def test_using_a_name_override():
config = '''
nameOverride: overrider
'''
r = helm_template(config)
assert 'overrider-kibana' in r['deployment']
def test_defaults():
config = '''
'''
r = helm_template(config)
assert name in r['daemonset']
c = r['daemonset'][name]['spec']['template']['spec']['containers'][0]
assert c['name'] == project
assert c['image'].startswith('docker.elastic.co/beats/' + project + ':')
assert c['env'][0]['name'] == 'POD_NAMESPACE'
assert c['env'][0]['valueFrom']['fieldRef']['fieldPath'] == 'metadata.namespace'
assert 'curl --fail 127.0.0.1:5066' in c['livenessProbe']['exec']['command'][-1]
assert 'filebeat test output' in c['readinessProbe']['exec']['command'][-1]
# Empty customizable defaults
assert 'imagePullSecrets' not in r['daemonset'][name]['spec']['template']['spec']
assert 'tolerations' not in r['daemonset'][name]['spec']['template']['spec']
assert r['daemonset'][name]['spec']['updateStrategy']['type'] == 'RollingUpdate'
assert r['daemonset'][name]['spec']['template']['spec']['serviceAccountName'] == name
volumes = r['daemonset'][name]['spec']['template']['spec']['volumes']
assert {
'name': 'data',
'hostPath': {
'path': '/var/lib/release-name-filebeat-default-data',
'type': 'DirectoryOrCreate'
}
} in volumes
def test_adding_a_node_selector():
config = '''
nodeSelector:
disktype: ssd
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['nodeSelector']['disktype'] == 'ssd'
def test_changing_the_protocol():
config = '''
protocol: https
'''
r = helm_template(config)
c = r['deployment'][name]['spec']['template']['spec']['containers'][0]
assert 'https://' in c['readinessProbe']['exec']['command'][-1]
def test_defaults():
config = '''
'''
r = helm_template(config)
assert name in r['deployment']
assert name in r['service']
s = r['service'][name]['spec']
assert s['ports'][0]['port'] == 5601
assert s['ports'][0]['name'] == 'http'
assert s['ports'][0]['protocol'] == 'TCP'
c = r['deployment'][name]['spec']['template']['spec']['containers'][0]
assert c['name'] == 'kibana'
assert c['image'].startswith('docker.elastic.co/kibana/kibana:')
assert c['ports'][0]['containerPort'] == 5601
assert c['env'][0]['name'] == 'ELASTICSEARCH_HOSTS'
assert c['env'][0]['value'] == elasticsearchHosts
assert 'http "/app/kibana"' in c['readinessProbe']['exec']['command'][-1]
# Empty customizable defaults
assert 'imagePullSecrets' not in r['deployment'][name]['spec']['template']['spec']
assert 'tolerations' not in r['deployment'][name]['spec']['template']['spec']
assert 'nodeSelector' not in r['deployment'][name]['spec']['template']['spec']
assert 'ingress' not in r
assert r['deployment'][name]['spec']['strategy']['type'] == 'Recreate'
def test_override_the_default_update_strategy():
config = '''
updateStrategy: OnDelete
'''
r = helm_template(config)
assert r['daemonset'][name]['spec']['updateStrategy']['type'] == 'OnDelete'
def test_adding_in_filebeat_config():
config = '''
filebeatConfig:
filebeat.yml: |
key:
nestedkey: value
dot.notation: test
other-config.yml: |
hello = world
'''
r = helm_template(config)
c = r['configmap'][name + '-config']['data']
assert 'filebeat.yml' in c
assert 'other-config.yml' in c
assert 'nestedkey: value' in c['filebeat.yml']
assert 'dot.notation: test' in c['filebeat.yml']
assert 'hello = world' in c['other-config.yml']
d = r['daemonset'][name]['spec']['template']['spec']
assert {'configMap': {'name': name + '-config', 'defaultMode': 0600}, 'name': project + '-config'} in d['volumes']
assert {'mountPath': '/usr/share/filebeat/filebeat.yml', 'name': project + '-config', 'subPath': 'filebeat.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
assert {'mountPath': '/usr/share/filebeat/other-config.yml', 'name': project + '-config', 'subPath': 'other-config.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
assert 'configChecksum' in r['daemonset'][name]['spec']['template']['metadata']['annotations']
def test_adding_image_pull_secrets():
config = '''
imagePullSecrets:
- name: test-registry
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['imagePullSecrets'][0]['name'] == 'test-registry'
def test_adding_in_kibana_config():
config = '''
kibanaConfig:
kibana.yml: |
key:
nestedkey: value
dot.notation: test
other-config.yml: |
hello = world
'''
r = helm_template(config)
c = r['configmap'][name + '-config']['data']
assert 'kibana.yml' in c
assert 'other-config.yml' in c
assert 'nestedkey: value' in c['kibana.yml']
assert 'dot.notation: test' in c['kibana.yml']
assert 'hello = world' in c['other-config.yml']
d = r['deployment'][name]['spec']['template']['spec']
assert {'configMap': {'name': name + '-config'}, 'name': 'kibanaconfig'} in d['volumes']
assert {'mountPath': '/usr/share/kibana/config/kibana.yml', 'name': 'kibanaconfig', 'subPath': 'kibana.yml'} in d['containers'][0]['volumeMounts']
assert {'mountPath': '/usr/share/kibana/config/other-config.yml', 'name': 'kibanaconfig', 'subPath': 'other-config.yml'} in d['containers'][0]['volumeMounts']
assert 'configchecksum' in r['deployment'][name]['spec']['template']['metadata']['annotations']
def test_adding_an_ingress_rule():
config = '''
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
path: /
hosts:
- kibana.elastic.co
tls:
- secretName: elastic-co-wildcard
hosts:
- kibana.elastic.co
'''
r = helm_template(config)
assert name in r['ingress']
i = r['ingress'][name]['spec']
assert i['tls'][0]['hosts'][0] == 'kibana.elastic.co'
assert i['tls'][0]['secretName'] == 'elastic-co-wildcard'
assert i['rules'][0]['host'] == 'kibana.elastic.co'
assert i['rules'][0]['http']['paths'][0]['path'] == '/'
assert i['rules'][0]['http']['paths'][0]['backend']['serviceName'] == name
assert i['rules'][0]['http']['paths'][0]['backend']['servicePort'] == 5601
def test_changing_the_health_check_path():
config = '''
healthCheckPath: "/kibana/app/kibana"
'''
r = helm_template(config)
c = r['deployment'][name]['spec']['template']['spec']['containers'][0]
assert 'http "/kibana/app/kibana"' in c['readinessProbe']['exec']['command'][-1]
def test_self_managing_rbac_resources():
config = '''
managedServiceAccount: false
'''
r = helm_template(config)
assert 'serviceaccount' not in r
assert 'clusterrole' not in r
assert 'clusterrolebinding' not in r
def test_setting_pod_security_context():
config = '''
podSecurityContext:
runAsUser: 1001
fsGroup: 1002
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['securityContext']['runAsUser'] == 1001
assert r['deployment'][name]['spec']['template']['spec']['securityContext']['fsGroup'] == 1002
def test_adding_envs():
config = '''
extraEnvs:
- name: LOG_LEVEL
value: DEBUG
'''
r = helm_template(config)
envs = r['daemonset'][name]['spec']['template']['spec']['containers'][0]['env']
assert {'name': 'LOG_LEVEL', 'value': 'DEBUG'} in envs
def test_overriding_the_port():
config = '''
httpPort: 5602
'''
r = helm_template(config)
c = r['deployment'][name]['spec']['template']['spec']['containers'][0]
assert c['ports'][0]['containerPort'] == 5602
def test_overriding_the_elasticsearch_url():
config = '''
elasticsearchURL: 'http://hello.world'
'''
r = helm_template(config)
c = r['deployment'][name]['spec']['template']['spec']['containers'][0]
assert c['env'][0]['name'] == 'ELASTICSEARCH_URL'
assert c['env'][0]['value'] == 'http://hello.world'
def test_adding_tolerations():
config = '''
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoExecute"
tolerationSeconds: 3600
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['tolerations'][0]['key'] == 'key1'
def test_setting_pod_security_context():
config = '''
podSecurityContext:
runAsUser: 1001
fsGroup: 1002
privileged: false
'''
r = helm_template(config)
c = r['daemonset'][name]['spec']['template']['spec']['containers'][0]
assert c['securityContext']['runAsUser'] == 1001
assert c['securityContext']['fsGroup'] == 1002
assert c['securityContext']['privileged'] == False
def test_override_the_default_update_strategy():
config = '''
updateStrategy:
type: "RollingUpdate"
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['strategy']['type'] == 'RollingUpdate'
assert r['deployment'][name]['spec']['strategy']['rollingUpdate']['maxUnavailable'] == 1
assert r['deployment'][name]['spec']['strategy']['rollingUpdate']['maxSurge'] == 1
def test_adding_a_extra_volume_with_volume_mount():
config = '''
extraVolumes: |
- name: extras
emptyDir: {}
extraVolumeMounts: |
- name: extras
mountPath: /usr/share/extras
readOnly: true
'''
r = helm_template(config)
extraVolume = r['daemonset'][name]['spec']['template']['spec']['volumes']
assert {'name': 'extras', 'emptyDir': {}} in extraVolume
extraVolumeMounts = r['daemonset'][name]['spec']['template']['spec']['containers'][0]['volumeMounts']
assert {'name': 'extras', 'mountPath': '/usr/share/extras', 'readOnly': True} in extraVolumeMounts
def test_adding_an_affinity_rule():
config = '''
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- kibana
topologyKey: kubernetes.io/hostname
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['affinity']['podAntiAffinity'][
'requiredDuringSchedulingIgnoredDuringExecution'][0]['topologyKey'] == 'kubernetes.io/hostname'
def test_adding_a_secret_mount():
config = '''
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/filebeat/config/certs
'''
r = helm_template(config)
s = r['daemonset'][name]['spec']['template']['spec']
assert s['containers'][0]['volumeMounts'][0] == {
'mountPath': '/usr/share/filebeat/config/certs',
'name': 'elastic-certificates'
}
assert s['volumes'][0] == {
'name': 'elastic-certificates',
'secret': {
'secretName': 'elastic-certificates'
}
}
def test_adding_resources_to_sidecar_container():
config = '''
masterTerminationFix: true
sidecarResources:
limits:
cpu: "100m"
memory: "128Mi"
requests:
cpu: "100m"
memory: "128Mi"
'''
r = helm_template(config)
i = r['statefulset'][uname]['spec']['template']['spec']['containers'][1]
assert i['resources'] == {
'requests': {
'cpu': '100m',
'memory': '128Mi'
},
'limits': {
'cpu': '100m',
'memory': '128Mi'
}
}
def test_setting_fullnameOverride():
config = """
fullnameOverride: 'filebeat-custom'
"""
r = helm_template(config)
custom_name = "filebeat-custom"
assert custom_name in r["daemonset"]
assert (
r["daemonset"][custom_name]["spec"]["template"]["spec"]["containers"][0]["name"]
== project
)
assert (
r["daemonset"][custom_name]["spec"]["template"]["spec"]["serviceAccountName"]
== name
)
volumes = r["daemonset"][custom_name]["spec"]["template"]["spec"]["volumes"]
assert {
"name": "data",
"hostPath": {
"path": "/var/lib/" + custom_name + "-default-data",
"type": "DirectoryOrCreate",
},
} in volumes
def test_adding_resources_to_initcontainer():
config = '''
initResources:
limits:
cpu: "25m"
memory: "128Mi"
requests:
cpu: "25m"
memory: "128Mi"
'''
r = helm_template(config)
i = r['statefulset'][uname]['spec']['template']['spec']['initContainers'][
0]
assert i['resources'] == {
'requests': {
'cpu': '25m',
'memory': '128Mi'
},
'limits': {
'cpu': '25m',
'memory': '128Mi'
}
}
def test_adding_resources_to_initcontainer():
config = """
initResources:
limits:
cpu: "25m"
memory: "128Mi"
requests:
cpu: "25m"
memory: "128Mi"
"""
r = helm_template(config)
i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][
0]
assert i["resources"] == {
"requests": {
"cpu": "25m",
"memory": "128Mi"
},
"limits": {
"cpu": "25m",
"memory": "128Mi"
},
}
def test_adding_resources_to_sidecar_container():
config = """
masterTerminationFix: true
sidecarResources:
limits:
cpu: "100m"
memory: "128Mi"
requests:
cpu: "100m"
memory: "128Mi"
"""
r = helm_template(config)
i = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][1]
assert i["resources"] == {
"requests": {
"cpu": "100m",
"memory": "128Mi"
},
"limits": {
"cpu": "100m",
"memory": "128Mi"
},
}
def test_adding_a_secret_mount():
config = """
deployment:
enabled: true
daemonset:
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates-name
path: /usr/share/filebeat/config/certs
"""
r = helm_template(config)
assert (
{
"mountPath": "/usr/share/filebeat/config/certs",
"name": "elastic-certificates",
}
in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"
]
)
assert {
"name": "elastic-certificates",
"secret": {"secretName": "elastic-certificates-name"},
} in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"]
assert (
{
"mountPath": "/usr/share/filebeat/config/certs",
"name": "elastic-certificates",
}
not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"
]
)
assert {
"name": "elastic-certificates",
"secret": {"secretName": "elastic-certificates-name"},
} not in r["deployment"][name]["spec"]["template"]["spec"]["volumes"]
config = """
deployment:
enabled: true
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates-name
path: /usr/share/filebeat/config/certs
"""
r = helm_template(config)
assert (
{
"mountPath": "/usr/share/filebeat/config/certs",
"name": "elastic-certificates",
}
in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"
]
)
assert {
"name": "elastic-certificates",
"secret": {"secretName": "elastic-certificates-name"},
} in r["deployment"][name]["spec"]["template"]["spec"]["volumes"]
assert (
{
"mountPath": "/usr/share/filebeat/config/certs",
"name": "elastic-certificates",
}
not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"
]
)
assert {
"name": "elastic-certificates",
"secret": {"secretName": "elastic-certificates-name"},
} not in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"]
def test_setting_pod_security_context():
config = """
deployment:
enabled: true
daemonset:
securityContext:
runAsUser: 1001
privileged: false
"""
r = helm_template(config)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["runAsUser"]
== 1001
)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["privileged"]
== False
)
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["runAsUser"]
== 0
)
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["privileged"]
== False
)
config = """
deployment:
enabled: true
securityContext:
runAsUser: 1001
privileged: false
"""
r = helm_template(config)
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["runAsUser"]
== 1001
)
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["privileged"]
== False
)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["runAsUser"]
== 0
)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["privileged"]
== False
)
def test_defaults():
config = '''
'''
r = helm_template(config)
# Statefulset
assert r['statefulset'][name]['spec']['replicas'] == 1
assert r['statefulset'][name]['spec']['updateStrategy'] == {
'type': 'RollingUpdate'}
assert r['statefulset'][name]['spec']['podManagementPolicy'] == 'Parallel'
assert r['statefulset'][name]['spec']['template']['spec']['affinity']['podAntiAffinity']['requiredDuringSchedulingIgnoredDuringExecution'][0] == \
{
"labelSelector": {
"matchExpressions": [
{
"key": "app",
"operator": "In",
"values": [
name
]
}
]
},
"topologyKey": "kubernetes.io/hostname"
}
# Default environment variables
env_vars = [
{
'name': 'LS_JAVA_OPTS',
'value': '-Xmx1g -Xms1g'
},
]
c = r['statefulset'][name]['spec']['template']['spec']['containers'][0]
for env in env_vars:
assert env in c['env']
# Image
assert c['image'].startswith(
'docker.elastic.co/logstash/logstash:')
assert c['imagePullPolicy'] == 'IfNotPresent'
assert c['name'] == 'logstash'
# Ports
assert c['ports'][0] == {'name': 'http', 'containerPort': 9600}
# Health checks
assert c['livenessProbe']['failureThreshold'] == 3
assert c['livenessProbe']['initialDelaySeconds'] == 300
assert c['livenessProbe']['periodSeconds'] == 10
assert c['livenessProbe']['successThreshold'] == 1
assert c['livenessProbe']['timeoutSeconds'] == 5
assert '/' in c['livenessProbe']['httpGet']['path']
assert 'http' in c['livenessProbe']['httpGet']['port']
assert c['readinessProbe']['failureThreshold'] == 3
assert c['readinessProbe']['initialDelaySeconds'] == 60
assert c['readinessProbe']['periodSeconds'] == 10
assert c['readinessProbe']['successThreshold'] == 3
assert c['readinessProbe']['timeoutSeconds'] == 5
assert '/' in c['readinessProbe']['httpGet']['path']
assert 'http' in c['readinessProbe']['httpGet']['port']
# Resources
assert c['resources'] == {
'requests': {
'cpu': '100m',
'memory': '1536Mi'
},
'limits': {
'cpu': '1000m',
'memory': '1536Mi'
}
}
# Persistence
assert 'volumeClaimTemplates' not in r['statefulset'][name]['spec']
assert r['statefulset'][name]['spec']['template']['spec']['containers'][0]['volumeMounts'] == None
# Service
assert 'serviceName' not in r['statefulset'][name]['spec']
assert 'service' not in r
# Other
assert r['statefulset'][name]['spec']['template']['spec']['securityContext'] == {
'fsGroup': 1000,
'runAsUser': 1000
}
assert r['statefulset'][name]['spec']['template']['spec']['terminationGracePeriodSeconds'] == 120
# Pod disruption budget
assert r['poddisruptionbudget'][name + '-pdb']['spec']['maxUnavailable'] == 1
# Empty customizable defaults
assert 'imagePullSecrets' not in r['statefulset'][name]['spec']['template']['spec']
assert 'tolerations' not in r['statefulset'][name]['spec']['template']['spec']
assert 'nodeSelector' not in r['statefulset'][name]['spec']['template']['spec']
def test_disabling_pod_disruption_budget():
config = '''
maxUnavailable: false
'''
r = helm_template(config)
assert 'poddisruptionbudget' not in r
def test_defaults():
config = '''
'''
r = helm_template(config)
# Statefulset
assert r['statefulset'][uname]['spec']['replicas'] == 3
assert r['statefulset'][uname]['spec']['updateStrategy'] == {
'type': 'RollingUpdate'}
assert r['statefulset'][uname]['spec']['podManagementPolicy'] == 'Parallel'
assert r['statefulset'][uname]['spec']['serviceName'] == uname + '-headless'
assert r['statefulset'][uname]['spec']['template']['spec']['affinity']['podAntiAffinity']['requiredDuringSchedulingIgnoredDuringExecution'][0] == \
{
"labelSelector": {
"matchExpressions": [
{
"key": "app",
"operator": "In",
"values": [
uname
]
}
]
},
"topologyKey": "kubernetes.io/hostname"
}
# Default environment variables
env_vars = [
{
'name': 'node.name',
'valueFrom': {
'fieldRef': {
'fieldPath': 'metadata.name'
}
}
},
{
'name': 'cluster.initial_master_nodes',
'value': uname + '-0,' +
uname + '-1,' +
uname + '-2,'
},
{
'name': 'discovery.seed_hosts',
'value': uname + '-headless'
},
{
'name': 'network.host',
'value': '0.0.0.0'
},
{
'name': 'cluster.name',
'value': clusterName
},
{
'name': 'ES_JAVA_OPTS',
'value': '-Xmx1g -Xms1g'
},
{
'name': 'node.master',
'value': 'true'
},
{
'name': 'node.data',
'value': 'true'
},
{
'name': 'node.ingest',
'value': 'true'
},
]
c = r['statefulset'][uname]['spec']['template']['spec']['containers'][0]
for env in env_vars:
assert env in c['env']
# Image
assert c['image'].startswith(
'docker.elastic.co/elasticsearch/elasticsearch:')
assert c['imagePullPolicy'] == 'IfNotPresent'
assert c['name'] == 'elasticsearch'
# Ports
assert c['ports'][0] == {'name': 'http', 'containerPort': 9200}
assert c['ports'][1] == {'name': 'transport', 'containerPort': 9300}
# Health checks
assert c['readinessProbe']['failureThreshold'] == 3
assert c['readinessProbe']['initialDelaySeconds'] == 10
assert c['readinessProbe']['periodSeconds'] == 10
assert c['readinessProbe']['successThreshold'] == 3
assert c['readinessProbe']['timeoutSeconds'] == 5
assert 'curl' in c['readinessProbe']['exec']['command'][-1]
assert 'http://127.0.0.1:9200' in c['readinessProbe']['exec']['command'][-1]
assert '/_cluster/health?timeout=0s' in c['readinessProbe']['exec']['command'][-1]
# Resources
assert c['resources'] == {
'requests': {
'cpu': '1000m',
'memory': '2Gi'
},
'limits': {
'cpu': '1000m',
'memory': '2Gi'
}
}
# Mounts
assert c['volumeMounts'][0]['mountPath'] == '/usr/share/elasticsearch/data'
assert c['volumeMounts'][0]['name'] == uname
v = r['statefulset'][uname]['spec']['volumeClaimTemplates'][0]
assert v['metadata']['name'] == uname
assert v['spec']['accessModes'] == ['ReadWriteOnce']
assert v['spec']['resources']['requests']['storage'] == '30Gi'
# Init container
i = r['statefulset'][uname]['spec']['template']['spec']['initContainers'][0]
assert i['name'] == 'configure-sysctl'
assert i['command'] == ['sysctl', '-w', 'vm.max_map_count=262144']
assert i['image'].startswith(
'docker.elastic.co/elasticsearch/elasticsearch:')
assert i['securityContext'] == {
'privileged': True,
'runAsUser': 0
}
# Other
assert r['statefulset'][uname]['spec']['template']['spec']['securityContext'] == {
'fsGroup': 1000,
'runAsUser': 1000
}
assert r['statefulset'][uname]['spec']['template']['spec']['terminationGracePeriodSeconds'] == 120
# Pod disruption budget
assert r['poddisruptionbudget'][uname +
'-pdb']['spec']['maxUnavailable'] == 1
# Service
s = r['service'][uname]
assert s['metadata']['name'] == uname
assert s['metadata']['annotations'] == {}
assert s['spec']['type'] == 'ClusterIP'
assert len(s['spec']['ports']) == 2
assert s['spec']['ports'][0] == {
'name': 'http', 'port': 9200, 'protocol': 'TCP'}
assert s['spec']['ports'][1] == {
'name': 'transport', 'port': 9300, 'protocol': 'TCP'}
# Headless Service
h = r['service'][uname + '-headless']
assert h['spec']['clusterIP'] == 'None'
assert h['spec']['publishNotReadyAddresses'] == True
assert h['spec']['ports'][0]['name'] == 'http'
assert h['spec']['ports'][0]['port'] == 9200
assert h['spec']['ports'][1]['name'] == 'transport'
assert h['spec']['ports'][1]['port'] == 9300
# Empty customizable defaults
assert 'imagePullSecrets' not in r['statefulset'][uname]['spec']['template']['spec']
assert 'tolerations' not in r['statefulset'][uname]['spec']['template']['spec']
assert 'nodeSelector' not in r['statefulset'][uname]['spec']['template']['spec']
assert 'ingress' not in r
def test_disabling_pod_disruption_budget():
config = """
maxUnavailable: false
"""
r = helm_template(config)
assert "poddisruptionbudget" not in r
def test_defaults():
config = """
"""
r = helm_template(config)
# Statefulset
assert r["statefulset"][uname]["spec"]["replicas"] == 3
assert r["statefulset"][uname]["spec"]["updateStrategy"] == {
"type": "RollingUpdate"
}
assert r["statefulset"][uname]["spec"]["podManagementPolicy"] == "Parallel"
assert r["statefulset"][uname]["spec"][
"serviceName"] == uname + "-headless"
assert r["statefulset"][uname]["spec"]["template"]["spec"]["affinity"][
"podAntiAffinity"]["requiredDuringSchedulingIgnoredDuringExecution"][
0] == {
"labelSelector": {
"matchExpressions": [{
"key": "app",
"operator": "In",
"values": [uname]
}]
},
"topologyKey": "kubernetes.io/hostname",
}
# Default environment variables
env_vars = [
{
"name": "node.name",
"valueFrom": {
"fieldRef": {
"fieldPath": "metadata.name"
}
},
},
{
"name": "cluster.initial_master_nodes",
"value": uname + "-0," + uname + "-1," + uname + "-2,",
},
{
"name": "discovery.seed_hosts",
"value": uname + "-headless"
},
{
"name": "network.host",
"value": "0.0.0.0"
},
{
"name": "cluster.name",
"value": clusterName
},
{
"name": "ES_JAVA_OPTS",
"value": "-Xmx1g -Xms1g"
},
{
"name": "node.master",
"value": "true"
},
{
"name": "node.data",
"value": "true"
},
{
"name": "node.ingest",
"value": "true"
},
]
c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]
for env in env_vars:
assert env in c["env"]
# Image
assert c["image"].startswith(
"docker.elastic.co/elasticsearch/elasticsearch:")
assert c["imagePullPolicy"] == "IfNotPresent"
assert c["name"] == "elasticsearch"
# Ports
assert c["ports"][0] == {"name": "http", "containerPort": 9200}
assert c["ports"][1] == {"name": "transport", "containerPort": 9300}
# Health checks
assert c["readinessProbe"]["failureThreshold"] == 3
assert c["readinessProbe"]["initialDelaySeconds"] == 10
assert c["readinessProbe"]["periodSeconds"] == 10
assert c["readinessProbe"]["successThreshold"] == 3
assert c["readinessProbe"]["timeoutSeconds"] == 5
assert "curl" in c["readinessProbe"]["exec"]["command"][-1]
assert "http://127.0.0.1:9200" in c["readinessProbe"]["exec"]["command"][
-1]
# Resources
assert c["resources"] == {
"requests": {
"cpu": "1000m",
"memory": "2Gi"
},
"limits": {
"cpu": "1000m",
"memory": "2Gi"
},
}
# Mounts
assert c["volumeMounts"][0]["mountPath"] == "/usr/share/elasticsearch/data"
assert c["volumeMounts"][0]["name"] == uname
# volumeClaimTemplates
v = r["statefulset"][uname]["spec"]["volumeClaimTemplates"][0]
assert v["metadata"]["name"] == uname
assert "labels" not in v["metadata"]
assert v["spec"]["accessModes"] == ["ReadWriteOnce"]
assert v["spec"]["resources"]["requests"]["storage"] == "30Gi"
# Init container
i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][
0]
assert i["name"] == "configure-sysctl"
assert i["command"] == ["sysctl", "-w", "vm.max_map_count=262144"]
assert i["image"].startswith(
"docker.elastic.co/elasticsearch/elasticsearch:")
assert i["securityContext"] == {"privileged": True, "runAsUser": 0}
# Other
assert r["statefulset"][uname]["spec"]["template"]["spec"][
"securityContext"] == {
"fsGroup": 1000,
"runAsUser": 1000,
}
assert (r["statefulset"][uname]["spec"]["template"]["spec"]
["terminationGracePeriodSeconds"] == 120)
# Pod disruption budget
assert r["poddisruptionbudget"][uname +
"-pdb"]["spec"]["maxUnavailable"] == 1
# Service
s = r["service"][uname]
assert s["metadata"]["name"] == uname
assert s["metadata"]["annotations"] == {}
assert s["spec"]["type"] == "ClusterIP"
assert len(s["spec"]["ports"]) == 2
assert s["spec"]["ports"][0] == {
"name": "http",
"port": 9200,
"protocol": "TCP"
}
assert s["spec"]["ports"][1] == {
"name": "transport",
"port": 9300,
"protocol": "TCP",
}
assert "loadBalancerSourceRanges" not in s["spec"]
# Headless Service
h = r["service"][uname + "-headless"]
assert h["spec"]["clusterIP"] == "None"
assert h["spec"]["publishNotReadyAddresses"] == True
assert h["spec"]["ports"][0]["name"] == "http"
assert h["spec"]["ports"][0]["port"] == 9200
assert h["spec"]["ports"][1]["name"] == "transport"
assert h["spec"]["ports"][1]["port"] == 9300
# Empty customizable defaults
assert "imagePullSecrets" not in r["statefulset"][uname]["spec"][
"template"]["spec"]
assert "tolerations" not in r["statefulset"][uname]["spec"]["template"][
"spec"]
assert "nodeSelector" not in r["statefulset"][uname]["spec"]["template"][
"spec"]
assert "ingress" not in r
assert "hostAliases" not in r["statefulset"][uname]["spec"]["template"][
"spec"]
def test_defaults():
config = """
"""
r = helm_template(config)
assert name in r["daemonset"]
assert name + "-metrics" in r["deployment"]
assert kube_state_metric_name in r["deployment"]
assert (
r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
["containers"][0]["env"][1]["value"] ==
"$(RELEASE_NAME_KUBE_STATE_METRICS_SERVICE_HOST):$(RELEASE_NAME_KUBE_STATE_METRICS_SERVICE_PORT_HTTP)"
)
c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]
assert c["name"] == project
assert c["image"].startswith("docker.elastic.co/beats/" + project + ":")
assert c["env"][0]["name"] == "POD_NAMESPACE"
assert c["env"][0]["valueFrom"]["fieldRef"][
"fieldPath"] == "metadata.namespace"
assert "curl --fail 127.0.0.1:5066" in c["livenessProbe"]["exec"][
"command"][-1]
assert "metricbeat test output" in c["readinessProbe"]["exec"]["command"][
-1]
assert r["daemonset"][name]["spec"]["template"]["spec"][
"tolerations"] == []
assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"][
"spec"]
assert "dnsPolicy" not in r["daemonset"][name]["spec"]["template"]["spec"]
assert ("hostNetwork"
not in r["deployment"][name +
"-metrics"]["spec"]["template"]["spec"])
assert ("dnsPolicy"
not in r["deployment"][name +
"-metrics"]["spec"]["template"]["spec"])
assert (r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
["tolerations"] == [])
assert (r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]
["securityContext"]["runAsUser"] == 0)
assert (r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]
["securityContext"]["privileged"] == False)
assert (r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
["containers"][0]["securityContext"]["runAsUser"] == 0)
assert (r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
["containers"][0]["securityContext"]["privileged"] == False)
# Empty customizable defaults
assert "imagePullSecrets" not in r["daemonset"][name]["spec"]["template"][
"spec"]
assert r["daemonset"][name]["spec"]["updateStrategy"][
"type"] == "RollingUpdate"
assert (r["daemonset"][name]["spec"]["template"]["spec"]
["serviceAccountName"] == name)
cfg = r["configmap"]
assert name + "-config" not in cfg
assert name + "-daemonset-config" in cfg
assert name + "-deployment-config" in cfg
assert "metricbeat.yml" in cfg[name + "-daemonset-config"]["data"]
assert "metricbeat.yml" in cfg[name + "-deployment-config"]["data"]
assert "module: system" in cfg[
name + "-daemonset-config"]["data"]["metricbeat.yml"]
assert ("module: system"
not in cfg[name + "-deployment-config"]["data"]["metricbeat.yml"])
assert "state_pod" not in cfg[
name + "-daemonset-config"]["data"]["metricbeat.yml"]
assert "state_pod" in cfg[name +
"-deployment-config"]["data"]["metricbeat.yml"]
daemonset = r["daemonset"][name]["spec"]["template"]["spec"]
assert {
"configMap": {
"name": name + "-config",
"defaultMode": 0o600
},
"name": project + "-config",
} not in daemonset["volumes"]
assert {
"configMap": {
"name": name + "-daemonset-config",
"defaultMode": 0o600
},
"name": project + "-config",
} in daemonset["volumes"]
assert {
"name": "data",
"hostPath": {
"path": "/var/lib/" + name + "-default-data",
"type": "DirectoryOrCreate",
},
} in daemonset["volumes"]
assert {
"mountPath": "/usr/share/metricbeat/metricbeat.yml",
"name": project + "-config",
"subPath": "metricbeat.yml",
"readOnly": True,
} in daemonset["containers"][0]["volumeMounts"]
deployment = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
assert {
"configMap": {
"name": name + "-config",
"defaultMode": 0o600
},
"name": project + "-config",
} not in deployment["volumes"]
assert {
"configMap": {
"name": name + "-deployment-config",
"defaultMode": 0o600
},
"name": project + "-config",
} in deployment["volumes"]
assert {
"mountPath": "/usr/share/metricbeat/metricbeat.yml",
"name": project + "-config",
"subPath": "metricbeat.yml",
"readOnly": True,
} in deployment["containers"][0]["volumeMounts"]
assert daemonset["containers"][0]["resources"] == {
"requests": {
"cpu": "100m",
"memory": "100Mi"
},
"limits": {
"cpu": "1000m",
"memory": "200Mi"
},
}
assert deployment["containers"][0]["resources"] == {
"requests": {
"cpu": "100m",
"memory": "100Mi"
},
"limits": {
"cpu": "1000m",
"memory": "200Mi"
},
}
def test_default_automount_sa_token():
config = """
"""
r = helm_template(config)
assert (r["statefulset"][uname]["spec"]["template"]["spec"]
["automountServiceAccountToken"] == True)
def test_defaults():
config = """
"""
r = helm_template(config)
# Statefulset
assert r["statefulset"][name]["spec"]["replicas"] == 1
assert r["statefulset"][name]["spec"]["updateStrategy"] == {
"type": "RollingUpdate"
}
assert r["statefulset"][name]["spec"]["podManagementPolicy"] == "Parallel"
assert r["statefulset"][name]["spec"]["template"]["spec"]["affinity"][
"podAntiAffinity"]["requiredDuringSchedulingIgnoredDuringExecution"][
0] == {
"labelSelector": {
"matchExpressions": [{
"key": "app",
"operator": "In",
"values": [name]
}]
},
"topologyKey": "kubernetes.io/hostname",
}
# Default environment variables
env_vars = [
{
"name": "LS_JAVA_OPTS",
"value": "-Xmx1g -Xms1g"
},
]
c = r["statefulset"][name]["spec"]["template"]["spec"]["containers"][0]
for env in env_vars:
assert env in c["env"]
# Image
assert c["image"].startswith("docker.elastic.co/logstash/logstash:")
assert c["imagePullPolicy"] == "IfNotPresent"
assert c["name"] == "logstash"
# Ports
assert c["ports"][0] == {"name": "http", "containerPort": 9600}
# Health checks
assert c["livenessProbe"]["failureThreshold"] == 3
assert c["livenessProbe"]["initialDelaySeconds"] == 300
assert c["livenessProbe"]["periodSeconds"] == 10
assert c["livenessProbe"]["successThreshold"] == 1
assert c["livenessProbe"]["timeoutSeconds"] == 5
assert "/" in c["livenessProbe"]["httpGet"]["path"]
assert "http" in c["livenessProbe"]["httpGet"]["port"]
assert c["readinessProbe"]["failureThreshold"] == 3
assert c["readinessProbe"]["initialDelaySeconds"] == 60
assert c["readinessProbe"]["periodSeconds"] == 10
assert c["readinessProbe"]["successThreshold"] == 3
assert c["readinessProbe"]["timeoutSeconds"] == 5
assert "/" in c["readinessProbe"]["httpGet"]["path"]
assert "http" in c["readinessProbe"]["httpGet"]["port"]
# Resources
assert c["resources"] == {
"requests": {
"cpu": "100m",
"memory": "1536Mi"
},
"limits": {
"cpu": "1000m",
"memory": "1536Mi"
},
}
# Persistence
assert "volumeClaimTemplates" not in r["statefulset"][name]["spec"]
assert (r["statefulset"][name]["spec"]["template"]["spec"]["containers"][0]
["volumeMounts"] == None)
# Service
assert "serviceName" not in r["statefulset"][name]["spec"]
assert "service" not in r
# Other
assert r["statefulset"][name]["spec"]["template"]["spec"][
"securityContext"] == {
"fsGroup": 1000,
"runAsUser": 1000,
}
assert (r["statefulset"][name]["spec"]["template"]["spec"]
["terminationGracePeriodSeconds"] == 120)
# Pod disruption budget
assert r["poddisruptionbudget"][name +
"-pdb"]["spec"]["maxUnavailable"] == 1
# Empty customizable defaults
assert "imagePullSecrets" not in r["statefulset"][name]["spec"][
"template"]["spec"]
assert "tolerations" not in r["statefulset"][name]["spec"]["template"][
"spec"]
assert "nodeSelector" not in r["statefulset"][name]["spec"]["template"][
"spec"]
def test_setting_a_custom_service_account():
config = '''
serviceAccount: notdefault
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['serviceAccount'] == 'notdefault'
def test_adding_in_deprecated_metricbeat_config():
config = """
metricbeatConfig:
metricbeat.yml: |
key:
nestedkey: value
dot.notation: test
kube-state-metrics-metricbeat.yml: |
hello = world
"""
r = helm_template(config)
c = r["configmap"][name + "-config"]["data"]
assert "metricbeat.yml" in c
assert "kube-state-metrics-metricbeat.yml" in c
assert "nestedkey: value" in c["metricbeat.yml"]
assert "dot.notation: test" in c["metricbeat.yml"]
assert "hello = world" in c["kube-state-metrics-metricbeat.yml"]
daemonset = r["daemonset"][name]["spec"]["template"]["spec"]
assert {
"configMap": {
"name": name + "-config",
"defaultMode": 0o600
},
"name": project + "-config",
} in daemonset["volumes"]
assert {
"mountPath": "/usr/share/metricbeat/metricbeat.yml",
"name": project + "-config",
"subPath": "metricbeat.yml",
"readOnly": True,
} in daemonset["containers"][0]["volumeMounts"]
assert {
"mountPath": "/usr/share/metricbeat/kube-state-metrics-metricbeat.yml",
"name": project + "-config",
"subPath": "kube-state-metrics-metricbeat.yml",
"readOnly": True,
} in daemonset["containers"][0]["volumeMounts"]
assert (
"configChecksum"
in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"])
deployment = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
assert {
"configMap": {
"name": name + "-config",
"defaultMode": 0o600
},
"name": project + "-config",
} in deployment["volumes"]
assert {
"mountPath": "/usr/share/metricbeat/metricbeat.yml",
"name": project + "-config",
"subPath": "metricbeat.yml",
"readOnly": True,
} in deployment["containers"][0]["volumeMounts"]
assert {
"mountPath": "/usr/share/metricbeat/kube-state-metrics-metricbeat.yml",
"name": project + "-config",
"subPath": "kube-state-metrics-metricbeat.yml",
"readOnly": True,
} in deployment["containers"][0]["volumeMounts"]
assert ("/usr/share/metricbeat/kube-state-metrics-metricbeat.yml"
) in deployment["containers"][0]["args"]
assert ("configChecksum" in r["deployment"][name + "-metrics"]["spec"]
["template"]["metadata"]["annotations"])
def test_network_policy():
config = """
networkPolicy:
http:
enabled: true
explicitNamespacesSelector:
# Accept from namespaces with all those different rules (from whitelisted Pods)
matchLabels:
role: frontend-http
matchExpressions:
- {key: role, operator: In, values: [frontend-http]}
additionalRules:
- podSelector:
matchLabels:
role: frontend-http
- podSelector:
matchExpressions:
- key: role
operator: In
values:
- frontend-http
transport:
enabled: true
allowExternal: true
explicitNamespacesSelector:
matchLabels:
role: frontend-transport
matchExpressions:
- {key: role, operator: In, values: [frontend-transport]}
additionalRules:
- podSelector:
matchLabels:
role: frontend-transport
- podSelector:
matchExpressions:
- key: role
operator: In
values:
- frontend-transport
"""
r = helm_template(config)
ingress = r["networkpolicy"][uname]["spec"]["ingress"]
pod_selector = r["networkpolicy"][uname]["spec"]["podSelector"]
http = ingress[0]
transport = ingress[1]
assert http["from"] == [
{
"podSelector": {
"matchLabels": {
"elasticsearch-master-http-client": "true"
}
},
"namespaceSelector": {
"matchExpressions": [{
"key": "role",
"operator": "In",
"values": ["frontend-http"]
}],
"matchLabels": {
"role": "frontend-http"
},
},
},
{
"podSelector": {
"matchLabels": {
"role": "frontend-http"
}
}
},
{
"podSelector": {
"matchExpressions": [{
"key": "role",
"operator": "In",
"values": ["frontend-http"]
}]
}
},
]
assert http["ports"][0]["port"] == 9200
assert transport["from"] == [
{
"podSelector": {
"matchLabels": {
"elasticsearch-master-transport-client": "true"
}
},
"namespaceSelector": {
"matchExpressions": [{
"key": "role",
"operator": "In",
"values": ["frontend-transport"]
}],
"matchLabels": {
"role": "frontend-transport"
},
},
},
{
"podSelector": {
"matchLabels": {
"role": "frontend-transport"
}
}
},
{
"podSelector": {
"matchExpressions": [{
"key": "role",
"operator": "In",
"values": ["frontend-transport"]
}]
}
},
{
"podSelector": {
"matchLabels": {
"app": "elasticsearch-master"
}
}
},
]
assert transport["ports"][0]["port"] == 9300
assert pod_selector == {
"matchLabels": {
"app": "elasticsearch-master",
}
}
def test_adding_an_affinity_rule():
config = """
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- metricbeat
topologyKey: kubernetes.io/hostname
"""
r = helm_template(config)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["affinity"]
["podAntiAffinity"]["requiredDuringSchedulingIgnoredDuringExecution"]
[0]["topologyKey"] == "kubernetes.io/hostname")
assert (r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]
["affinity"] == {})
config = """
daemonset:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- metricbeat
topologyKey: kubernetes.io/hostname
"""
r = helm_template(config)
assert (
r["daemonset"][name]["spec"]["template"]["spec"]["affinity"]
["podAntiAffinity"]["requiredDuringSchedulingIgnoredDuringExecution"]
[0]["topologyKey"] == "kubernetes.io/hostname")
config = """
deployment:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- metricbeat
topologyKey: kubernetes.io/hostname
"""
r = helm_template(config)
assert (
r["deployment"][name +
"-metrics"]["spec"]["template"]["spec"]["affinity"]
["podAntiAffinity"]["requiredDuringSchedulingIgnoredDuringExecution"]
[0]["topologyKey"] == "kubernetes.io/hostname")
def test_increasing_the_replicas():
config = """
replicas: 5
"""
r = helm_template(config)
assert r["statefulset"][uname]["spec"]["replicas"] == 5
def test_overriding_resources():
config = """
deployment:
enabled: true
daemonset:
resources:
limits:
cpu: "25m"
memory: "128Mi"
requests:
cpu: "25m"
memory: "128Mi"
"""
r = helm_template(config)
assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"resources"] == {
"requests": {
"cpu": "25m",
"memory": "128Mi"
},
"limits": {
"cpu": "25m",
"memory": "128Mi"
},
}
assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"resources"] == {
"requests": {
"cpu": "100m",
"memory": "100Mi"
},
"limits": {
"cpu": "1000m",
"memory": "200Mi"
},
}
config = """
deployment:
enabled: true
resources:
limits:
cpu: "25m"
memory: "128Mi"
requests:
cpu: "25m"
memory: "128Mi"
"""
r = helm_template(config)
assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"resources"] == {
"requests": {
"cpu": "100m",
"memory": "100Mi"
},
"limits": {
"cpu": "1000m",
"memory": "200Mi"
},
}
assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"resources"] == {
"requests": {
"cpu": "25m",
"memory": "128Mi"
},
"limits": {
"cpu": "25m",
"memory": "128Mi"
},
}
def test_esMajorVersion_detect_default_version():
config = ""
r = helm_template(config)
assert r["statefulset"][uname]["metadata"]["annotations"][
"esMajorVersion"] == "8"
def test_adding_a_extra_volume_with_volume_mount():
config = """
deployment:
enabled: true
daemonset:
extraVolumes:
- name: extras
emptyDir: {}
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
readOnly: true
"""
r = helm_template(config)
assert {
"name": "extras",
"emptyDir": {}
} in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"]
assert {
"name": "extras",
"mountPath": "/usr/share/extras",
"readOnly": True,
} in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"]
assert {
"name": "extras",
"emptyDir": {}
} not in r["deployment"][name]["spec"]["template"]["spec"]["volumes"]
assert ({
"name": "extras",
"mountPath": "/usr/share/extras",
"readOnly": True,
} not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0]
["volumeMounts"])
config = """
deployment:
enabled: true
extraVolumes:
- name: extras
emptyDir: {}
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
readOnly: true
"""
r = helm_template(config)
assert {
"name": "extras",
"emptyDir": {}
} in r["deployment"][name]["spec"]["template"]["spec"]["volumes"]
assert {
"name": "extras",
"mountPath": "/usr/share/extras",
"readOnly": True,
} in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"volumeMounts"]
assert {
"name": "extras",
"emptyDir": {}
} not in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"]
assert ({
"name": "extras",
"mountPath": "/usr/share/extras",
"readOnly": True,
} not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]
["volumeMounts"])
def test_increasing_the_replicas():
config = '''
replicas: 5
'''
r = helm_template(config)
assert r['statefulset'][uname]['spec']['replicas'] == 5
def test_enable_deployment():
config = """
deployment:
enabled: true
"""
r = helm_template(config)
assert name in r["deployment"]
c = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0]
assert c["name"] == project
assert c["image"].startswith("docker.elastic.co/beats/" + project + ":")
assert c["env"][0]["name"] == "POD_NAMESPACE"
assert c["env"][0]["valueFrom"]["fieldRef"]["fieldPath"] == "metadata.namespace"
assert "curl --fail 127.0.0.1:5066" in c["livenessProbe"]["exec"]["command"][-1]
assert "filebeat test output" in c["readinessProbe"]["exec"]["command"][-1]
assert r["deployment"][name]["spec"]["template"]["spec"]["tolerations"] == []
assert "hostNetwork" not in r["deployment"][name]["spec"]["template"]["spec"]
assert "dnsPolicy" not in r["deployment"][name]["spec"]["template"]["spec"]
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["runAsUser"]
== 0
)
assert (
r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][
"securityContext"
]["privileged"]
== False
)
# Empty customizable defaults
assert "imagePullSecrets" not in r["deployment"][name]["spec"]["template"]["spec"]
assert (
r["deployment"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name
)
cfg = r["configmap"]
assert name + "-config" not in cfg
assert name + "-deployment-config" in cfg
assert "filebeat.yml" in cfg[name + "-deployment-config"]["data"]
deployment = r["deployment"][name]["spec"]["template"]["spec"]
assert {
"configMap": {"name": name + "-config", "defaultMode": 0o600},
"name": project + "-config",
} not in deployment["volumes"]
assert {
"configMap": {"name": name + "-deployment-config", "defaultMode": 0o600},
"name": project + "-config",
} in deployment["volumes"]
assert {
"mountPath": "/usr/share/filebeat/filebeat.yml",
"name": project + "-config",
"subPath": "filebeat.yml",
"readOnly": True,
} in deployment["containers"][0]["volumeMounts"]
assert deployment["containers"][0]["resources"] == {
"requests": {"cpu": "100m", "memory": "100Mi"},
"limits": {"cpu": "1000m", "memory": "200Mi"},
}
def test_esMajorVersion_detect_default_version():
config = ''
r = helm_template(config)
assert r['statefulset'][uname]['metadata']['annotations']['esMajorVersion'] == '7'
def test_setting_a_custom_service_account():
config = '''
serviceAccount: notdefault
'''
r = helm_template(config)
assert r['deployment'][name]['spec']['template']['spec']['serviceAccount'] == 'notdefault'
