diff --git a/CHANGELOG.md b/CHANGELOG.md index e586c7e5f05b3232c792215b482c8251db148fde..36d6716d6d2ee4e21fee5b37cbdd58fc7f142344 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [1.13.0-bb.5] +### Changed +- updated bb-test-lib dependency to gluon +- updated Redis dependency to `14.1.0-bb.3` to resolve OPA Gatekeeper violations + ## [1.13.0-bb.4] ### Fixed - update allow-kube-dns NP to conditionally add port 5353 egress when `.Values.anchoreGlobal.openShiftDeployment` is `true` diff --git a/chart/Chart.lock b/chart/Chart.lock index e23305a914e6af957d1089c18ce58321515a5d79..f1c34ae41e52e976b24adc4c45befbb4d166abd0 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 1.0.1 - name: redis repository: file://./deps/redis - version: 14.1.0-bb.2 -- name: bb-test-lib - repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates - version: 0.5.2 -digest: sha256:b6031a1579e20adfbd8f708ede7fc9665a21a5c030ca7304af18acdff3b56150 -generated: "2021-07-13T16:37:10.13824-04:00" + version: 14.1.0-bb.3 +- name: gluon + repository: file://./deps/gluon + version: 0.2.3 +digest: sha256:b19e1b838f724aa412b23a4280cffbb93cd7d313c0ec0218cff90c5da8e328b4 +generated: "2021-08-16T13:05:01.510081-04:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index eeeaaee2c9108852b50545c961f4c3ad2d3393c3..e9235a89a98ac6a79da0468dad2741b026977a86 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.13.0-bb.4 +version: 1.13.0-bb.5 appVersion: 0.10.0 description: Anchore container analysis and policy evaluation engine service keywords: @@ -33,10 +33,11 @@ dependencies: condition: anchore-feeds-db.enabled,anchoreEnterpriseGlobal.enabled alias: anchore-feeds-db - name: redis - version: "14.1.0-bb.2" + version: "14.1.0-bb.3" repository: "file://./deps/redis" condition: anchore-ui-redis.enabled,anchoreEnterpriseGlobal.enabled alias: anchore-ui-redis - - name: bb-test-lib - version: "0.5.2" - repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" + - name: gluon + version: "0.2.3" + repository: "file://./deps/gluon" + condition: bbtests.enabled \ No newline at end of file diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz deleted file mode 100644 index 8dfbf00fe39fb381984557d13c29343c509f86b5..0000000000000000000000000000000000000000 Binary files a/chart/charts/bb-test-lib-0.5.2.tgz and /dev/null differ diff --git a/chart/charts/gluon-0.2.3.tgz b/chart/charts/gluon-0.2.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..31d21becaba2208b9892d9bd8a7a79514b92576a Binary files /dev/null and b/chart/charts/gluon-0.2.3.tgz differ diff --git a/chart/charts/postgresql-1.0.1.tgz b/chart/charts/postgresql-1.0.1.tgz index 22760154daf2285ec69eb2790b4853eb21232065..25122ce63f2cb667595a5bbffbb36472c692e73f 100644 Binary files a/chart/charts/postgresql-1.0.1.tgz and b/chart/charts/postgresql-1.0.1.tgz differ diff --git a/chart/charts/redis-14.1.0-bb.2.tgz b/chart/charts/redis-14.1.0-bb.2.tgz deleted file mode 100644 index bd3c27fbca1b2ae6a7a9e41d8f186c108578bc6f..0000000000000000000000000000000000000000 Binary files a/chart/charts/redis-14.1.0-bb.2.tgz and /dev/null differ diff --git a/chart/charts/redis-14.1.0-bb.3.tgz b/chart/charts/redis-14.1.0-bb.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4cd57e571ff3015378428d1dedda2c61832ad49c Binary files /dev/null and b/chart/charts/redis-14.1.0-bb.3.tgz differ diff --git a/chart/deps/gluon/.helmignore b/chart/deps/gluon/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/chart/deps/gluon/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/deps/gluon/Chart.yaml b/chart/deps/gluon/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..428807416382975a708f5a94b9e653ef120b644c --- /dev/null +++ b/chart/deps/gluon/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: gluon +description: A Library Helm chart for BigBang + +type: library + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.2.3 diff --git a/chart/deps/gluon/Kptfile b/chart/deps/gluon/Kptfile new file mode 100644 index 0000000000000000000000000000000000000000..41873b47506129687259733fc0f40bdffd364dd2 --- /dev/null +++ b/chart/deps/gluon/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: gluon +upstream: + type: git + git: + commit: d4c3f0dc5edfb74e35ddb63e0bec961f1ad2340b + repo: https://repo1.dso.mil/platform-one/big-bang/apps/library-charts/gluon + directory: /chart + ref: container-resources diff --git a/chart/deps/gluon/templates/_util.yaml b/chart/deps/gluon/templates/_util.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f1c0314cb87868760374e8b7fd75d6953e5847c4 --- /dev/null +++ b/chart/deps/gluon/templates/_util.yaml @@ -0,0 +1,13 @@ +{{- /* +gluon.util.merge will merge two YAML templates and output the result. +This takes an array of three values: +- the top context +- the template name of the overrides (destination) +- the template name of the base (source) +*/}} +{{- define "gluon.util.merge" }} +{{- $top := first . }} +{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) }} +{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) }} +{{- toYaml (merge $overrides $tpl) }} +{{- end }} diff --git a/chart/deps/gluon/templates/bb-tests/_cypressconfigmap.yaml b/chart/deps/gluon/templates/bb-tests/_cypressconfigmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..065330e9dd44b02edfbe6159b804400f9cf0aaad --- /dev/null +++ b/chart/deps/gluon/templates/bb-tests/_cypressconfigmap.yaml @@ -0,0 +1,28 @@ +{{- define "gluon.tests.cypress-configmap.base" }} +{{- if .Values.bbtests }} +{{- if .Values.bbtests.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Chart.Name }}-cypress-config" + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "-5" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled + namespace: {{ .Release.Namespace }} +data: + {{ (.Files.Glob "tests/cypress/*").AsConfig | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gluon.tests.cypress-configmap.overrides" }} +{{- $values := (first .) }} +{{- if $values.Values.bbtests }} +{{- if $values.Values.bbtests.enabled }} +{{- include "gluon.util.merge" (append . "gluon.tests.cypress-configmap.base") }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/deps/gluon/templates/bb-tests/_cypressrunner.yaml b/chart/deps/gluon/templates/bb-tests/_cypressrunner.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cb0f9716495773bf7739883defcbba5e633d6070 --- /dev/null +++ b/chart/deps/gluon/templates/bb-tests/_cypressrunner.yaml @@ -0,0 +1,177 @@ +{{- define "gluon.tests.cypress-runner.tpl" }} +kind: Pod +apiVersion: v1 +metadata: + name: "{{ .Chart.Name }}-cypress-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "5" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled +spec: + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if or .Values.bbtests.cypress.artifacts .Values.bbtests.cypress.exports }} + serviceAccountName: {{ .Chart.Name }}-cypress-sa + {{- end }} + {{- end }} + {{- end }} + {{- if hasKey .Values "istio" }} + {{- if and .Values.bbtests .Values.istio.enabled }} + {{- $ingressGateway := (lookup "v1" "Service" "istio-system" "istio-ingressgateway") -}} + {{- $igStatus := $ingressGateway.status | default dict }} + {{- $igLoadBalancer := $igStatus.loadBalancer | default dict }} + {{- $igIngress := $igLoadBalancer.ingress | default list }} + {{- $igFirst := first $igIngress | default dict }} + {{- if and (hasKey $igFirst "ip") .Values.bbtests.istio }} + hostAliases: + - ip: "{{ $igFirst.ip }}" + hostnames: + {{- range .Values.bbtests.istio.hosts }} + - {{ tpl . $ }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-cypress-test + image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/kubectl:5.0.0 + imagePullPolicy: IfNotPresent + workingDir: /test + command: + - "/bin/bash" + - "-c" + - | + set -e + if [[ -d /src && -n "$(ls /src/* 2>/dev/null)" ]]; then + cp /src/cypress.json /test/ + mkdir -p /test/cypress/integration/ + cp /src/*.js /test/cypress/integration/ + mkdir -p exports + (cypress run --browser chrome --headless && export EXIT_CODE=$?) || export EXIT_CODE=$? + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if .Values.bbtests.cypress.exports }} + if kubectl get configmap -n {{ .Release.Namespace }} cypress-exports &>/dev/null; then + kubectl delete configmap -n {{ .Release.Namespace }} cypress-exports + fi + kubectl create configmap -n {{ .Release.Namespace }} cypress-exports --from-file exports/ + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if .Values.bbtests.cypress.artifacts }} + if [ -d /test/cypress/screenshots ]; then + tar -I 'gzip -9' -cf cypress-screenshots.tar.gz /test/cypress/screenshots + cat cypress-screenshots.tar.gz | base64 > cypress-screenshots.tar.gz.b64 + if kubectl get configmap -n {{ .Release.Namespace }} cypress-screenshots &>/dev/null; then + kubectl delete configmap -n {{ .Release.Namespace }} cypress-screenshots + fi + kubectl create configmap -n {{ .Release.Namespace }} cypress-screenshots --from-file cypress-screenshots.tar.gz.b64 + fi + if [ -d /test/cypress/videos ]; then + tar -I 'gzip -9' -cf cypress-videos.tar.gz /test/cypress/videos + cat cypress-videos.tar.gz | base64 > cypress-videos.tar.gz.b64 + if kubectl get configmap -n {{ .Release.Namespace }} cypress-videos &>/dev/null; then + kubectl delete configmap -n {{ .Release.Namespace }} cypress-videos + fi + kubectl create configmap -n {{ .Release.Namespace }} cypress-videos --from-file cypress-videos.tar.gz.b64 + fi + {{- end }} + {{- end }} + {{- end }} + exit ${EXIT_CODE} + fi + volumeMounts: + - name: cypress-tests + mountPath: /src + - name: workdir + mountPath: /test + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- with .Values.bbtests.cypress.additionalVolumeMounts }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if or .Values.bbtests.cypress.envs .Values.bbtests.cypress.secretEnvs }} + env: + {{- range $k, $v := .Values.bbtests.cypress.envs }} + - name: {{ tpl $k $ }} + value: {{ tpl $v $ | quote }} + {{- end }} + {{- range .Values.bbtests.cypress.secretEnvs }} + - {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + resources: + {{- if .Values.bbtests.cypress.resources }} + requests: + cpu: {{ .Values.bbtests.cypress.resources.requests.cpu | quote }} + memory: {{ .Values.bbtests.cypress.resources.requests.memory | quote }} + limits: + cpu: {{ .Values.bbtests.cypress.resources.requests.cpu | quote }} + memory: {{ .Values.bbtests.cypress.resources.requests.memory | quote }} + {{- else }} + requests: + cpu: "1" + memory: "1Gi" + limits: + cpu: "1" + memory: "1Gi" + {{- end }} + restartPolicy: Never + volumes: + - name: cypress-tests + configMap: + name: "{{ .Chart.Name }}-cypress-config" + - name: workdir + emptyDir: {} + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- with .Values.bbtests.cypress.additionalVolumes }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + imagePullSecrets: + - name: private-registry +{{- end }} + +{{- define "gluon.tests.cypress-runner.base" }} +{{- if .Values.bbtests }} +{{- if .Values.bbtests.enabled }} + +{{- if .Values.bbtests.cypress }} +{{- if or .Values.bbtests.cypress.artifacts .Values.bbtests.cypress.exports }} +{{- include "gluon.tests.cypress-rbac" . }} +--- +{{- end }} +{{- end }} + +{{- include "gluon.tests.cypress-runner.tpl" . }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gluon.tests.cypress-runner.overrides" }} +{{- $values := (first .) }} +{{- if $values.Values.bbtests }} +{{- if $values.Values.bbtests.enabled }} +{{- if $values.Values.bbtests.cypress }} +{{- if or $values.Values.bbtests.cypress.artifacts $values.Values.bbtests.cypress.exports }} +{{- include "gluon.tests.cypress-rbac" $values }} +--- +{{- end }} +{{- end }} +{{- include "gluon.util.merge" (append . "gluon.tests.cypress-runner.tpl") }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/deps/gluon/templates/bb-tests/_cypressutils.yaml b/chart/deps/gluon/templates/bb-tests/_cypressutils.yaml new file mode 100644 index 0000000000000000000000000000000000000000..01ddc5f834c6bebf6bd69d5e1d2787148560661f --- /dev/null +++ b/chart/deps/gluon/templates/bb-tests/_cypressutils.yaml @@ -0,0 +1,52 @@ +{{- define "gluon.tests.cypress-sa" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-cypress-sa + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "-5" +{{- end }} + +{{- define "gluon.tests.cypress-role" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-cypress-role + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "-5" +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "delete"] +{{- end }} + +{{- define "gluon.tests.cypress-rolebinding" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-cypress-rolebinding + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "-5" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Chart.Name }}-cypress-role +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-cypress-sa + namespace: {{ .Release.Namespace }} +{{- end }} + +{{- define "gluon.tests.cypress-rbac" }} +{{- include "gluon.tests.cypress-sa" . }} +--- +{{- include "gluon.tests.cypress-role" . }} +--- +{{- include "gluon.tests.cypress-rolebinding" . }} +{{- end }} diff --git a/chart/deps/gluon/templates/bb-tests/_scriptconfigmap.yaml b/chart/deps/gluon/templates/bb-tests/_scriptconfigmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dc9e95d6ce303587c3dfdca98023c20dbb321d65 --- /dev/null +++ b/chart/deps/gluon/templates/bb-tests/_scriptconfigmap.yaml @@ -0,0 +1,32 @@ +{{- define "gluon.tests.script-configmap.base" }} +{{- if .Values.bbtests }} +{{- if and .Values.bbtests.scripts .Values.bbtests.enabled }} +{{- if .Values.bbtests.scripts.image }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Chart.Name }}-script-config" + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "-5" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled + namespace: {{ .Release.Namespace }} +data: + {{ (.Files.Glob "tests/scripts/*").AsConfig | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gluon.tests.script-configmap.overrides" }} +{{- $values := (first .) }} +{{- if $values.Values.bbtests }} +{{- if and $values.Values.bbtests.scripts $values.Values.bbtests.enabled }} +{{- if $values.Values.bbtests.scripts.image }} +{{- include "gluon.util.merge" (append . "gluon.tests.script-configmap.base") }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/deps/gluon/templates/bb-tests/_scriptrunner.yaml b/chart/deps/gluon/templates/bb-tests/_scriptrunner.yaml new file mode 100644 index 0000000000000000000000000000000000000000..11439381694f96c490dec969ebf7545be0d59c1a --- /dev/null +++ b/chart/deps/gluon/templates/bb-tests/_scriptrunner.yaml @@ -0,0 +1,154 @@ +{{- define "gluon.tests.script-runner.base" -}} +{{- if .Values.bbtests }} +{{- if and .Values.bbtests.scripts .Values.bbtests.enabled }} +{{- if .Values.bbtests.scripts.image }} +kind: Pod +apiVersion: v1 +metadata: + name: "{{ .Chart.Name }}-script-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "10" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled +spec: + {{- if hasKey .Values "istio" }} + {{- if and .Values.bbtests .Values.istio.enabled }} + {{- $ingressGateway := (lookup "v1" "Service" "istio-system" "istio-ingressgateway") -}} + {{- $igStatus := $ingressGateway.status | default dict }} + {{- $igLoadBalancer := $igStatus.loadBalancer | default dict }} + {{- $igIngress := $igLoadBalancer.ingress | default list }} + {{- $igFirst := first $igIngress | default dict }} + {{- if and (hasKey $igFirst "ip") .Values.bbtests.istio }} + hostAliases: + - ip: "{{ $igFirst.ip }}" + hostnames: + {{- range .Values.bbtests.istio.hosts }} + - {{ tpl . $ }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-script-test + image: {{ tpl .Values.bbtests.scripts.image $ }} + imagePullPolicy: IfNotPresent + workingDir: /test + command: + - "/bin/bash" + - "-c" + - | + set -e + if [[ -d /src && -n "$(ls /src/* 2>/dev/null)" ]]; then + cp /src/* /test/ + fi + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if .Values.bbtests.cypress.exports }} + if [[ -d /exports && -n "$(ls /exports/* 2>/dev/null)" ]]; then + mkdir exports + cp /exports/* exports/ + fi + {{- end }} + {{- end }} + {{- end }} + if [[ -n "$(ls . 2>/dev/null)" ]]; then + for script in *; do + if [[ -d ${script} ]]; then + continue; + fi + chmod +x ${script} + echo "---" + echo "Running ${script}..." + echo "---" + ./${script} + done + fi + volumeMounts: + - name: script-tests + mountPath: /src + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if .Values.bbtests.cypress.exports }} + - name: cypress-exports + mountPath: /exports + {{- end }} + {{- end }} + {{- end }} + - name: workdir + mountPath: /test + {{- if .Values.bbtests }} + {{- if .Values.bbtests.scripts }} + {{- with .Values.bbtests.scripts.additionalVolumeMounts }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.bbtests.scripts.envs .Values.bbtests.scripts.secretEnvs }} + env: + {{- range $k, $v := .Values.bbtests.scripts.envs }} + - name: {{ tpl $k $ }} + value: {{ tpl $v $ | quote }} + {{- end }} + {{- range .Values.bbtests.scripts.secretEnvs }} + - {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- end }} + resources: + {{- if .Values.bbtests.scripts.resources }} + requests: + cpu: {{ .Values.bbtests.scripts.resources.requests.cpu | quote }} + memory: {{ .Values.bbtests.scripts.resources.requests.memory | quote }} + limits: + cpu: {{ .Values.bbtests.scripts.resources.requests.cpu | quote }} + memory: {{ .Values.bbtests.scripts.resources.requests.memory | quote }} + {{- else }} + requests: + cpu: "1" + memory: "1Gi" + limits: + cpu: "1" + memory: "1Gi" + {{- end }} + restartPolicy: Never + volumes: + - name: script-tests + configMap: + name: "{{ .Chart.Name }}-script-config" + {{- if .Values.bbtests }} + {{- if .Values.bbtests.cypress }} + {{- if .Values.bbtests.cypress.exports }} + - name: cypress-exports + configMap: + name: "cypress-exports" + {{- end }} + {{- end }} + {{- end }} + - name: workdir + emptyDir: {} + {{- if .Values.bbtests }} + {{- if .Values.bbtests.scripts }} + {{- with .Values.bbtests.scripts.additionalVolumes }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + imagePullSecrets: + - name: private-registry +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "gluon.tests.script-runner.overrides" -}} +{{- $values := (first .) }} +{{- if $values.Values.bbtests }} +{{- if and $values.Values.bbtests.scripts $values.Values.bbtests.enabled }} +{{- if $values.Values.bbtests.scripts.image }} +{{- include "gluon.util.merge" (append . "gluon.tests.script-runner.base") -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/chart/deps/redis/Chart.yaml b/chart/deps/redis/Chart.yaml index 0387e10590915b83b4e60b431922fd876f352b69..65bc406f8bf706d6715aa1befaad340bea478cbf 100644 --- a/chart/deps/redis/Chart.yaml +++ b/chart/deps/redis/Chart.yaml @@ -25,4 +25,4 @@ name: redis sources: - https://github.com/bitnami/bitnami-docker-redis - http://redis.io/ -version: 14.1.0-bb.2 +version: 14.1.0-bb.3 diff --git a/chart/deps/redis/Kptfile b/chart/deps/redis/Kptfile index d3ed0eda9c1ab28a27d7cee59fcc675880ccebd2..d41a178a77c31f0d036b5c681e8a561a8fd5ae0d 100644 --- a/chart/deps/redis/Kptfile +++ b/chart/deps/redis/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: ca398b827ba384da78213d9b2f21abf83a9eea8a + commit: 4f50d9ece5d5c6e4d5d25e7457cba67295b73b13 repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/redis directory: /chart - ref: 14.1.0-bb.2 + ref: container-resources diff --git a/chart/deps/redis/templates/bigbang/redis-upgrade.yaml b/chart/deps/redis/templates/bigbang/redis-upgrade.yaml index a9960197584721b664234fe8a374b420d413206c..631234ff1f1b0f037987b5e1c3483f345262d54f 100644 --- a/chart/deps/redis/templates/bigbang/redis-upgrade.yaml +++ b/chart/deps/redis/templates/bigbang/redis-upgrade.yaml @@ -124,4 +124,15 @@ spec: echo "No PVCs to clean up." fi echo "Done with upgrade steps." + {{- if .Values.cleanUpgrade.resources }} + resources: {{- toYaml .Values.cleanUpgrade.resources | nindent 12 }} + {{- else }} + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m + {{- end }} {{- end }} diff --git a/chart/deps/redis/values.yaml b/chart/deps/redis/values.yaml index 495b1c258c5501a557fe55a12684f1148bad33a6..cbff12c60ef45e016da7d986bcd401cc47e850c4 100644 --- a/chart/deps/redis/values.yaml +++ b/chart/deps/redis/values.yaml @@ -23,6 +23,13 @@ monitoring: cleanUpgrade: enabled: true image: "registry1.dso.mil/ironbank/big-bang/base:8.4" + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m # NOTE: We default this to true in case packages consuming Redis forget to turn it on and have API traffic blocked networkPolicies: @@ -879,8 +886,12 @@ sentinel: ## @param sentinel.resources.requests The requested resources for the Redis(TM) Sentinel containers ## resources: - limits: {} - requests: {} + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param sentinel.containerSecurityContext.enabled Enabled Redis(TM) Sentinel containers' Security Context @@ -1123,8 +1134,12 @@ metrics: ## @param metrics.resources.requests The requested resources for the Redis(TM) exporter container ## resources: - limits: {} - requests: {} + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m ## @param metrics.podLabels Extra labels for Redis(TM) exporter pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## @@ -1209,8 +1224,12 @@ metrics: ## @param metrics.sentinel.resources.requests The requested resources for the Redis(TM) Sentinel exporter container ## resources: - limits: {} - requests: {} + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m ## Redis(TM) Sentinel exporter service parameters ## service: @@ -1364,8 +1383,12 @@ volumePermissions: ## @param volumePermissions.resources.requests The requested resources for the init container ## resources: - limits: {} - requests: {} + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser @@ -1416,5 +1439,9 @@ sysctl: ## @param sysctl.resources.requests The requested resources for the init container ## resources: - limits: {} - requests: {} + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 100m diff --git a/chart/templates/tests/test-scripts.yaml b/chart/templates/tests/test-scripts.yaml index 3a723dba083cdab642e8ba5ff1e4fecaec9e1e7e..9757c43f9dbd90fbb3c6cae18b4c29fd331e2782 100644 --- a/chart/templates/tests/test-scripts.yaml +++ b/chart/templates/tests/test-scripts.yaml @@ -1,3 +1,3 @@ -{{- include "bb-test-lib.script-configmap.base" . }} +{{- include "gluon.tests.script-configmap.base" .}} --- -{{- include "bb-test-lib.script-runner.base" . }} \ No newline at end of file +{{- include "gluon.tests.script-runner.base" .}} \ No newline at end of file