From 027d9c5db7ae71883663be2fdf0e89e0b5732c58 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 26 Oct 2023 19:22:17 +0300 Subject: [PATCH] fix: volume-provisioner with azure disks --- charts/cf-runtime/Chart.yaml | 6 +-- charts/cf-runtime/README.md | 2 +- .../volume-provisioner/_env-vars.yaml | 7 +-- .../volume-provisioner/deployment.yaml | 1 + .../volume-provisioner_test.yaml | 54 +++++++++++++++++++ 5 files changed, 63 insertions(+), 7 deletions(-) diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml index 6604249f..964abede 100644 --- a/charts/cf-runtime/Chart.yaml +++ b/charts/cf-runtime/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Codefresh Runner name: cf-runtime -version: 6.2.3 +version: 6.2.4 keywords: - codefresh - runner @@ -14,8 +14,8 @@ maintainers: url: https://codefresh-io.github.io/ annotations: artifacthub.io/changes: | - - kind: security - description: Fix security vulnerabilities in dind image + - kind: fixed + description: Fix volume-provisioner for Azure Disks dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index 27861481..b7447351 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -1,6 +1,6 @@ ## Codefresh Runner -![Version: 6.2.3](https://img.shields.io/badge/Version-6.2.3-informational?style=flat-square) +![Version: 6.2.4](https://img.shields.io/badge/Version-6.2.4-informational?style=flat-square) Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes. diff --git a/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml b/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml index 722d9a98..5ece4cd9 100644 --- a/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml +++ b/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml @@ -37,8 +37,9 @@ AWS_SECRET_ACCESS_KEY: GOOGLE_APPLICATION_CREDENTIALS: /etc/dind-volume-provisioner/credentials/google-service-account.json {{- end }} -{{- if and .Values.mountAzureJson }} +{{- if and .Values.storage.mountAzureJson }} AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json +CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json {{- end }} {{- end }} @@ -65,7 +66,7 @@ AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }} optional: true {{- end }} - {{- if .Values.mountAzureJson }} + {{- if .Values.storage.mountAzureJson }} - name: azure-json hostPath: path: /etc/kubernetes/azure.json @@ -79,7 +80,7 @@ AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json readOnly: true mountPath: "/etc/dind-volume-provisioner/credentials" {{- end }} - {{- if .Values.mountAzureJson }} + {{- if .Values.storage.mountAzureJson }} - name: azure-json readOnly: true mountPath: "/etc/kubernetes/azure.json" diff --git a/charts/cf-runtime/templates/volume-provisioner/deployment.yaml b/charts/cf-runtime/templates/volume-provisioner/deployment.yaml index cc3759ce..043aee6c 100644 --- a/charts/cf-runtime/templates/volume-provisioner/deployment.yaml +++ b/charts/cf-runtime/templates/volume-provisioner/deployment.yaml @@ -1,6 +1,7 @@ {{- $volumeProvisionerContext := deepCopy . }} {{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }} {{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }} +{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }} {{- if $volumeProvisionerContext.Values.enabled }} {{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }} diff --git a/charts/cf-runtime/tests/volume-provisioner/volume-provisioner_test.yaml b/charts/cf-runtime/tests/volume-provisioner/volume-provisioner_test.yaml index 19fb118f..7c40a066 100644 --- a/charts/cf-runtime/tests/volume-provisioner/volume-provisioner_test.yaml +++ b/charts/cf-runtime/tests/volume-provisioner/volume-provisioner_test.yaml @@ -358,3 +358,57 @@ tests: - hasDocuments: count: 0 template: templates/volume-provisioner/storageclass.yaml + + - it: Test volume-provisioner with azure disks + set: + storage.backend: azuredisk + storage.azuredisk.location: somewhere + storage.azuredisk.resourceGroup: some-rg + storage.mountAzureJson: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: AZURE_CREDENTIAL_FILE + value: /etc/kubernetes/azure.json + template: templates/volume-provisioner/deployment.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: CLOUDCONFIG_AZURE + value: /etc/kubernetes/azure.json + template: templates/volume-provisioner/deployment.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + any: true + content: + name: azure-json + readOnly: true + mountPath: "/etc/kubernetes/azure.json" + template: templates/volume-provisioner/deployment.yaml + - contains: + path: spec.template.spec.volumes + count: 1 + any: true + content: + name: azure-json + hostPath: + path: /etc/kubernetes/azure.json + type: File + template: templates/volume-provisioner/deployment.yaml + - hasDocuments: + count: 0 + template: templates/volume-provisioner/secret.yaml + - equal: + path: parameters.volumeBackend + value: azuredisk + template: templates/volume-provisioner/storageclass.yaml + - equal: + path: parameters.location + value: somewhere + template: templates/volume-provisioner/storageclass.yaml + - equal: + path: parameters.resourceGroup + value: some-rg + template: templates/volume-provisioner/storageclass.yaml \ No newline at end of file