From 80ab1c66ef646b532fd09eaf299e398ad5b1700f Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 14:22:43 +0100 Subject: [PATCH 01/15] feat(geoipupdater): remove the mount for the pvc as we use azcopy --- charts/geoipupdates/Chart.yaml | 2 +- charts/geoipupdates/templates/cronjob.yaml | 13 +++------- charts/geoipupdates/tests/defaults_test.yaml | 26 +++++++++++--------- charts/geoipupdates/values.yaml | 10 +++----- 4 files changed, 22 insertions(+), 29 deletions(-) diff --git a/charts/geoipupdates/Chart.yaml b/charts/geoipupdates/Chart.yaml index 289f9051..404ae0c0 100644 --- a/charts/geoipupdates/Chart.yaml +++ b/charts/geoipupdates/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MaxMind GeoIP database updater name: geoipupdates -version: 1.0.0 +version: 1.0.1 appVersion: "v7.1.0" maintainers: - email: jenkins-infra-team@googlegroups.com diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index aaf76c1d..b459b730 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -22,9 +22,6 @@ spec: {{- toYaml . | nindent 16 }} {{- end }} volumeMounts: - - name: geoipdata - mountPath: /usr/share/GeoIP - readOnly: false - name: tmpdir mountPath: /tmp readOnly: false @@ -35,6 +32,10 @@ spec: value: {{ .Values.geoipupdate.editions }} - name: GEOIPUPDATE_FREQUENCY value: {{ .Values.geoipupdate.update_frequency | quote }} + - name: STORAGE_NAME + value: {{ .Values.geoipupdate.storage_name }} + - name: STORAGE_FILESHARE + value: {{ .Values.geoipupdate.storage_fileshare }} envFrom: - secretRef: name: {{ include "geoipupdate.fullname" . }} @@ -51,12 +52,6 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} volumes: - - name: geoipdata - {{- if .Values.dataVolume }} - {{- toYaml .Values.dataVolume | nindent 14 }} - {{- else }} - emptyDir: {} - {{- end }} - name: tmpdir emptyDir: medium: "Memory" diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 49b405d3..7c1dfda8 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -18,19 +18,9 @@ tests: - equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - # GeoIP is an emptyDir, with default mountpath - equal: - path: spec.jobTemplate.spec.template.spec.volumes[0].name - value: geoipdata - - equal: - path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir - value: {} - - equal: - path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].name - value: geoipdata - - equal: - path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].mountPath - value: /usr/share/GeoIP + path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium + value: "Memory" - equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false @@ -47,3 +37,15 @@ tests: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "24" + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name + value: STORAGE_NAME + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value + value: "publick8spvdata" + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name + value: STORAGE_FILESHARE + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value + value: "geoip-data" diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index 4fc5a1f9..8b6698d4 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -6,8 +6,10 @@ imagePullPolicy: IfNotPresent geoipupdate: account_id: "" license_key: "" - editions: GeoLite2-ASN GeoLite2-City GeoLite2-Country + editions: "GeoLite2-ASN GeoLite2-City GeoLite2-Country" update_frequency: 24 + storage_name: "publick8spvdata" + storage_fileshare: "geoip-data" cron: '0 4 * * *' # default to every day at 4AM podSecurityContext: {} # fsGroup: 2000 @@ -32,9 +34,3 @@ resources: {} nodeSelector: {} tolerations: [] affinity: {} - -## Defines the geoipdata volume -## Example with a statically provisionned PVC; -# dataVolume: -# persistentVolumeClaim: -# claimName: existing-pvc From 07510cce71d5087edc8d387abbfc6b877e8baa0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Thu, 28 Nov 2024 16:05:16 +0100 Subject: [PATCH 02/15] Update charts/geoipupdates/Chart.yaml Co-authored-by: Damien Duportal --- charts/geoipupdates/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/geoipupdates/Chart.yaml b/charts/geoipupdates/Chart.yaml index 404ae0c0..e70c9a88 100644 --- a/charts/geoipupdates/Chart.yaml +++ b/charts/geoipupdates/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MaxMind GeoIP database updater name: geoipupdates -version: 1.0.1 +version: 2.0.0 appVersion: "v7.1.0" maintainers: - email: jenkins-infra-team@googlegroups.com From ad14fcf6e9d87e19cdfe46c09667d15610b25abf Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 16:31:01 +0100 Subject: [PATCH 03/15] add unittest and set default value to empty --- .../tests/custom_values_test.yaml | 51 +++++++++++++++++++ charts/geoipupdates/tests/defaults_test.yaml | 6 +-- .../tests/values/custom_geoipupdater.yaml | 8 +++ charts/geoipupdates/values.yaml | 4 +- 4 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 charts/geoipupdates/tests/custom_values_test.yaml create mode 100644 charts/geoipupdates/tests/values/custom_geoipupdater.yaml diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml new file mode 100644 index 00000000..4710ac51 --- /dev/null +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -0,0 +1,51 @@ +suite: Tests with custom values +values: + - values/custom_geoipupdater.yaml +tests: + - it: should define a customized "geoipupdate" cronjob + template: cronjob.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: CronJob + - equal: + path: metadata.labels["app.kubernetes.io/name"] + value: "geoipupdate" + - equal: + path: metadata.labels["app.kubernetes.io/instance"] + value: "RELEASE-NAME" + - equal: + path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" + value: IfNotPresent + - equal: + path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium + value: "Memory" + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly + value: false + # Env. variables + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name + value: GEOIPUPDATE_EDITION_IDS + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value + value: alleditions + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name + value: GEOIPUPDATE_FREQUENCY + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value + value: "74" + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name + value: STORAGE_NAME + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value + value: mystoragename + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name + value: STORAGE_FILESHARE + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value + value: myfileshare diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 7c1dfda8..9792505d 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -40,12 +40,10 @@ tests: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name value: STORAGE_NAME - - equal: + - isNullOrEmpty: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value - value: "publick8spvdata" - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name value: STORAGE_FILESHARE - - equal: + - isNullOrEmpty: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value - value: "geoip-data" diff --git a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml new file mode 100644 index 00000000..788d209a --- /dev/null +++ b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml @@ -0,0 +1,8 @@ +geoipupdate: + account_id: "myaccount" + license_key: "mylicencekey" + editions: "alleditions" + update_frequency: 74 + storage_name: "mystoragename" + storage_fileshare: "myfileshare" + cron: '0 6 * * *' # default to every day at 6AM diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index 8b6698d4..00a9f0b0 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -8,8 +8,8 @@ geoipupdate: license_key: "" editions: "GeoLite2-ASN GeoLite2-City GeoLite2-Country" update_frequency: 24 - storage_name: "publick8spvdata" - storage_fileshare: "geoip-data" + storage_name: "" + storage_fileshare: "" cron: '0 4 * * *' # default to every day at 4AM podSecurityContext: {} # fsGroup: 2000 From 517e3ffd7214ee24581c805b247ffdda30f0d589 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 17:18:06 +0100 Subject: [PATCH 04/15] use with and do not provide default storage name and fileshare --- charts/geoipupdates/templates/cronjob.yaml | 17 ++++++++++++----- charts/geoipupdates/tests/defaults_test.yaml | 10 ++-------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index b459b730..3a130cf1 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -11,7 +11,6 @@ spec: spec: template: spec: - serviceAccountName: {{ include "geoipupdate.fullname" . }} restartPolicy: Never containers: - name: geoipupdate @@ -28,14 +27,22 @@ spec: resources: {{- toYaml .Values.resources | nindent 16 }} env: + {{- with .Values.geoipupdate.editions }} - name: GEOIPUPDATE_EDITION_IDS - value: {{ .Values.geoipupdate.editions }} + value: {{ . }} + {{- end }} + {{- with .Values.geoipupdate.update_frequency }} - name: GEOIPUPDATE_FREQUENCY - value: {{ .Values.geoipupdate.update_frequency | quote }} + value: {{ . | quote }} + {{- end }} + {{- with .Values.geoipupdate.storage_name }} - name: STORAGE_NAME - value: {{ .Values.geoipupdate.storage_name }} + value: {{ . }} + {{- end }} + {{- with .Values.geoipupdate.storage_fileshare }} - name: STORAGE_FILESHARE - value: {{ .Values.geoipupdate.storage_fileshare }} + value: {{ . }} + {{- end }} envFrom: - secretRef: name: {{ include "geoipupdate.fullname" . }} diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 9792505d..73bc67e4 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -37,13 +37,7 @@ tests: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "24" - - equal: + - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name - value: STORAGE_NAME - - isNullOrEmpty: - path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value - - equal: + - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name - value: STORAGE_FILESHARE - - isNullOrEmpty: - path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value From a98320ec7761578d2ef4c397aaab32e982080d08 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 17:53:10 +0100 Subject: [PATCH 05/15] we need a service account to be able to create the cronjob --- charts/geoipupdates/templates/cronjob.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 3a130cf1..186bb728 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -1,3 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "geoipupdate.fullname" . }} + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +--- apiVersion: batch/v1 kind: CronJob metadata: @@ -11,6 +18,7 @@ spec: spec: template: spec: + serviceAccountName: {{ include "geoipupdate.fullname" . }} restartPolicy: Never containers: - name: geoipupdate From 8f4a4addea295929d5051cb89fd6f7d8458f572c Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 18:15:36 +0100 Subject: [PATCH 06/15] change image definition and unittest --- charts/geoipupdates/templates/cronjob.yaml | 10 ++-- .../tests/custom_values_test.yaml | 51 +++++++++++++------ charts/geoipupdates/tests/defaults_test.yaml | 47 ++++++++++++----- charts/geoipupdates/values.yaml | 9 ++-- 4 files changed, 82 insertions(+), 35 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 186bb728..064f65e0 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -20,10 +20,14 @@ spec: spec: serviceAccountName: {{ include "geoipupdate.fullname" . }} restartPolicy: Never + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} containers: - - name: geoipupdate - image: "{{ .Values.image }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.containerSecurityContext }} securityContext: {{- toYaml . | nindent 16 }} diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml index 4710ac51..2b01c825 100644 --- a/charts/geoipupdates/tests/custom_values_test.yaml +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -6,46 +6,67 @@ tests: template: cronjob.yaml asserts: - hasDocuments: - count: 1 - - isKind: + count: 2 + - documentIndex: 0 + isKind: + of: ServiceAccount + - documentIndex: 0 + equal: + path: metadata.name + value: RELEASE-NAME-geoipupdates + - documentIndex: 1 + isKind: of: CronJob - - equal: + - documentIndex: 1 + equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - equal: + - documentIndex: 1 + equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - equal: + - documentIndex: 1 + equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_EDITION_IDS - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value value: alleditions - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_FREQUENCY - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "74" - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name value: STORAGE_NAME - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value value: mystoragename - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name value: STORAGE_FILESHARE - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value value: myfileshare diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 73bc67e4..f7e3a1fb 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -2,42 +2,61 @@ suite: default tests templates: - cronjob.yaml tests: - - it: should define the default "geoipupdate" cronjob with default imagePullPolicy and metadata labels + - it: should define the default "geoipupdate" cronjob with default image.pullPolicy and metadata labels template: cronjob.yaml asserts: - hasDocuments: - count: 1 - - isKind: + count: 2 + - documentIndex: 0 + isKind: + of: ServiceAccount + - documentIndex: 1 + isKind: of: CronJob - - equal: + - documentIndex: 0 + equal: + path: metadata.name + value: RELEASE-NAME-geoipupdates + - documentIndex: 1 + equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - equal: + - documentIndex: 1 + equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - equal: + - documentIndex: 1 + equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_EDITION_IDS - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value value: GeoLite2-ASN GeoLite2-City GeoLite2-Country - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_FREQUENCY - - equal: + - documentIndex: 1 + equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "24" - - notExists: + - documentIndex: 1 + notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name - - notExists: + - documentIndex: 1 + notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index 00a9f0b0..bf79c913 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -1,6 +1,9 @@ -image: ghcr.io/maxmind/geoipupdate -imagePullSecrets: [] -imagePullPolicy: IfNotPresent +image: + repository: nginx + pullPolicy: IfNotPresent + pullSecrets: [] + # Overrides the image tag whose default is the chart appVersion. + tag: 1.26.2-alpine # securityContext: # Secret values, set to empty below for reference: geoipupdate: From 36735f8e78a828ebd3452699bb652c469f70f984 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 28 Nov 2024 18:26:12 +0100 Subject: [PATCH 07/15] revert to the same as httpD --- charts/geoipupdates/templates/cronjob.yaml | 2 +- charts/geoipupdates/values.yaml | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 064f65e0..8f73c126 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -20,7 +20,7 @@ spec: spec: serviceAccountName: {{ include "geoipupdate.fullname" . }} restartPolicy: Never - {{- with .Values.image.pullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index bf79c913..c8c20eee 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -1,9 +1,8 @@ image: - repository: nginx + repository: geoipupdates + tag: latest pullPolicy: IfNotPresent - pullSecrets: [] - # Overrides the image tag whose default is the chart appVersion. - tag: 1.26.2-alpine +imagePullSecrets: [] # securityContext: # Secret values, set to empty below for reference: geoipupdate: From a88ab32a8b000453d8a21f39afa675bf02bd6a88 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 29 Nov 2024 11:42:01 +0100 Subject: [PATCH 08/15] add 3 fileshare variable to use the get fileshare signed url script --- charts/geoipupdates/templates/secret.yaml | 3 +++ charts/geoipupdates/tests/values/custom_geoipupdater.yaml | 3 +++ charts/geoipupdates/values.yaml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/charts/geoipupdates/templates/secret.yaml b/charts/geoipupdates/templates/secret.yaml index 056a7fa9..ff263140 100644 --- a/charts/geoipupdates/templates/secret.yaml +++ b/charts/geoipupdates/templates/secret.yaml @@ -8,4 +8,7 @@ type: Opaque data: GEOIPUPDATE_ACCOUNT_ID: {{ .Values.geoipupdate.account_id | b64enc }} GEOIPUPDATE_LICENSE_KEY: {{ .Values.geoipupdate.license_key | b64enc }} + JENKINS_INFRA_FILESHARE_CLIENT_ID: {{ .Values.geoipupdate.fileshare_client_id | b64enc }} + JENKINS_INFRA_FILESHARE_CLIENT_SECRET: {{ .Values.geoipupdate.fileshare_client_secret | b64enc }} + JENKINS_INFRA_FILESHARE_TENANT_ID: {{ .Values.geoipupdate.fileshare_tenant_id | b64enc }} {{- end }} diff --git a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml index 788d209a..680df3c2 100644 --- a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml +++ b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml @@ -1,6 +1,9 @@ geoipupdate: account_id: "myaccount" license_key: "mylicencekey" + fileshare_client_id: "clientid" + fileshare_client_secret: "clientsecret" + fileshare_tenant_id: "tenantid" editions: "alleditions" update_frequency: 74 storage_name: "mystoragename" diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index c8c20eee..5aa9715e 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -8,6 +8,9 @@ imagePullSecrets: [] geoipupdate: account_id: "" license_key: "" + fileshare_client_id: "" + fileshare_client_secret: "" + fileshare_tenant_id: "" editions: "GeoLite2-ASN GeoLite2-City GeoLite2-Country" update_frequency: 24 storage_name: "" From 3077050b41fa5cddb0212ccde1e766f35973fade Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 29 Nov 2024 14:46:47 +0100 Subject: [PATCH 09/15] add rbac to serviceaccount for cronjob --- charts/geoipupdates/templates/cronjob.yaml | 24 +++++++++++ .../tests/custom_values_test.yaml | 40 +++++++++++-------- charts/geoipupdates/tests/defaults_test.yaml | 30 ++++++++------ 3 files changed, 65 insertions(+), 29 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 8f73c126..e86953ee 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -5,6 +5,30 @@ metadata: labels: {{ include "geoipupdate.labels" . | indent 4 }} --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "geoipupdate.fullname" . }} + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +rules: + - apiGroups: ["batch"] + resources: ["pods"] + resourceNames: [{{ include "geoipupdate.fullname" . }}] + verbs: ["get", "read", "list", "watch", "create", "patch", "replace", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "geoipupdate.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "geoipupdate.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "geoipupdate.fullname" . }} +--- apiVersion: batch/v1 kind: CronJob metadata: diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml index 2b01c825..e94759ba 100644 --- a/charts/geoipupdates/tests/custom_values_test.yaml +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -6,67 +6,73 @@ tests: template: cronjob.yaml asserts: - hasDocuments: - count: 2 + count: 4 - documentIndex: 0 isKind: of: ServiceAccount + - documentIndex: 1 + isKind: + of: Role + - documentIndex: 2 + isKind: + of: RoleBinding + - documentIndex: 3 + isKind: + of: CronJob - documentIndex: 0 equal: path: metadata.name value: RELEASE-NAME-geoipupdates - - documentIndex: 1 - isKind: - of: CronJob - - documentIndex: 1 + - documentIndex: 3 equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - documentIndex: 1 + - documentIndex: 3 equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - documentIndex: 1 + - documentIndex: 3 equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_EDITION_IDS - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value value: alleditions - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_FREQUENCY - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "74" - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name value: STORAGE_NAME - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value value: mystoragename - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name value: STORAGE_FILESHARE - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value value: myfileshare diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index f7e3a1fb..bc15731d 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -6,57 +6,63 @@ tests: template: cronjob.yaml asserts: - hasDocuments: - count: 2 + count: 4 - documentIndex: 0 isKind: of: ServiceAccount - documentIndex: 1 + isKind: + of: Role + - documentIndex: 2 + isKind: + of: RoleBinding + - documentIndex: 3 isKind: of: CronJob - documentIndex: 0 equal: path: metadata.name value: RELEASE-NAME-geoipupdates - - documentIndex: 1 + - documentIndex: 3 equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - documentIndex: 1 + - documentIndex: 3 equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - documentIndex: 1 + - documentIndex: 3 equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_EDITION_IDS - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value value: GeoLite2-ASN GeoLite2-City GeoLite2-Country - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_FREQUENCY - - documentIndex: 1 + - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "24" - - documentIndex: 1 + - documentIndex: 3 notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name - - documentIndex: 1 + - documentIndex: 3 notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name From de5dd41f05d8f3e0467d9ed4051f7a21bc7520c7 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 29 Nov 2024 17:52:01 +0100 Subject: [PATCH 10/15] add dry-run mode and resources requests to avoid oomkill --- charts/geoipupdates/templates/cronjob.yaml | 8 +++++++- .../tests/custom_values_test.yaml | 18 +++++++++++------- .../tests/values/custom_geoipupdater.yaml | 1 + charts/geoipupdates/values.yaml | 19 ++++++++----------- 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index e86953ee..7eb082d8 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -60,9 +60,15 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false + {{- with .Values.resources }} resources: - {{- toYaml .Values.resources | nindent 16 }} + {{- toYaml . | nindent 16 }} + {{- end }} env: + {{- with .Values.geoipupdate.dryrun }} + - name: GEOIPUPDATE_DRYRUN + value: DRYRUN + {{- end }} {{- with .Values.geoipupdate.editions }} - name: GEOIPUPDATE_EDITION_IDS value: {{ . }} diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml index e94759ba..2d087d54 100644 --- a/charts/geoipupdates/tests/custom_values_test.yaml +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -47,32 +47,36 @@ tests: - documentIndex: 3 equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name + value: GEOIPUPDATE_DRYRUN + - documentIndex: 3 + equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_EDITION_IDS - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value + path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: alleditions - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name value: GEOIPUPDATE_FREQUENCY - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value value: "74" - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name value: STORAGE_NAME - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value + path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value value: mystoragename - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name value: STORAGE_FILESHARE - documentIndex: 3 equal: - path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].value value: myfileshare diff --git a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml index 680df3c2..3ff5a3c6 100644 --- a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml +++ b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml @@ -1,4 +1,5 @@ geoipupdate: + dryrun: true account_id: "myaccount" license_key: "mylicencekey" fileshare_client_id: "clientid" diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index 5aa9715e..b363ce3e 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -6,6 +6,7 @@ imagePullSecrets: [] # securityContext: # Secret values, set to empty below for reference: geoipupdate: + dryrun: false #use boolean to set dryrun to not call geoipupdater to avoid ratelimit account_id: "" license_key: "" fileshare_client_id: "" @@ -25,17 +26,13 @@ containerSecurityContext: {} # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 -resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi +resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi nodeSelector: {} tolerations: [] affinity: {} From a9cbaaecdc8734a70075cb948faadc0216301756 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 2 Dec 2024 10:22:00 +0100 Subject: [PATCH 11/15] set true for the dry-run value --- charts/geoipupdates/templates/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 7eb082d8..ea582f98 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -67,7 +67,7 @@ spec: env: {{- with .Values.geoipupdate.dryrun }} - name: GEOIPUPDATE_DRYRUN - value: DRYRUN + value: {{ . | quote }} {{- end }} {{- with .Values.geoipupdate.editions }} - name: GEOIPUPDATE_EDITION_IDS From 58a105a8e34e1e28d894ffcffb6aeb18c3e4d68f Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 2 Dec 2024 16:27:22 +0100 Subject: [PATCH 12/15] chore split in 2 files rbac and cronjob with corresponding unittest --- charts/geoipupdates/templates/cronjob.yaml | 30 --------- charts/geoipupdates/templates/rbac.yaml | 30 +++++++++ .../tests/custom_values_test.yaml | 61 ++++++------------- charts/geoipupdates/tests/defaults_test.yaml | 47 ++++---------- .../tests/defaults_test_rbac.yaml | 18 ++++++ 5 files changed, 80 insertions(+), 106 deletions(-) create mode 100644 charts/geoipupdates/templates/rbac.yaml create mode 100644 charts/geoipupdates/tests/defaults_test_rbac.yaml diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index ea582f98..ffe9e8f6 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -1,33 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "geoipupdate.fullname" . }} - labels: -{{ include "geoipupdate.labels" . | indent 4 }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "geoipupdate.fullname" . }} - labels: -{{ include "geoipupdate.labels" . | indent 4 }} -rules: - - apiGroups: ["batch"] - resources: ["pods"] - resourceNames: [{{ include "geoipupdate.fullname" . }}] - verbs: ["get", "read", "list", "watch", "create", "patch", "replace", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "geoipupdate.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "geoipupdate.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "geoipupdate.fullname" . }} --- apiVersion: batch/v1 kind: CronJob diff --git a/charts/geoipupdates/templates/rbac.yaml b/charts/geoipupdates/templates/rbac.yaml new file mode 100644 index 00000000..f9263066 --- /dev/null +++ b/charts/geoipupdates/templates/rbac.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "geoipupdate.fullname" . }} + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "geoipupdate.fullname" . }} + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +rules: + - apiGroups: ["batch"] + resources: ["pods"] + resourceNames: [{{ include "geoipupdate.fullname" . }}] + verbs: ["get", "read", "list", "watch", "create", "patch", "replace", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "geoipupdate.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "geoipupdate.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "geoipupdate.fullname" . }} diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml index 2d087d54..3608008c 100644 --- a/charts/geoipupdates/tests/custom_values_test.yaml +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -1,82 +1,59 @@ suite: Tests with custom values values: - values/custom_geoipupdater.yaml +templates: + - cronjob.yaml tests: - it: should define a customized "geoipupdate" cronjob template: cronjob.yaml asserts: - hasDocuments: - count: 4 - - documentIndex: 0 - isKind: - of: ServiceAccount - - documentIndex: 1 - isKind: - of: Role - - documentIndex: 2 - isKind: - of: RoleBinding - - documentIndex: 3 - isKind: + count: 1 + - isKind: of: CronJob - - documentIndex: 0 - equal: + - equal: path: metadata.name value: RELEASE-NAME-geoipupdates - - documentIndex: 3 - equal: + - equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - documentIndex: 3 - equal: + - equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - documentIndex: 3 - equal: + - equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_DRYRUN - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_EDITION_IDS - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: alleditions - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name value: GEOIPUPDATE_FREQUENCY - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value value: "74" - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name value: STORAGE_NAME - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value value: mystoragename - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name value: STORAGE_FILESHARE - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[4].value value: myfileshare diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index bc15731d..219dec9f 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -6,63 +6,42 @@ tests: template: cronjob.yaml asserts: - hasDocuments: - count: 4 + count: 1 - documentIndex: 0 - isKind: - of: ServiceAccount - - documentIndex: 1 - isKind: - of: Role - - documentIndex: 2 - isKind: - of: RoleBinding - - documentIndex: 3 isKind: of: CronJob - - documentIndex: 0 - equal: + - equal: path: metadata.name value: RELEASE-NAME-geoipupdates - - documentIndex: 3 - equal: + - equal: path: metadata.labels["app.kubernetes.io/name"] value: "geoipupdate" - - documentIndex: 3 - equal: + - equal: path: metadata.labels["app.kubernetes.io/instance"] value: "RELEASE-NAME" - - documentIndex: 3 - equal: + - equal: path: "spec.jobTemplate.spec.template.spec.containers[*].imagePullPolicy" value: IfNotPresent - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.volumes[0].emptyDir.medium value: "Memory" - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts[0].readOnly value: false # Env. variables - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_EDITION_IDS - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value value: GeoLite2-ASN GeoLite2-City GeoLite2-Country - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_FREQUENCY - - documentIndex: 3 - equal: + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value value: "24" - - documentIndex: 3 - notExists: + - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name - - documentIndex: 3 - notExists: + - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name diff --git a/charts/geoipupdates/tests/defaults_test_rbac.yaml b/charts/geoipupdates/tests/defaults_test_rbac.yaml new file mode 100644 index 00000000..dacaba16 --- /dev/null +++ b/charts/geoipupdates/tests/defaults_test_rbac.yaml @@ -0,0 +1,18 @@ +suite: default tests for rbac +templates: + - rbac.yaml +tests: + - it: should define the default "objects" for rbac (ServiceAccount, Role, RoleBinding) + template: rbac.yaml + asserts: + - hasDocuments: + count: 3 + - documentIndex: 0 + isKind: + of: ServiceAccount + - documentIndex: 1 + isKind: + of: Role + - documentIndex: 2 + isKind: + of: RoleBinding From 1999093af2b6342a77c9866282f1b4562d52d102 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 2 Dec 2024 16:33:43 +0100 Subject: [PATCH 13/15] correct image version --- charts/geoipupdates/templates/cronjob.yaml | 2 +- charts/geoipupdates/values.yaml | 24 +++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index ffe9e8f6..584f06d2 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -19,7 +19,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} containers: - - name: {{ .Chart.Name }} + - name: geoipupdate image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.containerSecurityContext }} diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index b363ce3e..b0ff9bd9 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -1,12 +1,12 @@ image: - repository: geoipupdates - tag: latest + repository: jenkinsciinfra/geoipupdate + tag: 0.2.1 pullPolicy: IfNotPresent imagePullSecrets: [] # securityContext: # Secret values, set to empty below for reference: geoipupdate: - dryrun: false #use boolean to set dryrun to not call geoipupdater to avoid ratelimit + dryrun: true account_id: "" license_key: "" fileshare_client_id: "" @@ -26,13 +26,17 @@ containerSecurityContext: {} # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 -resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 256Mi +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 256Mi # minimum 256Mi to avoid OMM kill for `az login` + # requests: + # cpu: 100m + # memory: 256Mi nodeSelector: {} tolerations: [] affinity: {} From 664c390c14c7f4dca715b0e58fe2feb215d68aa6 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 2 Dec 2024 16:38:42 +0100 Subject: [PATCH 14/15] bump updatecli manifest to track our own version of geoipupdater --- updatecli/updatecli.d/geoipupdates.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/updatecli/updatecli.d/geoipupdates.yaml b/updatecli/updatecli.d/geoipupdates.yaml index 11dcdd56..5787fab7 100644 --- a/updatecli/updatecli.d/geoipupdates.yaml +++ b/updatecli/updatecli.d/geoipupdates.yaml @@ -1,4 +1,4 @@ -name: Bump `ghcr.io/maxmind/geoipupdate` docker image and helm chart versions +name: Bump `jenkinsciinfra/geoipupdate` docker image and helm chart versions scms: default: @@ -14,20 +14,20 @@ scms: sources: lastVersion: - name: Get latest version of maxmind/geoipupdate + name: Get latest version of jenkinsciinfra/geoipupdate kind: githubrelease spec: - owner: maxmind - repository: geoipupdate + owner: jenkins-infra + repository: docker-geoipupdate token: "{{ requiredEnv .github.token }}" username: "{{ .github.username }}" conditions: checkGeoIPDockerImagePublished: - name: Ensure that the image "ghcr.io/maxmind/geoipupdate:" is published + name: Ensure that the image "jenkinsciinfra/geoipupdate:" is published kind: dockerimage spec: - image: ghcr.io/maxmind/geoipupdate + image: jenkinsciinfra/geoipupdate architectures: - "arm64" # Tag comes from sourceid From 315b20e1a3e81fa1ca0a7e90b25a43c2008ff8f3 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 2 Dec 2024 16:44:42 +0100 Subject: [PATCH 15/15] update unittest because of dry-run default to true --- charts/geoipupdates/tests/defaults_test.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 219dec9f..83652382 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -31,17 +31,23 @@ tests: # Env. variables - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name - value: GEOIPUPDATE_EDITION_IDS + value: GEOIPUPDATE_DRYRUN - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value - value: GeoLite2-ASN GeoLite2-City GeoLite2-Country + value: "true" - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name - value: GEOIPUPDATE_FREQUENCY + value: GEOIPUPDATE_EDITION_IDS - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].value - value: "24" - - notExists: + value: GeoLite2-ASN GeoLite2-City GeoLite2-Country + - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name + value: GEOIPUPDATE_FREQUENCY + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[2].value + value: "24" - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name + - notExists: + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name