +++ b/charts/guac/templates/oci-collector-deployment.yaml @@ -74,9 +74,16 @@ spec: nodeSelector: {{ toYaml .Values.guac.ociCollector.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.ociCollector.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.ociCollector.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.ociCollector.tolerations }} {{ toYaml .Values.guac.ociCollector.tolerations | indent 8 }} {{- end }} +{{- end }} + {{- end }} diff --git a/charts/guac/templates/oci-collector-sa.yaml b/charts/guac/templates/oci-collector-sa.yaml index 5782db2..6fc7d9e 100644 --- a/charts/guac/templates/oci-collector-sa.yaml +++ b/charts/guac/templates/oci-collector-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.ociCollector.enabled }} +{{ if .Values.guac.ociCollector.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.ociCollector.name }} app.kubernetes.io/component: {{ .Values.guac.ociCollector.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/osv-certifier-deployment.yaml b/charts/guac/templates/osv-certifier-deployment.yaml index e7d4488..e90a168 100644 --- a/charts/guac/templates/osv-certifier-deployment.yaml +++ b/charts/guac/templates/osv-certifier-deployment.yaml @@ -74,9 +74,15 @@ spec: nodeSelector: {{ toYaml .Values.guac.osvCertifier.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.osvCertifier.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.osvCertifier.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.osvCertifier.tolerations }} {{ toYaml .Values.guac.osvCertifier.tolerations | indent 8 }} {{- end }} +{{- end }} {{- end }} diff --git a/charts/guac/templates/osv-certifier-sa.yaml b/charts/guac/templates/osv-certifier-sa.yaml index 6e411c6..01fdbde 100644 --- a/charts/guac/templates/osv-certifier-sa.yaml +++ b/charts/guac/templates/osv-certifier-sa.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.osvCertifier.enabled }} +{{ if .Values.guac.osvCertifier.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -15,3 +16,4 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.osvCertifier.name }} app.kubernetes.io/component: {{ .Values.guac.osvCertifier.name }} {{- end }} +{{- end }} diff --git a/charts/guac/templates/visualizer-deployment.yaml b/charts/guac/templates/visualizer-deployment.yaml index deb2704..5a60656 100644 --- a/charts/guac/templates/visualizer-deployment.yaml +++ b/charts/guac/templates/visualizer-deployment.yaml @@ -85,9 +85,16 @@ spec: nodeSelector: {{ toYaml .Values.guac.visualizer.nodeSelector | indent 8 }} {{- end }} -{{- if .Values.guac.visualizer.tolerations }} + +{{- if or .Values.guac.common.tolerations .Values.guac.visualizer.tolerations }} tolerations: +{{- if .Values.guac.common.tolerations }} +{{ toYaml .Values.guac.common.tolerations | indent 8 }} +{{- end }} +{{- if .Values.guac.visualizer.tolerations }} {{ toYaml .Values.guac.visualizer.tolerations | indent 8 }} {{- end }} +{{- end }} + {{- end }} diff --git a/charts/guac/tests/collectsub_deployment_test.yaml b/charts/guac/tests/collectsub_deployment_test.yaml index 2fa1c86..b8fb0a8 100644 --- a/charts/guac/tests/collectsub_deployment_test.yaml +++ b/charts/guac/tests/collectsub_deployment_test.yaml @@ -57,4 +57,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/depsdev-collector_deployment_test.yaml b/charts/guac/tests/depsdev-collector_deployment_test.yaml index 26c592a..5046ee1 100644 --- a/charts/guac/tests/depsdev-collector_deployment_test.yaml +++ b/charts/guac/tests/depsdev-collector_deployment_test.yaml @@ -57,4 +57,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/graphql_deployment_test.yaml b/charts/guac/tests/graphql_deployment_test.yaml index d26da0f..42e708c 100644 --- a/charts/guac/tests/graphql_deployment_test.yaml +++ b/charts/guac/tests/graphql_deployment_test.yaml @@ -58,4 +58,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/ingestor_deployment_test.yaml b/charts/guac/tests/ingestor_deployment_test.yaml index 3e454ae..2ab3d9b 100644 --- a/charts/guac/tests/ingestor_deployment_test.yaml +++ b/charts/guac/tests/ingestor_deployment_test.yaml @@ -57,4 +57,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/oci_collector_deployment_test.yaml b/charts/guac/tests/oci_collector_deployment_test.yaml index 1fdf8ba..64c7989 100644 --- a/charts/guac/tests/oci_collector_deployment_test.yaml +++ b/charts/guac/tests/oci_collector_deployment_test.yaml @@ -57,4 +57,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/osv-certifier_deployment_test.yaml b/charts/guac/tests/osv-certifier_deployment_test.yaml index ab97f93..da1b23a 100644 --- a/charts/guac/tests/osv-certifier_deployment_test.yaml +++ b/charts/guac/tests/osv-certifier_deployment_test.yaml @@ -57,4 +57,34 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/guacsec/guac:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/rest-api_deployment_test.yaml b/charts/guac/tests/rest-api_deployment_test.yaml new file mode 100644 index 0000000..b7ebbfb --- /dev/null +++ b/charts/guac/tests/rest-api_deployment_test.yaml @@ -0,0 +1,90 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +suite: OSV Certifier Deployment tests +templates: + - guacrest-deployment.yaml + +tests: + - it: deployment should render + asserts: + - isKind: + of: Deployment + - hasDocuments: + count: 1 + + - it: should run the osvCertifier image + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rest-api + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e + + - it: should run the osvCertifier sub command + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].command[0] + value: "sh" + - equal: + path: spec.template.spec.containers[0].command[1] + value: "-c" + - equal: + path: spec.template.spec.containers[0].command[2] + value: "/opt/guac/guacrest" + + - it: should respect spec level parameters + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.replicas + value: 1 + - equal: + path: spec.selector.matchLabels["app.kubernetes.io/name"] + value: rest-api + - equal: + path: spec.template.metadata.labels["app.kubernetes.io/name"] + value: rest-api + + - it: should use tag if only tag is specified + values: + - ./values_tag_no_digest.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac:latest + + - it: should include tolerations + values: + - ./values_combine.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].key + value: "kusari.cloud/common" + - equal: + path: spec.template.spec.tolerations[0].value + value: common + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].operator + value: Equal + + - equal: + path: spec.template.spec.tolerations[1].key + value: "kusari.cloud/own" + - equal: + path: spec.template.spec.tolerations[1].value + value: own + - equal: + path: spec.template.spec.tolerations[1].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[1].operator + value: Equal diff --git a/charts/guac/tests/serviceaccount_all_test.yaml b/charts/guac/tests/serviceaccount_all_test.yaml new file mode 100644 index 0000000..7e436c9 --- /dev/null +++ b/charts/guac/tests/serviceaccount_all_test.yaml @@ -0,0 +1,19 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +suite: All Service Account tests +templates: + - collectsub-sa.yaml + - depsdev-collector-sa.yaml + - graphql-server-sa.yaml + - guacrest-sa.yaml + - ingestor-sa.yaml + - oci-collector-sa.yaml + - osv-certifier-sa.yaml + +tests: + - it: should not create service account + values: + - ./values_serviceaccount_all.yaml + asserts: + - hasDocuments: + count: 1 diff --git a/charts/guac/tests/serviceaccount_no_test.yaml b/charts/guac/tests/serviceaccount_no_test.yaml new file mode 100644 index 0000000..bdd16c5 --- /dev/null +++ b/charts/guac/tests/serviceaccount_no_test.yaml @@ -0,0 +1,19 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +suite: No Service Account tests +templates: + - collectsub-sa.yaml + - depsdev-collector-sa.yaml + - graphql-server-sa.yaml + - guacrest-sa.yaml + - ingestor-sa.yaml + - oci-collector-sa.yaml + - osv-certifier-sa.yaml + +tests: + - it: should not create service account + values: + - ./values_serviceaccount_no.yaml + asserts: + - hasDocuments: + count: 0 diff --git a/charts/guac/tests/values_combine.yaml b/charts/guac/tests/values_combine.yaml new file mode 100644 index 0000000..48474b6 --- /dev/null +++ b/charts/guac/tests/values_combine.yaml @@ -0,0 +1,66 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + + common: + tolerations: + - effect: NoSchedule + key: kusari.cloud/common + operator: Equal + value: common + + ociCollector: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + depsDevCollector: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + osvCertifier: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + ingestor: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + collectSub: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + graphqlServer: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + restApi: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own + + visualizer: + tolerations: + - effect: NoSchedule + key: kusari.cloud/own + operator: Equal + value: own diff --git a/charts/guac/tests/values_graphql_deployment.yaml b/charts/guac/tests/values_graphql_deployment.yaml new file mode 100644 index 0000000..4eddbff --- /dev/null +++ b/charts/guac/tests/values_graphql_deployment.yaml @@ -0,0 +1,6 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + graphqlServer: + service: + createNodePortService: true diff --git a/charts/guac/tests/values_serviceaccount_all.yaml b/charts/guac/tests/values_serviceaccount_all.yaml new file mode 100644 index 0000000..ff5cf3f --- /dev/null +++ b/charts/guac/tests/values_serviceaccount_all.yaml @@ -0,0 +1,35 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + + ociCollector: + serviceAccount: + create: true + + depsDevCollector: + serviceAccount: + create: true + + osvCertifier: + serviceAccount: + create: true + + ingestor: + serviceAccount: + create: true + + collectSub: + serviceAccount: + create: true + + graphqlServer: + serviceAccount: + create: true + + restApi: + serviceAccount: + create: true + + visualizer: + serviceAccount: + create: true diff --git a/charts/guac/tests/values_serviceaccount_no.yaml b/charts/guac/tests/values_serviceaccount_no.yaml new file mode 100644 index 0000000..2a78986 --- /dev/null +++ b/charts/guac/tests/values_serviceaccount_no.yaml @@ -0,0 +1,35 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + + ociCollector: + serviceAccount: + create: false + + depsDevCollector: + serviceAccount: + create: false + + osvCertifier: + serviceAccount: + create: false + + ingestor: + serviceAccount: + create: false + + collectSub: + serviceAccount: + create: false + + graphqlServer: + serviceAccount: + create: false + + restApi: + serviceAccount: + create: false + + visualizer: + serviceAccount: + create: false diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index b7e3fa8..918653c 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -15,7 +15,8 @@ imagePullSecrets: ## @param guac.guacImage.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. ## @param guac.guacImage.pullPolicy ImagePullPolicy for kubernetes ## @param guac.guacImage.workingDir Working Directory for GUAC -## @param guac.common.env [string] Environment variables common apply for all guac services +## @param guac.common.env [string] common environment variables apply to all guac services +## @param guac.common.tolerations [string] common tolerations apply to all guac services ## @param guac.ociCollector.enabled String Whether to deploy OCI Collector ## @param guac.ociCollector.name String Name of the OCI Collector component. ## @param guac.ociCollector.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -24,6 +25,7 @@ imagePullSecrets: ## @param guac.ociCollector.env Environment variables for OCI Collector. ## @param guac.ociCollector.nodeSelector - sets the node selector for where to run the deployment ## @param guac.ociCollector.tolerations +## @param guac.ociCollector.serviceAccount.create - whether to create OCI Collector service account ## @param guac.ociCollector.serviceAccount.annotations - OCI Collector service account annotations ## @param guac.ociCollector.resources - [map] resource requests or limits of the ociCollector deployment ## @param guac.depsDevCollector.enabled String Whether to deploy Deps.Dev Collector @@ -34,6 +36,7 @@ imagePullSecrets: ## @param guac.depsDevCollector.env Environment variables for Deps.Dev Collector. ## @param guac.depsDevCollector.nodeSelector - sets the node selector for where to run the deployment ## @param guac.depsDevCollector.tolerations +## @param guac.depsDevCollector.serviceAccount.create - whether to create depsDevCollector service account ## @param guac.depsDevCollector.serviceAccount.annotations ## @param guac.depsDevCollector.resources - [map] resource requests or limits of the depsDevCollector deployment ## @param guac.osvCertifier.enabled String Whether to deploy OSV Certifier @@ -44,6 +47,7 @@ imagePullSecrets: ## @param guac.osvCertifier.env Environment variables for OSV Certifier Collector. ## @param guac.osvCertifier.nodeSelector - sets the node selector for where to run the deployment ## @param guac.osvCertifier.tolerations +## @param guac.osvCertifier.serviceAccount.create - whether to create osvCertifier service account ## @param guac.osvCertifier.serviceAccount.annotations - OSV Certifier service account annotations ## @param guac.osvCertifier.resources - [map] resource requests or limits of the OSV Certifier deployment ## @param guac.ingestor.enabled String Whether to deploy Ingestor @@ -53,6 +57,7 @@ imagePullSecrets: ## @param guac.ingestor.image.command Command for the ingestor image. It is not recommended to override this. ## @param guac.ingestor.env Environment variables for ingestor. ## @param guac.ingestor.nodeSelector - sets the node selector for where to run the deployment +## @param guac.ingestor.serviceAccount.create - whether to create ingestor service account ## @param guac.ingestor.serviceAccount.annotations - Ingestor service account annotations ## @param guac.ingestor.tolerations ## @param guac.ingestor.resources - [map] resource requests or limits of the ingestor deployment @@ -68,6 +73,7 @@ imagePullSecrets: ## @param guac.collectSub.svcPorts[0].targetPort Port the CollectSub container listens on ## @param guac.collectSub.nodeSelector - sets the node selector for where to run the deployment ## @param guac.collectSub.tolerations +## @param guac.collectSub.serviceAccount.create - whether to create collectSub service account ## @param guac.collectSub.serviceAccount.annotations - CollectSub service account annotations ## @param guac.collectSub.resources - [map] resource requests or limits of the collectSub deployment ## @param guac.graphqlServer.enabled String Whether to deploy GraphQL Server @@ -84,6 +90,7 @@ imagePullSecrets: ## @param guac.graphqlServer.backend which backend to use - keyvalue (default) | arango | ent. ## @param guac.graphqlServer.debug Enable debug mode for graphql server; also enable the UI ## @param guac.graphqlServer.nodeSelector - sets the node selector for where to run the deployment +## @param guac.graphqlServer.serviceAccount.create - whether to create graphqlServer service account ## @param guac.graphqlServer.serviceAccount.annotations - graphql server service account annotations ## @param guac.graphqlServer.service.createNodePortService - Whether to deploy a NodePort type service ## @param guac.graphqlServer.additionalVolumeMounts @@ -100,6 +107,7 @@ imagePullSecrets: ## @param guac.restApi.svcPorts[0].protocol Protocol used at the the restApi ## @param guac.restApi.svcPorts[0].port Port the restApi service listens on ## @param guac.restApi.svcPorts[0].targetPort Port the restApi container listens on +## @param guac.restApi.serviceAccount.create - whether to create restApi service account ## @param guac.restApi.serviceAccount.annotations - graphql server service account annotations ## @param guac.restApi.nodeSelector - sets the node selector for where to run the deployment ## @param guac.restApi.tolerations @@ -159,11 +167,7 @@ guac: value: accessKey - name: AWS_SECRET_ACCESS_KEY value: secretKey - # COMMON_ENV_NAME: COMMON_ENV_VALUE - # env: - # # default creds (set at minio.users) for accessing minio blobstore. Remove when changing default blobAddr. - # AWS_ACCESS_KEY_ID: accessKey - # AWS_SECRET_ACCESS_KEY: secretKey + tolerations: [] ociCollector: enabled: true @@ -177,6 +181,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -195,6 +200,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -213,6 +219,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -231,6 +238,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -255,6 +263,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -288,6 +297,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: @@ -314,6 +324,7 @@ guac: nodeSelector: {} tolerations: [] serviceAccount: + create: true annotations: {} resources: {} # requests: