Skip to content

Commit 447cc0d

Browse files
johnstcnjohnstcn
authored
chore(helm/coder/tests): add tests for securitycontext including additional fields (#16348)
Specifically tests for capabilities
1 parent 6e2dc6f commit 447cc0d

File tree

3 files changed

+205
-0
lines changed

3 files changed

+205
-0
lines changed

helm/coder/tests/chart_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,10 @@ var testCases = []testCase{
108108
name: "svc_loadbalancer",
109109
expectedError: "",
110110
},
111+
{
112+
name: "securitycontext",
113+
expectedError: "",
114+
},
111115
}
112116

113117
type testCase struct {

helm/coder/tests/testdata/securitycontext.golden

Lines changed: 193 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,193 @@
1+
---
2+
# Source: coder/templates/coder.yaml
3+
apiVersion: v1
4+
kind: ServiceAccount
5+
metadata:
6+
annotations: {}
7+
labels:
8+
app.kubernetes.io/instance: release-name
9+
app.kubernetes.io/managed-by: Helm
10+
app.kubernetes.io/name: coder
11+
app.kubernetes.io/part-of: coder
12+
app.kubernetes.io/version: 0.1.0
13+
helm.sh/chart: coder-0.1.0
14+
name: coder
15+
---
16+
# Source: coder/templates/rbac.yaml
17+
apiVersion: rbac.authorization.k8s.io/v1
18+
kind: Role
19+
metadata:
20+
name: coder-workspace-perms
21+
rules:
22+
- apiGroups: [""]
23+
resources: ["pods"]
24+
verbs:
25+
- create
26+
- delete
27+
- deletecollection
28+
- get
29+
- list
30+
- patch
31+
- update
32+
- watch
33+
- apiGroups: [""]
34+
resources: ["persistentvolumeclaims"]
35+
verbs:
36+
- create
37+
- delete
38+
- deletecollection
39+
- get
40+
- list
41+
- patch
42+
- update
43+
- watch
44+
- apiGroups:
45+
- apps
46+
resources:
47+
- deployments
48+
verbs:
49+
- create
50+
- delete
51+
- deletecollection
52+
- get
53+
- list
54+
- patch
55+
- update
56+
- watch
57+
---
58+
# Source: coder/templates/rbac.yaml
59+
apiVersion: rbac.authorization.k8s.io/v1
60+
kind: RoleBinding
61+
metadata:
62+
name: "coder"
63+
subjects:
64+
- kind: ServiceAccount
65+
name: "coder"
66+
roleRef:
67+
apiGroup: rbac.authorization.k8s.io
68+
kind: Role
69+
name: coder-workspace-perms
70+
---
71+
# Source: coder/templates/service.yaml
72+
apiVersion: v1
73+
kind: Service
74+
metadata:
75+
name: coder
76+
labels:
77+
helm.sh/chart: coder-0.1.0
78+
app.kubernetes.io/name: coder
79+
app.kubernetes.io/instance: release-name
80+
app.kubernetes.io/part-of: coder
81+
app.kubernetes.io/version: "0.1.0"
82+
app.kubernetes.io/managed-by: Helm
83+
annotations:
84+
{}
85+
spec:
86+
type: LoadBalancer
87+
sessionAffinity: None
88+
ports:
89+
- name: "http"
90+
port: 80
91+
targetPort: "http"
92+
protocol: TCP
93+
nodePort:
94+
externalTrafficPolicy: "Cluster"
95+
selector:
96+
app.kubernetes.io/name: coder
97+
app.kubernetes.io/instance: release-name
98+
---
99+
# Source: coder/templates/coder.yaml
100+
apiVersion: apps/v1
101+
kind: Deployment
102+
metadata:
103+
annotations: {}
104+
labels:
105+
app.kubernetes.io/instance: release-name
106+
app.kubernetes.io/managed-by: Helm
107+
app.kubernetes.io/name: coder
108+
app.kubernetes.io/part-of: coder
109+
app.kubernetes.io/version: 0.1.0
110+
helm.sh/chart: coder-0.1.0
111+
name: coder
112+
spec:
113+
replicas: 1
114+
selector:
115+
matchLabels:
116+
app.kubernetes.io/instance: release-name
117+
app.kubernetes.io/name: coder
118+
template:
119+
metadata:
120+
annotations: {}
121+
labels:
122+
app.kubernetes.io/instance: release-name
123+
app.kubernetes.io/managed-by: Helm
124+
app.kubernetes.io/name: coder
125+
app.kubernetes.io/part-of: coder
126+
app.kubernetes.io/version: 0.1.0
127+
helm.sh/chart: coder-0.1.0
128+
spec:
129+
affinity:
130+
podAntiAffinity:
131+
preferredDuringSchedulingIgnoredDuringExecution:
132+
- podAffinityTerm:
133+
labelSelector:
134+
matchExpressions:
135+
- key: app.kubernetes.io/instance
136+
operator: In
137+
values:
138+
- coder
139+
topologyKey: kubernetes.io/hostname
140+
weight: 1
141+
containers:
142+
- args:
143+
- server
144+
command:
145+
- /opt/coder
146+
env:
147+
- name: CODER_HTTP_ADDRESS
148+
value: 0.0.0.0:8080
149+
- name: CODER_PROMETHEUS_ADDRESS
150+
value: 0.0.0.0:2112
151+
- name: CODER_ACCESS_URL
152+
value: http://coder.default.svc.cluster.local
153+
- name: KUBE_POD_IP
154+
valueFrom:
155+
fieldRef:
156+
fieldPath: status.podIP
157+
- name: CODER_DERP_SERVER_RELAY_URL
158+
value: http://$(KUBE_POD_IP):8080
159+
image: ghcr.io/coder/coder:latest
160+
imagePullPolicy: IfNotPresent
161+
lifecycle: {}
162+
livenessProbe:
163+
httpGet:
164+
path: /healthz
165+
port: http
166+
scheme: HTTP
167+
name: coder
168+
ports:
169+
- containerPort: 8080
170+
name: http
171+
protocol: TCP
172+
readinessProbe:
173+
httpGet:
174+
path: /healthz
175+
port: http
176+
scheme: HTTP
177+
resources: {}
178+
securityContext:
179+
allowPrivilegeEscalation: false
180+
capabilities:
181+
drop:
182+
- ALL
183+
readOnlyRootFilesystem: null
184+
runAsGroup: 1000
185+
runAsNonRoot: true
186+
runAsUser: 1000
187+
seccompProfile:
188+
type: RuntimeDefault
189+
volumeMounts: []
190+
restartPolicy: Always
191+
serviceAccountName: coder
192+
terminationGracePeriodSeconds: 60
193+
volumes: []

helm/coder/tests/testdata/securitycontext.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
coder:
2+
image:
3+
tag: latest
4+
securityContext:
5+
allowPrivilegeEscalation: false
6+
capabilities:
7+
drop:
8+
- ALL

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy