diff --git a/charts/alfresco-audit-storage/templates/_helpers.tpl b/charts/alfresco-audit-storage/templates/_helpers.tpl index ce4cd4d8..a9b7866d 100644 --- a/charts/alfresco-audit-storage/templates/_helpers.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers.tpl @@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-audit-storage.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: {{ .Chart.Name }} {{- end }} {{/* diff --git a/charts/alfresco-audit-storage/test.yaml b/charts/alfresco-audit-storage/test.yaml deleted file mode 100644 index 83f804db..00000000 --- a/charts/alfresco-audit-storage/test.yaml +++ /dev/null @@ -1,665 +0,0 @@ ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/poddisruptionbudget.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: "elasticsearch-master-pdb" -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: "elasticsearch-master" ---- -# Source: alfresco-audit-storage/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: true ---- -# Source: alfresco-audit-storage/charts/activemq/templates/secret-activemq.yaml -apiVersion: v1 -kind: Secret -metadata: - name: activemq-brokersecret - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -type: Opaque -data: - BROKER_USERNAME: "YWRtaW4=" - BROKER_PASSWORD: "YWRtaW4=" ---- -# Source: alfresco-audit-storage/templates/secret-es.yaml -apiVersion: v1 -kind: Secret -metadata: - name: audit-aas-es - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - SEARCH_USERNAME: "" - SEARCH_PASSWORD: "" ---- -# Source: alfresco-audit-storage/templates/secret-mq.yaml -apiVersion: v1 -kind: Secret -metadata: - name: audit-aas-mq - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - BROKER_USERNAME: "" - BROKER_PASSWORD: "" ---- -# Source: alfresco-audit-storage/templates/configmap-es.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: audit-aas-es - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -data: - SEARCH_URL: http://elasticsearch-master:9200 ---- -# Source: alfresco-audit-storage/templates/configmap-mq.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: audit-aas-mq - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -data: - BROKER_URL: failover:(nio://activemq-broker:61616) ---- -# Source: alfresco-audit-storage/charts/activemq/templates/pvc-activemq.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: activemq-default-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: "20Gi" ---- -# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-broker.yaml -apiVersion: v1 -kind: Service -metadata: - name: activemq-broker - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - type: ClusterIP - ports: - - port: 61613 - targetPort: 61613 - name: stomp - protocol: TCP - - port: 61616 - targetPort: 61616 - name: openwire - protocol: TCP - - port: 5672 - targetPort: 5672 - name: amqp - protocol: TCP - selector: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-web-console.yaml -apiVersion: v1 -kind: Service -metadata: - name: activemq-web-console - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - type: NodePort - ports: - - port: 8161 - targetPort: 8161 - name: web-console - protocol: TCP - selector: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml -kind: Service -apiVersion: v1 -metadata: - name: elasticsearch-master - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - {} -spec: - type: ClusterIP - selector: - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - publishNotReadyAddresses: false - ports: - - name: http - protocol: TCP - port: 9200 - - name: transport - protocol: TCP - port: 9300 ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml -kind: Service -apiVersion: v1 -metadata: - name: elasticsearch-master-headless - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve - # Create endpoints also if the related pod isn't ready - publishNotReadyAddresses: true - selector: - app: "elasticsearch-master" - ports: - - name: http - port: 9200 - - name: transport - port: 9300 ---- -# Source: alfresco-audit-storage/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - port: 8081 - targetPort: http - protocol: TCP - name: http-traffic - selector: - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/activemq/templates/deployment-activemq.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activemq - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - template: - metadata: - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq - spec: - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 33031 - imagePullSecrets: - - name: quay-registry-secret - containers: - - name: activemq - image: "alfresco/alfresco-activemq:5.18.5-jre17-rockylinux8" - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - env: - - name: ACTIVEMQ_CONFIG_MINMEMORY - value: "512" - - name: ACTIVEMQ_CONFIG_MAXMEMORY - value: "1Gi" - - name: ACTIVEMQ_BROKER_NAME - value: "activemq" - - name: ACTIVEMQ_ADMIN_LOGIN - valueFrom: - secretKeyRef: - name: activemq-brokersecret - key: BROKER_USERNAME - - name: ACTIVEMQ_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: activemq-brokersecret - key: BROKER_PASSWORD - ports: - - name: stomp - containerPort: 61613 - - name: openwire - containerPort: 61616 - - name: amqp - containerPort: 5672 - - name: web-console - containerPort: 8161 - readinessProbe: - tcpSocket: - port: 61616 - initialDelaySeconds: 5 - periodSeconds: 10 - failureThreshold: 6 - timeoutSeconds: 1 - livenessProbe: - tcpSocket: - port: 61616 - initialDelaySeconds: 60 - periodSeconds: 10 - failureThreshold: 6 - timeoutSeconds: 1 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 512Mi - volumeMounts: - - name: data - mountPath: /opt/activemq/data - subPath: alfresco-infrastructure/activemq-data - volumes: - - name: data - persistentVolumeClaim: - claimName: >- - activemq-default-pvc - terminationGracePeriodSeconds: 1 ---- -# Source: alfresco-audit-storage/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - template: - metadata: - annotations: - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm - spec: - imagePullSecrets: - - name: quay-registry-secret - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 33000 - serviceAccountName: audit-aas - containers: - - name: alfresco-audit-storage - image: "quay.io/alfresco/alfresco-audit-storage:0.0.1-A8" - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - ports: - - name: http - containerPort: 8081 - protocol: TCP - env: - - - name: SPRING_ACTIVEMQ_USER - valueFrom: - secretKeyRef: - name: audit-aas-mq - key: BROKER_USERNAME - - name: SPRING_ACTIVEMQ_PASSWORD - valueFrom: - secretKeyRef: - name: audit-aas-mq - key: BROKER_PASSWORD - - - name: SPRING_ACTIVEMQ_BROKERURL - valueFrom: - configMapKeyRef: - name: audit-aas-mq - key: BROKER_URL - - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME - valueFrom: - secretKeyRef: - name: audit-aas-es - key: SEARCH_USERNAME - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD - valueFrom: - secretKeyRef: - name: audit-aas-es - key: SEARCH_PASSWORD - - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI - valueFrom: - configMapKeyRef: - name: audit-aas-es - key: SEARCH_URL - - name: AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD - value: "60000" - - name: AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT - value: "1000" - - name: AUDIT_EVENTINGESTION_URI - value: "activemq:topic:alfresco.repo.event2" - - name: SPRING_PROFILES_ACTIVE - value: "durable-subscriptions" - livenessProbe: - httpGet: - path: /actuator/health/liveness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 100m - memory: 128Mi ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: elasticsearch-master - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - esMajorVersion: "7" -spec: - serviceName: elasticsearch-master-headless - selector: - matchLabels: - app: "elasticsearch-master" - replicas: 1 - podManagementPolicy: Parallel - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: elasticsearch-master - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - template: - metadata: - name: "elasticsearch-master" - labels: - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - - spec: - securityContext: - fsGroup: 1000 - runAsUser: 1000 - automountServiceAccountToken: true - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "elasticsearch-master" - topologyKey: kubernetes.io/hostname - terminationGracePeriodSeconds: 120 - volumes: - enableServiceLinks: true - initContainers: - - name: configure-sysctl - securityContext: - runAsUser: 0 - privileged: true - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - command: ["sysctl", "-w", "vm.max_map_count=262144"] - resources: - {} - - containers: - - name: "elasticsearch" - securityContext: - capabilities: - drop: - - ALL - runAsNonRoot: true - runAsUser: 1000 - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - readinessProbe: - exec: - command: - - bash - - -c - - | - set -e - # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=yellow&timeout=1s" ) - # Once it has started only check that the node itself is responding - START_FILE=/tmp/.es_start_file - - # Disable nss cache to avoid filling dentry cache when calling curl - # This is required with Elasticsearch Docker using nss < 3.52 - export NSS_SDB_USE_CACHE=no - - http () { - local path="${1}" - local args="${2}" - set -- -XGET -s - - if [ "$args" != "" ]; then - set -- "$@" $args - fi - - if [ -n "${ELASTIC_PASSWORD}" ]; then - set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" - fi - - curl --output /dev/null -k "$@" "http://127.0.0.1:9200${path}" - } - - if [ -f "${START_FILE}" ]; then - echo 'Elasticsearch is already running, lets check the node is healthy' - HTTP_CODE=$(http "/" "-w %{http_code}") - RC=$? - if [[ ${RC} -ne 0 ]]; then - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with RC ${RC}" - exit ${RC} - fi - # ready if HTTP code 200, 503 is tolerable if ES version is 6.x - if [[ ${HTTP_CODE} == "200" ]]; then - exit 0 - elif [[ ${HTTP_CODE} == "503" && "7" == "6" ]]; then - exit 0 - else - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}" - exit 1 - fi - - else - echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=yellow&timeout=1s" )' - if http "/_cluster/health?wait_for_status=yellow&timeout=1s" "--fail" ; then - touch ${START_FILE} - exit 0 - else - echo 'Cluster is not yet ready (request params: "wait_for_status=yellow&timeout=1s" )' - exit 1 - fi - fi - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 3 - timeoutSeconds: 5 - ports: - - name: http - containerPort: 9200 - - name: transport - containerPort: 9300 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 1Gi - env: - - name: node.name - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: cluster.initial_master_nodes - value: "elasticsearch-master-0," - - name: discovery.seed_hosts - value: "elasticsearch-master-headless" - - name: cluster.name - value: "elasticsearch" - - name: network.host - value: "0.0.0.0" - - name: cluster.deprecation_indexing.enabled - value: "false" - - name: ES_JAVA_OPTS - value: "-Xmx512m -Xms512m" - - name: node.data - value: "true" - - name: node.ingest - value: "true" - - name: node.master - value: "true" - - name: node.ml - value: "true" - - name: node.remote_cluster_client - value: "true" - volumeMounts: - - name: "elasticsearch-master" - mountPath: /usr/share/elasticsearch/data ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml -apiVersion: v1 -kind: Pod -metadata: - name: "audit-xdmwn-test" - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": hook-succeeded -spec: - securityContext: - fsGroup: 1000 - runAsUser: 1000 - containers: - - name: "audit-kweot-test" - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - command: - - "sh" - - "-c" - - | - #!/usr/bin/env bash -e - curl -XGET --fail 'elasticsearch-master:9200/_cluster/health?wait_for_status=yellow&timeout=1s' - restartPolicy: Never diff --git a/charts/alfresco-audit-storage/tests/configmaps_test.yaml b/charts/alfresco-audit-storage/tests/configmaps_test.yaml new file mode 100644 index 00000000..f57ac131 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/configmaps_test.yaml @@ -0,0 +1,58 @@ +--- +suite: test configmaps +templates: + - configmap-mq.yaml + - configmap-es.yaml +tests: + - it: should fail rendering manifest without required ActiveMQ values + asserts: + - failedTemplate: + errorMessage: >- + You need to provide an ActiveMQ URL using messageBrokerConnection.url or using an existingConfigMap check chart README file + template: configmap-mq.yaml + + - it: should create a cm from messageBroker provided values + values: &testvalues + - values/embedded-charts-values.yaml + asserts: + - equal: + path: data.BROKER_URL + value: failover:(nio://activemq-broker:61616) + template: configmap-mq.yaml + - equal: + path: data.SEARCH_URL + value: http://elasticsearch-master:9200 + template: configmap-es.yaml + + - it: should not render cm when existingConfigMap is set + values: *testvalues + set: + elasticSearchConnection.existingConfigMap: + name: external-mq-configmap + messageBrokerConnection.existingConfigMap: + name: external-es-configmap + asserts: + - hasDocuments: + count: 0 + template: configmap-es.yaml + - hasDocuments: + count: 0 + template: configmap-mq.yaml + + - it: should render labels for configmaps + values: *testvalues + set: + nameOverride: testName + chart: + version: 1.0.0 + appVersion: 2.0.0 + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: alfresco-audit-storage + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: testName + app.kubernetes.io/version: 2.0.0 + helm.sh/chart: alfresco-audit-storage-1.0.0 diff --git a/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml new file mode 100644 index 00000000..fd7f6685 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml @@ -0,0 +1,4 @@ +elasticSearchConnection: + url: http://elasticsearch-master:9200 +messageBrokerConnection: + url: nio://activemq-broker:61616