diff --git a/src/main/charts/bamboo/templates/_helpers.tpl b/src/main/charts/bamboo/templates/_helpers.tpl index bfc45c122..31fc61eee 100644 --- a/src/main/charts/bamboo/templates/_helpers.tpl +++ b/src/main/charts/bamboo/templates/_helpers.tpl @@ -170,7 +170,7 @@ on Tomcat's logs directory. THis ensures that Tomcat+Bamboo logs get captured in {{- if .Values.volumes.sharedHome.subPath }} subPath: {{ .Values.volumes.sharedHome.subPath | quote }} {{- end }} -{{- if .Values.bamboo.additionalCertificates.secretName }} +{{- if or .Values.bamboo.additionalCertificates.secretName .Values.bamboo.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} diff --git a/src/main/charts/bamboo/templates/config-jvm.yaml b/src/main/charts/bamboo/templates/config-jvm.yaml index 4001bdba0..1fc329592 100644 --- a/src/main/charts/bamboo/templates/config-jvm.yaml +++ b/src/main/charts/bamboo/templates/config-jvm.yaml @@ -10,7 +10,7 @@ data: {{ . }} {{- end }} -XX:ActiveProcessorCount={{ include "flooredCPU" .Values.bamboo.resources.container.requests.cpu }} - {{- if .Values.bamboo.additionalCertificates.secretName }} + {{- if or .Values.bamboo.additionalCertificates.secretName .Values.bamboo.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} {{ include "common.jmx.javaagent" . | indent 4 | trim }} diff --git a/src/main/charts/bitbucket/templates/config-jvm-mesh.yaml b/src/main/charts/bitbucket/templates/config-jvm-mesh.yaml index 745bb2d13..ae825c6e7 100644 --- a/src/main/charts/bitbucket/templates/config-jvm-mesh.yaml +++ b/src/main/charts/bitbucket/templates/config-jvm-mesh.yaml @@ -13,7 +13,7 @@ data: {{- if .Values.monitoring.exposeJmxMetrics }} -javaagent:{{ .Values.monitoring.jmxExporterCustomJarLocation | default (printf "%s/jmx_prometheus_javaagent.jar" ( .Values.bitbucket.mesh.volume.mountPath)) }}={{ .Values.monitoring.jmxExporterPort}}:/opt/atlassian/jmx/jmx-config.yaml {{- end }} - {{- if .Values.bitbucket.mesh.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.mesh.additionalCertificates.secretName .Values.bitbucket.mesh.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} max_heap: {{ .Values.bitbucket.mesh.resources.jvm.maxHeap }} diff --git a/src/main/charts/bitbucket/templates/config-jvm.yaml b/src/main/charts/bitbucket/templates/config-jvm.yaml index cb462037e..f1657417d 100644 --- a/src/main/charts/bitbucket/templates/config-jvm.yaml +++ b/src/main/charts/bitbucket/templates/config-jvm.yaml @@ -14,7 +14,7 @@ data: {{- if .Values.monitoring.exposeJmxMetrics }} -Dplugin.bitbucket-git.mesh.sidecar.jvmArgs=-javaagent:{{ .Values.monitoring.jmxExporterCustomJarLocation | default (printf "%s/jmx_prometheus_javaagent.jar" .Values.volumes.sharedHome.mountPath) }}=9998:/opt/atlassian/jmx/jmx-config.yaml {{- end }} - {{- if .Values.bitbucket.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.additionalCertificates.secretName .Values.bitbucket.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} max_heap: {{ .Values.bitbucket.resources.jvm.maxHeap }} diff --git a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml index 24ea4f107..ba8117d2f 100644 --- a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml +++ b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml @@ -121,7 +121,7 @@ spec: mountPath: {{ .mountPath }}/{{ .key }} subPath: {{ .key }} {{ end }} - {{- if .Values.bitbucket.mesh.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.mesh.additionalCertificates.secretName .Values.bitbucket.mesh.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} diff --git a/src/main/charts/bitbucket/templates/statefulset.yaml b/src/main/charts/bitbucket/templates/statefulset.yaml index 972b2744f..cd299e921 100644 --- a/src/main/charts/bitbucket/templates/statefulset.yaml +++ b/src/main/charts/bitbucket/templates/statefulset.yaml @@ -188,7 +188,7 @@ spec: subPath: {{ .Values.volumes.sharedHome.subPath | quote }} {{- end }} {{- end }} - {{- if .Values.bitbucket.additionalCertificates.secretName }} + {{- if or .Values.bitbucket.additionalCertificates.secretName .Values.bitbucket.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} diff --git a/src/main/charts/confluence/templates/_helpers.tpl b/src/main/charts/confluence/templates/_helpers.tpl index 2589e8662..a2dc1726a 100644 --- a/src/main/charts/confluence/templates/_helpers.tpl +++ b/src/main/charts/confluence/templates/_helpers.tpl @@ -283,7 +283,7 @@ on Tomcat's logs directory. THis ensures that Tomcat+Confluence logs get capture mountPath: /opt/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml subPath: seraph-config.xml {{- end }} -{{- if .Values.confluence.additionalCertificates.secretName }} +{{- if or .Values.confluence.additionalCertificates.secretName .Values.confluence.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} @@ -299,7 +299,7 @@ Defines the volume mounts used by the Synchrony container. {{ define "synchrony.volumeMounts" }} - name: synchrony-home mountPath: {{ .Values.volumes.synchronyHome.mountPath | quote }} -{{- if .Values.synchrony.additionalCertificates.secretName }} +{{- if or .Values.synchrony.additionalCertificates.secretName .Values.synchrony.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} diff --git a/src/main/charts/confluence/templates/config-jvm.yaml b/src/main/charts/confluence/templates/config-jvm.yaml index 3b06e3df5..2df93916b 100644 --- a/src/main/charts/confluence/templates/config-jvm.yaml +++ b/src/main/charts/confluence/templates/config-jvm.yaml @@ -19,7 +19,7 @@ data: {{- if .Values.serviceAccount.eksIrsa.roleArn }} -Daws.webIdentityTokenFile=/var/run/secrets/eks.amazonaws.com/serviceaccount/token {{- end }} - {{- if .Values.confluence.additionalCertificates.secretName }} + {{- if or .Values.confluence.additionalCertificates.secretName .Values.confluence.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} {{- include "common.jmx.javaagent" . | indent 4 -}} diff --git a/src/main/charts/confluence/templates/synchrony-start-script.yaml b/src/main/charts/confluence/templates/synchrony-start-script.yaml index 9e4c7647f..0233cd6b9 100644 --- a/src/main/charts/confluence/templates/synchrony-start-script.yaml +++ b/src/main/charts/confluence/templates/synchrony-start-script.yaml @@ -21,7 +21,7 @@ data: -Xss{{ .Values.synchrony.resources.jvm.stackSize }} \ -Dsynchrony.port={{ .Values.synchrony.ports.http }} \ -Dcluster.listen.port={{ .Values.synchrony.ports.hazelcast }} \ - {{- if .Values.synchrony.additionalCertificates.secretName }} + {{- if or .Values.synchrony.additionalCertificates.secretName .Values.synchrony.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts \ {{- end }} {{- range .Values.synchrony.additionalJvmArgs }} diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index a69d32e08..3e566ef9f 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -1352,7 +1352,7 @@ synchrony: additionalVolumeMounts: [] # -- Defines additional annotations to the Synchrony StateFulSet. This might be required when deploying using a GitOps approach - additionalAnnotations: + additionalAnnotations: # argocd.argoproj.io/sync-wave: "10" # -- Defines any additional ports for the Synchrony container. diff --git a/src/main/charts/crowd/templates/_helpers.tpl b/src/main/charts/crowd/templates/_helpers.tpl index 3527b017b..1f1d9e281 100644 --- a/src/main/charts/crowd/templates/_helpers.tpl +++ b/src/main/charts/crowd/templates/_helpers.tpl @@ -143,7 +143,7 @@ on Tomcat's logs directory. THis ensures that Tomcat+Crowd logs get captured in {{- if .Values.volumes.sharedHome.subPath }} subPath: {{ .Values.volumes.sharedHome.subPath | quote }} {{- end }} -{{- if .Values.crowd.additionalCertificates.secretName }} +{{- if or .Values.crowd.additionalCertificates.secretName .Values.crowd.additionalCertificates.secretList }} - name: keystore mountPath: /var/ssl {{- end }} diff --git a/src/main/charts/crowd/templates/config-jvm.yaml b/src/main/charts/crowd/templates/config-jvm.yaml index da161cfa5..8bc09918f 100644 --- a/src/main/charts/crowd/templates/config-jvm.yaml +++ b/src/main/charts/crowd/templates/config-jvm.yaml @@ -12,7 +12,7 @@ data: {{ . }} {{- end }} -XX:ActiveProcessorCount={{ include "flooredCPU" .Values.crowd.resources.container.requests.cpu }} - {{- if .Values.crowd.additionalCertificates.secretName }} + {{- if or .Values.crowd.additionalCertificates.secretName .Values.crowd.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} {{ include "common.jmx.javaagent" . | indent 4 | trim }} diff --git a/src/main/charts/jira/templates/config-jvm.yaml b/src/main/charts/jira/templates/config-jvm.yaml index 5db47554a..697334f8e 100644 --- a/src/main/charts/jira/templates/config-jvm.yaml +++ b/src/main/charts/jira/templates/config-jvm.yaml @@ -14,7 +14,7 @@ data: {{- if .Values.serviceAccount.eksIrsa.roleArn }} -Daws.webIdentityTokenFile=/var/run/secrets/eks.amazonaws.com/serviceaccount/token {{- end }} - {{- if .Values.jira.additionalCertificates.secretName }} + {{- if or .Values.jira.additionalCertificates.secretName .Values.jira.additionalCertificates.secretList }} -Djavax.net.ssl.trustStore=/var/ssl/cacerts {{- end }} {{ include "common.jmx.javaagent" . | indent 4 | trim }} diff --git a/src/test/config/kind/common-values.yaml b/src/test/config/kind/common-values.yaml index 57bd9c223..814db2960 100644 --- a/src/test/config/kind/common-values.yaml +++ b/src/test/config/kind/common-values.yaml @@ -26,7 +26,14 @@ DC_APP_REPLACEME: # check if init container not failing when importing a custom crt into the default Java keystore additionalCertificates: - secretName: certificate + secretList: + - name: dev-certificates + keys: + - stg.crt + - dev.crt + - name: certificate-internal + keys: + - internal.crt initContainer: resources: requests: diff --git a/src/test/java/test/AdditionalCertificatesTest.java b/src/test/java/test/AdditionalCertificatesTest.java index 60770ac0c..54ad2da40 100644 --- a/src/test/java/test/AdditionalCertificatesTest.java +++ b/src/test/java/test/AdditionalCertificatesTest.java @@ -34,6 +34,22 @@ void additional_certificates_jvm_prop(Product product) throws Exception { assertThat(jvmConfigMap.getConfigMapData().path("additional_jvm_args")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void additional_certificate_list_jvm_prop(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + product.name() + ".additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".additionalCertificates.secretList[1].keys[0]", "custom.crt", + "volumes.sharedHome.persistentVolumeClaim.create", "true" + )); + final var jvmConfigMap = resources.get(ConfigMap, product.getHelmReleaseName() + "-jvm-config"); + assertThat(jvmConfigMap.getConfigMapData().path("additional_jvm_args")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); + } + + @ParameterizedTest @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) void additional_certificates_jvm_prop_synchrony(Product product) throws Exception { @@ -45,6 +61,21 @@ void additional_certificates_jvm_prop_synchrony(Product product) throws Exceptio assertThat(jvmConfigMap.getConfigMapData().path("start-synchrony.sh")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificate_list_jvm_prop_synchrony(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "synchrony.enabled", "true", + "synchrony.additionalCertificates.secretList[0].name", "self-signed-ca", + "synchrony.additionalCertificates.secretList[0].keys[0]", "ca.crt", + "synchrony.additionalCertificates.secretList[0].keys[1]", "stg.crt", + "synchrony.additionalCertificates.secretList[1].name", "custom-ca", + "synchrony.additionalCertificates.secretList[1].keys[0]", "custom.crt" + )); + final var jvmConfigMap = resources.get(ConfigMap, product.getHelmReleaseName() + "-synchrony-entrypoint"); + assertThat(jvmConfigMap.getConfigMapData().path("start-synchrony.sh")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) void additional_certificates_jvm_prop_mesh(Product product) throws Exception { @@ -56,6 +87,21 @@ void additional_certificates_jvm_prop_mesh(Product product) throws Exception { assertThat(bitbucketMeshJvmConfigMap.getConfigMapData().path("additional_jvm_args")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificate_list_jvm_prop_mesh(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + product.name() + ".mesh.enabled", "true", + product.name() + ".mesh.additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".mesh.additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".mesh.additionalCertificates.secretList[1].keys[0]", "custom.crt" + )); + final var bitbucketMeshJvmConfigMap = resources.get(ConfigMap, product.getHelmReleaseName() + "-jvm-config-mesh"); + assertThat(bitbucketMeshJvmConfigMap.getConfigMapData().path("additional_jvm_args")).hasTextContaining("-Djavax.net.ssl.trustStore=/var/ssl/cacerts"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) void additional_certificates_init_container(Product product) throws Exception { @@ -109,6 +155,21 @@ void additional_certificates_volumeMounts(Product product) throws Exception { assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void additional_certificate_list_volumeMounts(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + product.name() + ".additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".additionalCertificates.secretList[1].keys[0]", "custom.crt" + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + JsonNode keystoreVolumeMount = statefulSet.getContainer(product.name()).getVolumeMount("keystore"); + assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) void additional_certificates_volumeMounts_bitbucket_mesh(Product product) throws Exception { @@ -121,6 +182,22 @@ void additional_certificates_volumeMounts_bitbucket_mesh(Product product) throws assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificate_list_volumeMounts_bitbucket_mesh(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + product.name() + ".mesh.enabled", "true", + product.name() + ".mesh.additionalCertificates.secretList[0].name", "self-signed-ca", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[0]", "ca.crt", + product.name() + ".mesh.additionalCertificates.secretList[0].keys[1]", "stg.crt", + product.name() + ".mesh.additionalCertificates.secretList[1].name", "custom-ca", + product.name() + ".mesh.additionalCertificates.secretList[1].keys[0]", "custom.crt" + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()+"-mesh"); + JsonNode keystoreVolumeMount = statefulSet.getContainer(product.name()+"-mesh").getVolumeMount("keystore"); + assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) void additional_certificates_volumeMounts_synchrony(Product product) throws Exception { @@ -133,6 +210,22 @@ void additional_certificates_volumeMounts_synchrony(Product product) throws Exce assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); } + @ParameterizedTest + @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificate_list_volumeMounts_synchrony(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "synchrony.enabled", "true", + "synchrony.additionalCertificates.secretList[0].name", "self-signed-ca", + "synchrony.additionalCertificates.secretList[0].keys[0]", "ca.crt", + "synchrony.additionalCertificates.secretList[0].keys[1]", "stg.crt", + "synchrony.additionalCertificates.secretList[1].name", "custom-ca", + "synchrony.additionalCertificates.secretList[1].keys[0]", "custom.crt" + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()+"-synchrony"); + JsonNode keystoreVolumeMount = statefulSet.getContainer("synchrony").getVolumeMount("keystore"); + assertThat(keystoreVolumeMount.path("mountPath")).hasTextEqualTo("/var/ssl"); + } + @ParameterizedTest @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) void additional_certificates_volumes(Product product) throws Exception { diff --git a/src/test/resources/expected_helm_output/bitbucket/output.yaml b/src/test/resources/expected_helm_output/bitbucket/output.yaml index 54a5a20d3..3d9c55264 100644 --- a/src/test/resources/expected_helm_output/bitbucket/output.yaml +++ b/src/test/resources/expected_helm_output/bitbucket/output.yaml @@ -593,7 +593,7 @@ spec: template: metadata: annotations: - checksum/config-jvm: 21aa4f6cd4149830dc45696be02257cf4bcd29f1bf7dccd9bc5e2d36fdf384a4 + checksum/config-jvm: daf77dbb6115393d5de995314ed57f1fc3d7333a41fb26e69f17dea959df0af6 labels: app.kubernetes.io/name: bitbucket-mesh app.kubernetes.io/instance: unittest-bitbucket @@ -714,7 +714,7 @@ spec: template: metadata: annotations: - checksum/config-jvm: 0dd2fac063e308dbe5dc1fb17f4d82c8b41d7fee05dbc3ebc422b2053b5c45de + checksum/config-jvm: aae0751c315cf9c346f0f0b15d8170b726b8ed05c2698eb7128e11f716cf3fca labels: app.kubernetes.io/name: bitbucket app.kubernetes.io/instance: unittest-bitbucket diff --git a/src/test/scripts/kind/deploy_app.sh b/src/test/scripts/kind/deploy_app.sh index b6c7dc667..07ebc2bac 100755 --- a/src/test/scripts/kind/deploy_app.sh +++ b/src/test/scripts/kind/deploy_app.sh @@ -18,7 +18,7 @@ deploy_postgres() { --version="15.5.1" \ --wait --timeout=120s \ -n atlassian - + # db-init file is used in Jira HA tests only if [ -f "${DB_INIT_SCRIPT_FILE}" ]; then echo "[INFO]: DB init file '${DB_INIT_SCRIPT_FILE}' found. Initializing the database" @@ -46,10 +46,16 @@ create_secrets() { kubectl create secret generic ${DC_APP}-app-license \ --from-literal=license=${LICENSE} \ -n atlassian - + # this is to test additionalCertificates init container openssl req -x509 -newkey rsa:4096 -keyout /tmp/key.pem -out /tmp/mycert.crt -days 365 -nodes -subj '/CN=localhost' - kubectl create secret generic certificate --from-file=mycert.crt=/tmp/mycert.crt -n atlassian + openssl req -x509 -newkey rsa:4096 -keyout /tmp/key.pem -out /tmp/mycert1.crt -days 365 -nodes -subj '/CN=localhost' + openssl req -x509 -newkey rsa:4096 -keyout /tmp/key.pem -out /tmp/mycert3.crt -days 365 -nodes -subj '/CN=localhost' + + # create multiple certificates to test both single secret and secretList + kubectl create secret generic dev-certificates --from-file=dev.crt=/tmp/mycert.crt --from-file=stg.crt=/tmp/mycert1.crt -n atlassian + kubectl create secret generic certificate-internal --from-file=internal.crt=/tmp/mycert3.crt -n atlassian + kubectl create secret generic certificate --from-file=internal.crt=/tmp/mycert3.crt -n atlassian } deploy_app() { @@ -57,32 +63,32 @@ deploy_app() { helm repo add opensearch https://opensearch-project.github.io/helm-charts/ helm repo update helm dependency build ./src/main/charts/${DC_APP} - + # All apps except Jira have postgresql DB type DB_TYPE="postgresql" if [ ${DC_APP} == "jira" ]; then DB_TYPE="postgres72" fi - + TMP_DIR=$(mktemp -d) echo "Copying values file to ${TMP_DIR}" # copy commmon values template to a tmp location and replace placeholders cp src/test/config/kind/common-values.yaml ${TMP_DIR}/common-values.yaml - + # sed works differently on different platforms if [[ "$OSTYPE" == "darwin"* ]]; then SED_COMMAND="sed -i ''" else SED_COMMAND="sed -i" fi - + # replace application name, database type and display name (important for Bitbucket functional tests) DC_APP_CAPITALIZED="$(echo ${DC_APP} | awk '{print toupper(substr($0,1,1)) tolower(substr($0,2))}')" ${SED_COMMAND} "s/DC_APP_REPLACEME/${DC_APP}/g" ${TMP_DIR}/common-values.yaml ${SED_COMMAND} "s/DB_TYPE_REPLACEME/${DB_TYPE}/g" ${TMP_DIR}/common-values.yaml ${SED_COMMAND} "s/DISPLAY_NAME/${DC_APP_CAPITALIZED}/g" ${TMP_DIR}/common-values.yaml - + # OpenSearch does not run well in a tiny MicroShift instance, freezing the API, # so we're disabling internal OpenSearch for Bitbucket when tested in MicroShift if [ "${DC_APP}" == "bitbucket" ] && [ -n "${OPENSHIFT_VALUES}" ]; then @@ -94,7 +100,7 @@ deploy_app() { echo "[INFO]: Setting external OpenSearch values" ENABLE_OPENSEARCH="--set opensearch.enabled=true,opensearch.install=true,opensearch.resources.requests.cpu=10m,opensearch.resources.requests.memory=10Mi,opensearch.persistence.size=1Gi" fi - + # use a pre-created PVC and hostPath PV instead of NFS volume when running on arm64 machines # it is safe to do so because KinD is a single node k8s cluster if [ -n "${HOSTPATH_PV}" ]; then @@ -249,7 +255,7 @@ verify_openshift_analytics() { create_backdoor_services() { TMP_DIR=$(mktemp -d) echo "Copying svc template file to ${TMP_DIR}" - cp src/test/config/kind/backdoor-svc.yaml ${TMP_DIR}/backdoor-svc.yaml + cp src/test/config/kind/backdoor-svc.yaml ${TMP_DIR}/backdoor-svc.yaml if [[ "$OSTYPE" == "darwin"* ]]; then SED_COMMAND="sed -i ''" else